Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

need help- infected by extreme viruses [Solved]

Started by Andy_Hi , May 01 2009 11:36 AM

  • This topic is locked This topic is locked

#16
handhfan
Posted 05 May 2009 - 03:57 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
  • Please double-click OTListIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :OTLI
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Documents and Settings\All Users\Application Data\crazya.exe ()
PRC - C:\WINDOWS\system32\regsvr.exe ()
DRV - (MCIDRV_2600_6_0 [Auto | Stopped]) -- C:\WINDOWS\system32\drivers\osskqn.sys ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [svchost Agent] C:\WINDOWS\system32\28463\svchost.exe File not found
O4 - HKLM..\Run: [syscmos] C:\WINDOWS\system32\sysrun.exe File not found
O4 - HKCU..\Run: [] C:\Documents and Settings\All Users\Application Data\crazya.exe ()
O4 - HKCU..\Run: [Msn Messsenger] C:\WINDOWS\system32\regsvr.exe ()
O32 - AutoRun File - [2009/05/05 22:24:52 | 00,000,168 | ---- | M] () - C:\autorun.inf.bak -- [ NTFS ]
O33 - MountPoints2\{36ee9bf3-4d25-11dd-a7a5-00c09f81ac98}\Shell - "" = AutoRun
O33 - MountPoints2\{36ee9bf3-4d25-11dd-a7a5-00c09f81ac98}\Shell\Auto\command - "" = E:\MicrosoftPowerPoint.exe -- File not found
O33 - MountPoints2\{36ee9bf3-4d25-11dd-a7a5-00c09f81ac98}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{36ee9bf3-4d25-11dd-a7a5-00c09f81ac98}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2008/07/03 18:33:29 | 08,460,800 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{3c4ddfc2-2674-11dd-a787-00c09f81ac98}\Shell - "" = AutoRun
O33 - MountPoints2\{3c4ddfc2-2674-11dd-a787-00c09f81ac98}\Shell\Auto\command - "" = windows.exe
O33 - MountPoints2\{3c4ddfc2-2674-11dd-a787-00c09f81ac98}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3c4ddfc2-2674-11dd-a787-00c09f81ac98}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2008/07/03 18:33:29 | 08,460,800 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{65b7842c-fb73-11da-a5ed-00c09f81ac98}\Shell - "" = AutoRun
O33 - MountPoints2\{65b7842c-fb73-11da-a5ed-00c09f81ac98}\Shell\1\Command - "" = E:\.\RECYCLER\RECYCLER\autorun.exe -- File not found
O33 - MountPoints2\{65b7842c-fb73-11da-a5ed-00c09f81ac98}\Shell\2\Command - "" = E:\.\RECYCLER\RECYCLER\autorun.exe -- File not found
O33 - MountPoints2\{65b7842c-fb73-11da-a5ed-00c09f81ac98}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{65b7842c-fb73-11da-a5ed-00c09f81ac98}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\Shell32.DLL -- [2008/07/03 18:33:29 | 08,460,800 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{8a8fcc48-1f90-11de-a875-00c09f81ac98}\Shell\AutoRun\command - "" = E:\pics.exe -- File not found
O33 - MountPoints2\{8a8fcc48-1f90-11de-a875-00c09f81ac98}\Shell\explore\Command - "" = E:\System\DriveGuard\DriveProtect.exe -- File not found
O33 - MountPoints2\{8a8fcc48-1f90-11de-a875-00c09f81ac98}\Shell\open\Command - "" = E:\System\DriveGuard\DriveProtect.exe -- File not found
O33 - MountPoints2\{c9c9eb5b-1d06-11de-a873-00c09f81ac98}\Shell\AutoRun\command - "" = E:\System\DriveGuard\DriveProtect.exe -- File not found
O33 - MountPoints2\{c9c9eb5b-1d06-11de-a873-00c09f81ac98}\Shell\Explore\Command - "" = E:\System\DriveGuard\DriveProtect.exe -- File not found
O33 - MountPoints2\{c9c9eb5b-1d06-11de-a873-00c09f81ac98}\Shell\Open\Command - "" = E:\System\DriveGuard\DriveProtect.exe -- File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
[2009/05/06 02:10:59 | 00,005,077 | ---- | C] () -- C:\WINDOWS\System32\drivers\osskqn.sys
[2009/05/05 22:28:43 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\tf299687.dll
[2009/05/05 18:52:13 | 00,000,000 | -HSD | C] -- C:\WINDOWS\System32\28463
[2009/05/03 20:57:25 | 00,103,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\400c7ac3.sys
[2009/05/03 20:55:19 | 00,000,100 | --S- | C] () -- C:\WINDOWS\System32\2317984074.dat
[2009/05/02 20:40:47 | 00,044,686 | -H-- | C] () -- C:\WINDOWS\System32\uc299687.dl_
[2009/05/01 22:44:55 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\vq299687.dll
[2009/05/01 22:44:55 | 00,044,686 | -H-- | C] () -- C:\WINDOWS\System32\vq299687.dl_
[2009/02/20 11:22:41 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\aq299687.dll
[2009/02/18 16:31:14 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\tr299687.dll
[2009/02/11 16:44:36 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\nl299687.dll
[2009/01/24 10:24:36 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\kv299687.dll
[2009/01/18 11:56:38 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ls299687.dll
[2008/12/12 18:32:42 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\pm299687.dll
[2008/12/12 14:09:46 | 00,000,000 | RHS- | C] () -- C:\WINDOWS\System32\setting.ini
[2008/12/04 20:44:02 | 00,000,016 | -HS- | C] () -- C:\WINDOWS\System32\rvc.dll
[2008/11/16 18:51:28 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\py299687.dll
[2008/11/05 16:42:05 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\sy299687.dll
[2008/10/30 18:44:15 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\r~299687.dll
[2008/10/29 13:42:41 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\qy299687.dll
[2008/10/24 19:31:58 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\oy299687.dll
[2008/10/24 13:15:12 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ny299687.dll
[2008/10/24 12:50:57 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\mv273140.dll
[2009/05/06 02:10:59 | 00,005,077 | ---- | M] () -- C:\WINDOWS\System32\drivers\osskqn.sys
[2009/05/06 02:10:50 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009/05/06 02:10:47 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\oy299687.dll
[2009/05/06 02:10:47 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\nl299687.dll
[2009/05/06 02:10:47 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\oy299687.dl_
[2009/05/06 02:10:47 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\nl299687.dl_
[2009/05/05 23:00:23 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\tf299687.dll
[2009/05/05 23:00:23 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\tf299687.dl_
[2009/05/05 22:54:23 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\vq299687.dll
[2009/05/05 22:54:23 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\vq299687.dl_
[2009/05/05 22:24:52 | 00,000,168 | ---- | M] () -- C:\WINDOWS\System32\srv32
[2009/05/05 22:24:50 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\o~299687.dl_
[2009/05/05 19:22:32 | 00,000,503 | ---- | M] () -- C:\WINDOWS\System32\m.dll
[2009/05/05 19:14:59 | 00,103,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\400c7ac3.sys
[2009/05/05 18:45:38 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\uc299687.dl_
[2009/05/03 20:57:29 | 00,000,100 | --S- | M] () -- C:\WINDOWS\System32\2317984074.dat
[2009/05/01 23:16:22 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\py299687.dl_
[2009/05/01 17:48:23 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\qy299687.dl_
[2009/04/09 14:44:45 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\ny299687.dl_
[2009/04/09 14:43:14 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\ny299687.dll
[2009/04/07 18:55:05 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\qy299687.dll

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTListIt2, right click in the "Custom Scans/Fixes" window (under the light blue bar) and choose Paste.
  • Click the red Run Fix button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTListIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTListIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please post a new full OTListIt2.txt log as well.

Edited by handhfan, 05 May 2009 - 03:58 PM.

  • 0

Advertisements

#17
Andy_Hi
Posted 05 May 2009 - 11:29 PM

Andy_Hi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
========== OTLISTIT ==========
Process Explorer.EXE killed successfully!
Process crazya.exe killed successfully!
Process regsvr.exe killed successfully!

Service\Driver MCIDRV_2600_6_0 deleted successfully.
C:\WINDOWS\system32\drivers\osskqn.sys moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\svchost Agent deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\syscmos deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Documents and Settings\All Users\Application Data\crazya.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Msn Messsenger deleted successfully.
C:\WINDOWS\system32\regsvr.exe moved successfully.
C:\autorun.inf.bak moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36ee9bf3-4d25-11dd-a7a5-00c09f81ac98}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36ee9bf3-4d25-11dd-a7a5-00c09f81ac98}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36ee9bf3-4d25-11dd-a7a5-00c09f81ac98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36ee9bf3-4d25-11dd-a7a5-00c09f81ac98}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36ee9bf3-4d25-11dd-a7a5-00c09f81ac98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36ee9bf3-4d25-11dd-a7a5-00c09f81ac98}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36ee9bf3-4d25-11dd-a7a5-00c09f81ac98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36ee9bf3-4d25-11dd-a7a5-00c09f81ac98}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c4ddfc2-2674-11dd-a787-00c09f81ac98}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c4ddfc2-2674-11dd-a787-00c09f81ac98}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c4ddfc2-2674-11dd-a787-00c09f81ac98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c4ddfc2-2674-11dd-a787-00c09f81ac98}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c4ddfc2-2674-11dd-a787-00c09f81ac98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c4ddfc2-2674-11dd-a787-00c09f81ac98}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c4ddfc2-2674-11dd-a787-00c09f81ac98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c4ddfc2-2674-11dd-a787-00c09f81ac98}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65b7842c-fb73-11da-a5ed-00c09f81ac98}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65b7842c-fb73-11da-a5ed-00c09f81ac98}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65b7842c-fb73-11da-a5ed-00c09f81ac98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65b7842c-fb73-11da-a5ed-00c09f81ac98}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65b7842c-fb73-11da-a5ed-00c09f81ac98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65b7842c-fb73-11da-a5ed-00c09f81ac98}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65b7842c-fb73-11da-a5ed-00c09f81ac98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65b7842c-fb73-11da-a5ed-00c09f81ac98}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65b7842c-fb73-11da-a5ed-00c09f81ac98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65b7842c-fb73-11da-a5ed-00c09f81ac98}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a8fcc48-1f90-11de-a875-00c09f81ac98}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a8fcc48-1f90-11de-a875-00c09f81ac98}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a8fcc48-1f90-11de-a875-00c09f81ac98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a8fcc48-1f90-11de-a875-00c09f81ac98}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a8fcc48-1f90-11de-a875-00c09f81ac98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a8fcc48-1f90-11de-a875-00c09f81ac98}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9c9eb5b-1d06-11de-a873-00c09f81ac98}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9c9eb5b-1d06-11de-a873-00c09f81ac98}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9c9eb5b-1d06-11de-a873-00c09f81ac98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9c9eb5b-1d06-11de-a873-00c09f81ac98}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9c9eb5b-1d06-11de-a873-00c09f81ac98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9c9eb5b-1d06-11de-a873-00c09f81ac98}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:SsiEfr.e deleted successfully.
File C:\WINDOWS\System32\drivers\osskqn.sys not found.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\tf299687.dll
C:\WINDOWS\System32\tf299687.dll NOT unregistered.
C:\WINDOWS\System32\tf299687.dll moved successfully.
C:\WINDOWS\System32\28463 moved successfully.
C:\WINDOWS\System32\drivers\400c7ac3.sys moved successfully.
C:\WINDOWS\System32\2317984074.dat moved successfully.
C:\WINDOWS\System32\uc299687.dl_ moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\vq299687.dll
C:\WINDOWS\System32\vq299687.dll NOT unregistered.
C:\WINDOWS\System32\vq299687.dll moved successfully.
C:\WINDOWS\System32\vq299687.dl_ moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\aq299687.dll
C:\WINDOWS\System32\aq299687.dll NOT unregistered.
C:\WINDOWS\System32\aq299687.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\tr299687.dll
C:\WINDOWS\System32\tr299687.dll NOT unregistered.
C:\WINDOWS\System32\tr299687.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\nl299687.dll
C:\WINDOWS\System32\nl299687.dll NOT unregistered.
C:\WINDOWS\System32\nl299687.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\kv299687.dll
C:\WINDOWS\System32\kv299687.dll NOT unregistered.
C:\WINDOWS\System32\kv299687.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\ls299687.dll
C:\WINDOWS\System32\ls299687.dll NOT unregistered.
C:\WINDOWS\System32\ls299687.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\pm299687.dll
C:\WINDOWS\System32\pm299687.dll NOT unregistered.
C:\WINDOWS\System32\pm299687.dll moved successfully.
C:\WINDOWS\System32\setting.ini moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\rvc.dll
C:\WINDOWS\System32\rvc.dll NOT unregistered.
C:\WINDOWS\System32\rvc.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\py299687.dll
C:\WINDOWS\System32\py299687.dll NOT unregistered.
C:\WINDOWS\System32\py299687.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\sy299687.dll
C:\WINDOWS\System32\sy299687.dll NOT unregistered.
C:\WINDOWS\System32\sy299687.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\r~299687.dll
C:\WINDOWS\system32\r~299687.dll NOT unregistered.
C:\WINDOWS\system32\r~299687.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\qy299687.dll
C:\WINDOWS\System32\qy299687.dll NOT unregistered.
C:\WINDOWS\System32\qy299687.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\oy299687.dll
C:\WINDOWS\System32\oy299687.dll NOT unregistered.
C:\WINDOWS\System32\oy299687.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\ny299687.dll
C:\WINDOWS\System32\ny299687.dll NOT unregistered.
C:\WINDOWS\System32\ny299687.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\mv273140.dll
C:\WINDOWS\System32\mv273140.dll NOT unregistered.
C:\WINDOWS\System32\mv273140.dll moved successfully.
File C:\WINDOWS\System32\drivers\osskqn.sys not found.
C:\WINDOWS\tasks\At1.job moved successfully.
File C:\WINDOWS\System32\oy299687.dll not found.
File C:\WINDOWS\System32\nl299687.dll not found.
C:\WINDOWS\System32\oy299687.dl_ moved successfully.
C:\WINDOWS\System32\nl299687.dl_ moved successfully.
File C:\WINDOWS\System32\tf299687.dll not found.
C:\WINDOWS\System32\tf299687.dl_ moved successfully.
File C:\WINDOWS\System32\vq299687.dll not found.
File C:\WINDOWS\System32\vq299687.dl_ not found.
C:\WINDOWS\System32\srv32 moved successfully.
C:\WINDOWS\system32\o~299687.dl_ moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\m.dll
C:\WINDOWS\System32\m.dll NOT unregistered.
C:\WINDOWS\System32\m.dll moved successfully.
File C:\WINDOWS\System32\drivers\400c7ac3.sys not found.
File C:\WINDOWS\System32\uc299687.dl_ not found.
File C:\WINDOWS\System32\2317984074.dat not found.
C:\WINDOWS\System32\py299687.dl_ moved successfully.
C:\WINDOWS\System32\qy299687.dl_ moved successfully.
C:\WINDOWS\System32\ny299687.dl_ moved successfully.
File C:\WINDOWS\System32\ny299687.dll not found.
File C:\WINDOWS\System32\qy299687.dll not found.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\nikhil baveja\Local Settings\Temp\~DFBD6.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.3 log created on 05062009_105215

Files moved on Reboot...
C:\Documents and Settings\nikhil baveja\Local Settings\Temp\~DFBD6.tmp moved successfully.

Registry entries deleted on Reboot...
  • 0

#18
Andy_Hi
Posted 05 May 2009 - 11:36 PM

Andy_Hi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
OTListIt Extras logfile created on: 5/6/2009 11:02:05 AM - Run 3
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\nikhil baveja\My Documents
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

478.42 Mb Total Physical Memory | 194.71 Mb Available Physical Memory | 40.70% Memory free
1.10 Gb Paging File | 0.83 Gb Available in Paging File | 75.33% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 23.34 Gb Free Space | 41.76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NIKHIL_NZ
Current User Name: nikhil baveja
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\WINDOWS\system32\shell32.DLL (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\system32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.DLL (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\system32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger File not found
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:YServer Module (Yahoo! Inc.)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype File not found
%windir%\system32\ccapp.exe:*:Enabled:System Process File not found
C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37E31FCE-A048-4D8C-B167-31891BCF6585}" = muvee autoProducer 3.5 - SE
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{4D6183C0-005C-4B1F-8261-4B0F71F1C4A5}" = Nokia Multimedia Player
"{4ecaf021-478c-40c1-b777-3368a15f9966}" = Macromedia Flash Player
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = Bluetooth by hp
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C569D686-A444-4AF0-A437-15CBB2816E34}" = TIxx21/x515
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.00 C2
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"AccessRunner ADSL" = Conexant AccessRunner USB ADSL WAN Adapter
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Driver
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_3080103C" = SoftV92 Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Conexant PCI Audio" = Conexant AC-Link Audio
"Drastic Promo" = Drastic Promo
"FreeCall_is1" = FreeCall
"HijackThis" = HijackThis 2.0.2
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{4D6183C0-005C-4B1F-8261-4B0F71F1C4A5}" = Nokia Multimedia Player
"InstallShield_{C569D686-A444-4AF0-A437-15CBB2816E34}" = Texas Instruments PCIxx21/x515 drivers.
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.5.3 (Full)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (2.0.0.4)" = Mozilla Firefox (2.0.0.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"QCDrivers" = QuickCam Drivers
"RealPlayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebViewHelperDeinstKey" = WebView Livescope Viewer for PC Ver. 3.60
"Windows Live Safety Scanner" = Windows Live Safety Scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/12/2009 2:59:15 PM | Computer Name = NIKHIL_NZ | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8237.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/12/2009 2:59:26 PM | Computer Name = NIKHIL_NZ | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8237.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/12/2009 2:59:33 PM | Computer Name = NIKHIL_NZ | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8237.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/12/2009 2:59:34 PM | Computer Name = NIKHIL_NZ | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8237.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/16/2009 12:22:58 PM | Computer Name = NIKHIL_NZ | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/16/2009 12:30:49 PM | Computer Name = NIKHIL_NZ | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/16/2009 12:30:53 PM | Computer Name = NIKHIL_NZ | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/23/2009 2:25:07 AM | Computer Name = NIKHIL_NZ | Source = Application Hang | ID = 1002
Description = Hanging application EXCEL.EXE, version 11.0.8237.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/24/2009 7:41:19 AM | Computer Name = NIKHIL_NZ | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8237.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/6/2009 1:30:52 AM | Computer Name = NIKHIL_NZ | Source = Application Error | ID = 1000
Description = Faulting application otlistit2.exe, version 2.0.15.3, faulting module
otlistit2.exe, version 2.0.15.3, fault address 0x001bcc08.

[ System Events ]
Error - 5/6/2009 1:15:38 AM | Computer Name = NIKHIL_NZ | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVG Anti-Spyware Driver

Error - 5/6/2009 1:15:52 AM | Computer Name = NIKHIL_NZ | Source = Service Control Manager | ID = 7000
Description = The MCIDRV_2600_6_0 service failed to start due to the following error:
%%2001

Error - 5/6/2009 1:15:56 AM | Computer Name = NIKHIL_NZ | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {204A683C-5D97-4174-866D-2EDCFCAC9319}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 5/6/2009 1:20:42 AM | Computer Name = NIKHIL_NZ | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 5/6/2009 1:24:41 AM | Computer Name = NIKHIL_NZ | Source = Service Control Manager | ID = 7000
Description = The AVG Anti-Spyware Guard service failed to start due to the following
error: %%2

Error - 5/6/2009 1:24:41 AM | Computer Name = NIKHIL_NZ | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%10047

Error - 5/6/2009 1:24:43 AM | Computer Name = NIKHIL_NZ | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVG Anti-Spyware Driver

Error - 5/6/2009 1:24:44 AM | Computer Name = NIKHIL_NZ | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {204A683C-5D97-4174-866D-2EDCFCAC9319}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 5/6/2009 1:25:18 AM | Computer Name = NIKHIL_NZ | Source = Service Control Manager | ID = 7000
Description = The MCIDRV_2600_6_0 service failed to start due to the following error:
%%2001

Error - 5/6/2009 1:29:46 AM | Computer Name = NIKHIL_NZ | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460


< End of report >
  • 0

#19
Andy_Hi
Posted 05 May 2009 - 11:37 PM

Andy_Hi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
OTListIt logfile created on: 5/6/2009 11:02:05 AM - Run 3
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\nikhil baveja\My Documents
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

478.42 Mb Total Physical Memory | 194.71 Mb Available Physical Memory | 40.70% Memory free
1.10 Gb Paging File | 0.83 Gb Available in Paging File | 75.33% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 23.34 Gb Free Space | 41.76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NIKHIL_NZ
Current User Name: nikhil baveja
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe (Conexant Systems Inc.)
PRC - C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\WinDriveGuard\DriveGuard.exe (Macrosoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\nikhil baveja\My Documents\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (AVG Anti-Spyware Guard [Auto | Stopped]) -- File not found
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (Boonty Games [On_Demand | Stopped]) -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (BOONTY)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqwmi [On_Demand | Stopped]) -- C:\Program Files\HPQ\SHARED\HPQWMI.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (NwSapAgent [Auto | Running]) -- C:\WINDOWS\System32\ipxsap.dll (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (AvgAsCln [System | Running]) -- C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys (GRISOFT, s.r.o.)
DRV - (btaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTDriver [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btport.sys (Broadcom Corporation.)
DRV - (BTKRNL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWDNDIS [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btwdndis.sys (Broadcom Corporation.)
DRV - (btwmodem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btwmodem.sys (Broadcom Corporation.)
DRV - (BTWUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)
DRV - (CA561 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SPCA561.SYS (SP)
DRV - (CAMCAUD [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\camcaud.sys (Conexant Systems Inc.)
DRV - (CAMCHALA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\camchal.sys (Conexant Systems Inc.)
DRV - (cdrbsvsd [System | Running]) -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys (B.H.A Corporation)
DRV - (CnxEtP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\CnxEtP.sys (Conexant)
DRV - (CnxEtU [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\CnxEtU.sys (Conexant)
DRV - (CnxTgN [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\CnxTgN.sys (Conexant Systems Inc.)
DRV - (eabfiltr [System | Running]) -- C:\WINDOWS\system32\drivers\EABFiltr.sys (Hewlett-Packard Company)
DRV - (eabusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\eabusb.sys (Hewlett-Packard Company)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWICH [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (Nokia USB Generic [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia)
DRV - (Nokia USB Modem [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia)
DRV - (Nokia USB Phone Parent [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia)
DRV - (Nokia USB Port [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia)
DRV - (NwlnkIpx [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SMCIRDA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\smcirda.sys (SMC)
DRV - (sonypvs1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sonypvs1.sys (Sony Corporation)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tifm21 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (USB_RNDIS_51 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usb8023.sys (Microsoft Corporation)
DRV - (w29n51 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\w29n51.sys (Intel® Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (MCIDRV_2600_6_0 [Auto | Stopped]) -- C:\WINDOWS\system32\drivers\osskqn.sys ()

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://start.mozilla...en-US:official"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=vendio&p="

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.4\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/02/17 16:10:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.4\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/02/23 13:12:26 | 00,000,000 | ---D | M]

[2008/04/25 14:26:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\mozilla\Firefox\Profiles\1gts8g5m.default\extensions
[2007/04/13 17:48:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\mozilla\Firefox\Profiles\1gts8g5m.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2006/11/07 16:35:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\mozilla\Firefox\Profiles\1gts8g5m.default\extensions\{2A10B180-05EF-11D9-8C50-444553540001}
[2006/12/14 19:37:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\mozilla\Firefox\Profiles\1gts8g5m.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/04/20 17:20:17 | 00,002,441 | ---- | M] () -- C:\Documents and Settings\nikhil baveja\Application Data\Mozilla\FireFox\Profiles\1gts8g5m.default\searchplugins\dealio.xml
[2008/04/25 14:26:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/06/06 09:22:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/05/10 10:24:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/08/07 19:00:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2008/02/13 01:09:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/07 18:49:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2007/06/06 09:22:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2007/06/06 09:22:28 | 00,066,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2007/06/06 09:22:28 | 00,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2007/06/06 09:22:28 | 00,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2007/06/06 09:22:29 | 00,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2007/06/06 09:22:30 | 00,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2006/10/11 13:35:04 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2006/10/11 13:35:04 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2006/10/11 13:35:04 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2006/10/11 13:35:04 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2007/03/11 18:49:07 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2007/12/04 18:12:30 | 00,000,793 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [CnxDslTaskBar] "C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe" (Conexant Systems Inc.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DriveGuard.lnk = C:\Program Files\WinDriveGuard\DriveGuard.exe (Macrosoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: status = present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AOL Instant Messenger ™ - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.burj-al-a.../ipix/ipixx.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1F12B402-E088-430F-B143-BA4B1A943408} http://immail.rediff...eX/rdpunioc.cab (RdPunIocCtrl Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1123052138125 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8CF97DE6-EB52-42A8-8076-FB75B528E0A0} https://www.5paisa.com/lstControl.ocx (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://javadl-esd.su...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{2D4821C9-1C2A-4BEA-AB89-25DAE3E654BC}\\NameServer = 202.56.215.1,202.56.230.6
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (wbsys.dll) - C:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
File not found -- C:\Documents and Settings\nikhil baveja\Desktop\CABIUDNB.
[2009/05/06 10:55:16 | 00,005,077 | ---- | C] () -- C:\WINDOWS\System32\drivers\osskqn.sys
[2009/05/06 10:55:07 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\oy299687.dll
[2009/05/06 10:55:07 | 00,044,686 | -H-- | C] () -- C:\WINDOWS\System32\oy299687.dl_
[2009/05/06 10:52:15 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/06 10:49:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\kg299687.dll
[2009/05/06 10:49:00 | 00,044,686 | -H-- | C] () -- C:\WINDOWS\System32\kg299687.dl_
[2009/05/06 02:14:25 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\nikhil baveja\My Documents\OTListIt2.exe
[2009/05/05 19:40:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikhil baveja\My Documents\avz4
[2009/05/05 19:37:48 | 04,626,422 | ---- | C] () -- C:\Documents and Settings\nikhil baveja\My Documents\avz4.zip
[2009/05/05 18:55:55 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/05/05 18:55:54 | 00,000,000 | ---D | C] -- C:\Program Files\FreeCall.com
[2009/05/05 18:53:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/05/05 18:52:06 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/05 18:51:49 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/05/04 01:47:53 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW(2)
[2009/05/04 01:42:31 | 00,000,000 | ---D | C] -- C:\RECYCLER(2)
[2009/05/04 01:03:27 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW(3)
[2009/05/04 00:57:53 | 00,000,000 | ---D | C] -- C:\ComboFix(2)
[2009/05/02 20:59:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/05/02 20:39:30 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/05/02 20:39:27 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/02 20:39:22 | 00,000,000 | ---D | C] -- C:\cmdcons
[2009/05/02 20:33:28 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/02 20:31:03 | 03,012,576 | ---- | C] () -- C:\Documents and Settings\nikhil baveja\My Documents\ComboFix.exe
[2009/05/02 20:10:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikhil baveja\My Documents\New Folder
[2009/05/02 20:10:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikhil baveja\My Documents\new recipes prep
[2009/05/02 20:10:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikhil baveja\My Documents\colour print
[2009/05/02 20:10:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikhil baveja\My Documents\bwprint
[2009/05/02 20:09:59 | 00,099,328 | ---- | C] () -- C:\Documents and Settings\nikhil baveja\My Documents\419FA100
[2009/05/02 20:09:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikhil baveja\My Documents\Aman
[2009/05/01 22:39:49 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/05/01 22:39:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikhil baveja\Application Data\SUPERAntiSpyware.com
[2009/04/24 17:02:30 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\nikhil baveja\Desktop\print.xls
[2009/04/22 13:09:25 | 00,000,494 | ---- | C] () -- C:\Documents and Settings\nikhil baveja\Desktop\xmas menu.xls.lnk
[2009/04/22 13:09:22 | 00,000,692 | ---- | C] () -- C:\Documents and Settings\nikhil baveja\Desktop\AccessRunner DSL.lnk
[2009/04/17 15:01:14 | 00,000,000 | --SD | C] -- C:\Documents and Settings\nikhil baveja\My Documents\My Data Sources
[2009/04/16 21:14:04 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\nikhil baveja\Desktop\HijackThis.lnk
[2009/04/16 00:27:35 | 00,000,000 | R--D | C] -- C:\Documents and Settings\nikhil baveja\Desktop\Detail Product Specification Guide
[2009/04/16 00:00:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikhil baveja\Desktop\colour print
[2009/04/14 17:00:28 | 00,550,400 | ---- | C] () -- C:\Documents and Settings\nikhil baveja\Desktop\Shelf Lives 2005 - PREP RECIPES.doc
[2009/04/13 00:58:43 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\nikhil baveja\Desktop\HARD ROCK DELHI.doc
[2009/04/07 12:58:49 | 01,976,832 | ---- | C] () -- C:\Documents and Settings\nikhil baveja\Desktop\Turkey Burger.xls
[2009/04/07 12:57:59 | 00,420,352 | ---- | C] () -- C:\Documents and Settings\nikhil baveja\Desktop\Hard Rock House Salad .xls
[2009/02/12 22:22:10 | 00,000,096 | RHS- | C] () -- C:\WINDOWS\System32\setup.ini
[2009/02/11 17:07:01 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/02/11 17:06:58 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/02/11 17:06:58 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/02/11 17:06:56 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/02/11 17:06:55 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/08/14 10:04:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\DietOdin.INI
[2007/02/05 14:32:32 | 00,000,063 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/11/13 02:38:22 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/08 23:25:12 | 00,000,067 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/09/21 08:36:28 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/07/28 19:01:19 | 00,000,110 | ---- | C] () -- C:\WINDOWS\VBuzzerSDK.INI
[2006/06/21 22:24:44 | 00,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2006/04/16 03:56:12 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/04/16 03:56:11 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/04/10 14:53:26 | 00,000,052 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI
[2006/01/16 12:27:02 | 00,000,544 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2005/08/13 03:27:09 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/07/27 05:09:19 | 00,000,203 | ---- | C] () -- C:\WINDOWS\wb.ini
[2005/07/25 06:01:49 | 00,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/07/11 05:08:00 | 00,000,045 | ---- | C] () -- C:\WINDOWS\lifeview.ini
[2005/06/26 17:04:14 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/07 13:07:29 | 00,000,418 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/05/21 14:37:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\RAWImage.INI
[2005/05/21 11:10:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/05/18 06:17:06 | 00,000,040 | ---- | C] () -- C:\WINDOWS\TSC.INI
[2005/05/18 06:00:09 | 00,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/05/14 06:01:39 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/05/04 13:55:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2005/04/30 18:08:38 | 00,000,063 | ---- | C] () -- C:\WINDOWS\PepsiJukebox.INI
[2005/04/29 06:02:44 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2004/12/23 04:28:28 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/11/22 23:57:25 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/11/22 23:57:25 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/11/22 23:57:25 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/11/22 23:57:25 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/11/22 23:57:25 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/11/22 23:57:22 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/11/22 23:41:50 | 00,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/16 18:12:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 18:46:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 18:40:08 | 00,000,881 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 18:28:22 | 00,001,282 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/07 11:17:16 | 00,000,295 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/01/14 00:16:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/03/09 11:01:04 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/14 08:42:10 | 00,000,304 | ---- | C] () -- C:\WINDOWS\dev.ini
[2003/01/07 08:35:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/13 15:31:26 | 00,014,385 | ---- | C] () -- C:\WINDOWS\TW561a.ini
[2002/05/15 15:59:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 10:48:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 06:26:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/07/23 07:16:48 | 00,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 04:23:20 | 00,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== Files - Modified Within 30 Days ==========

[42 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
File not found -- C:\Documents and Settings\nikhil baveja\Desktop\CABIUDNB.
[2009/05/06 11:01:46 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nikhil baveja\My Documents\OTListIt2.exe
[2009/05/06 11:00:21 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\oy299687.dl_
[2009/05/06 10:55:18 | 00,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AccessRunner DSL.lnk
[2009/05/06 10:55:16 | 00,005,077 | ---- | M] () -- C:\WINDOWS\System32\drivers\osskqn.sys
[2009/05/06 10:55:16 | 00,000,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AccessRunner Control Panel.lnk
[2009/05/06 10:55:07 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\oy299687.dll
[2009/05/06 10:54:59 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/06 10:54:28 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\nikhil baveja\Local Settings\desktop.ini
[2009/05/06 10:54:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/06 10:54:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/06 10:49:18 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\kg299687.dll
[2009/05/06 10:49:18 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\kg299687.dl_
[2009/05/06 10:45:33 | 00,000,157 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\autorun.inf
[2009/05/05 19:37:49 | 04,626,422 | ---- | M] () -- C:\Documents and Settings\nikhil baveja\My Documents\avz4.zip
[2009/05/04 01:41:23 | 00,007,680 | -HS- | M] () -- C:\WINDOWS\Thumbs.db
[2009/05/04 01:00:18 | 03,012,576 | ---- | M] () -- C:\Documents and Settings\nikhil baveja\My Documents\ComboFix.exe
[2009/05/02 20:52:30 | 00,000,295 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/02 20:51:42 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/01 22:18:58 | 00,001,282 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/24 20:32:29 | 00,305,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/24 17:02:30 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\nikhil baveja\Desktop\print.xls
[2009/04/22 13:09:25 | 00,000,494 | ---- | M] () -- C:\Documents and Settings\nikhil baveja\Desktop\xmas menu.xls.lnk
[2009/04/22 13:09:22 | 00,000,692 | ---- | M] () -- C:\Documents and Settings\nikhil baveja\Desktop\AccessRunner DSL.lnk
[2009/04/21 20:22:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/20 16:41:42 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\nikhil baveja\Desktop\portion size.xls
[2009/04/19 17:12:18 | 00,099,328 | ---- | M] () -- C:\Documents and Settings\nikhil baveja\My Documents\419FA100
[2009/04/18 19:30:14 | 00,016,384 | ---- | M] () -- C:\Documents and Settings\nikhil baveja\Desktop\Bread Specs to Moshes(1).xls
[2009/04/16 21:14:04 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\nikhil baveja\Desktop\HijackThis.lnk
[2009/04/14 21:42:12 | 00,550,400 | ---- | M] () -- C:\Documents and Settings\nikhil baveja\Desktop\Shelf Lives 2005 - PREP RECIPES.doc
[2009/04/14 14:49:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/13 00:58:44 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\nikhil baveja\Desktop\HARD ROCK DELHI.doc
[2009/04/10 01:08:18 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\nikhil baveja\Desktop\KADAI MASSAL.doc
[2009/04/06 19:33:24 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== LOP Check ==========

[2009/05/06 10:45:33 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/02/19 11:05:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2006/02/19 21:37:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2006/11/13 05:13:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2007/05/09 23:41:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2007/12/01 18:07:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/10/29 16:46:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/02/19 14:34:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2007/12/29 21:54:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOONTY
[2009/02/11 11:53:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2006/11/05 14:39:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Globe7
[2009/03/10 18:52:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2008/02/20 17:41:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2005/11/07 08:51:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hpqwmi
[2008/04/21 00:46:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2009/04/15 23:53:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/04/20 22:22:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2006/02/16 13:58:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2005/11/07 09:00:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2004/11/23 00:01:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/01/20 14:18:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/02/05 00:14:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2005/04/27 13:52:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2004/11/23 15:13:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/02/12 22:19:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/04/26 18:47:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2007/04/21 06:28:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/11/13 02:54:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/01/16 12:19:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2006/12/11 13:51:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/05/05 19:27:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/05/01 22:39:49 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\nikhil baveja\Application Data
[2005/12/02 05:27:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\.BitTornado
[2006/11/13 02:56:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\acccore
[2009/01/24 10:25:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Adobe
[2007/01/22 10:38:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\AdobeUM
[2007/05/09 23:33:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Aim
[2008/10/29 17:20:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Apple Computer
[2008/02/19 09:38:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\AVG7
[2008/04/30 17:27:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\BitZipper
[2009/02/20 10:38:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\cmw
[2009/01/24 10:25:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/11/18 19:32:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\DataLayer
[2008/02/08 13:18:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Dealio
[2006/10/08 17:13:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\eFax Messenger
[2008/01/11 16:09:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\FreeCall
[2008/04/27 06:13:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\GetRightToGo
[2006/10/14 12:22:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Google
[2005/05/03 09:03:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Help
[2005/07/13 04:46:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Hewlett-Packard
[2006/04/10 13:00:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Identities
[2005/05/09 17:40:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\InterVideo
[2006/04/08 18:10:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Lavasoft
[2005/04/29 03:39:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Leadertech
[2005/11/05 16:15:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Macromedia
[2008/04/20 22:22:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Malwarebytes
[2007/11/20 19:05:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Media Player Classic
[2009/04/17 15:01:14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Microsoft
[2007/11/18 10:09:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Mozilla
[2006/05/09 14:46:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\MSNInstaller
[2008/02/05 00:27:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Nokia
[2008/02/05 00:12:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\PC Suite
[2008/04/27 19:03:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Real
[2005/07/11 18:41:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Rediff.com
[2007/11/18 10:10:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\SecondLife
[2007/04/05 22:48:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\SmartDraw
[2004/11/22 23:51:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Sonic
[2004/11/22 23:33:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Sun
[2009/05/01 22:39:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\SUPERAntiSpyware.com
[2008/04/26 18:47:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Symantec
[2005/05/10 05:42:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Template
[2005/11/12 14:23:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\VoipBuster
[2006/11/12 00:12:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\VoipDiscount
[2006/03/19 04:10:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\VoipStunt
[2007/12/30 19:55:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Yahoo!
[2006/01/16 16:15:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Yahoo! Messenger
[2009/04/21 20:22:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/04/14 14:49:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 13:30:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/05/06 10:54:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:83B335C9
< End of report >
  • 0

#20
handhfan
Posted 07 May 2009 - 03:53 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

:Files
C:\WINDOWS\System32\oy299687.dl_
C:\WINDOWS\System32\drivers\osskqn.sys
C:\WINDOWS\System32\oy299687.dll
C:\WINDOWS\System32\kg299687.dll
C:\WINDOWS\System32\kg299687.dl_

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTListIt2 log.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.

Edited by handhfan, 07 May 2009 - 03:53 PM.

  • 0

#21
Andy_Hi
Posted 07 May 2009 - 05:47 PM

Andy_Hi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
========== OTLISTIT ==========
Process explorer.exe killed successfully!
========== FILES ==========
C:\WINDOWS\System32\oy299687.dl_ moved successfully.
C:\WINDOWS\System32\drivers\osskqn.sys moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\oy299687.dll
C:\WINDOWS\System32\oy299687.dll NOT unregistered.
C:\WINDOWS\System32\oy299687.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\kg299687.dll
C:\WINDOWS\System32\kg299687.dll NOT unregistered.
C:\WINDOWS\System32\kg299687.dll moved successfully.
C:\WINDOWS\System32\kg299687.dl_ moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\nikhil baveja\Local Settings\Temp\~DFFED.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.3 log created on 05082009_050445

Files moved on Reboot...
C:\Documents and Settings\nikhil baveja\Local Settings\Temp\~DFFED.tmp moved successfully.

Registry entries deleted on Reboot...
  • 0

#22
handhfan
Posted 07 May 2009 - 06:39 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Don't forget the new OTListIt2.txt log, and the GMER log.
  • 0

#23
Andy_Hi
Posted 07 May 2009 - 08:33 PM

Andy_Hi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-08 08:01:10
Windows 5.1.2600 Service Pack 2


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 42F0F341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 430A187F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 430A1800 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 430A1844 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 430A178C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 430A17C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 430A18BA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 42F316F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)

---- EOF - GMER 1.0.15 ----
  • 0

#24
Andy_Hi
Posted 07 May 2009 - 08:38 PM

Andy_Hi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
OTLISTIT gave only one log after rebooting. GMER log has been posted just now.

Edited by Andy_Hi, 07 May 2009 - 08:39 PM.

  • 0

#25
handhfan
Posted 07 May 2009 - 09:37 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
That is only the startup scan from GMER. I need you to do a full scan as in the directions.

You will need to run OTListIt2 again, and produce a new log, is what I mean. :)
  • 0

Advertisements

#26
Andy_Hi
Posted 08 May 2009 - 12:10 PM

Andy_Hi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Thanks handhfan. I have done 2 detailed scans using GMER. Each scan took 3 hours and i did 2 scans. But in both the cases, GMER is not producing any log automtically. There is a save button and when i press save button, then it saves the log which i have wrote in my earlier post.

I did a second scan and it took 3 hours, so i think thats a detailed scan. I pressed ok button after the scan and then GMER software disappeared without producing any log automatically.
  • 0

#27
Andy_Hi
Posted 08 May 2009 - 12:11 PM

Andy_Hi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
OTListIt logfile created on: 5/8/2009 11:30:29 PM - Run 4
OTListIt2 by OldTimer - Version 2.0.15.4 Folder = C:\Documents and Settings\nikhil baveja\My Documents
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

478.42 Mb Total Physical Memory | 86.77 Mb Available Physical Memory | 18.14% Memory free
1.10 Gb Paging File | 0.81 Gb Available in Paging File | 73.60% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 21.48 Gb Free Space | 38.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NIKHIL_NZ
Current User Name: nikhil baveja
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe (Conexant Systems Inc.)
PRC - C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\WinDriveGuard\DriveGuard.exe (Macrosoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\nikhil baveja\My Documents\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (AVG Anti-Spyware Guard [Auto | Stopped]) -- File not found
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (Boonty Games [On_Demand | Stopped]) -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (BOONTY)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqwmi [On_Demand | Stopped]) -- C:\Program Files\HPQ\SHARED\HPQWMI.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (NwSapAgent [Auto | Running]) -- C:\WINDOWS\System32\ipxsap.dll (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (AvgAsCln [System | Running]) -- C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys (GRISOFT, s.r.o.)
DRV - (btaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTDriver [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btport.sys (Broadcom Corporation.)
DRV - (BTKRNL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWDNDIS [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btwdndis.sys (Broadcom Corporation.)
DRV - (btwmodem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btwmodem.sys (Broadcom Corporation.)
DRV - (BTWUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)
DRV - (CA561 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SPCA561.SYS (SP)
DRV - (CAMCAUD [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\camcaud.sys (Conexant Systems Inc.)
DRV - (CAMCHALA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\camchal.sys (Conexant Systems Inc.)
DRV - (cdrbsvsd [System | Running]) -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys (B.H.A Corporation)
DRV - (CnxEtP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\CnxEtP.sys (Conexant)
DRV - (CnxEtU [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\CnxEtU.sys (Conexant)
DRV - (CnxTgN [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\CnxTgN.sys (Conexant Systems Inc.)
DRV - (eabfiltr [System | Running]) -- C:\WINDOWS\system32\drivers\EABFiltr.sys (Hewlett-Packard Company)
DRV - (eabusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\eabusb.sys (Hewlett-Packard Company)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWICH [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (Nokia USB Generic [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia)
DRV - (Nokia USB Modem [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia)
DRV - (Nokia USB Phone Parent [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia)
DRV - (Nokia USB Port [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia)
DRV - (NwlnkIpx [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SMCIRDA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\smcirda.sys (SMC)
DRV - (sonypvs1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sonypvs1.sys (Sony Corporation)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tifm21 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (USB_RNDIS_51 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usb8023.sys (Microsoft Corporation)
DRV - (w29n51 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\w29n51.sys (Intel® Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (MCIDRV_2600_6_0 [Auto | Stopped]) -- C:\WINDOWS\system32\drivers\osskqn.sys ()

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://start.mozilla...en-US:official"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=vendio&p="

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.4\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/02/17 16:10:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.4\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/02/23 13:12:26 | 00,000,000 | ---D | M]

[2008/04/25 14:26:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\mozilla\Firefox\Profiles\1gts8g5m.default\extensions
[2007/04/13 17:48:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\mozilla\Firefox\Profiles\1gts8g5m.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2006/11/07 16:35:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\mozilla\Firefox\Profiles\1gts8g5m.default\extensions\{2A10B180-05EF-11D9-8C50-444553540001}
[2006/12/14 19:37:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\mozilla\Firefox\Profiles\1gts8g5m.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/04/20 17:20:17 | 00,002,441 | ---- | M] () -- C:\Documents and Settings\nikhil baveja\Application Data\Mozilla\FireFox\Profiles\1gts8g5m.default\searchplugins\dealio.xml
[2008/04/25 14:26:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/06/06 09:22:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/05/10 10:24:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/08/07 19:00:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2008/02/13 01:09:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/07 18:49:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2007/06/06 09:22:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2007/06/06 09:22:28 | 00,066,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2007/06/06 09:22:28 | 00,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2007/06/06 09:22:28 | 00,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2007/06/06 09:22:29 | 00,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2007/06/06 09:22:30 | 00,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2006/10/11 13:35:04 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2006/10/11 13:35:04 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2006/10/11 13:35:04 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2006/10/11 13:35:04 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2007/03/11 18:49:07 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2007/12/04 18:12:30 | 00,000,793 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [CnxDslTaskBar] "C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe" (Conexant Systems Inc.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DriveGuard.lnk = C:\Program Files\WinDriveGuard\DriveGuard.exe (Macrosoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: status = present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AOL Instant Messenger ™ - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.burj-al-a.../ipix/ipixx.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1F12B402-E088-430F-B143-BA4B1A943408} http://immail.rediff...eX/rdpunioc.cab (RdPunIocCtrl Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1123052138125 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8CF97DE6-EB52-42A8-8076-FB75B528E0A0} https://www.5paisa.com/lstControl.ocx (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://javadl-esd.su...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{2D4821C9-1C2A-4BEA-AB89-25DAE3E654BC}\\NameServer = 202.56.215.1,202.56.230.6
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (wbsys.dll) - C:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5c8c8ba7-a0e8-11dc-a50f-00c09f81ac98}\Shell\AutoRun\command - "" = E:\System\DriveGuard\DriveProtect.exe -- File not found
O33 - MountPoints2\{5c8c8ba7-a0e8-11dc-a50f-00c09f81ac98}\Shell\Explore\Command - "" = E:\System\DriveGuard\DriveProtect.exe -- File not found
O33 - MountPoints2\{5c8c8ba7-a0e8-11dc-a50f-00c09f81ac98}\Shell\Open\Command - "" = E:\System\DriveGuard\DriveProtect.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
File not found -- C:\Documents and Settings\nikhil baveja\Desktop\CABIUDNB.
[2009/05/08 05:16:43 | 00,278,221 | ---- | C] () -- C:\Documents and Settings\nikhil baveja\My Documents\gmer.zip
[2009/05/08 05:09:20 | 00,005,077 | ---- | C] () -- C:\WINDOWS\System32\drivers\osskqn.sys
[2009/05/08 05:09:11 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\oy299687.dll
[2009/05/08 05:09:11 | 00,044,686 | -H-- | C] () -- C:\WINDOWS\System32\oy299687.dl_
[2009/05/08 05:01:13 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\qy299687.dll
[2009/05/08 05:01:13 | 00,044,686 | -H-- | C] () -- C:\WINDOWS\System32\qy299687.dl_
[2009/05/06 10:52:15 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/06 02:14:25 | 00,502,272 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\nikhil baveja\My Documents\OTListIt2.exe
[2009/05/05 19:40:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikhil baveja\My Documents\avz4
[2009/05/05 19:37:48 | 04,626,422 | ---- | C] () -- C:\Documents and Settings\nikhil baveja\My Documents\avz4.zip
[2009/05/05 18:55:55 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/05/05 18:55:54 | 00,000,000 | ---D | C] -- C:\Program Files\FreeCall.com
[2009/05/05 18:53:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/05/05 18:52:06 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/05 18:51:49 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/05/04 01:47:53 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW(2)
[2009/05/04 01:42:31 | 00,000,000 | ---D | C] -- C:\RECYCLER(2)
[2009/05/04 01:03:27 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW(3)
[2009/05/04 00:57:53 | 00,000,000 | ---D | C] -- C:\ComboFix(2)
[2009/05/02 20:59:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/05/02 20:39:30 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/05/02 20:39:27 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/02 20:39:22 | 00,000,000 | ---D | C] -- C:\cmdcons
[2009/05/02 20:33:28 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/02 20:31:03 | 03,012,576 | ---- | C] () -- C:\Documents and Settings\nikhil baveja\My Documents\ComboFix.exe
[2009/05/02 20:10:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikhil baveja\My Documents\New Folder
[2009/05/02 20:10:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikhil baveja\My Documents\new recipes prep
[2009/05/02 20:10:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikhil baveja\My Documents\colour print
[2009/05/02 20:10:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikhil baveja\My Documents\bwprint
[2009/05/02 20:09:59 | 00,099,328 | ---- | C] () -- C:\Documents and Settings\nikhil baveja\My Documents\419FA100
[2009/05/02 20:09:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikhil baveja\My Documents\Aman
[2009/05/01 22:39:49 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/05/01 22:39:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikhil baveja\Application Data\SUPERAntiSpyware.com
[2009/04/24 17:02:30 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\nikhil baveja\Desktop\print.xls
[2009/04/22 13:09:25 | 00,000,494 | ---- | C] () -- C:\Documents and Settings\nikhil baveja\Desktop\xmas menu.xls.lnk
[2009/04/22 13:09:22 | 00,000,692 | ---- | C] () -- C:\Documents and Settings\nikhil baveja\Desktop\AccessRunner DSL.lnk
[2009/04/17 15:01:14 | 00,000,000 | --SD | C] -- C:\Documents and Settings\nikhil baveja\My Documents\My Data Sources
[2009/04/16 21:14:04 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\nikhil baveja\Desktop\HijackThis.lnk
[2009/04/16 00:27:35 | 00,000,000 | R--D | C] -- C:\Documents and Settings\nikhil baveja\Desktop\Detail Product Specification Guide
[2009/04/16 00:00:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikhil baveja\Desktop\colour print
[2009/04/14 17:00:28 | 00,550,400 | ---- | C] () -- C:\Documents and Settings\nikhil baveja\Desktop\Shelf Lives 2005 - PREP RECIPES.doc
[2009/04/13 00:58:43 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\nikhil baveja\Desktop\HARD ROCK DELHI.doc
[2009/02/12 22:22:10 | 00,000,096 | RHS- | C] () -- C:\WINDOWS\System32\setup.ini
[2009/02/11 17:07:01 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/02/11 17:06:58 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/02/11 17:06:58 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/02/11 17:06:56 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/02/11 17:06:55 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/08/14 10:04:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\DietOdin.INI
[2007/02/05 14:32:32 | 00,000,063 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/11/13 02:38:22 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/08 23:25:12 | 00,000,067 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/09/21 08:36:28 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/07/28 19:01:19 | 00,000,110 | ---- | C] () -- C:\WINDOWS\VBuzzerSDK.INI
[2006/06/21 22:24:44 | 00,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2006/04/16 03:56:12 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/04/16 03:56:11 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/04/10 14:53:26 | 00,000,052 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI
[2006/01/16 12:27:02 | 00,000,544 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2005/08/13 03:27:09 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/07/27 05:09:19 | 00,000,203 | ---- | C] () -- C:\WINDOWS\wb.ini
[2005/07/25 06:01:49 | 00,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/07/11 05:08:00 | 00,000,045 | ---- | C] () -- C:\WINDOWS\lifeview.ini
[2005/06/26 17:04:14 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/07 13:07:29 | 00,000,418 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/05/21 14:37:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\RAWImage.INI
[2005/05/21 11:10:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/05/18 06:17:06 | 00,000,040 | ---- | C] () -- C:\WINDOWS\TSC.INI
[2005/05/18 06:00:09 | 00,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/05/14 06:01:39 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/05/04 13:55:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2005/04/30 18:08:38 | 00,000,063 | ---- | C] () -- C:\WINDOWS\PepsiJukebox.INI
[2005/04/29 06:02:44 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2004/12/23 04:28:28 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/11/22 23:57:25 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/11/22 23:57:25 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/11/22 23:57:25 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/11/22 23:57:25 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/11/22 23:57:25 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/11/22 23:57:22 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/11/22 23:41:50 | 00,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/16 18:12:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 18:46:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 18:40:08 | 00,000,881 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 18:28:22 | 00,001,282 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/07 11:17:16 | 00,000,295 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/01/14 00:16:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/03/09 11:01:04 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/14 08:42:10 | 00,000,304 | ---- | C] () -- C:\WINDOWS\dev.ini
[2003/01/07 08:35:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/13 15:31:26 | 00,014,385 | ---- | C] () -- C:\WINDOWS\TW561a.ini
[2002/05/15 15:59:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 10:48:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 06:26:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/07/23 07:16:48 | 00,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 04:23:20 | 00,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== Files - Modified Within 30 Days ==========

[42 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
File not found -- C:\Documents and Settings\nikhil baveja\Desktop\CABIUDNB.
[2009/05/08 23:30:20 | 00,502,272 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nikhil baveja\My Documents\OTListIt2.exe
[2009/05/08 23:29:38 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\oy299687.dl_
[2009/05/08 20:31:12 | 00,005,077 | ---- | M] () -- C:\WINDOWS\System32\drivers\osskqn.sys
[2009/05/08 20:28:15 | 00,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AccessRunner DSL.lnk
[2009/05/08 20:28:13 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/08 20:28:00 | 00,000,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AccessRunner Control Panel.lnk
[2009/05/08 20:27:57 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\oy299687.dll
[2009/05/08 20:27:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/08 20:27:55 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\nikhil baveja\Local Settings\desktop.ini
[2009/05/08 20:27:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/08 05:17:20 | 00,278,221 | ---- | M] () -- C:\Documents and Settings\nikhil baveja\My Documents\gmer.zip
[2009/05/08 05:01:29 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\qy299687.dll
[2009/05/08 05:01:29 | 00,044,686 | -H-- | M] () -- C:\WINDOWS\System32\qy299687.dl_
[2009/05/06 10:45:33 | 00,000,157 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\autorun.inf
[2009/05/05 19:37:49 | 04,626,422 | ---- | M] () -- C:\Documents and Settings\nikhil baveja\My Documents\avz4.zip
[2009/05/04 01:41:23 | 00,007,680 | -HS- | M] () -- C:\WINDOWS\Thumbs.db
[2009/05/04 01:00:18 | 03,012,576 | ---- | M] () -- C:\Documents and Settings\nikhil baveja\My Documents\ComboFix.exe
[2009/05/02 20:52:30 | 00,000,295 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/02 20:51:42 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/01 22:18:58 | 00,001,282 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/24 20:32:29 | 00,305,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/24 17:02:30 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\nikhil baveja\Desktop\print.xls
[2009/04/22 13:09:25 | 00,000,494 | ---- | M] () -- C:\Documents and Settings\nikhil baveja\Desktop\xmas menu.xls.lnk
[2009/04/22 13:09:22 | 00,000,692 | ---- | M] () -- C:\Documents and Settings\nikhil baveja\Desktop\AccessRunner DSL.lnk
[2009/04/21 20:22:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/20 16:41:42 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\nikhil baveja\Desktop\portion size.xls
[2009/04/19 17:12:18 | 00,099,328 | ---- | M] () -- C:\Documents and Settings\nikhil baveja\My Documents\419FA100
[2009/04/18 19:30:14 | 00,016,384 | ---- | M] () -- C:\Documents and Settings\nikhil baveja\Desktop\Bread Specs to Moshes(1).xls
[2009/04/16 21:14:04 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\nikhil baveja\Desktop\HijackThis.lnk
[2009/04/14 21:42:12 | 00,550,400 | ---- | M] () -- C:\Documents and Settings\nikhil baveja\Desktop\Shelf Lives 2005 - PREP RECIPES.doc
[2009/04/14 14:49:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/13 00:58:44 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\nikhil baveja\Desktop\HARD ROCK DELHI.doc
[2009/04/10 01:08:18 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\nikhil baveja\Desktop\KADAI MASSAL.doc

========== LOP Check ==========

[2009/05/06 10:45:33 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/02/19 11:05:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2006/02/19 21:37:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2006/11/13 05:13:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2007/05/09 23:41:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2007/12/01 18:07:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/10/29 16:46:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/02/19 14:34:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2007/12/29 21:54:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOONTY
[2009/02/11 11:53:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2006/11/05 14:39:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Globe7
[2009/03/10 18:52:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2008/02/20 17:41:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2005/11/07 08:51:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hpqwmi
[2008/04/21 00:46:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2009/04/15 23:53:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/04/20 22:22:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2006/02/16 13:58:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2005/11/07 09:00:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2004/11/23 00:01:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/01/20 14:18:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/02/05 00:14:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2005/04/27 13:52:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2004/11/23 15:13:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/02/12 22:19:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/04/26 18:47:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2007/04/21 06:28:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/11/13 02:54:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/01/16 12:19:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2006/12/11 13:51:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/05/05 19:27:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/05/01 22:39:49 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\nikhil baveja\Application Data
[2005/12/02 05:27:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\.BitTornado
[2006/11/13 02:56:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\acccore
[2009/01/24 10:25:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Adobe
[2007/01/22 10:38:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\AdobeUM
[2007/05/09 23:33:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Aim
[2008/10/29 17:20:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Apple Computer
[2008/02/19 09:38:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\AVG7
[2008/04/30 17:27:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\BitZipper
[2009/02/20 10:38:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\cmw
[2009/01/24 10:25:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/11/18 19:32:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\DataLayer
[2008/02/08 13:18:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Dealio
[2006/10/08 17:13:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\eFax Messenger
[2008/01/11 16:09:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\FreeCall
[2008/04/27 06:13:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\GetRightToGo
[2006/10/14 12:22:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Google
[2005/05/03 09:03:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Help
[2005/07/13 04:46:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Hewlett-Packard
[2006/04/10 13:00:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Identities
[2005/05/09 17:40:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\InterVideo
[2006/04/08 18:10:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Lavasoft
[2005/04/29 03:39:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Leadertech
[2005/11/05 16:15:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Macromedia
[2008/04/20 22:22:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Malwarebytes
[2007/11/20 19:05:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Media Player Classic
[2009/04/17 15:01:14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Microsoft
[2007/11/18 10:09:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Mozilla
[2006/05/09 14:46:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\MSNInstaller
[2008/02/05 00:27:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Nokia
[2008/02/05 00:12:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\PC Suite
[2008/04/27 19:03:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Real
[2005/07/11 18:41:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Rediff.com
[2007/11/18 10:10:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\SecondLife
[2007/04/05 22:48:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\SmartDraw
[2004/11/22 23:51:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Sonic
[2004/11/22 23:33:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Sun
[2009/05/01 22:39:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\SUPERAntiSpyware.com
[2008/04/26 18:47:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Symantec
[2005/05/10 05:42:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Template
[2005/11/12 14:23:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\VoipBuster
[2006/11/12 00:12:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\VoipDiscount
[2006/03/19 04:10:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\VoipStunt
[2007/12/30 19:55:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Yahoo!
[2006/01/16 16:15:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikhil baveja\Application Data\Yahoo! Messenger
[2009/04/21 20:22:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/04/14 14:49:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 13:30:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/05/08 20:27:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:83B335C9
< End of report >
  • 0

#28
Andy_Hi
Posted 08 May 2009 - 12:12 PM

Andy_Hi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
OTListIt Extras logfile created on: 5/8/2009 11:30:29 PM - Run 4
OTListIt2 by OldTimer - Version 2.0.15.4 Folder = C:\Documents and Settings\nikhil baveja\My Documents
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

478.42 Mb Total Physical Memory | 86.77 Mb Available Physical Memory | 18.14% Memory free
1.10 Gb Paging File | 0.81 Gb Available in Paging File | 73.60% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 21.48 Gb Free Space | 38.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NIKHIL_NZ
Current User Name: nikhil baveja
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\WINDOWS\system32\shell32.DLL (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\system32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.DLL (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\system32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger File not found
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:YServer Module (Yahoo! Inc.)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype File not found
%windir%\system32\ccapp.exe:*:Enabled:System Process File not found
C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37E31FCE-A048-4D8C-B167-31891BCF6585}" = muvee autoProducer 3.5 - SE
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{4D6183C0-005C-4B1F-8261-4B0F71F1C4A5}" = Nokia Multimedia Player
"{4ecaf021-478c-40c1-b777-3368a15f9966}" = Macromedia Flash Player
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = Bluetooth by hp
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C569D686-A444-4AF0-A437-15CBB2816E34}" = TIxx21/x515
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.00 C2
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"AccessRunner ADSL" = Conexant AccessRunner USB ADSL WAN Adapter
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Driver
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_3080103C" = SoftV92 Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Conexant PCI Audio" = Conexant AC-Link Audio
"Drastic Promo" = Drastic Promo
"FreeCall_is1" = FreeCall
"HijackThis" = HijackThis 2.0.2
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{4D6183C0-005C-4B1F-8261-4B0F71F1C4A5}" = Nokia Multimedia Player
"InstallShield_{C569D686-A444-4AF0-A437-15CBB2816E34}" = Texas Instruments PCIxx21/x515 drivers.
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.5.3 (Full)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (2.0.0.4)" = Mozilla Firefox (2.0.0.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"QCDrivers" = QuickCam Drivers
"RealPlayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebViewHelperDeinstKey" = WebView Livescope Viewer for PC Ver. 3.60
"Windows Live Safety Scanner" = Windows Live Safety Scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/16/2009 12:30:49 PM | Computer Name = NIKHIL_NZ | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/16/2009 12:30:53 PM | Computer Name = NIKHIL_NZ | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/23/2009 2:25:07 AM | Computer Name = NIKHIL_NZ | Source = Application Hang | ID = 1002
Description = Hanging application EXCEL.EXE, version 11.0.8237.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/24/2009 7:41:19 AM | Computer Name = NIKHIL_NZ | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8237.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/6/2009 1:30:52 AM | Computer Name = NIKHIL_NZ | Source = Application Error | ID = 1000
Description = Faulting application otlistit2.exe, version 2.0.15.3, faulting module
otlistit2.exe, version 2.0.15.3, fault address 0x001bcc08.

Error - 5/6/2009 1:31:08 AM | Computer Name = NIKHIL_NZ | Source = Application Error | ID = 1000
Description = Faulting application otlistit2.exe, version 2.0.15.3, faulting module
otlistit2.exe, version 2.0.15.3, fault address 0x001bcc08.

Error - 5/7/2009 7:30:44 PM | Computer Name = NIKHIL_NZ | Source = Application Error | ID = 1000
Description = Faulting application otlistit2.exe, version 2.0.15.3, faulting module
otlistit2.exe, version 2.0.15.3, fault address 0x001bd1bf.

Error - 5/7/2009 7:30:56 PM | Computer Name = NIKHIL_NZ | Source = Application Error | ID = 1000
Description = Faulting application otlistit2.exe, version 2.0.15.3, faulting module
otlistit2.exe, version 2.0.15.3, fault address 0x001bd1bf.

Error - 5/8/2009 1:51:47 PM | Computer Name = NIKHIL_NZ | Source = Application Error | ID = 1000
Description = Faulting application otlistit2.exe, version 2.0.15.3, faulting module
otlistit2.exe, version 2.0.15.3, fault address 0x001bcc07.

Error - 5/8/2009 1:59:45 PM | Computer Name = NIKHIL_NZ | Source = Application Error | ID = 1000
Description = Faulting application otlistit2.exe, version 2.0.15.3, faulting module
otlistit2.exe, version 2.0.15.3, fault address 0x001bcc07.

[ System Events ]
Error - 5/7/2009 7:45:13 PM | Computer Name = NIKHIL_NZ | Source = Service Control Manager | ID = 7000
Description = The MCIDRV_2600_6_0 service failed to start due to the following error:
%%2001

Error - 5/7/2009 8:52:14 PM | Computer Name = NIKHIL_NZ | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {204A683C-5D97-4174-866D-2EDCFCAC9319}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 5/8/2009 10:58:08 AM | Computer Name = NIKHIL_NZ | Source = Service Control Manager | ID = 7000
Description = The AVG Anti-Spyware Guard service failed to start due to the following
error: %%2

Error - 5/8/2009 10:58:08 AM | Computer Name = NIKHIL_NZ | Source = Service Control Manager | ID = 7000
Description = The MCIDRV_2600_6_0 service failed to start due to the following error:
%%2001

Error - 5/8/2009 10:58:08 AM | Computer Name = NIKHIL_NZ | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%10047

Error - 5/8/2009 10:58:09 AM | Computer Name = NIKHIL_NZ | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVG Anti-Spyware Driver

Error - 5/8/2009 10:58:12 AM | Computer Name = NIKHIL_NZ | Source = Service Control Manager | ID = 7000
Description = The MCIDRV_2600_6_0 service failed to start due to the following error:
%%2001

Error - 5/8/2009 10:58:15 AM | Computer Name = NIKHIL_NZ | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {204A683C-5D97-4174-866D-2EDCFCAC9319}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 5/8/2009 11:01:13 AM | Computer Name = NIKHIL_NZ | Source = Service Control Manager | ID = 7000
Description = The MCIDRV_2600_6_0 service failed to start due to the following error:
%%2001

Error - 5/8/2009 11:03:10 AM | Computer Name = NIKHIL_NZ | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460


< End of report >
  • 0

#29
Andy_Hi
Posted 11 May 2009 - 02:10 AM

Andy_Hi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
hi handhfan,

Is it over or did i missed in replying properly to your instructions?

I think i still have viruses in PC...please guide.
  • 0

#30
handhfan
Posted 11 May 2009 - 10:55 AM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Sorry, I had a busy weekend. :)

Download RootRepeal.zip and unzip it to your Desktop.
  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP