Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

neither task manager nor regedit nor gpedit working [Solved]


  • This topic is locked This topic is locked

#1
tekkanphan

tekkanphan

    Member

  • Member
  • PipPip
  • 51 posts
Hello.
i am using vista home premium. task manager is greyed and not accessible and disabled by administrator error message is showing if i try to use it from windows . regedit- disabled by administrator error( even though i am the administrator). gpedit is not available for home premium.
system became very very slow . and i am not using any virus ( being afraid of making the system even slower).

please help me to get back the task manager.
i am posting the otl log file below.


OTL logfile created on: 02-06-2013 17:47:13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\phani\Documents\Downloads\Programs
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16512)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

3.00 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 34.70% Memory free
6.19 Gb Paging File | 3.90 Gb Available in Paging File | 63.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.53 Gb Total Space | 152.78 Gb Free Space | 53.13% Space Free | Partition Type: NTFS
Drive D: | 10.56 Gb Total Space | 1.63 Gb Free Space | 15.41% Space Free | Partition Type: NTFS
Drive F: | 931.48 Gb Total Space | 97.32 Gb Free Space | 10.45% Space Free | Partition Type: NTFS

Computer Name: PHANI-PC | User Name: phani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-06-02 17:46:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\phani\Documents\Downloads\Programs\OTL.exe
PRC - [2013-06-02 14:06:48 | 000,011,776 | ---- | M] () -- C:\Users\phani\AppData\Local\Temp\winbpde.exe
PRC - [2013-05-23 11:14:09 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2010-05-26 18:33:07 | 003,298,736 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet download manager\IDMan.exe
PRC - [2010-05-25 18:58:58 | 000,337,328 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet download manager\IEMonitor.exe
PRC - [2009-10-03 04:07:50 | 000,349,544 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
PRC - [2009-02-20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008-06-12 22:17:01 | 000,042,168 | ---- | M] (Antony Lewis) -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2007-12-16 20:34:43 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007-09-20 23:42:02 | 000,741,376 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpAgent.exe
PRC - [2007-09-20 23:32:58 | 000,299,008 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe
PRC - [2007-09-06 01:39:54 | 001,694,248 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007-09-06 01:39:54 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007-07-12 17:30:36 | 000,202,128 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
PRC - [2006-11-02 15:15:07 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013-06-02 14:06:48 | 000,011,776 | ---- | M] () -- C:\Users\phani\AppData\Local\Temp\winbpde.exe
MOD - [2013-05-23 11:14:07 | 000,393,168 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppgooglenaclpluginchrome.dll
MOD - [2013-05-23 11:14:06 | 013,136,336 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
MOD - [2013-05-23 11:13:59 | 004,051,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013-05-23 11:13:06 | 000,599,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.94\libglesv2.dll
MOD - [2013-05-23 11:13:05 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.94\libegl.dll
MOD - [2013-05-23 11:13:03 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
MOD - [2009-08-16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009-02-27 12:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll
MOD - [2008-10-05 20:53:58 | 000,022,736 | ---- | M] () -- C:\Program Files\WordWeb\WUCNT.dll
MOD - [2007-10-01 08:04:52 | 000,345,384 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007-10-01 08:04:42 | 000,255,384 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007-10-01 08:04:42 | 000,120,208 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007-10-01 08:04:42 | 000,038,184 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2007-10-01 08:03:32 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007-09-06 01:33:06 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007-09-06 01:22:04 | 000,389,120 | ---- | M] () -- C:\WINDOWS\System32\btwhidcs.dll
MOD - [2007-08-14 15:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007-07-12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007-07-12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Services (SafeList) ==========

SRV - [2013-04-19 15:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010-05-19 12:42:36 | 000,724,480 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-09-19 15:12:21 | 000,509,320 | ---- | M] () [Auto | Stopped] -- C:\Program Files\1221189441\phani1221189441L.exe -- (.1221189441)
SRV - [2009-02-20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007-12-16 20:34:43 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-09-20 23:32:58 | 000,299,008 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2007-03-05 23:00:06 | 000,180,224 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [File_System | Auto | Stopped] -- C:\Windows\system32\WinVDEdrv6.sys -- (NEWDRIVER)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a5v804pr)
DRV - [2010-05-19 12:32:20 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sptd.sys -- (sptd)
DRV - [2010-05-19 12:25:14 | 000,180,224 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\WinVd32.sys -- (WinVd32)
DRV - [2010-05-19 12:25:13 | 000,010,752 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\System32\WinFLdrv.sys -- (WinFLdrv)
DRV - [2009-10-03 06:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008-05-16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008-05-16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008-05-16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008-05-16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008-05-16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008-05-16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008-05-16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008-05-06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008-03-04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007-10-01 21:05:52 | 000,183,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007-08-29 04:17:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007-08-09 09:12:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007-07-31 00:24:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007-07-30 23:12:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007-07-11 23:00:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007-07-10 19:57:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007-06-28 20:39:56 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007-06-19 05:42:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007-04-18 17:33:26 | 000,141,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Apfiltr.sys -- (ApfiltrService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {DC363577-0417-4B93-8127-3491AF6CE6B7}
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{DC363577-0417-4B93-8127-3491AF6CE6B7}: "URL" = http://slirsredirect...hpcnnbie7-en-in

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...ptb=&n=77cf47b2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{DC363577-0417-4B93-8127-3491AF6CE6B7}: "URL" = http://slirsredirect...hpcnnbie7-en-in
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.universit...versities.html"
FF - prefs.js..extensions.enabledItems: [email protected]:6.9.8
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}:1.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.9
FF - prefs.js..network.proxy.ftp: "localhost"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "localhost"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 1080
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\8wfaj5ay.default\extensions\[email protected] [2013-05-30 15:41:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\8wfaj5ay.default\extensions\[email protected] [2013-05-30 17:30:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-10-29 22:24:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-10-29 22:24:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\phani\AppData\Roaming\IDM\idmmzcc3 [2010-07-24 11:42:52 | 000,000,000 | ---D | M]

[2010-07-21 09:04:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\phani\AppData\Roaming\Mozilla\Extensions
[2013-06-02 13:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\8wfaj5ay.default\extensions
[2010-09-15 15:24:37 | 000,000,000 | ---D | M] ("Facebook PhotoZoom") -- C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\8wfaj5ay.default\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}
[2010-10-23 15:19:40 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\8wfaj5ay.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2010-09-15 15:24:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\8wfaj5ay.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-09-27 12:18:57 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\8wfaj5ay.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2013-05-30 17:30:55 | 000,000,000 | ---D | M] (SearchNewTab) -- C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\8wfaj5ay.default\extensions\[email protected]
[2010-09-15 15:24:37 | 000,000,000 | ---D | M] () -- C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\8wfaj5ay.default\extensions\[email protected]
[2013-05-30 15:41:06 | 000,000,000 | ---D | M] (continuetoosave) -- C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\8wfaj5ay.default\extensions\[email protected]
[2010-09-14 17:30:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-07-24 11:42:52 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\PHANI\APPDATA\ROAMING\IDM\IDMMZCC3

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.espncrici...-world-cup-2011
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - Extension: Angry Birds = C:\Users\phani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Docs = C:\Users\phani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\phani\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Web2PDFConverter = C:\Users\phani\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkanhckocooacphbnclgcndnpfpoppdk\2.4.4_0\
CHR - Extension: TinEye Reverse Image Search (old version) = C:\Users\phani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blkehhkdbdbaggkkapkcaoanffomhgjl\1.1_0\
CHR - Extension: YouTube = C:\Users\phani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\phani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Lookup Companion for Wikipedia = C:\Users\phani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgpkiiipkgmckicafkhcihkcldbdeej\1.9.0_0\
CHR - Extension: Photo Zoom for Facebook = C:\Users\phani\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0\
CHR - Extension: PanicButton = C:\Users\phani\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm\0.14.2.2_0\
CHR - Extension: AdBlock = C:\Users\phani\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: TinEye Reverse Image Search = C:\Users\phani\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.2_0\
CHR - Extension: Incredible StartPage - Productive Start Page for Chrome! = C:\Users\phani\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh\1.6.2_0\
CHR - Extension: Youtube Video Downloader = C:\Users\phani\AppData\Local\Google\Chrome\User Data\Default\Extensions\obmbipnhbnpicpechoajlkjfdiopnoki\1.3_0\
CHR - Extension: Gmail = C:\Users\phani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2010-07-23 15:17:26 | 000,000,851 | R--- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet download manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (SearchNewTab) - {4DAFB6E0-04FC-4EF3-B591-325682FD921A} - C:\ProgramData\SearchNewTab\51a720ed142b6.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (continuetoosave) - {9F24ECA8-FDD8-587C-52E5-A232A1FD732A} - C:\ProgramData\continuetoosave\51a720de501e2.dll ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe (Antony Lewis)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet download manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet download manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet download manager\IEExt.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 123.176.37.38 123.176.37.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90287A92-9985-48E9-8DB8-44C361BA6F23}: DhcpNameServer = 100.1.200.106 202.56.230.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B85124C2-846A-4FCA-B933-15D9ADF7B92E}: DhcpNameServer = 123.176.37.38 123.176.37.36
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\phani\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\phani\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-12-16 21:44:26 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013-06-02 14:04:14 | 000,000,272 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2005-09-11 20:48:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2013-06-02 14:04:14 | 000,000,256 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-12-06 12:19:53 | 000,000,241 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{254dc5da-636b-11df-9e3c-001d72702d3d}\Shell\aUTopLay\comMaNd - "" = H:\saere.pif
O33 - MountPoints2\{254dc5da-636b-11df-9e3c-001d72702d3d}\Shell\AutoRun\command - "" = H:\saere.pif
O33 - MountPoints2\{254dc5da-636b-11df-9e3c-001d72702d3d}\Shell\exPloRe\comMand - "" = H:\saere.pif
O33 - MountPoints2\{254dc5da-636b-11df-9e3c-001d72702d3d}\Shell\Open\comManD - "" = H:\saere.pif
O33 - MountPoints2\{2afbe20f-98af-11df-8ff2-00218691e671}\Shell\AutoRun\command - "" = H:\cache\tmp983.exe
O33 - MountPoints2\{2afbe20f-98af-11df-8ff2-00218691e671}\Shell\oPEN\coMmaNd - "" = H:\cache\tmp983.exe
O33 - MountPoints2\{36befee0-e4cf-11df-82f6-00218691e671}\Shell\AuTOplAY\CommAND - "" = F:\muxal.exe
O33 - MountPoints2\{36befee0-e4cf-11df-82f6-00218691e671}\Shell\AutoRun\command - "" = F:\muxal.exe
O33 - MountPoints2\{36befee0-e4cf-11df-82f6-00218691e671}\Shell\EXPloRe\cOMmAnd - "" = F:\muxal.exe
O33 - MountPoints2\{36befee0-e4cf-11df-82f6-00218691e671}\Shell\OPEn\coMmand - "" = F:\muxal.exe
O33 - MountPoints2\{6a8d14e7-c6d3-11e2-b5d3-001d72702d3d}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\USB\Data\SecureDrive.exe  
O33 - MountPoints2\{6a8d14e7-c6d3-11e2-b5d3-001d72702d3d}\Shell\explore\command - "" = F:\USB\Data\SecureDrive.exe /e
O33 - MountPoints2\{6a8d14e7-c6d3-11e2-b5d3-001d72702d3d}\Shell\open\command - "" = F:\USB\Data\SecureDrive.exe
O33 - MountPoints2\{7c0fd826-036e-11e0-aad9-806e6f6e6963}\Shell\AUtoPLay\coMmanD - "" = F:\yuxkpl.exe
O33 - MountPoints2\{7c0fd826-036e-11e0-aad9-806e6f6e6963}\Shell\AutoRun\command - "" = F:\yuxkpl.exe
O33 - MountPoints2\{7c0fd826-036e-11e0-aad9-806e6f6e6963}\Shell\eXpLore\cOmmanD - "" = F:\yuxkpl.exe
O33 - MountPoints2\{7c0fd826-036e-11e0-aad9-806e6f6e6963}\Shell\open\cOmmANd - "" = F:\yuxkpl.exe
O33 - MountPoints2\{a7f1c5a7-926c-11e0-9386-00218691e671}\Shell - "" = Autorun
O33 - MountPoints2\{a7f1c5a7-926c-11e0-9386-00218691e671}\Shell\AutoRun\command - "" = F:\Install_Nokia_Ovi_Suite.exe
O33 - MountPoints2\{a8ff8073-c000-11df-832e-00218691e671}\Shell\autOPlAy\comMAND - "" = F:\inus.exe
O33 - MountPoints2\{a8ff8073-c000-11df-832e-00218691e671}\Shell\AutoRun\command - "" = F:\inus.exe
O33 - MountPoints2\{a8ff8073-c000-11df-832e-00218691e671}\Shell\expLore\ComMand - "" = F:\inus.exe
O33 - MountPoints2\{a8ff8073-c000-11df-832e-00218691e671}\Shell\open\commAnD - "" = F:\inus.exe
O33 - MountPoints2\{ac42209c-9bbd-11e0-bce1-00215c7cf6f1}\Shell - "" = AutoRun
O33 - MountPoints2\{ac42209c-9bbd-11e0-bce1-00215c7cf6f1}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{ac42209e-9bbd-11e0-bce1-00215c7cf6f1}\Shell\AUtOplay\commAnd - "" = H:\lqaqd.exe
O33 - MountPoints2\{ac42209e-9bbd-11e0-bce1-00215c7cf6f1}\Shell\AutoRun\command - "" = H:\lqaqd.exe
O33 - MountPoints2\{ac42209e-9bbd-11e0-bce1-00215c7cf6f1}\Shell\exploRE\CoMManD - "" = H:\lqaqd.exe
O33 - MountPoints2\{ac42209e-9bbd-11e0-bce1-00215c7cf6f1}\Shell\open\coMmanD - "" = H:\lqaqd.exe
O33 - MountPoints2\{ac773447-1e16-11e0-b789-00218691e671}\Shell - "" = Autorun
O33 - MountPoints2\{ac773447-1e16-11e0-b789-00218691e671}\Shell\AutoRun\command - "" = F:\Install_Nokia_Ovi_Suite.exe
O33 - MountPoints2\{c902fc45-c2a3-11e2-9a19-00215c7cf6f1}\Shell\AUTOplAY\commANd - "" = F:\rnjxri.exe
O33 - MountPoints2\{c902fc45-c2a3-11e2-9a19-00215c7cf6f1}\Shell\AutoRun\command - "" = F:\rnjxri.exe
O33 - MountPoints2\{c902fc45-c2a3-11e2-9a19-00215c7cf6f1}\Shell\eXploRe\Command - "" = F:\rnjxri.exe
O33 - MountPoints2\{c902fc45-c2a3-11e2-9a19-00215c7cf6f1}\Shell\open\Command - "" = F:\rnjxri.exe
O33 - MountPoints2\{e31ad2d9-0352-11e0-a296-00215c7cf6f1}\Shell\AutoplaY\cOmmaNd - "" = F:\gmnm.exe
O33 - MountPoints2\{e31ad2d9-0352-11e0-a296-00215c7cf6f1}\Shell\AutoRun\command - "" = F:\gmnm.exe
O33 - MountPoints2\{e31ad2d9-0352-11e0-a296-00215c7cf6f1}\Shell\explorE\CommAND - "" = F:\gmnm.exe
O33 - MountPoints2\{e31ad2d9-0352-11e0-a296-00215c7cf6f1}\Shell\OPEN\comMAND - "" = F:\gmnm.exe
O33 - MountPoints2\H\Shell\AUtOplay\commAnd - "" = H:\lqaqd.exe
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\lqaqd.exe
O33 - MountPoints2\H\Shell\exploRE\CoMManD - "" = H:\lqaqd.exe
O33 - MountPoints2\H\Shell\open\coMmanD - "" = H:\lqaqd.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013-06-02 13:00:28 | 000,000,000 | ---D | C] -- C:\Windows\SQL9_KB970892_ENU
[2013-06-02 12:57:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013-05-31 13:23:18 | 000,000,000 | R--D | C] -- C:\Users\phani\Desktop\Dropbox
[2013-05-31 13:21:32 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2013-05-31 13:21:10 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013-05-31 13:20:04 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Dropbox
[2013-05-31 10:18:22 | 000,000,000 | ---D | C] -- C:\Users\phani\Documents\SCRIVINER
[2013-05-31 10:10:25 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Local\Scrivener
[2013-05-31 10:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scrivener
[2013-05-31 10:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\Scrivener
[2013-05-30 17:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SearchNewTab
[2013-05-30 17:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SearchNewTab
[2013-05-30 15:41:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\continuetoosave
[2013-05-30 15:41:06 | 000,000,000 | ---D | C] -- C:\ProgramData\continuetoosave
[2013-05-30 15:19:20 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp
[2013-05-30 15:18:24 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013-05-25 22:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013-05-25 22:31:49 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013-05-25 22:09:01 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Local\4kdownload.com
[2013-05-25 21:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download
[2013-05-25 21:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\4KDownload
[2013-05-25 18:58:28 | 000,000,000 | ---D | C] -- C:\Users\phani\workspace
[2013-05-25 18:21:59 | 000,000,000 | ---D | C] -- C:\Users\phani\Documents\Youcam
[2013-05-25 18:06:50 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Skype
[2013-05-25 18:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013-05-25 18:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013-05-25 18:06:17 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013-05-25 18:06:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013-05-24 11:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2013-05-24 11:21:54 | 000,000,000 | ---D | C] -- C:\Users\phani\Documents\cpp
[2013-05-24 11:17:10 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Dev-Cpp
[2013-05-24 11:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++
[2013-05-24 11:16:56 | 000,000,000 | ---D | C] -- C:\Dev-Cpp
[2013-05-22 16:12:56 | 000,000,000 | ---D | C] -- C:\Users\phani\Documents\Square Enix
[2013-05-22 15:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Batman Arkham Asylum GOTY
[2013-05-22 09:42:55 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\HP
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2055-09-19 11:59:11 | 000,002,012 | ---- | M] () -- C:\Windows\System32\NAV_75_cltDynam.dat
[2013-06-02 18:02:01 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013-06-02 18:02:01 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013-06-02 17:36:28 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-06-02 14:51:01 | 000,670,050 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-06-02 14:51:01 | 000,126,048 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-06-02 14:30:30 | 000,072,567 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013-06-02 14:30:30 | 000,072,567 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013-06-02 14:30:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-06-02 14:04:29 | 000,000,163 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2013-06-02 14:04:14 | 000,103,140 | RHS- | M] () -- C:\bymyvu.pif
[2013-06-02 14:04:14 | 000,000,272 | RHS- | M] () -- C:\autorun.inf
[2013-06-02 14:03:28 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-06-02 14:01:34 | 3219,513,344 | -HS- | M] () -- C:\hiberfil.sys
[2013-06-02 13:26:18 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013-06-02 12:54:12 | 000,039,291 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2013-06-01 15:19:24 | 000,104,448 | ---- | M] () -- C:\Users\phani\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-05-31 08:59:30 | 000,000,374 | ---- | M] () -- C:\Users\phani\Desktop\CS 007 - Shortcut.lnk
[2013-05-29 09:36:07 | 000,168,704 | ---- | M] () -- C:\Users\phani\Desktop\ebill 29th may.pdf
[2013-05-27 19:13:49 | 348,285,627 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013-05-26 10:33:12 | 000,001,165 | ---- | M] () -- C:\Users\phani\Desktop\eclipse.exe - Shortcut.lnk
[2013-05-26 09:40:47 | 000,001,995 | ---- | M] () -- C:\Users\phani\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013-05-25 18:18:46 | 000,000,000 | ---- | M] () -- C:\Cookies
[2013-05-24 19:21:56 | 000,000,700 | -HS- | M] () -- C:\Users\phani\AppData\Local\systemFL7.$dk
[2013-05-24 19:09:51 | 035,651,584 | ---- | M] () -- C:\Users\phani\personal.flk
[2013-05-24 11:17:05 | 000,000,561 | ---- | M] () -- C:\Users\phani\Application Data\Microsoft\Internet Explorer\Quick Launch\Dev-C++.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-06-02 14:04:15 | 000,000,272 | RHS- | C] () -- C:\autorun.inf
[2013-06-02 14:04:14 | 000,103,140 | RHS- | C] () -- C:\bymyvu.pif
[2013-06-02 12:54:11 | 000,039,291 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2013-05-31 08:59:30 | 000,000,374 | ---- | C] () -- C:\Users\phani\Desktop\CS 007 - Shortcut.lnk
[2013-05-29 09:36:06 | 000,168,704 | ---- | C] () -- C:\Users\phani\Desktop\ebill 29th may.pdf
[2013-05-26 10:33:12 | 000,001,165 | ---- | C] () -- C:\Users\phani\Desktop\eclipse.exe - Shortcut.lnk
[2013-05-25 22:31:55 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-05-25 22:31:52 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-05-25 18:18:46 | 000,000,000 | ---- | C] () -- C:\Cookies
[2013-05-24 19:01:33 | 000,000,700 | -HS- | C] () -- C:\Users\phani\AppData\Local\systemFL7.$dk
[2013-05-24 11:17:05 | 000,000,561 | ---- | C] () -- C:\Users\phani\Application Data\Microsoft\Internet Explorer\Quick Launch\Dev-C++.lnk
[2010-09-07 17:26:05 | 035,651,584 | ---- | C] () -- C:\Users\phani\personal.flk
[2010-07-24 15:01:54 | 000,001,356 | ---- | C] () -- C:\Users\phani\AppData\Local\d3d9caps.dat
[2010-07-22 18:26:28 | 000,072,567 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010-07-22 18:26:28 | 000,072,567 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010-07-21 11:35:56 | 000,050,784 | ---- | C] () -- C:\Users\phani\.ems.cfg
[2010-05-19 14:18:02 | 000,048,271 | ---- | C] () -- C:\Users\phani\AppData\Roaming\nvModes.001
[2010-05-19 14:15:54 | 000,048,271 | ---- | C] () -- C:\Users\phani\AppData\Roaming\nvModes.dat
[2010-05-19 14:06:25 | 000,104,448 | ---- | C] () -- C:\Users\phani\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006-11-02 18:24:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2007-12-16 20:57:30 | 011,315,200 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2006-11-02 15:16:04 | 000,614,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006-11-02 15:16:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:2FD2AC7E

< End of report >
  • 0

Advertisements


#2
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Hi! My name is Jasmyne and Welcome to Geeks to Go!

I'm sorry you are having issues with your computer but I will do my best to resolve them as quickly as possible. I know having an infected computer is frustrating because I was once where you are now!

Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue.

  • You may want to print out these instructions, or copy them to a text file so that will have a copy in case you loose your connection to the internet during a removal process.
  • Please make sure to carefully read any instruction that I give you and in perform them in the order they are posted. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask! Never be afraid to ask questions! :)
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please note that there is no "Quick & Easy Fix" to most malware infections and we may need to use several different tools to get your system clean.
  • Please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.
  • Please reply within 3 days. Topics with no reply in 4 days are closed!

While I am looking over the OTL log you have posted, can you please post the extra.txt file that should have been created when OTL was run. It should be located at C:\Users\phani\Documents\Downloads\Programs.

Thank you.
  • 0

#3
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Let's see if we can get things running better for you. :)

Step 1 - AdwCleaner
  • Download AdwCleaner from here or here and save it to your desktop.
  • Run AdwCleaner and select Delete

    Posted Image
  • Once it has completed it will ask to reboot the computer, please allow it to so.
  • After the computer reboots, a log will be produced. Please attach that log to your next post.

Step 2 - OTL Fix

Before running this fix, please move OTL to your desktop.

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box, right click and click Copy.

:Commands
[createrestorepoint]

:OTL
PRC - [2013-06-02 14:06:48 | 000,011,776 | ---- | M] () -- C:\Users\phani\AppData\Local\Temp\winbpde.exe
MOD - [2013-06-02 14:06:48 | 000,011,776 | ---- | M] () -- C:\Users\phani\AppData\Local\Temp\winbpde.exe
SRV - [2009-09-19 15:12:21 | 000,509,320 | ---- | M] () [Auto | Stopped] -- C:\Program Files\1221189441\phani1221189441L.exe -- (.1221189441)
IE - HKLM\..\SearchScopes,DefaultScope = {DC363577-0417-4B93-8127-3491AF6CE6B7}
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{DC363577-0417-4B93-8127-3491AF6CE6B7}: "URL" = http://slirsredirect...hpcnnbie7-en-in
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...ptb=&n=77cf47b2
IE - HKCU\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{DC363577-0417-4B93-8127-3491AF6CE6B7}: "URL" = http://slirsredirect...hpcnnbie7-en-in
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\8wfaj5ay.default\extensions\[email protected] [2013-05-30 15:41:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\8wfaj5ay.default\extensions\[email protected] [2013-05-30 17:30:55 | 000,000,000 | ---D | M]
[2013-05-30 17:30:55 | 000,000,000 | ---D | M] (SearchNewTab) -- C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\8wfaj5ay.default\extensions\[email protected]
[2013-05-30 15:41:06 | 000,000,000 | ---D | M] (continuetoosave) -- C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\8wfaj5ay.default\extensions\[email protected]
O2 - BHO: (SearchNewTab) - {4DAFB6E0-04FC-4EF3-B591-325682FD921A} - C:\ProgramData\SearchNewTab\51a720ed142b6.dll ()
O2 - BHO: (continuetoosave) - {9F24ECA8-FDD8-587C-52E5-A232A1FD732A} - C:\ProgramData\continuetoosave\51a720de501e2.dll ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O33 - MountPoints2\{254dc5da-636b-11df-9e3c-001d72702d3d}\Shell\aUTopLay\comMaNd - "" = H:\saere.pif
O33 - MountPoints2\{254dc5da-636b-11df-9e3c-001d72702d3d}\Shell\AutoRun\command - "" = H:\saere.pif
O33 - MountPoints2\{254dc5da-636b-11df-9e3c-001d72702d3d}\Shell\exPloRe\comMand - "" = H:\saere.pif
O33 - MountPoints2\{254dc5da-636b-11df-9e3c-001d72702d3d}\Shell\Open\comManD - "" = H:\saere.pif
O33 - MountPoints2\{2afbe20f-98af-11df-8ff2-00218691e671}\Shell\AutoRun\command - "" = H:\cache\tmp983.exe
O33 - MountPoints2\{2afbe20f-98af-11df-8ff2-00218691e671}\Shell\oPEN\coMmaNd - "" = H:\cache\tmp983.exe
O33 - MountPoints2\{36befee0-e4cf-11df-82f6-00218691e671}\Shell\AuTOplAY\CommAND - "" = F:\muxal.exe
O33 - MountPoints2\{36befee0-e4cf-11df-82f6-00218691e671}\Shell\AutoRun\command - "" = F:\muxal.exe
O33 - MountPoints2\{36befee0-e4cf-11df-82f6-00218691e671}\Shell\EXPloRe\cOMmAnd - "" = F:\muxal.exe
O33 - MountPoints2\{36befee0-e4cf-11df-82f6-00218691e671}\Shell\OPEn\coMmand - "" = F:\muxal.exe
O33 - MountPoints2\{6a8d14e7-c6d3-11e2-b5d3-001d72702d3d}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\USB\Data\SecureDrive.exe  
O33 - MountPoints2\{6a8d14e7-c6d3-11e2-b5d3-001d72702d3d}\Shell\explore\command - "" = F:\USB\Data\SecureDrive.exe /e
O33 - MountPoints2\{6a8d14e7-c6d3-11e2-b5d3-001d72702d3d}\Shell\open\command - "" = F:\USB\Data\SecureDrive.exe
O33 - MountPoints2\{7c0fd826-036e-11e0-aad9-806e6f6e6963}\Shell\AUtoPLay\coMmanD - "" = F:\yuxkpl.exe
O33 - MountPoints2\{7c0fd826-036e-11e0-aad9-806e6f6e6963}\Shell\AutoRun\command - "" = F:\yuxkpl.exe
O33 - MountPoints2\{7c0fd826-036e-11e0-aad9-806e6f6e6963}\Shell\eXpLore\cOmmanD - "" = F:\yuxkpl.exe
O33 - MountPoints2\{7c0fd826-036e-11e0-aad9-806e6f6e6963}\Shell\open\cOmmANd - "" = F:\yuxkpl.exe
O33 - MountPoints2\{a7f1c5a7-926c-11e0-9386-00218691e671}\Shell\AutoRun\command - "" = F:\Install_Nokia_Ovi_Suite.exe
O33 - MountPoints2\{a8ff8073-c000-11df-832e-00218691e671}\Shell\autOPlAy\comMAND - "" = F:\inus.exe
O33 - MountPoints2\{a8ff8073-c000-11df-832e-00218691e671}\Shell\AutoRun\command - "" = F:\inus.exe
O33 - MountPoints2\{a8ff8073-c000-11df-832e-00218691e671}\Shell\expLore\ComMand - "" = F:\inus.exe
O33 - MountPoints2\{a8ff8073-c000-11df-832e-00218691e671}\Shell\open\commAnD - "" = F:\inus.exe
O33 - MountPoints2\{ac42209c-9bbd-11e0-bce1-00215c7cf6f1}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{ac42209e-9bbd-11e0-bce1-00215c7cf6f1}\Shell\AUtOplay\commAnd - "" = H:\lqaqd.exe
O33 - MountPoints2\{ac42209e-9bbd-11e0-bce1-00215c7cf6f1}\Shell\AutoRun\command - "" = H:\lqaqd.exe
O33 - MountPoints2\{ac42209e-9bbd-11e0-bce1-00215c7cf6f1}\Shell\exploRE\CoMManD - "" = H:\lqaqd.exe
O33 - MountPoints2\{ac42209e-9bbd-11e0-bce1-00215c7cf6f1}\Shell\open\coMmanD - "" = H:\lqaqd.exe
O33 - MountPoints2\{ac773447-1e16-11e0-b789-00218691e671}\Shell\AutoRun\command - "" = F:\Install_Nokia_Ovi_Suite.exe
O33 - MountPoints2\{c902fc45-c2a3-11e2-9a19-00215c7cf6f1}\Shell\AUTOplAY\commANd - "" = F:\rnjxri.exe
O33 - MountPoints2\{c902fc45-c2a3-11e2-9a19-00215c7cf6f1}\Shell\AutoRun\command - "" = F:\rnjxri.exe
O33 - MountPoints2\{c902fc45-c2a3-11e2-9a19-00215c7cf6f1}\Shell\eXploRe\Command - "" = F:\rnjxri.exe
O33 - MountPoints2\{c902fc45-c2a3-11e2-9a19-00215c7cf6f1}\Shell\open\Command - "" = F:\rnjxri.exe
O33 - MountPoints2\{e31ad2d9-0352-11e0-a296-00215c7cf6f1}\Shell\AutoplaY\cOmmaNd - "" = F:\gmnm.exe
O33 - MountPoints2\{e31ad2d9-0352-11e0-a296-00215c7cf6f1}\Shell\AutoRun\command - "" = F:\gmnm.exe
O33 - MountPoints2\{e31ad2d9-0352-11e0-a296-00215c7cf6f1}\Shell\explorE\CommAND - "" = F:\gmnm.exe
O33 - MountPoints2\{e31ad2d9-0352-11e0-a296-00215c7cf6f1}\Shell\OPEN\comMAND - "" = F:\gmnm.exe
O33 - MountPoints2\H\Shell\AUtOplay\commAnd - "" = H:\lqaqd.exe
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\lqaqd.exe
O33 - MountPoints2\H\Shell\exploRE\CoMManD - "" = H:\lqaqd.exe
O33 - MountPoints2\H\Shell\open\coMmanD - "" = H:\lqaqd.exe
[2013-05-30 17:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SearchNewTab
[2013-05-30 17:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SearchNewTab
[2013-05-30 15:41:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\continuetoosave
[2013-05-30 15:41:06 | 000,000,000 | ---D | C] -- C:\ProgramData\continuetoosave
[2055-09-19 11:59:11 | 000,002,012 | ---- | M] () -- C:\Windows\System32\NAV_75_cltDynam.dat
[2013-06-02 14:04:14 | 000,103,140 | RHS- | M] () -- C:\bymyvu.pif
[2013-06-02 14:04:15 | 000,000,272 | RHS- | C] () -- C:\autorun.inf

:Files
C:\Program Files\1221189441

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"EnableLUA"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=DWORD:0
"DisableRegistryTools"=DWORD:0

:Commands
[emptytemp]

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again:
  • Please check the box next to Scan All Users
  • Make sure Use SafeList is selected under Extra Registry.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir C:\ /S /A:L /C
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. AdwCleaner Log
2. OTL Fix Log
3. New OTL Log
4. Extras.txt
  • 0

#4
tekkanphan

tekkanphan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Hey Jasmyne. thanks for your quick reply.

i am posting the logs below.


Adware


# AdwCleaner v2.301 - Logfile created 06/03/2013 at 10:04:23
# Updated 16/05/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium (32 bits)
# User : phani - PHANI-PC
# Boot Mode : Normal
# Running from : C:\Users\phani\Documents\Downloads\Programs\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\ProgramData\continuetoosave
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\continuetoosave
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SearchNewTab
Folder Deleted : C:\ProgramData\SearchNewTab
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\8wfaj5ay.default\extensions\[email protected]
Folder Deleted : C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\8wfaj5ay.default\extensions\[email protected]

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4DAFB6E0-04FC-4EF3-B591-325682FD921A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F24ECA8-FDD8-587C-52E5-A232A1FD732A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4DAFB6E0-04FC-4EF3-B591-325682FD921A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F24ECA8-FDD8-587C-52E5-A232A1FD732A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1C6816E-CBB3-A748-85F9-A8B47B68985B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6000.16512

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.mywebsearch.com/index.jhtml?ptnrS=&ptb=&n=77cf47b2 --> hxxp://www.google.com

-\\ Mozilla Firefox v3.6.12 (en-US)

File : C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\8wfaj5ay.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.94

File : C:\Users\phani\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [4973 octets] - [03/06/2013 10:04:23]

########## EOF - C:\AdwCleaner[S1].txt - [5033 octets] ##########
  • 0

#5
tekkanphan

tekkanphan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
OTL fix


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named winbpde.exe was found!
Service .1221189441 stopped successfully!
Service .1221189441 deleted successfully!
C:\Program Files\1221189441\phani1221189441L.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC363577-0417-4B93-8127-3491AF6CE6B7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC363577-0417-4B93-8127-3491AF6CE6B7}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC363577-0417-4B93-8127-3491AF6CE6B7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC363577-0417-4B93-8127-3491AF6CE6B7}\ not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
File C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\8wfaj5ay.default\extensions\[email protected] not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
File C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\8wfaj5ay.default\extensions\[email protected] not found.
Folder C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\8wfaj5ay.default\extensions\[email protected]\ not found.
Folder C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\8wfaj5ay.default\extensions\[email protected]\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4DAFB6E0-04FC-4EF3-B591-325682FD921A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4DAFB6E0-04FC-4EF3-B591-325682FD921A}\ not found.
File C:\ProgramData\SearchNewTab\51a720ed142b6.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F24ECA8-FDD8-587C-52E5-A232A1FD732A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F24ECA8-FDD8-587C-52E5-A232A1FD732A}\ not found.
File C:\ProgramData\continuetoosave\51a720de501e2.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{254dc5da-636b-11df-9e3c-001d72702d3d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{254dc5da-636b-11df-9e3c-001d72702d3d}\ not found.
File H:\saere.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{254dc5da-636b-11df-9e3c-001d72702d3d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{254dc5da-636b-11df-9e3c-001d72702d3d}\ not found.
File H:\saere.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{254dc5da-636b-11df-9e3c-001d72702d3d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{254dc5da-636b-11df-9e3c-001d72702d3d}\ not found.
File H:\saere.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{254dc5da-636b-11df-9e3c-001d72702d3d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{254dc5da-636b-11df-9e3c-001d72702d3d}\ not found.
File H:\saere.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2afbe20f-98af-11df-8ff2-00218691e671}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2afbe20f-98af-11df-8ff2-00218691e671}\ not found.
File H:\cache\tmp983.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2afbe20f-98af-11df-8ff2-00218691e671}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2afbe20f-98af-11df-8ff2-00218691e671}\ not found.
File H:\cache\tmp983.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36befee0-e4cf-11df-82f6-00218691e671}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36befee0-e4cf-11df-82f6-00218691e671}\ not found.
File F:\muxal.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36befee0-e4cf-11df-82f6-00218691e671}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36befee0-e4cf-11df-82f6-00218691e671}\ not found.
File F:\muxal.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36befee0-e4cf-11df-82f6-00218691e671}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36befee0-e4cf-11df-82f6-00218691e671}\ not found.
File F:\muxal.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36befee0-e4cf-11df-82f6-00218691e671}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36befee0-e4cf-11df-82f6-00218691e671}\ not found.
File F:\muxal.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a8d14e7-c6d3-11e2-b5d3-001d72702d3d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a8d14e7-c6d3-11e2-b5d3-001d72702d3d}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\USB\Data\SecureDrive.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a8d14e7-c6d3-11e2-b5d3-001d72702d3d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a8d14e7-c6d3-11e2-b5d3-001d72702d3d}\ not found.
File F:\USB\Data\SecureDrive.exe /e not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a8d14e7-c6d3-11e2-b5d3-001d72702d3d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a8d14e7-c6d3-11e2-b5d3-001d72702d3d}\ not found.
File F:\USB\Data\SecureDrive.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c0fd826-036e-11e0-aad9-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c0fd826-036e-11e0-aad9-806e6f6e6963}\ not found.
File F:\yuxkpl.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c0fd826-036e-11e0-aad9-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c0fd826-036e-11e0-aad9-806e6f6e6963}\ not found.
File F:\yuxkpl.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c0fd826-036e-11e0-aad9-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c0fd826-036e-11e0-aad9-806e6f6e6963}\ not found.
File F:\yuxkpl.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c0fd826-036e-11e0-aad9-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c0fd826-036e-11e0-aad9-806e6f6e6963}\ not found.
File F:\yuxkpl.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7f1c5a7-926c-11e0-9386-00218691e671}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7f1c5a7-926c-11e0-9386-00218691e671}\ not found.
File F:\Install_Nokia_Ovi_Suite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8ff8073-c000-11df-832e-00218691e671}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a8ff8073-c000-11df-832e-00218691e671}\ not found.
File F:\inus.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8ff8073-c000-11df-832e-00218691e671}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a8ff8073-c000-11df-832e-00218691e671}\ not found.
File F:\inus.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8ff8073-c000-11df-832e-00218691e671}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a8ff8073-c000-11df-832e-00218691e671}\ not found.
File F:\inus.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8ff8073-c000-11df-832e-00218691e671}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a8ff8073-c000-11df-832e-00218691e671}\ not found.
File F:\inus.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac42209c-9bbd-11e0-bce1-00215c7cf6f1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac42209c-9bbd-11e0-bce1-00215c7cf6f1}\ not found.
File "F:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac42209e-9bbd-11e0-bce1-00215c7cf6f1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac42209e-9bbd-11e0-bce1-00215c7cf6f1}\ not found.
File H:\lqaqd.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac42209e-9bbd-11e0-bce1-00215c7cf6f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac42209e-9bbd-11e0-bce1-00215c7cf6f1}\ not found.
File H:\lqaqd.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac42209e-9bbd-11e0-bce1-00215c7cf6f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac42209e-9bbd-11e0-bce1-00215c7cf6f1}\ not found.
File H:\lqaqd.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac42209e-9bbd-11e0-bce1-00215c7cf6f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac42209e-9bbd-11e0-bce1-00215c7cf6f1}\ not found.
File H:\lqaqd.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac773447-1e16-11e0-b789-00218691e671}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac773447-1e16-11e0-b789-00218691e671}\ not found.
File F:\Install_Nokia_Ovi_Suite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c902fc45-c2a3-11e2-9a19-00215c7cf6f1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c902fc45-c2a3-11e2-9a19-00215c7cf6f1}\ not found.
F:\rnjxri.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c902fc45-c2a3-11e2-9a19-00215c7cf6f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c902fc45-c2a3-11e2-9a19-00215c7cf6f1}\ not found.
File F:\rnjxri.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c902fc45-c2a3-11e2-9a19-00215c7cf6f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c902fc45-c2a3-11e2-9a19-00215c7cf6f1}\ not found.
File F:\rnjxri.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c902fc45-c2a3-11e2-9a19-00215c7cf6f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c902fc45-c2a3-11e2-9a19-00215c7cf6f1}\ not found.
File F:\rnjxri.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e31ad2d9-0352-11e0-a296-00215c7cf6f1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e31ad2d9-0352-11e0-a296-00215c7cf6f1}\ not found.
File F:\gmnm.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e31ad2d9-0352-11e0-a296-00215c7cf6f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e31ad2d9-0352-11e0-a296-00215c7cf6f1}\ not found.
File F:\gmnm.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e31ad2d9-0352-11e0-a296-00215c7cf6f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e31ad2d9-0352-11e0-a296-00215c7cf6f1}\ not found.
File F:\gmnm.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e31ad2d9-0352-11e0-a296-00215c7cf6f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e31ad2d9-0352-11e0-a296-00215c7cf6f1}\ not found.
File F:\gmnm.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
File H:\lqaqd.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\lqaqd.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\lqaqd.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\lqaqd.exe not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SearchNewTab\ not found.
Folder C:\ProgramData\SearchNewTab\ not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\continuetoosave\ not found.
Folder C:\ProgramData\continuetoosave\ not found.
C:\WINDOWS\System32\NAV_75_cltDynam.dat moved successfully.
C:\bymyvu.pif moved successfully.
File move failed. C:\autorun.inf scheduled to be moved on reboot.
========== FILES ==========
C:\Program Files\1221189441 folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\"DisableTaskMgr"|DWORD:0 /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\"DisableRegistryTools"|DWORD:0 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 115348 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: phani
->Temp folder emptied: 472922347 bytes
->Temporary Internet Files folder emptied: 38720034 bytes
->FireFox cache emptied: 114553509 bytes
->Google Chrome cache emptied: 379018349 bytes
->Flash cache emptied: 160844 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 580831575 bytes
RecycleBin emptied: 103140 bytes

Total Files Cleaned = 1,513.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06032013_101501

Files\Folders moved on Reboot...
C:\autorun.inf moved successfully.
C:\Users\phani\AppData\Local\Temp\ehmsas.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#6
tekkanphan

tekkanphan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
new otl


OTL logfile created on: 03-06-2013 10:32:47 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\phani\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16512)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

3.00 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 54.11% Memory free
6.17 Gb Paging File | 4.79 Gb Available in Paging File | 77.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.53 Gb Total Space | 152.56 Gb Free Space | 53.06% Space Free | Partition Type: NTFS
Drive D: | 10.56 Gb Total Space | 1.63 Gb Free Space | 15.41% Space Free | Partition Type: NTFS
Drive F: | 931.48 Gb Total Space | 97.32 Gb Free Space | 10.45% Space Free | Partition Type: NTFS

Computer Name: PHANI-PC | User Name: phani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-06-03 10:32:36 | 000,011,776 | ---- | M] () -- C:\Users\phani\AppData\Local\Temp\tlhjtl.exe
PRC - [2013-06-02 17:46:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\phani\Desktop\OTL.exe
PRC - [2013-05-23 11:14:09 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2010-05-26 18:33:07 | 003,220,912 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet download manager\IDMan.exe
PRC - [2010-05-25 18:58:58 | 000,337,328 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet download manager\IEMonitor.exe
PRC - [2009-02-20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008-06-12 22:17:01 | 000,042,168 | ---- | M] (Antony Lewis) -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2007-12-16 20:34:43 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007-09-20 23:42:02 | 000,671,744 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpAgent.exe
PRC - [2007-09-20 23:32:58 | 000,299,008 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe
PRC - [2007-09-06 01:39:54 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007-07-25 12:32:42 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007-07-12 17:30:36 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
PRC - [2006-11-02 15:15:59 | 000,116,736 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2006-11-02 15:15:54 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wermgr.exe
PRC - [2006-11-02 15:15:07 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013-06-03 10:32:36 | 000,011,776 | ---- | M] () -- C:\Users\phani\AppData\Local\Temp\tlhjtl.exe
MOD - [2013-05-23 11:14:07 | 000,393,168 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppgooglenaclpluginchrome.dll
MOD - [2013-05-23 11:13:59 | 004,051,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013-05-23 11:13:03 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
MOD - [2009-08-16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008-10-05 20:53:58 | 000,022,736 | ---- | M] () -- C:\Program Files\WordWeb\WUCNT.dll
MOD - [2007-10-01 08:03:32 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007-09-06 01:33:06 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007-09-06 01:22:04 | 000,389,120 | ---- | M] () -- C:\WINDOWS\System32\btwhidcs.dll
MOD - [2007-08-14 15:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007-07-12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007-07-12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Services (SafeList) ==========

SRV - [2013-04-19 15:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010-05-19 12:42:36 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-02-20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007-12-16 20:34:43 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-09-20 23:32:58 | 000,299,008 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2007-03-05 23:00:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [File_System | Auto | Stopped] -- C:\Windows\system32\WinVDEdrv6.sys -- (NEWDRIVER)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aq8ge5y6)
DRV - [2010-05-19 12:32:20 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sptd.sys -- (sptd)
DRV - [2010-05-19 12:25:14 | 000,180,224 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\WinVd32.sys -- (WinVd32)
DRV - [2010-05-19 12:25:13 | 000,010,752 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\System32\WinFLdrv.sys -- (WinFLdrv)
DRV - [2009-10-03 06:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008-05-16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008-05-16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008-05-16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008-05-16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008-05-16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008-05-16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008-05-16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008-05-06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008-03-04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007-10-01 21:05:52 | 000,183,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007-08-29 04:17:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007-08-09 09:12:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007-07-31 00:24:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007-07-30 23:12:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007-07-11 23:00:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007-07-10 19:57:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007-06-28 20:39:56 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007-06-19 05:42:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007-04-18 17:33:26 | 000,141,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Apfiltr.sys -- (ApfiltrService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2721090859-871738980-3643490546-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-2721090859-871738980-3643490546-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2721090859-871738980-3643490546-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2721090859-871738980-3643490546-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2721090859-871738980-3643490546-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2721090859-871738980-3643490546-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2721090859-871738980-3643490546-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.universit...versities.html"
FF - prefs.js..extensions.enabledItems: [email protected]:6.9.8
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}:1.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.9
FF - prefs.js..network.proxy.ftp: "localhost"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "localhost"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 1080
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-10-29 22:24:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-10-29 22:24:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\phani\AppData\Roaming\IDM\idmmzcc3 [2010-07-24 11:42:52 | 000,000,000 | ---D | M]

[2010-07-21 09:04:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\phani\AppData\Roaming\Mozilla\Extensions
[2013-06-03 10:04:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\8wfaj5ay.default\extensions
[2010-09-15 15:24:37 | 000,000,000 | ---D | M] ("Facebook PhotoZoom") -- C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\8wfaj5ay.default\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}
[2010-10-23 15:19:40 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\8wfaj5ay.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2010-09-15 15:24:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\8wfaj5ay.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-09-27 12:18:57 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\8wfaj5ay.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010-09-15 15:24:37 | 000,000,000 | ---D | M] () -- C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\8wfaj5ay.default\extensions\[email protected]
[2010-09-14 17:30:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-07-24 11:42:52 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\PHANI\APPDATA\ROAMING\IDM\IDMMZCC3
File not found (No name found) -- C:\USERS\PHANI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8WFAJ5AY.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\PHANI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8WFAJ5AY.DEFAULT\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.espncrici...-world-cup-2011
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - Extension: Angry Birds = C:\Users\phani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Docs = C:\Users\phani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\phani\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Web2PDFConverter = C:\Users\phani\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkanhckocooacphbnclgcndnpfpoppdk\2.4.4_0\
CHR - Extension: TinEye Reverse Image Search (old version) = C:\Users\phani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blkehhkdbdbaggkkapkcaoanffomhgjl\1.1_0\
CHR - Extension: YouTube = C:\Users\phani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\phani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Lookup Companion for Wikipedia = C:\Users\phani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgpkiiipkgmckicafkhcihkcldbdeej\1.9.0_0\
CHR - Extension: Photo Zoom for Facebook = C:\Users\phani\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0\
CHR - Extension: PanicButton = C:\Users\phani\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm\0.14.2.2_0\
CHR - Extension: AdBlock = C:\Users\phani\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: TinEye Reverse Image Search = C:\Users\phani\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.2_0\
CHR - Extension: Incredible StartPage - Productive Start Page for Chrome! = C:\Users\phani\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh\1.6.2_0\
CHR - Extension: Youtube Video Downloader = C:\Users\phani\AppData\Local\Google\Chrome\User Data\Default\Extensions\obmbipnhbnpicpechoajlkjfdiopnoki\1.3_0\
CHR - Extension: Gmail = C:\Users\phani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2010-07-23 15:17:26 | 000,000,851 | R--- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet download manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe (Antony Lewis)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-21-2721090859-871738980-3643490546-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-2721090859-871738980-3643490546-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet download manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet download manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet download manager\IEExt.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 123.176.37.38 123.176.37.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90287A92-9985-48E9-8DB8-44C361BA6F23}: DhcpNameServer = 100.1.200.106 202.56.230.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B85124C2-846A-4FCA-B933-15D9ADF7B92E}: DhcpNameServer = 123.176.37.38 123.176.37.36
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\phani\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\phani\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-12-16 21:44:26 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005-09-11 20:48:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2013-06-02 14:04:14 | 000,000,256 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-12-06 12:19:53 | 000,000,241 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013-06-03 10:15:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-06-02 17:46:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\phani\Desktop\OTL.exe
[2013-06-02 13:00:28 | 000,000,000 | ---D | C] -- C:\Windows\SQL9_KB970892_ENU
[2013-05-31 13:23:18 | 000,000,000 | R--D | C] -- C:\Users\phani\Desktop\Dropbox
[2013-05-31 13:21:32 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2013-05-31 13:21:10 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013-05-31 13:20:04 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Dropbox
[2013-05-31 10:18:22 | 000,000,000 | ---D | C] -- C:\Users\phani\Documents\SCRIVINER
[2013-05-31 10:10:25 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Local\Scrivener
[2013-05-31 10:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scrivener
[2013-05-31 10:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\Scrivener
[2013-05-30 15:19:20 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp
[2013-05-25 22:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013-05-25 22:31:49 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013-05-25 22:09:01 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Local\4kdownload.com
[2013-05-25 21:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download
[2013-05-25 21:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\4KDownload
[2013-05-25 18:58:28 | 000,000,000 | ---D | C] -- C:\Users\phani\workspace
[2013-05-25 18:21:59 | 000,000,000 | ---D | C] -- C:\Users\phani\Documents\Youcam
[2013-05-25 18:06:50 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Skype
[2013-05-25 18:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013-05-25 18:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013-05-25 18:06:17 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013-05-25 18:06:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013-05-24 11:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2013-05-24 11:21:54 | 000,000,000 | ---D | C] -- C:\Users\phani\Documents\cpp
[2013-05-24 11:17:10 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Dev-Cpp
[2013-05-24 11:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++
[2013-05-24 11:16:56 | 000,000,000 | ---D | C] -- C:\Dev-Cpp
[2013-05-22 16:12:56 | 000,000,000 | ---D | C] -- C:\Users\phani\Documents\Square Enix
[2013-05-22 15:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Batman Arkham Asylum GOTY
[2013-05-22 09:42:55 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\HP

========== Files - Modified Within 30 Days ==========

[2013-06-03 10:36:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-06-03 10:35:04 | 000,670,050 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-06-03 10:35:04 | 000,126,048 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-06-03 10:29:48 | 000,000,163 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2013-06-03 10:29:33 | 000,072,567 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013-06-03 10:29:16 | 000,072,567 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013-06-03 10:29:15 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-06-03 10:27:25 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013-06-03 10:27:25 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013-06-03 10:27:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-06-03 10:27:19 | 3219,513,344 | -HS- | M] () -- C:\hiberfil.sys
[2013-06-03 10:19:56 | 000,000,836 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013-06-03 10:16:12 | 000,103,140 | ---- | M] () -- C:\bymyvu.pif
[2013-06-02 17:46:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\phani\Desktop\OTL.exe
[2013-06-02 12:54:12 | 000,039,291 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2013-06-01 15:19:24 | 000,104,448 | ---- | M] () -- C:\Users\phani\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-05-31 08:59:30 | 000,000,374 | ---- | M] () -- C:\Users\phani\Desktop\CS 007 - Shortcut.lnk
[2013-05-29 09:36:07 | 000,168,704 | ---- | M] () -- C:\Users\phani\Desktop\ebill 29th may.pdf
[2013-05-27 19:13:49 | 348,285,627 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013-05-26 10:33:12 | 000,001,165 | ---- | M] () -- C:\Users\phani\Desktop\eclipse.exe - Shortcut.lnk
[2013-05-26 09:40:47 | 000,001,995 | ---- | M] () -- C:\Users\phani\Desktop\Google Chrome.lnk
[2013-05-25 18:18:46 | 000,000,000 | ---- | M] () -- C:\Cookies
[2013-05-24 19:21:56 | 000,000,700 | -HS- | M] () -- C:\Users\phani\AppData\Local\systemFL7.$dk
[2013-05-24 19:09:51 | 035,651,584 | ---- | M] () -- C:\Users\phani\personal.flk
[2013-05-24 11:17:05 | 000,000,561 | ---- | M] () -- C:\Users\phani\Application Data\Microsoft\Internet Explorer\Quick Launch\Dev-C++.lnk

========== Files Created - No Company Name ==========

[2013-06-03 10:16:12 | 000,103,140 | ---- | C] () -- C:\bymyvu.pif
[2013-06-02 12:54:11 | 000,039,291 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2013-05-31 08:59:30 | 000,000,374 | ---- | C] () -- C:\Users\phani\Desktop\CS 007 - Shortcut.lnk
[2013-05-29 09:36:06 | 000,168,704 | ---- | C] () -- C:\Users\phani\Desktop\ebill 29th may.pdf
[2013-05-26 10:33:12 | 000,001,165 | ---- | C] () -- C:\Users\phani\Desktop\eclipse.exe - Shortcut.lnk
[2013-05-25 22:31:55 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-05-25 22:31:52 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-05-25 18:18:46 | 000,000,000 | ---- | C] () -- C:\Cookies
[2013-05-24 19:01:33 | 000,000,700 | -HS- | C] () -- C:\Users\phani\AppData\Local\systemFL7.$dk
[2013-05-24 11:17:05 | 000,000,561 | ---- | C] () -- C:\Users\phani\Application Data\Microsoft\Internet Explorer\Quick Launch\Dev-C++.lnk
[2010-09-07 17:26:05 | 035,651,584 | ---- | C] () -- C:\Users\phani\personal.flk
[2010-07-24 15:01:54 | 000,001,356 | ---- | C] () -- C:\Users\phani\AppData\Local\d3d9caps.dat
[2010-07-22 18:26:28 | 000,072,567 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010-07-22 18:26:28 | 000,072,567 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010-07-21 11:35:56 | 000,050,784 | ---- | C] () -- C:\Users\phani\.ems.cfg
[2010-05-19 14:18:02 | 000,048,271 | ---- | C] () -- C:\Users\phani\AppData\Roaming\nvModes.001
[2010-05-19 14:15:54 | 000,048,271 | ---- | C] () -- C:\Users\phani\AppData\Roaming\nvModes.dat
[2010-05-19 14:06:25 | 000,104,448 | ---- | C] () -- C:\Users\phani\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006-11-02 18:24:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2007-12-16 20:57:30 | 011,315,200 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2006-11-02 15:16:04 | 000,614,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006-11-02 15:16:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2006-11-02 15:16:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2006-11-02 15:16:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\appinfo.dll -- (Appinfo)
SRV - [2006-11-02 15:14:49 | 000,058,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\alg.exe -- (ALG)
SRV - [2007-12-16 20:59:19 | 000,750,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\qmgr.dll -- (BITS)
SRV - [2006-11-02 15:16:02 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\BFE.DLL -- (BFE)
SRV - [2006-11-02 15:15:21 | 000,007,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\lsass.exe -- (KeyIso)
SRV - [2006-11-02 15:16:04 | 000,259,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\es.dll -- (EventSystem)
SRV - [2006-11-02 15:16:02 | 000,081,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\browser.dll -- (Browser)
SRV - [2006-11-02 15:16:03 | 000,123,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2006-11-02 15:16:12 | 000,545,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\rpcss.dll -- (DcomLaunch)
SRV - [2007-12-16 20:57:28 | 000,204,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2006-11-02 15:16:04 | 000,083,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2006-11-02 15:16:04 | 000,034,816 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\eapsvc.dll -- (EapHost)
SRV - [2006-11-02 15:16:05 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\hidserv.dll -- (hidserv)
SRV - [2007-12-16 20:54:57 | 000,286,208 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2006-11-02 15:16:05 | 000,361,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2006-11-02 15:16:13 | 000,292,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\swprv.dll -- (swprv)
SRV - [2006-11-02 15:16:05 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\mmcss.dll -- (MMCSS)
SRV - [2006-11-02 15:16:11 | 000,273,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\netman.dll -- (Netman)
SRV - [2006-11-02 15:16:11 | 000,235,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\netprofm.dll -- (netprofm)
SRV - [2006-11-02 15:16:11 | 000,171,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\nlasvc.dll -- (NlaSvc)
SRV - [2006-11-02 15:16:12 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\nsisvc.dll -- (nsi)
SRV - [2006-11-02 15:16:13 | 000,221,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2006-11-02 15:15:46 | 000,124,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\spoolsv.exe -- (Spooler)
SRV - [2006-11-02 15:15:21 | 000,007,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\lsass.exe -- (ProtectedStorage)
SRV - [2006-11-02 18:04:35 | 000,560,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2006-11-02 15:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\rasauto.dll -- (RasAuto)
SRV - [2006-11-02 15:16:12 | 000,234,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\rasmans.dll -- (RasMan)
SRV - [2006-11-02 15:16:12 | 000,545,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\rpcss.dll -- (RpcSs)
SRV - [2006-11-02 15:16:12 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\seclogon.dll -- (seclogon)
SRV - [2006-11-02 15:15:21 | 000,007,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\lsass.exe -- (SamSs)
SRV - [2006-11-02 18:05:09 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wscsvc.dll -- (wscsvc)
SRV - [2006-11-02 15:16:13 | 000,121,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\srvsvc.dll -- (LanmanServer)
SRV - [2006-11-02 15:16:13 | 000,245,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2007-12-16 20:43:25 | 002,605,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\SLsvc.exe -- (slsvc)
SRV - [2006-11-02 15:16:12 | 000,595,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\schedsvc.dll -- (Schedule)
SRV - [2006-11-02 15:16:13 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\tapisrv.dll -- (TapiSrv)
SRV - [2006-11-02 15:16:13 | 000,245,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\shsvcs.dll -- (Themes)
SRV - [2006-11-02 15:16:12 | 000,152,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\profsvc.dll -- (ProfSvc)
SRV - [2006-11-02 15:15:51 | 000,924,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\VSSVC.exe -- (VSS)
SRV - [2006-11-02 15:16:02 | 000,310,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\audiosrv.dll -- (Audiosrv)
SRV - [2006-11-02 15:16:02 | 000,310,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2007-12-16 21:43:12 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2007-12-16 20:34:43 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006-11-02 15:16:13 | 000,989,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wevtsvc.dll -- (Eventlog)
SRV - [2007-12-16 19:52:06 | 000,396,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2006-11-02 18:04:41 | 000,451,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wiaservc.dll -- (stisvc)
SRV - [2006-11-02 15:15:26 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2006-11-02 15:16:14 | 000,161,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2010-07-19 22:17:18 | 001,929,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wuaueng.dll -- (wuauserv)
SRV - [2006-11-02 15:16:04 | 000,146,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dot3svc.dll -- (dot3svc)
SRV - [2007-12-16 23:01:27 | 000,502,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wlansvc.dll -- (Wlansvc)
SRV - [2006-11-02 15:16:14 | 000,156,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008-10-29 11:50:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008-10-29 11:59:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008-10-30 09:29:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\WINDOWS\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007-08-27 08:40:03 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\WINDOWS\SoftwareDistribution\Download\f411dcb0df2de951a1b7d68be5b8fec7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007-08-27 07:31:58 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\WINDOWS\SoftwareDistribution\Download\f411dcb0df2de951a1b7d68be5b8fec7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008-10-28 07:45:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\WINDOWS\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006-11-02 15:15:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\WINDOWS\explorer.exe
[2006-11-02 15:15:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe

< MD5 for: SERVICES >
[2006-09-19 03:11:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\WINDOWS\System32\drivers\etc\services
[2006-09-19 03:11:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.EXE >
[2006-11-02 15:15:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\WINDOWS\System32\services.exe
[2006-11-02 15:15:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006-11-02 18:10:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\WINDOWS\System32\en-US\services.exe.mui
[2006-11-02 18:10:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2006-11-02 18:23:55 | 000,001,688 | ---- | M] () MD5=CD37AF3AB3916666198BFFC8C0C611EB -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2006-11-02 18:23:55 | 000,001,688 | ---- | M] () MD5=CD37AF3AB3916666198BFFC8C0C611EB -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006-09-19 03:16:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\System32\wbem\services.mof
[2006-09-19 03:16:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.mof

< MD5 for: SERVICES.MSC >
[2006-11-02 18:11:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\System32\en-US\services.msc
[2006-09-19 02:59:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\System32\services.msc
[2006-11-02 18:11:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006-09-19 02:59:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f\services.msc

< MD5 for: SVCHOST.EXE >
[2006-11-02 15:15:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\WINDOWS\System32\svchost.exe
[2006-11-02 15:15:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe

< MD5 for: USERINIT.EXE >
[2006-11-02 15:15:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\WINDOWS\System32\userinit.exe
[2006-11-02 15:15:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006-11-02 15:15:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\WINDOWS\System32\winlogon.exe
[2006-11-02 15:15:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is C0B6-6039
Directory of C:\
19-05-2010 11:51 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
19-05-2010 11:51 <JUNCTION> Application Data [C:\ProgramData]
19-05-2010 11:51 <JUNCTION> Desktop [C:\Users\Public\Desktop]
19-05-2010 11:51 <JUNCTION> Documents [C:\Users\Public\Documents]
19-05-2010 11:51 <JUNCTION> Favorites [C:\Users\Public\Favorites]
19-05-2010 11:51 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
19-05-2010 11:51 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
19-05-2010 11:51 <SYMLINKD> All Users [C:\ProgramData]
19-05-2010 11:51 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
19-05-2010 11:51 <JUNCTION> Application Data [C:\ProgramData]
19-05-2010 11:51 <JUNCTION> Desktop [C:\Users\Public\Desktop]
19-05-2010 11:51 <JUNCTION> Documents [C:\Users\Public\Documents]
19-05-2010 11:51 <JUNCTION> Favorites [C:\Users\Public\Favorites]
19-05-2010 11:51 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
19-05-2010 11:51 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
19-05-2010 11:51 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
19-05-2010 11:51 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
19-05-2010 11:51 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
19-05-2010 11:51 <JUNCTION> My Documents [C:\Users\Default\Documents]
19-05-2010 11:51 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
19-05-2010 11:51 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
19-05-2010 11:51 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
19-05-2010 11:51 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
19-05-2010 11:51 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
19-05-2010 11:51 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
19-05-2010 11:51 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
19-05-2010 11:51 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
19-05-2010 11:51 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
19-05-2010 11:51 <JUNCTION> My Music [C:\Users\Default\Music]
19-05-2010 11:51 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
19-05-2010 11:51 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\phani
19-05-2010 12:05 <JUNCTION> Application Data [C:\Users\phani\AppData\Roaming]
19-05-2010 12:05 <JUNCTION> Cookies [C:\Users\phani\AppData\Roaming\Microsoft\Windows\Cookies]
19-05-2010 12:05 <JUNCTION> Local Settings [C:\Users\phani\AppData\Local]
19-05-2010 12:05 <JUNCTION> My Documents [C:\Users\phani\Documents]
19-05-2010 12:05 <JUNCTION> NetHood [C:\Users\phani\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
19-05-2010 12:05 <JUNCTION> PrintHood [C:\Users\phani\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
19-05-2010 12:05 <JUNCTION> Recent [C:\Users\phani\AppData\Roaming\Microsoft\Windows\Recent]
19-05-2010 12:05 <JUNCTION> SendTo [C:\Users\phani\AppData\Roaming\Microsoft\Windows\SendTo]
19-05-2010 12:05 <JUNCTION> Start Menu [C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu]
19-05-2010 12:05 <JUNCTION> Templates [C:\Users\phani\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\phani\AppData\Local
19-05-2010 12:05 <JUNCTION> Application Data [C:\Users\phani\AppData\Local]
19-05-2010 12:05 <JUNCTION> History [C:\Users\phani\AppData\Local\Microsoft\Windows\History]
19-05-2010 12:05 <JUNCTION> Temporary Internet Files [C:\Users\phani\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\phani\Documents
19-05-2010 12:05 <JUNCTION> My Music [C:\Users\phani\Music]
19-05-2010 12:05 <JUNCTION> My Pictures [C:\Users\phani\Pictures]
19-05-2010 12:05 <JUNCTION> My Videos [C:\Users\phani\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
19-05-2010 11:51 <JUNCTION> My Music [C:\Users\Public\Music]
19-05-2010 11:51 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
19-05-2010 11:51 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
50 Dir(s) 162,919,370,752 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:2FD2AC7E

< End of report >
  • 0

#7
tekkanphan

tekkanphan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
new Extras


OTL Extras logfile created on: 03-06-2013 10:32:47 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\phani\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16512)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

3.00 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 54.11% Memory free
6.17 Gb Paging File | 4.79 Gb Available in Paging File | 77.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.53 Gb Total Space | 152.56 Gb Free Space | 53.06% Space Free | Partition Type: NTFS
Drive D: | 10.56 Gb Total Space | 1.63 Gb Free Space | 15.41% Space Free | Partition Type: NTFS
Drive F: | 931.48 Gb Total Space | 97.32 Gb Free Space | 10.45% Space Free | Partition Type: NTFS

Computer Name: PHANI-PC | User Name: phani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2721090859-871738980-3643490546-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EB3BDE85-5851-42A9-8069-C16E09C0E687}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{200D1993-C8C7-4E82-9A9F-B935AA3C5844}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{570A95DE-0DF7-49DD-AF0C-16639AC45040}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{77556F29-ACC0-4425-91A4-672325FDD4EF}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{85DE38AC-ED4D-45E1-9456-B677F442BB01}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{958D6B1A-3DE6-4813-99DE-76C87D4C184E}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A4E31BD6-AB2B-47C0-BEF4-33EAE214479C}" = protocol=6 | dir=in | app=c:\users\phani\appdata\roaming\dropbox\bin\dropbox.exe |
"{AAA44608-1195-40FA-A5DD-4C39DE5D417E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{BA580344-4398-4D3B-B6AF-D42BFE7642BC}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{BDA61E22-DE66-45EE-93E3-E597686BA596}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{C257D09E-3538-411C-870B-391CB53F5FC0}" = protocol=17 | dir=in | app=c:\users\phani\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{07483CB9-6E57-46B6-8ADD-01CB60431270}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{1D9F3936-4A78-4802-93FA-393C96654E41}C:\program files\hewlett-packard\hp quick launch buttons\qlbctrl.exe" = protocol=6 | dir=in | app=c:\program files\hewlett-packard\hp quick launch buttons\qlbctrl.exe |
"TCP Query User{3C4B3264-1340-4741-9DE5-3758810878B4}C:\program files\adobe\reader 9.0\reader\reader_sl.exe" = protocol=6 | dir=in | app=c:\program files\adobe\reader 9.0\reader\reader_sl.exe |
"TCP Query User{3F69843F-E2BA-432E-BC43-EF010FE272F3}C:\users\phani\appdata\local\temp\bmrbdi.exe" = protocol=6 | dir=in | app=c:\users\phani\appdata\local\temp\bmrbdi.exe |
"TCP Query User{400EF72E-5D8D-426A-A080-1CF55F63C12C}C:\program files\apoint2k\apoint.exe" = protocol=6 | dir=in | app=c:\program files\apoint2k\apoint.exe |
"TCP Query User{4A5A1BCC-FFEB-4B66-8442-4D5C61AD6F90}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{5428724B-DE26-48F6-88AF-9F102E9DED48}C:\users\phani\appdata\local\temp\winskpvn.exe" = protocol=6 | dir=in | app=c:\users\phani\appdata\local\temp\winskpvn.exe |
"TCP Query User{59981C9D-7724-4C8B-88DF-13613D85AF6F}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{69869D02-6CA7-4D00-92B0-501395EADD88}C:\program files\intel\intel matrix storage manager\iaanotif.exe" = protocol=6 | dir=in | app=c:\program files\intel\intel matrix storage manager\iaanotif.exe |
"TCP Query User{6D724CBF-D56A-439B-B30F-56AD0EA174EE}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{6E5C3043-E42F-4871-9CD4-7C5AABD42653}C:\program files\common files\lightscribe\lightscribecontrolpanel.exe" = protocol=6 | dir=in | app=c:\program files\common files\lightscribe\lightscribecontrolpanel.exe |
"TCP Query User{7F47C9F7-C240-4BBC-85FD-844918981144}C:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" = protocol=6 | dir=in | app=c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe |
"TCP Query User{8C64786A-17C6-4692-A463-B401F9AE8D12}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{90750F75-0251-41BA-9F95-ACDAF754A30C}C:\program files\widcomm\bluetooth software\btstackserver.exe" = protocol=6 | dir=in | app=c:\program files\widcomm\bluetooth software\btstackserver.exe |
"TCP Query User{97A51913-A8ED-446F-93EF-CC0C6A0321E0}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{CCD9A34C-B575-4294-8C74-2FE956ECE77F}C:\users\phani\appdata\local\temp\bsrk.exe" = protocol=6 | dir=in | app=c:\users\phani\appdata\local\temp\bsrk.exe |
"TCP Query User{CE02FD78-E77F-47DE-95B5-B2AFAFAF32BB}C:\windows\system32\dwm.exe" = protocol=6 | dir=in | app=c:\windows\system32\dwm.exe |
"TCP Query User{D4AE90A2-94C0-43D2-9A48-62783351F8C8}C:\users\phani\appdata\local\temp\vlpbgy.exe" = protocol=6 | dir=in | app=c:\users\phani\appdata\local\temp\vlpbgy.exe |
"TCP Query User{D5B317CA-561F-4CF3-9285-E10F60074936}F:\onut.exe" = protocol=6 | dir=in | app=f:\onut.exe |
"TCP Query User{E105E195-F922-4F0E-BD76-0D25250D7D30}C:\programdata\macrovision\flexnet connect\6\agent.exe" = protocol=6 | dir=in | app=c:\programdata\macrovision\flexnet connect\6\agent.exe |
"TCP Query User{F2E586E0-259F-4265-9969-A22D1AE696E6}C:\windows\system32\dllhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\dllhost.exe |
"TCP Query User{FB177753-782C-442F-BB8C-FEC897471688}C:\program files\digitalpersona\bin\dpagent.exe" = protocol=6 | dir=in | app=c:\program files\digitalpersona\bin\dpagent.exe |
"UDP Query User{039633E6-939E-4506-985C-6F314C2C8F67}C:\users\phani\appdata\local\temp\vlpbgy.exe" = protocol=17 | dir=in | app=c:\users\phani\appdata\local\temp\vlpbgy.exe |
"UDP Query User{25FAA340-F24F-4F9B-B148-BB9A3310DEB6}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{267890C1-FEA8-4BD9-96B5-A31BDD6FA517}C:\users\phani\appdata\local\temp\winskpvn.exe" = protocol=17 | dir=in | app=c:\users\phani\appdata\local\temp\winskpvn.exe |
"UDP Query User{28F51E27-1630-4B6B-A85F-BF957E37C9DB}C:\programdata\macrovision\flexnet connect\6\agent.exe" = protocol=17 | dir=in | app=c:\programdata\macrovision\flexnet connect\6\agent.exe |
"UDP Query User{50C5C8B7-7617-4560-A13E-B2B8730DC8D1}C:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" = protocol=17 | dir=in | app=c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe |
"UDP Query User{584370B1-915C-4BD8-901F-15722BAD6383}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{6453665D-3290-4719-AEE2-955D91C2BB54}C:\program files\hewlett-packard\hp quick launch buttons\qlbctrl.exe" = protocol=17 | dir=in | app=c:\program files\hewlett-packard\hp quick launch buttons\qlbctrl.exe |
"UDP Query User{7D44D1DF-361B-4EA4-B8ED-4F2245055EC1}C:\program files\digitalpersona\bin\dpagent.exe" = protocol=17 | dir=in | app=c:\program files\digitalpersona\bin\dpagent.exe |
"UDP Query User{80BC5E51-6479-43E7-974B-CA10612D13AB}C:\windows\system32\dllhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\dllhost.exe |
"UDP Query User{8CC4FEF9-9065-42DC-AF7F-EEB306974BBE}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{8CDE9F7D-F059-4D51-99D9-C8C396FB8B83}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{B0C74A94-E19E-42A9-93FB-5B9E008ABD3C}C:\program files\intel\intel matrix storage manager\iaanotif.exe" = protocol=17 | dir=in | app=c:\program files\intel\intel matrix storage manager\iaanotif.exe |
"UDP Query User{B224D3C3-2F5B-4C71-BF79-22EEDE8693FE}C:\windows\system32\dwm.exe" = protocol=17 | dir=in | app=c:\windows\system32\dwm.exe |
"UDP Query User{B4FFBB8D-E2B5-4AED-BE5B-6A24821E4B89}C:\program files\common files\lightscribe\lightscribecontrolpanel.exe" = protocol=17 | dir=in | app=c:\program files\common files\lightscribe\lightscribecontrolpanel.exe |
"UDP Query User{C024F924-DC10-4384-A0E9-7A6CF7EAF6DB}C:\program files\adobe\reader 9.0\reader\reader_sl.exe" = protocol=17 | dir=in | app=c:\program files\adobe\reader 9.0\reader\reader_sl.exe |
"UDP Query User{C2BB0FE1-25EB-4C8E-8758-102332760401}C:\users\phani\appdata\local\temp\bmrbdi.exe" = protocol=17 | dir=in | app=c:\users\phani\appdata\local\temp\bmrbdi.exe |
"UDP Query User{C6B6EB42-E570-4BE6-A9E7-7ED68D8E0B95}F:\onut.exe" = protocol=17 | dir=in | app=f:\onut.exe |
"UDP Query User{D95B5111-9F23-417B-91E5-D863ABA73925}C:\program files\widcomm\bluetooth software\btstackserver.exe" = protocol=17 | dir=in | app=c:\program files\widcomm\bluetooth software\btstackserver.exe |
"UDP Query User{E2B85B8C-72B0-4546-9EEE-6389D2F7FDE7}C:\program files\apoint2k\apoint.exe" = protocol=17 | dir=in | app=c:\program files\apoint2k\apoint.exe |
"UDP Query User{EB21A673-7516-48BA-B241-6ABACC85A0C3}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{F42837B9-643F-4681-8D4A-E7776208283E}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{FA42A6C4-7914-46B0-AFD5-C6656EF5961E}C:\users\phani\appdata\local\temp\bsrk.exe" = protocol=17 | dir=in | app=c:\users\phani\appdata\local\temp\bsrk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.5500
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{546A0B92-34FF-4796-A39A-4842FAF0B70E}" = ESU for Microsoft Vista
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A99968BE-C155-474C-0089-33239DEE1CE2}" = Need For Speed Underground
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B53620C0-3A83-4F50-A7AB-175DB64C1CE3}" = HP User Guides 0090
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C7AF7F33-9092-997E-2D29-DE8095863FE3}" = DigitalPersona Personal 3.0.0
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{FB7B24F8-C89C-414A-93CF-1B7FF5C7A6FF}" = Digital Document Shredder
"{FD1B1980-8CAB-4474-89F8-1245AF657AD1}" = Harry Potter and the Half-Blood Prince™
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"AIM_6" = AIM 6
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Digital Document Shredder" = Digital Document Shredder
"DigitHunt Demo" = DigitHunt Demo
"DivX Setup.divx.com" = DivX Setup
"eMule" = eMule
"Free RM to MP3 Converter_is1" = Free RM to MP3 Converter 1.12
"Google Chrome" = Google Chrome
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Internet Download Manager" = Internet Download Manager
"Magic RM RAM to MP3 Converter_is1" = Magic RM RAM to MP3 Converter 3.72
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"NVIDIA Drivers" = NVIDIA Drivers
"PROHYBRIDR" = 2007 Microsoft Office system
"RealAlt_is1" = Real Alternative 1.9.0 Lite
"Scrivener 1570" = Scrivener
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver
"WordWeb" = WordWeb

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2721090859-871738980-3643490546-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 02-06-2013 23:43:17 | Computer Name = phani-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\DivX\DivX
Plus Player\DivX Plus Player.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 02-06-2013 23:43:22 | Computer Name = phani-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\DivX\DivX
Control Panel\DivXControlPanelLauncher.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 02-06-2013 23:50:54 | Computer Name = phani-PC | Source = WerSvc | ID = 5007
Description =

Error - 02-06-2013 23:51:18 | Computer Name = phani-PC | Source = MsiInstaller | ID = 11935
Description =

Error - 02-06-2013 23:52:25 | Computer Name = phani-PC | Source = MsiInstaller | ID = 11935
Description =

Error - 03-06-2013 00:41:22 | Computer Name = phani-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\DivX\DivX
Update\DivXUpdate.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 03-06-2013 00:49:27 | Computer Name = phani-PC | Source = WerSvc | ID = 5007
Description =

Error - 03-06-2013 00:59:29 | Computer Name = phani-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\DivX\DivX
Update\DivXUpdate.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 03-06-2013 01:00:29 | Computer Name = phani-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\DivX\DivX
Control Panel\DivXControlPanelLauncher.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 03-06-2013 01:05:03 | Computer Name = phani-PC | Source = WerSvc | ID = 5007
Description =

[ DigitalPersona Pro Events ]
Error - 28-05-2013 22:12:22 | Computer Name = phani-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 29-05-2013 23:28:18 | Computer Name = phani-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 30-05-2013 12:15:49 | Computer Name = phani-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 30-05-2013 23:27:15 | Computer Name = phani-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 31-05-2013 03:35:59 | Computer Name = phani-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 31-05-2013 23:33:54 | Computer Name = phani-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 02-06-2013 02:52:30 | Computer Name = phani-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 02-06-2013 04:33:36 | Computer Name = phani-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 02-06-2013 23:42:55 | Computer Name = phani-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 03-06-2013 00:41:20 | Computer Name = phani-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

[ System Events ]
Error - 02-06-2013 02:52:29 | Computer Name = phani-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 02-06-2013 02:52:29 | Computer Name = phani-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 02-06-2013 02:52:29 | Computer Name = phani-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 02-06-2013 02:52:29 | Computer Name = phani-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 02-06-2013 03:03:22 | Computer Name = phani-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 02-06-2013 03:03:22 | Computer Name = phani-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 02-06-2013 03:03:22 | Computer Name = phani-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 02-06-2013 03:03:27 | Computer Name = phani-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 02-06-2013 03:04:29 | Computer Name = phani-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 02-06-2013 03:05:44 | Computer Name = phani-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =


< End of report >
  • 0

#8
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
How is your computer doing now?
  • 0

#9
tekkanphan

tekkanphan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
well it has become much smoother now. :thumbsup:
But task manager has not returned still and neither has regedit. But thanks to you it certainly has become fast.
  • 0

#10
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Let's dig some more and see if we can find what's changing those settings.

Step 1 - Run McShield

If you have recently used any flash drives with your computer they will beed to be scanned.
Note: If you have used multiple flash drives they will all need to be scanned!

Download McShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control center select scanner and tick unhide items on flash drives
Posted Image
Plug in the drive and McShield will start a scan

Then get the log which will be here :

Start > all programs > MCShield > logs > all scans

Step 2 - Reset Firewall

Your Firewall needs to be reset. Note: Restoring the default settings removes all of the Windows Firewall settings that you've made for all network location types. This might cause some programs that you've previously allowed through the firewall to stop working. After resetting the firewall some programs may need permission again and it's okay to give the programs permission as long as you know what the program is.

  • Open Windows Firewall by clicking the Start buttonPosted Image, and then clicking Control Panel, clicking Security and then click Windows Firewall.
  • Click Change settings Posted Image If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Click the Advanced tab, and then click Restore Defaults

Step 3 - Run aswMBR

Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Step 4 - Run Combofix

Download ComboFix from Here or Here to your Desktop.

VERY IMPORTANT !!!
Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Also allow the installation of the recovery console
Posted Image

Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
  • Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
  • If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. McShield Logs
2. aswMBR Log
3. Combofix Log
  • 0

Advertisements


#11
tekkanphan

tekkanphan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
i am not able to install mcshield. it is saying that i am not an administrator.

edit: okay i am able to install it by right clicking and run as a administrator

Edited by tekkanphan, 03 June 2013 - 08:00 AM.

  • 0

#12
tekkanphan

tekkanphan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
combo fix is running for more than 2 hours. what should i do?
  • 0

#13
tekkanphan

tekkanphan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
i need help . no file is being opening now in my computer . so i am attaching the logs.
the error message is as follows.

illegal operation attempted on a registry that has been marked for deletion

ComboFix 13-06-03.05 - phani 03-06-2013 20:19:01.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.91.1033.18.3070.1160 [GMT 5.5:30]
Running from: c:\users\phani\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\phani\AppData\Roaming\.#
c:\windows\msxml4-KB954430-enu.LOG
c:\windows\msxml4-KB973688-enu.LOG
c:\windows\security\Database\tmp.edb
c:\windows\system32\KBL.LOG
D:\autorun.inf
F:\autorun.inf
F:\tomj.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NEWDRIVER
-------\Service_NEWDRIVER
.
.
((((((((((((((((((((((((( Files Created from 2013-05-03 to 2013-06-03 )))))))))))))))))))))))))))))))
.
.
2013-06-03 13:59 . 2013-06-03 14:29 -------- d-----w- c:\programdata\MCShield
2013-06-03 13:59 . 2013-06-03 13:59 -------- d-----w- c:\program files\MCShield
2013-06-03 04:45 . 2013-06-03 04:45 -------- d-----w- C:\_OTL
2013-06-02 07:30 . 2013-06-02 07:30 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2013-06-01 03:40 . 2013-05-13 20:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{897AF4E3-274D-4351-AD0F-622B62579EEA}\mpengine.dll
2013-05-31 07:51 . 2013-05-31 07:51 -------- d-----w- c:\program files\Dropbox
2013-05-31 07:50 . 2013-06-02 08:43 -------- d-----w- c:\users\phani\AppData\Roaming\Dropbox
2013-05-31 04:40 . 2013-05-31 04:40 -------- d-----w- c:\users\phani\AppData\Local\Scrivener
2013-05-31 04:39 . 2013-06-02 16:17 -------- d-----w- c:\program files\Scrivener
2013-05-30 09:49 . 2013-05-30 09:49 -------- d-----w- c:\programdata\StarApp
2013-05-26 08:12 . 2013-05-26 08:12 323856 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-05-25 17:01 . 2013-05-25 17:11 -------- d-----w- c:\program files\Google
2013-05-25 16:39 . 2013-05-25 16:39 -------- d-----w- c:\users\phani\AppData\Local\4kdownload.com
2013-05-25 15:46 . 2013-05-25 15:46 -------- d-----w- c:\program files\4KDownload
2013-05-25 13:28 . 2013-06-01 04:02 -------- d-----w- c:\users\phani\workspace
2013-05-25 12:36 . 2013-06-03 11:37 -------- d-----w- c:\users\phani\AppData\Roaming\Skype
2013-05-25 12:36 . 2013-05-25 12:36 -------- d-----w- c:\program files\Common Files\Skype
2013-05-25 12:36 . 2013-05-25 12:36 -------- d-----r- c:\program files\Skype
2013-05-25 12:36 . 2013-05-25 12:36 -------- d-----w- c:\programdata\Skype
2013-05-24 05:58 . 2013-05-24 05:58 -------- d-----w- c:\programdata\Western Digital
2013-05-24 05:47 . 2013-05-24 07:40 -------- d-----w- c:\users\phani\AppData\Roaming\Dev-Cpp
2013-05-24 05:46 . 2013-06-02 16:22 -------- d-----w- C:\Dev-Cpp
2013-05-22 04:12 . 2013-05-22 04:12 -------- d-----w- c:\users\phani\AppData\Roaming\HP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-01 20:36 . 2010-07-19 21:32 238872 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-04-19 18678376]
"MCShield Monitor"="c:\program files\MCShield\mcshieldrtm.exe" [2013-04-04 607744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 671744]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
.
c:\users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2010-5-20 42168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-6 727592]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 12:04 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-25 17:11 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-25 17:01]
.
2013-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-25 17:01]
.
.
------- Supplementary Scan -------
.
uStart Page =
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files\Internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\idmmbc.dll
TCP: DhcpNameServer = 123.176.37.38 123.176.37.36
FF - ProfilePath - c:\users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\8wfaj5ay.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.university-world.com/Europe-Universities.html
FF - prefs.js: network.proxy.ftp - localhost
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - localhost
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 1080
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: IDM CC: [email protected] - c:\users\phani\AppData\Roaming\IDM\idmmzcc3
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Ext: Facebook PhotoZoom: {20cc25e2-48c9-45e1-9a1f-1ccc1882b81b} - %profile%\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}
FF - Ext: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>[email protected]: [email protected] - %profile%\extensions\[email protected]b.fr
FF - Ext: gTranslate: {aff87fa2-a58e-4edd-b852-0a20203c1e17} - %profile%\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-hpqSRMon - (no file)
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
SafeBoot-WinFLAdrv.sys
AddRemove-{09C1A131-53D2-DD3F-8383-27F1E8006CE2} - c:\progra~2\INSTAL~1\{04E6C~1\Setup.exe
AddRemove-{826EFC83-6F06-3B8C-A556-7A7A11266666} - c:\progra~2\INSTAL~1\{0B766~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-03 22:52
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\system32\sys_drv.dat 7028 bytes
c:\windows\system32\sys_drv_2.dat 6024 bytes
c:\windows\system32\WinFLdrv.sys 10752 bytes executable
c:\users\phani\AppData\Roaming\systemfl.$dk 990 bytes
.
scan completed successfully
hidden files: 4
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2721090859-871738980-3643490546-1003_Classes\CLSID\{692c578d-c51f-45e5-b9e0-cb5fc24c44e9}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000090
"Therad"=dword:0000000f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2721090859-871738980-3643490546-1003_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):78,3f,1c,49,4f,36,ac,bf,23,be,a6,52,43,a4,b0,ed,cf,c4,3e,9a,3a,
ef,07,4e,a6,c1,7d,ea,dd,7e,5b,d5,fc,fe,6f,ee,1e,23,c4,3d,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(688)
c:\windows\system32\DPPWDFLT.dll
.
- - - - - - - > 'Explorer.exe'(4452)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\WUDFHost.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\users\phani\AppData\Local\Temp\winyvvrp.exe
c:\windows\system32\wermgr.exe
.
**************************************************************************
.
Completion time: 2013-06-03 22:58:56 - machine was rebooted
ComboFix-quarantined-files.txt 2013-06-03 17:28
.
Pre-Run: 166,957,400,064 bytes free
Post-Run: 167,964,016,640 bytes free
.
- - End Of File - - DA89B3B63876A6767D86CBA5A72A65E2

>>> MCShield AllScans.txt <<<



>>> MCShield ::Anti-Malware Tool:: v 2.6.3.21 / DB: 2013.6.2.1 / Windows Vista <<<


03-06-2013 19:30:42 > Drive C: - scan started (no label ~288 GB, NTFS HDD )...


>>> C:\bymyvu.pif - Malware > Deleted. (13.06.03. 19.30 bymyvu.pif.505963; MD5: 77e3adb2250820fe13aa791497f7e338)


=> Malicious files : 1/1 deleted.

____________________________________________

::::: Scan duration: 1sec ::::::::::::::::::
____________________________________________

03-06-2013 19:30:43 > Drive D: - scan started (HP_RECOVERY ~11 GB, NTFS HDD )...

>>> D:\autorun.inf > Action failed.

>>> D:\mhal.exe - Malware > Deleted. (13.06.03. 19.30 mhal.exe.279228; MD5: c0b1b27bb975c540e5d54019d140e5c6)

>>> D:\$RECYCLE.BIN\protect.chinese hong kong - Malware > Deleted. (13.06.03. 19.30 protect.chinese hong kong.449178; MD5: 5855a7f748b34e6c79267a500be150c2)

>>> D:\$RECYCLE.BIN\protect.chinese simplified - Malware > Deleted. (13.06.03. 19.30 protect.chinese simplified.47650; MD5: b6ba95c18b883079b3658bd1bfc71972)

>>> D:\$RECYCLE.BIN\protect.chinese traditional - Malware > Deleted. (13.06.03. 19.30 protect.chinese traditional.767082; MD5: 5855a7f748b34e6c79267a500be150c2)

>>> D:\$RECYCLE.BIN\protect.czech - Malware > Deleted. (13.06.03. 19.30 protect.czech.42074; MD5: a8ff3bbea3e653b880947a7efead3bcf)

>>> D:\$RECYCLE.BIN\protect.danish - Malware > Deleted. (13.06.03. 19.30 protect.danish.304514; MD5: 7679b292927a39a23aeb62b8d743c75c)

>>> D:\$RECYCLE.BIN\protect.dutch - Malware > Deleted. (13.06.03. 19.30 protect.dutch.955945; MD5: 37d5f667bdfe7f560c213b231c891b77)

>>> D:\$RECYCLE.BIN\Protect.ed - Malware > Deleted. (13.06.03. 19.30 Protect.ed.562506; MD5: de9058fa006292bea84294dba5c06bf9)

>>> D:\$RECYCLE.BIN\protect.english - Malware > Deleted. (13.06.03. 19.30 protect.english.336296; MD5: 962d4db7be709ace9669ba7d8782af14)

>>> D:\$RECYCLE.BIN\protect.finnish - Malware > Deleted. (13.06.03. 19.30 protect.finnish.808735; MD5: d4ac6878b3ec66c1f7acd5d9b8fcdf8f)

>>> D:\$RECYCLE.BIN\protect.french - Malware > Deleted. (13.06.03. 19.30 protect.french.795014; MD5: 5b6a5d61c7eef7fcfd88ef8238fc4763)

>>> D:\$RECYCLE.BIN\protect.german - Malware > Deleted. (13.06.03. 19.30 protect.german.833246; MD5: c2db1dea30a918a25d842ba227d32d36)

>>> D:\$RECYCLE.BIN\protect.greek - Malware > Deleted. (13.06.03. 19.30 protect.greek.777937; MD5: 0909e5319c4257d5fd99325bed94f2c8)

>>> D:\$RECYCLE.BIN\protect.hebrew - Malware > Deleted. (13.06.03. 19.30 protect.hebrew.206513; MD5: 27d664d7e56958637b21b101baf24915)

>>> D:\$RECYCLE.BIN\protect.hungarian - Malware > Deleted. (13.06.03. 19.30 protect.hungarian.523049; MD5: 7d95c390ba552b1c220f2c45e43fdb7e)

>>> D:\$RECYCLE.BIN\protect.italian - Malware > Deleted. (13.06.03. 19.30 protect.italian.212526; MD5: b8dae96993953a364d1b8d1dd747fdf1)

>>> D:\$RECYCLE.BIN\protect.japanese - Malware > Deleted. (13.06.03. 19.30 protect.japanese.531380; MD5: 1a9d6765e7d5550953214bfb41ad98d6)

>>> D:\$RECYCLE.BIN\protect.korean - Malware > Deleted. (13.06.03. 19.30 protect.korean.509569; MD5: 3879788be1e1bed38934c67f9dbb8b52)

>>> D:\$RECYCLE.BIN\protect.norwegian - Malware > Deleted. (13.06.03. 19.30 protect.norwegian.414815; MD5: 1d9bee84937bce7f05c403654f444428)

>>> D:\$RECYCLE.BIN\protect.polish - Malware > Deleted. (13.06.03. 19.30 protect.polish.162060; MD5: 7a2d21b303d1e81c3a2b1893386198de)

>>> D:\$RECYCLE.BIN\protect.portuguese - Malware > Deleted. (13.06.03. 19.30 protect.portuguese.113135; MD5: db858bc6a48605649da255706cbde090)

>>> D:\$RECYCLE.BIN\protect.portuguese brazilian - Malware > Deleted. (13.06.03. 19.30 protect.portuguese brazilian.384147; MD5: 37a421a9e9aec83008adfd79794a8b06)

>>> D:\$RECYCLE.BIN\protect.russian - Malware > Deleted. (13.06.03. 19.30 protect.russian.843816; MD5: cda48e289e498fbd1abb5c8e6fbe7703)

>>> D:\$RECYCLE.BIN\protect.spanish - Malware > Deleted. (13.06.03. 19.30 protect.spanish.461879; MD5: f6e02a6a0803002b6c040f82d341fb37)

>>> D:\$RECYCLE.BIN\protect.swedish - Malware > Deleted. (13.06.03. 19.30 protect.swedish.716012; MD5: 0ad24c82f044e400aa4154aa19bda84e)

>>> D:\$RECYCLE.BIN\protect.turkish - Malware > Deleted. (13.06.03. 19.30 protect.turkish.934373; MD5: 23eec1323cd26332a278b848900aa494)

>>> D:\desktop.ini - Malware > Deleted. (13.06.03. 19.30 desktop.ini.728891; MD5: b12bf5e283b02e05f7d76b68caa07495)

> D:\resycled
> D:\resycled\Desktop.ini (MD5: b12bf5e283b02e05f7d76b68caa07495)
> D:\resycled\Folder.htt (MD5: e0ba1af2184e62b8f1a79ca581aa6184)
> D:\resycled\protect.chinese hong kong (MD5: 5855a7f748b34e6c79267a500be150c2)
> D:\resycled\protect.chinese simplified (MD5: b6ba95c18b883079b3658bd1bfc71972)
> D:\resycled\protect.chinese traditional (MD5: 5855a7f748b34e6c79267a500be150c2)
> D:\resycled\protect.czech (MD5: a8ff3bbea3e653b880947a7efead3bcf)
> D:\resycled\protect.danish (MD5: 7679b292927a39a23aeb62b8d743c75c)
> D:\resycled\protect.dutch (MD5: 37d5f667bdfe7f560c213b231c891b77)
> D:\resycled\Protect.ed (MD5: de9058fa006292bea84294dba5c06bf9)
> D:\resycled\protect.english (MD5: 962d4db7be709ace9669ba7d8782af14)
> D:\resycled\protect.finnish (MD5: d4ac6878b3ec66c1f7acd5d9b8fcdf8f)
> D:\resycled\protect.french (MD5: 5b6a5d61c7eef7fcfd88ef8238fc4763)
> D:\resycled\protect.german (MD5: c2db1dea30a918a25d842ba227d32d36)
> D:\resycled\protect.greek (MD5: 0909e5319c4257d5fd99325bed94f2c8)
> D:\resycled\protect.hebrew (MD5: 27d664d7e56958637b21b101baf24915)
> D:\resycled\protect.hungarian (MD5: 7d95c390ba552b1c220f2c45e43fdb7e)
> D:\resycled\protect.italian (MD5: b8dae96993953a364d1b8d1dd747fdf1)
> D:\resycled\protect.japanese (MD5: 1a9d6765e7d5550953214bfb41ad98d6)
> D:\resycled\protect.korean (MD5: 3879788be1e1bed38934c67f9dbb8b52)
> D:\resycled\protect.norwegian (MD5: 1d9bee84937bce7f05c403654f444428)
> D:\resycled\protect.polish (MD5: 7a2d21b303d1e81c3a2b1893386198de)
> D:\resycled\protect.portuguese (MD5: db858bc6a48605649da255706cbde090)
> D:\resycled\protect.portuguese brazilian (MD5: 37a421a9e9aec83008adfd79794a8b06)
> D:\resycled\protect.russian (MD5: cda48e289e498fbd1abb5c8e6fbe7703)
> D:\resycled\protect.spanish (MD5: f6e02a6a0803002b6c040f82d341fb37)
> D:\resycled\protect.swedish (MD5: 0ad24c82f044e400aa4154aa19bda84e)
> D:\resycled\protect.turkish (MD5: 23eec1323cd26332a278b848900aa494)

>>> D:\resycled - Malware (folder) > Deleted. (13.06.03. 19.30 resycled.815444)


=> Malicious files : 54/54 deleted.
=> Malicious folders : 1/1 deleted.

____________________________________________

::::: Scan duration: 11sec :::::::::::::::::
____________________________________________

03-06-2013 19:30:53 > Drive F: - scan started (Phani-My Passport ~931 GB, NTFS HDD )...

>>> F:\autorun.inf > Action failed.

>>> F:\rnjxri.exe - Suspicious > Renamed. (MD5: 77e3adb2250820fe13aa791497f7e338)


=> Suspicious files : 1/2 renamed.

____________________________________________

::::: Scan duration: 11sec :::::::::::::::::
____________________________________________

03-06-2013 19:30:53 > Drive H: - scan started (PHANI ~3705 MB, FAT32 flash drive )...

>>> H:\autorun.inf > Action failed.


---> Executing generic S&D routine... Searching for files hidden by malware...


---> Items to process: 1

---> H:\autorun.inf > unhidden.



>>> H:\eegu.exe - Malware > Deleted. (13.06.03. 19.31 eegu.exe.624877; MD5: 4178867a6a36847e59beeb495d9d42e7)

>>> H:\autorun.inf.lnk - Malware > Deleted. (13.06.03. 19.31 autorun.inf.lnk.455168; MD5: 0f871273062c5f96f5c1c43599abb2b6)

>>> H:\ba4c12bee3027d94da5c81db2d196bfd.exe - Malware > Deleted. (13.06.03. 19.31 ba4c12bee3027d94da5c81db2d196bfd.exe.741793; MD5: dc5ff43ce88ed082d09edf1d54d93df1)

>>> H:\New Folder.lnk - Malware > Deleted. (13.06.03. 19.31 New Folder.lnk.1959; MD5: c6be5146a9b63bca82306baa7e5062fa)

>>> H:\Download Details.mp3.lnk - Malware > Deleted. (13.06.03. 19.31 Download Details.mp3.lnk.692834; MD5: ccd512d91a3d001359fb25b38400ac9c)

>>> H:\Download Details_2.mp3.lnk - Malware > Deleted. (13.06.03. 19.31 Download Details_2.mp3.lnk.636520; MD5: bf37905cf0865f92348609551781a8bd)

>>> H:\Download Details_3.mp3.lnk - Malware > Deleted. (13.06.03. 19.31 Download Details_3.mp3.lnk.976103; MD5: 9d788325bfecf8b6be4280ed56af0c28)

>>> H:\Download Details_4.mp3.lnk - Malware > Deleted. (13.06.03. 19.31 Download Details_4.mp3.lnk.938112; MD5: bfe9c675e5a5820f39b904d897e4bb42)

>>> H:\Download Details_5.mp3.lnk - Malware > Deleted. (13.06.03. 19.31 Download Details_5.mp3.lnk.658943; MD5: 33bcc540a258edc850a7a48c8fb4aa2b)

>>> H:\2012 September _ HD Song Spot _ Page 7.mp3.lnk - Malware > Deleted. (13.06.03. 19.31 2012 September _ HD Song Spot _ Page 7.mp3.lnk.371815; MD5: 9f8f0b7840a0e509583803483fab54cf)

>>> H:\Akasam Thana.mp3.lnk - Malware > Deleted. (13.06.03. 19.31 Akasam Thana.mp3.lnk.469084; MD5: 1122187be7f53d3ac90e7290beb42955)

>>> H:\2012 September _ HD Song Spot _ Page 11.mp3.lnk - Malware > Deleted. (13.06.03. 19.31 2012 September _ HD Song Spot _ Page 11.mp3.lnk.301911; MD5: 3a5e54cc9b3df6c57f6b3d660c43a070)

>>> H:\2012 September _ HD Song Spot _ Page 13.mp3.lnk - Malware > Deleted. (13.06.03. 19.31 2012 September _ HD Song Spot _ Page 13.mp3.lnk.974070; MD5: b264406790868537886f85af7ebe4405)

>>> H:\Oosaravelli-Love-Ante-Caring.mp3.lnk - Malware > Deleted. (13.06.03. 19.31 Oosaravelli-Love-Ante-Caring.mp3.lnk.423506; MD5: 12bbc60acc2ad2ac8a9ab6c85f46b740)

>>> H:\2012 September _ HD Song Spot _ Page 13_2.mp3.lnk - Malware > Deleted. (13.06.03. 19.31 2012 September _ HD Song Spot _ Page 13_2.mp3.lnk.75198; MD5: 46ac4114a14c66d02dd430a932290ee4)

>>> H:\01 - Gunde Jari Gallanthayyinde.mp3.lnk - Malware > Deleted. (13.06.03. 19.31 01 - Gunde Jari Gallanthayyinde.mp3.lnk.28110; MD5: ea7257f32ff7e63ee2a0f30e9ce5a6c7)

>>> H:\Nenjodu Cherthu Yuvvh [KittusMp3].mp3.lnk - Malware > Deleted. (13.06.03. 19.31 Nenjodu Cherthu Yuvvh [KittusMp3].mp3.lnk.356324; MD5: 1fb17d9f825d5f3d088b1053065594a8)

>>> H:\RESTORE\k-1-3542-4232123213-7676767-8888886\Desktop.ini - Malware > Deleted. (13.06.03. 19.31 Desktop.ini.276744; MD5: 7457a5df1ff47c957acf1fa000d7d9ad)

>>> H:\ \RESTORE\k-1-3542-4232123213-7676767-8888886\Desktop.ini - Malware > Deleted. (13.06.03. 19.31 Desktop.ini.512553; MD5: 7457a5df1ff47c957acf1fa000d7d9ad)

>>> H:\ \RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini - Malware > Deleted. (13.06.03. 19.31 Desktop.ini.336284; MD5: 7457a5df1ff47c957acf1fa000d7d9ad)

>>> H:\inds tour .exe - Suspicious > Renamed. (MD5: 59983c5393ba2525e88f511b5a090d34)

> Resetting attributes: H:\New Folder < Successful.


=> Malicious files : 20/20 deleted.
=> Suspicious files : 1/1 renamed.
=> Hidden folders : 1/1 unhidden.
=> Hidden files : 1/1 unhidden.

____________________________________________

::::: Scan duration: 32sec :::::::::::::::::
____________________________________________




>>> MCShield ::Anti-Malware Tool:: v 2.6.3.21 / DB: 2013.6.2.1 / Windows Vista <<<


03-06-2013 19:59:48 > Drive F: - scan started (Phani-My Passport ~931 GB, NTFS HDD )...

>>> F:\autorun.inf > Suspicious > Renamed.

>>> F:\rnjxri.exe - Suspicious > Renamed. (MD5: 2d33d0d3d770a011e9bd2831acc17caa)


=> Suspicious files : 2/2 renamed.

____________________________________________

::::: Scan duration: 1sec ::::::::::::::::::
____________________________________________




>>> MCShield ::Anti-Malware Tool:: v 2.6.3.21 / DB: 2013.6.2.1 / Windows Vista <<<


03-06-2013 19:59:54 > Drive H: - scan started (PHANI ~3705 MB, FAT32 flash drive )...

>>> H:\autorun.inf > Suspicious > Renamed.

>>> H:\eegu.exe - Suspicious > Renamed. (MD5: 2d33d0d3d770a011e9bd2831acc17caa)


=> Suspicious files : 2/2 renamed.

____________________________________________

::::: Scan duration: 25sec :::::::::::::::::
____________________________________________




>>> MCShield ::Anti-Malware Tool:: v 2.6.3.21 / DB: 2013.6.2.1 / Windows Vista <<<


03-06-2013 22:53:34 > Drive C: - scan started (no label ~288 GB, NTFS HDD )...



=> The drive is clean.


03-06-2013 22:53:35 > Drive D: - scan started (HP_RECOVERY ~11 GB, NTFS HDD )...



=> The drive is clean.


03-06-2013 22:53:38 > Drive F: - scan started (Phani-My Passport ~931 GB, NTFS HDD )...


=> Elevation of privileges...


03-06-2013 22:54:10 > Drive F: - scan started (Phani-My Passport ~931 GB, NTFS HDD )...

>>> F:\autorun.inf > Action failed.

>>> F:\autorun.inf.vir - Malware > Deleted. (13.06.03. 22.54 autorun.inf.vir.513394; MD5: 6fe9841ed5b071b8ab44e26eba361ded)

>>> F:\mmilqs.pif - Malware > Deleted. (13.06.03. 22.54 mmilqs.pif.492851; MD5: 164bcdfe0c53b402eda87d5f6df51665)


=> Malicious files : 2/2 deleted.

____________________________________________

::::: Scan duration: 1sec ::::::::::::::::::
____________________________________________

03-06-2013 22:54:10 > Drive H: - scan started (PHANI ~3705 MB, FAT32 flash drive )...

>>> H:\autorun.inf > Action failed.


---> Executing generic S&D routine... Searching for files hidden by malware...


---> Items to process: 1

---> H:\Thumbs.db > unhidden.



>>> H:\autorun.inf.vir - Malware > Deleted. (13.06.03. 22.54 autorun.inf.vir.308935; MD5: 41a18c1c71e14fa11758b89f7ac39ebc)

>>> H:\ploakg.pif - Malware > Deleted. (13.06.03. 22.54 ploakg.pif.297619; MD5: 2d33d0d3d770a011e9bd2831acc17caa)

>>> H:\Thumbs.db.lnk - Malware > Deleted. (13.06.03. 22.54 Thumbs.db.lnk.236625; MD5: 8001cfcb5f752b81871c70961ac5e10a)


=> Malicious files : 3/3 deleted.
=> Hidden files : 1/1 unhidden.

____________________________________________

::::: Scan duration: 22sec :::::::::::::::::
____________________________________________

Attached Files


  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
3.If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
  • 0

#15
tekkanphan

tekkanphan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
sorry for freaking out. :blink:

i just restarted the laptop and everything's working fine. thank you very much.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP