Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Trojan infection [Solved]

Started by Transcriptionist , Mar 10 2010 10:29 PM

This topic is locked

#1
Transcriptionist

Posted 10 March 2010 - 10:29 PM

Member

Member
102 posts

When I run my antivirus software, I get a warning that my system has been infected by TR/Agent.BYD.

Kindly let me know how to remove this Trojan from my system.

Thanks in advance.

#2
NeonFx

Posted 11 March 2010 - 01:35 AM

Malware Removal Dude

Expert
3,798 posts

Hello there

My name is NeonFx. I'll be glad to help you with your computer problems. Logs can take some time to research, so please be patient with me.

Please note the following:

The fixes are specific to your problem and should only be used on this machine.
Please continue to review my answers until I tell you your machine appears to be clean. Absence of symptoms does not necessarily mean that the system is completely clean.
It's often worth reading through these instructions and printing them for ease of reference. I may ask you to boot into Safe Mode where you will be unable to follow my instructions online.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

Step 1

Download OTS to your Desktop

Close ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program.
Check the box that says Scan All Users
Under Basic Scans please change the radio button under Registry from Safe List to All.
Under Additional Scans check the following:
- Reg - Desktop Components
- Reg - Disabled MS Config Items
- Reg - NetSvcs
- Reg - Shell Spawning
- Reg - Uninstall List
- File - Lop Check
- File - Purity Scan
- Evnt - EvtViewer (last 10)
Please paste the contents of the following codebox into the Custom Scans box at the bottom

%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
nvatabus.sys
si3112.sys
viadsk.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post. To do so click on the blue "Add Reply" button and click on the "Browse.." button under "Manage Current Attachments"

To ensure that I get all the information this log will need to be attached. If it is too large to attach then upload it to Dropio and post the sharing link/url (The Drop's URL will be similar to : http:://drop.io/daerk)

Step 2

Posted Image

GMER Rootkit Scanner
Please download GMER from one of the following locations and save it to your desktop:

Main Mirror
This version will download a randomly named file (Recommended)
Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

Disconnect from the Internet and close all running programs. Make sure you disable your security programs as well, as they may interfere with the program.
Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Exit GMER and re-enable your security programs when done.

#3
Transcriptionist

Posted 11 March 2010 - 09:21 PM

Member

Topic Starter
Member
102 posts

Thank you very much for your prompt reply. I shall follow all the steps that you have enumerated and get back with the results.

Again, thanks for your valuable time and effort.

#4
Transcriptionist

Posted 12 March 2010 - 08:28 AM

Member

Topic Starter
Member
102 posts

This is the OTS.txt log

OTS logfile created on: 3/12/2010 9:16:45 AM - Run 2
OTS by OldTimer - Version 3.1.26.0	 Folder = C:\Documents and Settings\Prahlad\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 6.89 Gb Free Space | 17.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 39.06 Gb Total Space | 16.75 Gb Free Space | 42.89% Space Free | Partition Type: NTFS
Drive F: | 39.06 Gb Total Space | 38.51 Gb Free Space | 98.58% Space Free | Partition Type: NTFS
Drive G: | 36.20 Gb Total Space | 6.43 Gb Free Space | 17.77% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PRAHLAD
Current User Name: Prahlad
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - All]
ots.exe -> C:\Documents and Settings\Prahlad\Desktop\OTS.exe -> [2010/03/11 22:25:45 | 000,636,928 | ---- | M] (OldTimer Tools)
googlecrashhandler.exe -> C:\Documents and Settings\Prahlad\Local Settings\Application Data\Google\Update\1.2.183.17\GoogleCrashHandler.exe -> [2010/02/25 13:58:29 | 000,135,664 | ---- | M] (Google Inc.)
jusched.exe -> C:\Program Files\Common Files\Java\Java Update\jusched.exe -> [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.)
applicationupdater.exe -> C:\Program Files\Application Updater\ApplicationUpdater.exe -> [2010/01/08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.)
mcsacore.exe -> C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -> [2009/12/23 15:57:18 | 000,093,320 | ---- | M] (McAfee, Inc.)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.)
avguard.exe -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/08/05 08:07:21 | 000,185,089 | ---- | M] (Avira GmbH)
ssscheduler.exe -> C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe -> [2009/07/27 19:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.)
saservice.exe -> C:\Program Files\SiteAdvisor\6253\SAService.exe -> [2009/07/13 06:20:42 | 000,345,376 | ---- | M] ()
sched.exe -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 06:18:22 | 000,108,289 | ---- | M] (Avira GmbH)
avgnt.exe -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe -> [2009/03/02 02:38:47 | 000,209,153 | ---- | M] (Avira GmbH)
services.exe -> C:\WINDOWS\system32\services.exe -> [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation)
j2gdllcmd.exe -> C:\Program Files\j2 Messenger 4.4\J2GDllCmd.exe -> [2008/10/07 16:53:53 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.)
winlogon.exe -> C:\WINDOWS\system32\winlogon.exe -> [2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation)
spoolsv.exe -> C:\WINDOWS\system32\spoolsv.exe -> [2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation)
smss.exe -> C:\WINDOWS\system32\smss.exe -> [2008/04/13 19:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation)
svchost.exe -> C:\WINDOWS\system32\svchost.exe  [RPCSS] -> [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\rpcss.dll [RpcSs] -> [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation)
svchost.exe -> C:\WINDOWS\system32\svchost.exe  [NETWORKSERVICE] -> [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\dnsrslvr.dll [Dnscache] -> [2008/04/13 19:11:52 | 000,045,568 | ---- | M] (Microsoft Corporation)
svchost.exe -> C:\WINDOWS\system32\svchost.exe  [NETSVCS] -> [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\6to4svc.dll [6to4] -> [2008/04/13 19:11:48 | 000,100,352 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\appmgmts.dll [AppMgmt] -> [2008/04/13 19:11:49 | 000,167,936 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\audiosrv.dll [AudioSrv] -> [2008/04/13 19:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\qmgr.dll [BITS] -> [2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\browser.dll [Browser] -> [2008/04/13 19:11:50 | 000,077,824 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\cryptsvc.dll [CryptSvc] -> [2008/04/13 19:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\dhcpcsvc.dll [Dhcp] -> [2008/04/13 19:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\dmserver.dll [dmserver] -> [2008/04/13 19:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.)
-> C:\WINDOWS\system32\ersvc.dll [ERSvc] -> [2008/04/13 19:11:53 | 000,023,040 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\es.dll [EventSystem] -> [2008/07/07 15:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\shsvcs.dll [FastUserSwitchingCompatibility] -> [2008/04/13 19:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll [helpsvc] -> [2008/04/13 19:12:02 | 000,038,400 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\hidserv.dll [HidServ] -> [2008/04/13 19:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\kmsvc.dll [hkmsvc] -> [2008/04/13 19:11:56 | 000,061,440 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\srvsvc.dll [lanmanserver] -> [2008/04/13 19:12:07 | 000,096,768 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\wkssvc.dll [lanmanworkstation] -> [2009/06/10 01:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\msgsvc.dll [Messenger] -> [2008/04/13 19:11:59 | 000,033,792 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\qagentrt.dll [napagent] -> [2008/04/13 19:12:03 | 000,291,328 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\netman.dll [Netman] -> [2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\mswsock.dll [Nla] -> [2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\ntmssvc.dll [NtmsSvc] -> [2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\nwwks.dll [NWCWorkstation] -> [2008/04/13 19:12:02 | 000,065,536 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\rasauto.dll [RasAuto] -> [2008/04/13 19:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\rasmans.dll [RasMan] -> [2008/04/13 19:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\mprdim.dll [RemoteAccess] -> [2008/04/13 19:11:57 | 000,053,248 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\schedsvc.dll [Schedule] -> [2008/04/13 19:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\seclogon.dll [seclogon] -> [2008/04/13 19:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\sens.dll [SENS] -> [2008/04/13 19:12:05 | 000,039,424 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\ipnathlp.dll [SharedAccess] -> [2008/04/13 19:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\shsvcs.dll [ShellHWDetection] -> [2008/04/13 19:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\srsvc.dll [srservice] -> [2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\tapisrv.dll [TapiSrv] -> [2008/04/13 19:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\shsvcs.dll [Themes] -> [2008/04/13 19:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\trkwks.dll [TrkWks] -> [2008/04/13 19:12:07 | 000,090,112 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\w32time.dll [W32Time] -> [2008/04/13 19:12:08 | 000,175,104 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\wbem\wmisvc.dll [winmgmt] -> [2008/04/13 19:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\mspmsnsv.dll [WmdmPmSN] -> [2006/10/18 11:17:16 | 000,027,136 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\advapi32.dll [Wmi] -> [2009/02/09 07:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\wscsvc.dll [wscsvc] -> [2008/04/13 19:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\wuauserv.dll [wuauserv] -> [2008/04/13 19:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\wzcsvc.dll [WZCSVC] -> [2008/04/13 19:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\xmlprov.dll [xmlprov] -> [2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation)
svchost.exe -> C:\WINDOWS\system32\svchost.exe  [LOCALSERVICE] -> [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\alrsvc.dll [Alerter] -> [2008/04/13 19:11:49 | 000,017,408 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\lmhsvc.dll [LmHosts] -> [2008/04/13 19:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\regsvc.dll [RemoteRegistry] -> [2008/04/13 19:12:04 | 000,059,904 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\ssdpsrv.dll [SSDPSRV] -> [2008/04/13 19:12:07 | 000,071,680 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\upnphost.dll [upnphost] -> [2008/04/13 19:12:08 | 000,185,856 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\webclnt.dll [WebClient] -> [2008/04/13 19:12:08 | 000,068,096 | ---- | M] (Microsoft Corporation)
svchost.exe -> C:\WINDOWS\system32\svchost.exe  [LOCALSERVICE] -> [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\alrsvc.dll [Alerter] -> [2008/04/13 19:11:49 | 000,017,408 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\lmhsvc.dll [LmHosts] -> [2008/04/13 19:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\regsvc.dll [RemoteRegistry] -> [2008/04/13 19:12:04 | 000,059,904 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\ssdpsrv.dll [SSDPSRV] -> [2008/04/13 19:12:07 | 000,071,680 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\upnphost.dll [upnphost] -> [2008/04/13 19:12:08 | 000,185,856 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\webclnt.dll [WebClient] -> [2008/04/13 19:12:08 | 000,068,096 | ---- | M] (Microsoft Corporation)
svchost.exe -> C:\WINDOWS\system32\svchost.exe  [DCOMLAUNCH] -> [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\rpcss.dll [DcomLaunch] -> [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation)
-> C:\WINDOWS\system32\termsrv.dll [TermService] -> [2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation)
notepad.exe -> C:\WINDOWS\system32\notepad.exe -> [2008/04/13 19:12:29 | 000,069,120 | ---- | M] (Microsoft Corporation)
lsass.exe -> C:\WINDOWS\system32\lsass.exe -> [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
ctfmon.exe -> C:\WINDOWS\system32\ctfmon.exe -> [2008/04/13 19:12:16 | 000,015,360 | ---- | M] (Microsoft Corporation)
csrss.exe -> C:\WINDOWS\system32\csrss.exe -> [2008/04/13 19:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation)
sgmain.exe -> C:\Program Files\SpywareGuard\sgmain.exe -> [2003/08/29 18:05:35 | 000,360,448 | ---- | M] ()
 
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Prahlad\Desktop\OTS.exe -> [2010/03/11 22:25:45 | 000,636,928 | ---- | M] (OldTimer Tools)
 
[Win32 Services - Safe List]
(MDM) Machine Debug Manager [Auto | Stopped] ->  -> File not found
(Application Updater) Application Updater [Auto | Running] -> C:\Program Files\Application Updater\ApplicationUpdater.exe -> [2010/01/08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.)
(McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Auto | Running] -> C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -> [2009/12/23 15:57:18 | 000,093,320 | ---- | M] (McAfee, Inc.)
(AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/08/05 08:07:21 | 000,185,089 | ---- | M] (Avira GmbH)
(SiteAdvisor Service) SiteAdvisor Service [Auto | Running] -> C:\Program Files\SiteAdvisor\6253\SAService.exe -> [2009/07/13 06:20:42 | 000,345,376 | ---- | M] ()
(LWWLicenseService) LWWLicenseService [On_Demand | Stopped] -> C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe -> [2009/07/10 03:31:01 | 000,072,704 | ---- | M] (WoltersKluwerLWW)
(AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 06:18:22 | 000,108,289 | ---- | M] (Avira GmbH)
 
[Driver Services - Safe List]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -> [2010/02/21 22:53:04 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2010/02/21 22:53:03 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -> [2010/02/21 22:53:03 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(avgntflt) avgntflt [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\avgntflt.sys -> [2009/12/07 22:03:53 | 000,056,816 | ---- | M] (Avira GmbH)
(ssmdrv) ssmdrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ssmdrv.sys -> [2009/05/10 23:42:24 | 000,028,520 | ---- | M] (Avira GmbH)
(avipbb) avipbb [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avipbb.sys -> [2009/03/30 00:03:07 | 000,096,104 | ---- | M] (Avira GmbH)
(avgio) avgio [Kernel | System | Running] -> C:\Program Files\Avira\AntiVir Desktop\avgio.sys -> [2009/02/13 02:05:05 | 000,011,608 | ---- | M] (Avira GmbH)
(hwdatacard) Huawei DataCard USB Modem and USB Serial [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ewusbmdm.sys -> [2008/07/24 11:02:36 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.)
(Tcpip6) Microsoft IPv6 Protocol Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\tcpip6.sys -> [2008/06/20 06:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation)
(NwlnkIpx) NWLink IPX/SPX/NetBIOS Compatible Transport Protocol [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\nwlnkipx.sys -> [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20071011.001\SymIDSCo.sys -> [2007/10/02 12:25:42 | 000,158,064 | ---- | M] (Symantec Corporation)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.sys -> [2007/07/09 23:26:00 | 004,449,280 | R--- | M] (Realtek Semiconductor Corp.)
(ialm) ialm [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\igxpmp32.sys -> [2007/04/16 03:46:26 | 005,760,096 | ---- | M] (Intel Corporation)
(RTLE8023xp) Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Rtenicxp.sys -> [2007/02/06 14:13:26 | 000,090,880 | R--- | M] (Realtek Semiconductor Corporation						   )
(CVirtA) Cisco Systems VPN Adapter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\CVirtA.sys -> [2005/05/16 18:21:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.)
(NwlnkNb) NWLink NetBIOS [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\nwlnknb.sys -> [2004/08/04 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation)
(NwlnkSpx) NWLink SPX/SPXII Protocol [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\nwlnkspx.sys -> [2004/08/04 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
HKEY_USERS\.DEFAULT\: "AutoConfigURL" -> file://C:\PROGRA~1\SPEEDB~1\proxy.pac -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
HKEY_USERS\S-1-5-18\: "AutoConfigURL" -> file://C:\PROGRA~1\SPEEDB~1\proxy.pac -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-606747145-1644491937-725345543-1003\] > -> -> 
HKEY_USERS\S-1-5-21-606747145-1644491937-725345543-1003\: Main\\"SearchMigratedDefaultName" -> Google -> 
HKEY_USERS\S-1-5-21-606747145-1644491937-725345543-1003\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 -> 
HKEY_USERS\S-1-5-21-606747145-1644491937-725345543-1003\: Main\\"Start Page" -> http://www.google.com/ -> 
HKEY_USERS\S-1-5-21-606747145-1644491937-725345543-1003\: SearchURL\\"" -> http://www.google.com/search?q=%s -> 
HKEY_USERS\S-1-5-21-606747145-1644491937-725345543-1003\: URLSearchHooks\\"*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_USERS\S-1-5-21-606747145-1644491937-725345543-1003\: URLSearchHooks\\"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2009/12/23 15:59:04 | 000,251,416 | ---- | M] (McAfee, Inc.)
HKEY_USERS\S-1-5-21-606747145-1644491937-725345543-1003\: URLSearchHooks\\"{E312764E-7706-43F1-8DAB-FCDD2B1E416D}" [HKLM] -> C:\Program Files\Search Settings\SearchSettings.dll [SearchSettings Class] -> [2010/01/08 01:27:40 | 001,109,504 | ---- | M] (Spigot, Inc.)
HKEY_USERS\S-1-5-21-606747145-1644491937-725345543-1003\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Prahlad\Application Data\Mozilla\FireFox\Profiles\jd9sjcd5.default\prefs.js -> 
browser.search.defaultenginename -> "Google" ->
browser.search.param.yahoo-fr -> "chr-greentree_ff&type=616163" ->
browser.search.selectedEngine -> "Google" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://www.google.com" ->
extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 ->
extensions.enabledItems -> {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.5.46 ->
extensions.enabledItems -> [email protected]:1.0 ->
extensions.enabledItems -> {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1 ->
extensions.enabledItems -> {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.50 ->
extensions.enabledItems -> {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.2 ->
extensions.enabledItems -> [email protected]:1.2.3 ->
extensions.enabledItems -> {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028 ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\Prahlad\Application Data\Mozilla\FireFox\Profiles\jd9sjcd5.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\avg@igeared -> C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED -> 
HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} -> C:\Program Files\McAfee\SiteAdvisor [C:\PROGRAM FILES\MCAFEE\SITEADVISOR] -> [2010/02/22 12:32:28 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/02/19 05:34:15 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/02/19 05:34:14 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\Prahlad\Application Data\Mozilla\Extensions -> [2008/08/18 00:10:10 | 000,000,000 | ---D | M]
No name found   -> C:\Documents and Settings\Prahlad\Application Data\Mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241} -> [2008/08/18 00:10:10 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Prahlad\Application Data\Mozilla\Firefox\Profiles\izyp08fw.PinkyJini\extensions -> [2008/09/29 05:36:58 | 000,000,000 | ---D | M]
FoxClocks   -> C:\Documents and Settings\Prahlad\Application Data\Mozilla\Firefox\Profiles\izyp08fw.PinkyJini\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} -> [2008/09/29 05:36:55 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Prahlad\Application Data\Mozilla\Firefox\Profiles\jd9sjcd5.default\extensions -> [2010/03/11 21:32:30 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant   -> C:\Documents and Settings\Prahlad\Application Data\Mozilla\Firefox\Profiles\jd9sjcd5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/07/13 03:32:49 | 000,000,000 | ---D | M]
NoScript   -> C:\Documents and Settings\Prahlad\Application Data\Mozilla\Firefox\Profiles\jd9sjcd5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} -> [2010/02/28 07:47:39 | 000,000,000 | ---D | M]
ReloadEvery   -> C:\Documents and Settings\Prahlad\Application Data\Mozilla\Firefox\Profiles\jd9sjcd5.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} -> [2009/12/15 08:49:19 | 000,000,000 | ---D | M]
WOT   -> C:\Documents and Settings\Prahlad\Application Data\Mozilla\Firefox\Profiles\jd9sjcd5.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} -> [2009/11/07 22:04:43 | 000,000,000 | ---D | M]
Adblock Plus   -> C:\Documents and Settings\Prahlad\Application Data\Mozilla\Firefox\Profiles\jd9sjcd5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2010/01/07 05:27:35 | 000,000,000 | ---D | M]
FoxClocks   -> C:\Documents and Settings\Prahlad\Application Data\Mozilla\Firefox\Profiles\jd9sjcd5.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} -> [2010/02/05 12:04:29 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > -> 
 omnimedicalsearch.xml -> C:\Documents and Settings\Prahlad\Application Data\Mozilla\Firefox\Profiles\jd9sjcd5.default\searchplugins\omnimedicalsearch.xml -> [2008/08/28 07:30:26 | 000,002,078 | ---- | M] ()
 scour---search-socially.xml -> C:\Documents and Settings\Prahlad\Application Data\Mozilla\Firefox\Profiles\jd9sjcd5.default\searchplugins\scour---search-socially.xml -> [2009/05/12 22:18:21 | 000,004,431 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2010/03/11 21:32:30 | 000,000,000 | ---D | M]
< HOSTS File > ([2009/09/02 02:23:28 | 000,614,098 | ---- | M] - 16470 lines) -> C:\WINDOWS\system32\drivers\etc\HOSTS -> 
First 25 entries...
Reset Hosts
127.0.0.1  localhost
127.0.0.1  fr.a2dfp.net
127.0.0.1  m.fr.a2dfp.net
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1  www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1  phpadsnew.abac.com
127.0.0.1  a.abnad.net
127.0.0.1  b.abnad.net
127.0.0.1  c.abnad.net #[eTrust.Tracking.Cookie]
127.0.0.1  d.abnad.net
127.0.0.1  e.abnad.net
127.0.0.1  t.abnad.net
127.0.0.1  z.abnad.net
127.0.0.1  banners.absolpublisher.com
127.0.0.1  tracking.absolstats.com
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  track.acclaimnetwork.com
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
127.0.0.1  gtb5.acecounter.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2009/12/23 15:59:04 | 000,251,416 | ---- | M] (McAfee, Inc.)
{E312764E-7706-43F1-8DAB-FCDD2B1E416D} [HKLM] -> C:\Program Files\Search Settings\SearchSettings.dll [SearchSettings Class] -> [2010/01/08 01:27:40 | 001,109,504 | ---- | M] (Spigot, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2009/12/23 15:59:04 | 000,251,416 | ---- | M] (McAfee, Inc.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-606747145-1644491937-725345543-1003\] > -> HKEY_USERS\S-1-5-21-606747145-1644491937-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"avgnt" -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2009/03/02 02:38:47 | 000,209,153 | ---- | M] (Avira GmbH)
"SearchSettings" -> C:\Program Files\Search Settings\SearchSettings.exe [C:\Program Files\Search Settings\SearchSettings.exe] -> [2010/01/08 01:36:58 | 000,974,848 | ---- | M] (Spigot, Inc.)
< Run [HKEY_USERS\S-1-5-21-606747145-1644491937-725345543-1003\] > -> HKEY_USERS\S-1-5-21-606747145-1644491937-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"j2 4.4" -> C:\Program Files\j2 Messenger 4.4\J2GDllCmd.exe ["C:\Program Files\j2 Messenger 4.4\J2GDllCmd.exe" /R] -> [2008/10/07 16:53:53 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.)
"SUPERAntiSpyware" -> C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2010/02/21 22:53:04 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk -> C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe -> [2009/07/27 19:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.)
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Prahlad Startup Folder > -> C:\Documents and Settings\Prahlad\Start Menu\Programs\Startup -> 
C:\Documents and Settings\Prahlad\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE -> [2005/10/20 11:04:08 | 000,038,912 | ---- | M] ()
C:\Documents and Settings\Prahlad\Start Menu\Programs\Startup\jConnect 4.4.lnk -> C:\Program Files\j2 Messenger 4.4\J2GTray.exe -> [2008/10/07 16:58:33 | 000,656,896 | ---- | M] (j2 Global Communications, Inc.)
C:\Documents and Settings\Prahlad\Start Menu\Programs\Startup\SpywareGuard.lnk -> C:\Program Files\SpywareGuard\sgmain.exe -> [2003/08/29 18:05:35 | 000,360,448 | ---- | M] ()
< Software Policy Settings [HKEY_USERS\S-1-5-21-606747145-1644491937-725345543-1003] > -> HKEY_USERS\S-1-5-21-606747145-1644491937-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-606747145-1644491937-725345543-1003] > -> HKEY_USERS\S-1-5-21-606747145-1644491937-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-606747145-1644491937-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-606747145-1644491937-725345543-1003] > -> HKEY_USERS\S-1-5-21-606747145-1644491937-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-606747145-1644491937-725345543-1003\] > -> HKEY_USERS\S-1-5-21-606747145-1644491937-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-606747145-1644491937-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4824 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-606747145-1644491937-725345543-1003\] > -> HKEY_USERS\S-1-5-21-606747145-1644491937-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-606747145-1644491937-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{215B8138-A3CF-44C5-803F-8226143CFC0A} [HKLM] -> http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab [Reg Error: Key error.] -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll [Installation Support] -> 
{33564D57-0000-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB [Reg Error: Key error.] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.15.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{A9B6C003-CD97-4FBA-9F57-D41467A36896}\\DhcpNameServer -> 192.168.15.1   (Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC) -> 
{A9B6C003-CD97-4FBA-9F57-D41467A36896}\\NameServer -> 203.145.184.13,203.145.184.32   (Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -> [2009/09/08 22:52:31 | 000,548,352 | ---- | M] (SUPERAntiSpyware.com)
igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> [2007/04/16 02:20:30 | 000,204,800 | ---- | M] (Intel Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/12 23:43:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com)
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
nwprovau -> C:\WINDOWS\System32\nwprovau.dll -> [2008/04/13 19:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Documents and Settings\Prahlad\Local Settings\temp\java_ee_sdk-5_07-jdk-6u16-windows.exe2\package\jre\bin\javaw.exe" -> C:\Documents and Settings\Prahlad\Local Settings\temp\java_ee_sdk-5_07-jdk-6u16-windows.exe2\package\jre\bin\javaw.exe [C:\Documents and Settings\Prahlad\Local Settings\temp\java_ee_sdk-5_07-jdk-6u16-windows.exe2\package\jre\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary] -> File not found
"C:\Program Files\Google\Google Talk\googletalk.exe" -> C:\Program Files\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk] -> [2007/01/01 16:22:02 | 003,739,648 | ---- | M] (Google)
"C:\Program Files\Java\jre6\bin\java.exe" -> C:\Program Files\Java\jre6\bin\java.exe [C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary] -> [2009/12/17 17:14:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
"C:\Program Files\LeechFTP\Leechftp.exe" -> C:\Program Files\LeechFTP\Leechftp.exe [C:\Program Files\LeechFTP\Leechftp.exe:*:Enabled:LeechFTP] -> [1999/04/16 10:10:50 | 000,828,416 | ---- | M] (jan debis)
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe" -> C:\Program Files\TeamViewer\Version4\TeamViewer.exe [C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application] -> [2009/04/29 08:31:56 | 004,554,536 | ---- | M] (TeamViewer GmbH)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2007/08/30 07:13:18 | 004,670,704 | ---- | M] (Yahoo! Inc.)
"C:\Sun\SDK\jdk\bin\java.exe" -> C:\Sun\SDK\jdk\bin\java.exe [C:\Sun\SDK\jdk\bin\java.exe:*:Enabled:Java(TM) Platform SE binary] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2007/09/10 06:15:33 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{28b681b1-6d08-11de-a9f6-0019dbbc087c}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28b681b1-6d08-11de-a9f6-0019dbbc087c}\Shell\AutoRun\command
\{28b681b1-6d08-11de-a9f6-0019dbbc087c}\Shell\AutoRun\command\\"" ->  [rundll32.exe dx.dll,XxKOo] -> File not found
\{28b681b1-6d08-11de-a9f6-0019dbbc087c}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28b681b1-6d08-11de-a9f6-0019dbbc087c}\Shell\open\Command
\{28b681b1-6d08-11de-a9f6-0019dbbc087c}\Shell\open\Command\\"" ->  [rundll32.exe .\dx.dll,XxKOo] -> File not found
\{8a285982-b0a4-11de-aa84-0019dbbc087c}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a285982-b0a4-11de-aa84-0019dbbc087c}\Shell
\{8a285982-b0a4-11de-aa84-0019dbbc087c}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a285982-b0a4-11de-aa84-0019dbbc087c}\Shell\AutoRun
\{8a285982-b0a4-11de-aa84-0019dbbc087c}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a285982-b0a4-11de-aa84-0019dbbc087c}\Shell\AutoRun\command
\{8a285982-b0a4-11de-aa84-0019dbbc087c}\Shell\AutoRun\command\\"" -> H:\AutoRun.exe [H:\AutoRun.exe] -> File not found
\{8a285986-b0a4-11de-aa84-0019dbbc087c}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a285986-b0a4-11de-aa84-0019dbbc087c}\Shell
\{8a285986-b0a4-11de-aa84-0019dbbc087c}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a285986-b0a4-11de-aa84-0019dbbc087c}\Shell\AutoRun
\{8a285986-b0a4-11de-aa84-0019dbbc087c}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a285986-b0a4-11de-aa84-0019dbbc087c}\Shell\AutoRun\command
\{8a285986-b0a4-11de-aa84-0019dbbc087c}\Shell\AutoRun\command\\"" -> H:\AutoRun.exe [H:\AutoRun.exe] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 
0 -> [Key] -> 
0 -> FriendlyName = My Current Home Page -> 
0 -> Source = About:Home -> 
0 -> SubscribedURL = About:Home -> 
< Desktop WallPaper > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General -> 
WallPaper -> C:\Documents and Settings\Prahlad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp -> 
BackupWallPaper -> C:\Documents and Settings\Prahlad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp -> 
< Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services -> 
"Bonjour Service" -> -> 
"NBService" -> -> 
"WMPNetworkSvc" -> -> 
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> 
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk -> Reg Error: Value error. -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE -> [2001/11/26 22:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.)
C:^Documents and Settings^Prahlad^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE -> [2005/10/20 11:04:08 | 000,038,912 | ---- | M] ()
C:^Documents and Settings^Prahlad^Start Menu^Programs^Startup^Microsoft Find Fast.lnk -> C:\PROGRA~1\MICROS~2\Office\FINDFAST.EXE -> File not found
C:^Documents and Settings^Prahlad^Start Menu^Programs^Startup^Office Startup.lnk -> C:\Program Files\Microsoft Office\Office\OSA.EXE -> [1996/11/16 13:30:00 | 000,051,984 | ---- | M] ()
C:^Documents and Settings^Prahlad^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk -> Reg Error: Value error. -> File not found
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
Adobe Reader Speed Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe -> [2009/12/22 01:57:28 | 000,035,760 | ---- | M] (Adobe Systems Incorporated)
Alcmtr hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\WINDOWS\Alcmtr.exe -> [2005/05/03 08:13:00 | 000,069,632 | R--- | M] (Realtek Semiconductor Corp.)
AVG8_TRAY hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\PROGRA~1\AVG\AVG8\avgtray.exe -> File not found
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe -> [2006/12/23 07:35:20 | 000,143,360 | ---- | M] (Nero AG)
CTFMON.EXE hkey=Reg Error: Value error. key=Reg Error: Value error. -> Reg Error: Value error. -> File not found
DSLAGENTEXE hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
Exodus hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Documents and Settings\Prahlad\Desktop\Prahlad\CBay Setup\Exodus\Exodus.exe -> [2004/02/27 00:52:14 | 002,937,856 | ---- | M] (Jabber.org)
Google Update hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Documents and Settings\Prahlad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe -> [2009/07/26 06:17:24 | 000,133,104 | ---- | M] (Google Inc.)
googletalk hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Google\Google Talk\googletalk.exe -> [2007/01/01 16:22:02 | 003,739,648 | ---- | M] (Google)
GSICONEXE hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
HotKeysCmds hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
IgfxTray hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
MSConfig hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe -> [2008/04/13 19:12:27 | 000,169,984 | ---- | M] (Microsoft Corporation)
MSMSGS hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Messenger\msmsgs.exe -> [2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
NeroFilterCheck hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe -> [2006/01/12 05:10:44 | 000,155,648 | ---- | M] (Nero AG)
Persistence hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
Prefs hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\oDesk\oDeskLaunch.exe -> [2009/07/07 04:36:49 | 000,357,696 | ---- | M] (oDesk Corporation)
RTHDCPL hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\WINDOWS\RTHDCPL.exe -> [2007/07/05 05:38:00 | 016,380,416 | R--- | M] (Realtek Semiconductor Corp.)
SunJavaUpdateSched hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe -> File not found
Yahoo! Pager hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> [2007/08/30 07:13:18 | 004,670,704 | ---- | M] (Yahoo! Inc.)
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 0 -> 
"services" -> 2 -> 
"startup" -> 2 -> 
"system.ini" -> 0 -> 
"win.ini" -> 0 -> 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
Ias -> C:\WINDOWS\system32\ias -> [2007/09/10 06:46:20 | 000,000,000 | ---D | M]
Iprip ->  -> File not found
Irmon ->  -> File not found
Nwsapagent ->  -> File not found
WmdmPmSp ->  -> File not found
*MultiFile Done* -> -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
batfile [open] -> "%1" %* -> 
cmdfile [open] -> "%1" %* -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
htmlfile [print] -> rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" -> 
https [open] -> "C:\Program Files\Safari\Safari.exe" -url "%1" -> File not found
piffile [open] -> "%1" %* -> 
scrfile [config] -> "%1" -> 
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2008/04/13 19:12:41 | 000,135,168 | ---- | M] (Microsoft Corporation)
scrfile [open] -> "%1" /S -> 
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> 
Directory [AddToPlaylistVLC] -> "C:\Documents and Settings\Prahlad\Desktop\Prahlad\MalFix\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" -> [2009/07/26 16:17:46 | 000,135,416 | ---- | M] ()
Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Directory [PlayWithVLC] -> "C:\Documents and Settings\Prahlad\Desktop\Prahlad\MalFix\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" -> [2009/07/26 16:17:46 | 000,135,416 | ---- | M] ()
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} -> Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
{02DFF6B1-1654-411C-8D7B-FD6052EF016F} -> Apple Software Update
{0B7BA3EE-D7AC-494E-999D-DA58D6D01DAC} -> LG_MobileSync
{197A3012-8C85-4FD3-AB66-9EC7E13DB92E} -> Adobe AIR
{1C8646E4-DC54-4E6D-95EA-C3524B09223E} -> Ready Reference Bookshelf
{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk -> Google Talk (remove only)
{26A24AE4-039D-4CA4-87B4-2F83216014FF} -> Java(TM) 6 Update 18
{26A8FD50-9CD7-48FE-A57B-4F713D979654} -> Stedman's Cardiology & Pulmonary Words, 5th Edition
{2BDFCEE7-68EC-4288-AEA3-4DB96841141B} -> j2 Messenger
{2EAF7E61-068E-11DF-953C-005056806466} -> Google Earth
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A} -> McAfee SiteAdvisor
{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} -> Bonjour
{47D27ADF-4512-439E-ABC5-EACF04F8BE48} -> MediPro2001
{4A03706F-666A-4037-7777-5F2748764D10} -> Java Auto Updater
{547263A9-A5BC-4CEE-9BE1-895A8DF0C27D} -> CBay QAWorkBench
{5D60D32E-E799-4B5D-9706-1171AF602D3B} -> Grading
{5F05C28D-DEA9-4AD6-A73A-064175988EAB} -> Search Settings v1.2.3
{5F527126-8A9C-4F5F-AA5E-E8D6C29D7715} -> Quick Look Electronic Drug Reference 2008
{6FEDE04A-D802-40DD-A525-0359150CE0A2} -> Stedman's Medical & Surgical Equipment Words, 5th Edition
{7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable
{770657D0-A123-3C07-8E44-1C83EC895118} -> Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
{77DCDCE3-2DED-62F3-8154-05E745472D07} -> Acrobat.com
{8037729C-CE10-43B5-BA5C-B6766C55F08E} -> LG_MobileSync
{90110409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003
{949DBB22-2FB7-4de1-804C-23D495A988D8} -> CuteFTP 8 Home
{9A25302D-30C0-39D9-BD6F-21E6EC160475} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0} -> Opera 9.64
{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} -> Microsoft .NET Framework 3.0 Service Pack 2
{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} -> Google Update Helper
{AAB93551-3FFE-42B2-8315-96252BBC1033} -> Nero 7 Essentials
{AC76BA86-7AD7-1033-7B44-A93000000001} -> Adobe Reader 9.3.1
{AC76BA86-7AD7-5464-3428-900000000004} -> Spelling Dictionaries Support For Adobe Reader 9
{B2544A03-10D0-4E5E-BA69-0362FFC20D18} -> OGA Notifier 2.0.0048.0
{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} -> Microsoft .NET Framework 2.0 Service Pack 2
{C3ABE126-2BB2-4246-BFE1-6797679B3579} -> LG USB Modem driver
{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8} -> WinZip 12.1
{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} -> SUPERAntiSpyware Free Edition
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} -> Microsoft .NET Framework 3.5 SP1
{DDC63227-BA06-4855-B002-BDB49E9F677E} -> Symantec Technical Support Web Controls
{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1 -> Auslogics Disk Defrag
{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} -> Realtek High Definition Audio Driver
{F3812D83-86D2-4445-A841-3E0BA4F9A11C} -> Merriam-Webster 3.0
{FB08F381-6533-4108-B7DD-039E11FBC27E} -> Realtek AC'97 Audio
Adobe AIR -> Adobe AIR
Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin
ADSL USB Driver 2.0.1_is1 -> ADSL USB Driver 2.0.1
Avira AntiVir Desktop -> Avira AntiVir Personal - Free Antivirus
cayahooantispy -> CA Yahoo! Anti-Spy (remove only)
com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> Acrobat.com
ERUNT_is1 -> ERUNT 1.1j
HDMI -> Intel(R) Graphics Media Accelerator Driver
IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs
ie7 -> Windows Internet Explorer 7
IrfanView -> IrfanView (remove only)
KLiteCodecPack_is1 -> K-Lite Codec Pack 4.2.5 (Full)
LeechFTP -> LeechFTP 
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
McAfee Security Scan -> McAfee Security Scan
McAfee SiteAdvisor -> McAfee SiteAdvisor
Media Player - Codec Pack -> Media Player Codec Pack 3.6.0
Microsoft .NET Framework 3.5 SP1 -> Microsoft .NET Framework 3.5 SP1
Mozilla Firefox (3.6) -> Mozilla Firefox (3.6)
MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs
Noone's VCD Player_is1 -> Noone's VCD Player 1.2.3
Office8.0 -> Microsoft Office 97, Professional Edition
Reliance Netconnect - Broadband+ -> Reliance Netconnect - Broadband+
Scribe -> Express Scribe Uninstall
SpywareBlaster_is1 -> SpywareBlaster 4.2
SpywareGuard_is1 -> SpywareGuard v2.2
ST5UNST #1 -> Scribe Aid
Stedman's Abbreviations, Acronyms & Symbols 3E -> Stedman's Abbreviations, Acronyms & Symbols 3E 2.0
Stedman's Dermatology & Immunology Words 3E -> Stedman's Dermatology & Immunology Words 3E 1.0
Stedman's Electronic Medical Dictionary 7.0 -> Stedman's Electronic Medical Dictionary 7.0
Stedman's Emergency Medicine Words -> Stedman's Emergency Medicine Words 1.0
Stedman's GI & GU Words 4E -> Stedman's GI & GU Words 4E 1.0
Stedman's Neurology & Neurosurgery Words 3E -> Stedman's Neurology & Neurosurgery Words 3E 1.0
Stedman's OB-GYN & Pediatric Words 4E -> Stedman's OB-GYN & Pediatric Words 4E 1.0
Stedman's Ophthalmology Words 3E -> Stedman's Ophthalmology Words 3E 1.0
Stedman's Orthopaedic & Rehab Words 5E -> Stedman's Orthopaedic & Rehab Words 5E 1.0
Stedman's Pathology & Lab Medicine Words 4E -> Stedman's Pathology & Lab Medicine Words 4E 1.0
Stedman's Radiology & Oncology Words -> Stedman's Radiology & Oncology Words 1.0
SystemRequirementsLab -> System Requirements Lab
TeamViewer 4 -> TeamViewer 4
VLC media player -> VLC media player 1.0.1
Windows Media Format Runtime -> Windows Media Format 11 runtime
Windows Media Player -> Windows Media Player 11
Windows XP Service Pack -> Windows XP Service Pack 3
WinRAR archiver -> WinRAR archiver
WinZip -> WinZip
WMFDist11 -> Windows Media Format 11 runtime
wmp11 -> Windows Media Player 11
Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0
Yahoo! Mail -> Yahoo! Internet Mail
Yahoo! Messenger -> Yahoo! Messenger
YInstHelper -> Yahoo! Install Manager
< Uninstall List [HKEY_USERS\S-1-5-21-606747145-1644491937-725345543-1003\] > -> HKEY_USERS\S-1-5-21-606747145-1644491937-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
FileZilla Client -> FileZilla Client 3.3.2
Google Chrome -> Google Chrome
GoToMeeting -> GoToMeeting 4.0.0.320
Octoshape add-in for Adobe Flash Player -> Octoshape add-in for Adobe Flash Player
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 1/28/2010 10:18:55 PM Computer Name = PRAHLAD | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.  
Application [ Error ] 1/29/2010 11:42:47 PM Computer Name = PRAHLAD | Source = Application Error | ID = 1000 -> Description = Faulting application cbayedit.exe, version 1.2.0.0, faulting module unknown, version 0.0.0.0, fault address 0x0241a566.
Application [ Error ] 1/31/2010 10:17:56 AM Computer Name = PRAHLAD | Source = Application Hang | ID = 1002 -> Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 1/31/2010 10:17:56 AM Computer Name = PRAHLAD | Source = Application Hang | ID = 1002 -> Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 2/21/2010 11:49:16 PM Computer Name = PRAHLAD | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.  
Application [ Error ] 2/22/2010 5:22:38 PM Computer Name = PRAHLAD | Source = Avira AntiVir | ID = 4112 -> Description = An error occurred during a resource request to the Windows NT system.   The resource <ThreadInit> has not been allocated.   This could be due to an out-of-memory error or any other system failure.  Returned error code: 0x18
Application [ Error ] 2/24/2010 10:58:06 PM Computer Name = PRAHLAD | Source = Application Hang | ID = 1002 -> Description = Hanging application i_view32.exe, version 4.2.5.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 3/10/2010 9:35:45 PM Computer Name = PRAHLAD | Source = Application Hang | ID = 1002 -> Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 3/12/2010 2:02:05 AM Computer Name = PRAHLAD | Source = Application Hang | ID = 1002 -> Description = Hanging application fitmnsqe.exe, version 1.0.15.15281, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 3/12/2010 10:12:59 AM Computer Name = PRAHLAD | Source = Application Hang | ID = 1002 -> Description = Hanging application OTS.exe, version 3.1.26.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
System [ Error ] 3/12/2010 7:32:02 AM Computer Name = PRAHLAD | Source = Service Control Manager | ID = 7000 -> Description = The Machine Debug Manager service failed to start due to the following error:   %%2
System [ Error ] 3/12/2010 7:33:01 AM Computer Name = PRAHLAD | Source = DCOM | ID = 10005 -> Description = DCOM got error "%2" attempting to start the service MDM with arguments ""  in order to run the server:  {0C0A3666-30C9-11D0-8F20-00805F2CD064}
System [ Error ] 3/12/2010 7:33:01 AM Computer Name = PRAHLAD | Source = Service Control Manager | ID = 7000 -> Description = The Machine Debug Manager service failed to start due to the following error:   %%2
System [ Error ] 3/12/2010 7:37:43 AM Computer Name = PRAHLAD | Source = Service Control Manager | ID = 7000 -> Description = The Machine Debug Manager service failed to start due to the following error:   %%2
System [ Error ] 3/12/2010 7:38:47 AM Computer Name = PRAHLAD | Source = Service Control Manager | ID = 7009 -> Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
System [ Error ] 3/12/2010 7:39:25 AM Computer Name = PRAHLAD | Source = Service Control Manager | ID = 7000 -> Description = The Application Layer Gateway Service service failed to start due to the following error:   %%1053
System [ Error ] 3/12/2010 7:43:25 AM Computer Name = PRAHLAD | Source = DCOM | ID = 10005 -> Description = DCOM got error "%2" attempting to start the service MDM with arguments ""  in order to run the server:  {0C0A3666-30C9-11D0-8F20-00805F2CD064}
System [ Error ] 3/12/2010 7:43:26 AM Computer Name = PRAHLAD | Source = Service Control Manager | ID = 7000 -> Description = The Machine Debug Manager service failed to start due to the following error:   %%2
System [ Error ] 3/12/2010 10:07:53 AM Computer Name = PRAHLAD | Source = DCOM | ID = 10005 -> Description = DCOM got error "%2" attempting to start the service MDM with arguments ""  in order to run the server:  {0C0A3666-30C9-11D0-8F20-00805F2CD064}
System [ Error ] 3/12/2010 10:07:53 AM Computer Name = PRAHLAD | Source = Service Control Manager | ID = 7000 -> Description = The Machine Debug Manager service failed to start due to the following error:   %%2
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Documents and Settings\Prahlad\Desktop\OTS.exe -> [2010/03/11 22:25:40 | 000,636,928 | ---- | C] (OldTimer Tools)
 Search Settings -> C:\Documents and Settings\Prahlad\Application Data\Search Settings -> [2010/02/16 05:23:01 | 000,000,000 | ---D | C]
 Application Updater -> C:\Program Files\Application Updater -> [2010/02/15 21:56:05 | 000,000,000 | ---D | C]
 New Folder (4) -> C:\Documents and Settings\Prahlad\My Documents\New Folder (4) -> [2010/02/11 23:10:03 | 000,000,000 | ---D | C]
 Google -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google -> [2010/02/08 12:14:00 | 000,000,000 | ---D | M]
 Google -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Google -> [2010/02/08 12:09:30 | 000,000,000 | ---D | M]
 Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2010/01/03 08:40:16 | 000,000,000 | ---D | M]
 McAfee -> C:\Documents and Settings\LocalService\Application Data\McAfee -> [2009/11/04 19:14:48 | 000,000,000 | ---D | M]
 Adobe -> C:\Documents and Settings\LocalService\Application Data\Adobe -> [2009/07/23 19:14:53 | 000,000,000 | ---D | M]
 SACore -> C:\Documents and Settings\LocalService\Application Data\SACore -> [2009/07/13 06:32:00 | 000,000,000 | ---D | M]
 SiteAdvisor -> C:\Documents and Settings\LocalService\Application Data\SiteAdvisor -> [2009/07/13 06:21:10 | 000,000,000 | ---D | M]
 Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2009/07/09 19:35:17 | 000,000,000 | --SD | M]
 Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2009/07/09 19:35:17 | 000,000,000 | --SD | M]
 Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2009/07/08 22:32:10 | 000,000,000 | ---D | M]
 AVGTOOLBAR -> C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR -> [2009/06/11 22:34:23 | 000,000,000 | ---D | M]
 Apple -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple -> [2007/10/06 02:05:03 | 000,000,000 | ---D | M]
 
[Files/Folders - Modified Within 30 Days]
 GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010/03/12 09:19:00 | 000,000,888 | ---- | M] ()
 User_Feed_Synchronization-{6B31BC3A-3BF4-44CD-BA52-D1F3ADD12AD6}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{6B31BC3A-3BF4-44CD-BA52-D1F3ADD12AD6}.job -> [2010/03/12 09:10:10 | 000,000,426 | -H-- | M] ()
 GoogleUpdateTaskUserS-1-5-21-606747145-1644491937-725345543-1003UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1644491937-725345543-1003UA.job -> [2010/03/12 09:03:00 | 000,000,986 | ---- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/03/12 06:40:23 | 000,013,746 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010/03/12 06:39:35 | 000,000,884 | ---- | M] ()
 OGALogon.job -> C:\WINDOWS\tasks\OGALogon.job -> [2010/03/12 06:39:32 | 000,000,236 | ---- | M] ()
 SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/03/12 06:36:24 | 000,000,006 | -H-- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/03/12 06:36:22 | 000,002,048 | --S- | M] ()
 ntuser.dat -> C:\Documents and Settings\Prahlad\ntuser.dat -> [2010/03/12 06:33:21 | 006,815,744 | ---- | M] ()
 ntuser.ini -> C:\Documents and Settings\Prahlad\ntuser.ini -> [2010/03/12 06:33:21 | 000,000,278 | -HS- | M] ()
 SAAS.bkm -> C:\WINDOWS\SAAS.bkm -> [2010/03/12 00:56:57 | 000,000,010 | ---- | M] ()
 SEMD.bkm -> C:\WINDOWS\SEMD.bkm -> [2010/03/12 00:56:55 | 000,000,010 | ---- | M] ()
 Prahlad.acl -> C:\WINDOWS\Prahlad.acl -> [2010/03/11 23:29:57 | 000,069,638 | ---- | M] ()
 fitmnsqe.exe -> C:\Documents and Settings\Prahlad\Desktop\fitmnsqe.exe -> [2010/03/11 22:26:11 | 000,293,376 | ---- | M] ()
 OTS.exe -> C:\Documents and Settings\Prahlad\Desktop\OTS.exe -> [2010/03/11 22:25:45 | 000,636,928 | ---- | M] (OldTimer Tools)
 GoogleUpdateTaskUserS-1-5-21-606747145-1644491937-725345543-1003Core.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1644491937-725345543-1003Core.job -> [2010/03/11 14:03:00 | 000,000,934 | ---- | M] ()
 WORDPAD.INI -> C:\WINDOWS\WORDPAD.INI -> [2010/03/10 00:14:45 | 000,000,754 | ---- | M] ()
 SORW.bkm -> C:\WINDOWS\SORW.bkm -> [2010/03/04 08:37:44 | 000,000,010 | ---- | M] ()
 FileZilla Client.lnk -> C:\Documents and Settings\Prahlad\Desktop\FileZilla Client.lnk -> [2010/02/26 11:15:44 | 000,001,663 | ---- | M] ()
 FileZilla_3.3.2_win32-setup.exe -> C:\Documents and Settings\Prahlad\My Documents\FileZilla_3.3.2_win32-setup.exe -> [2010/02/26 11:15:19 | 004,160,064 | ---- | M] ()
 GT.wav -> C:\Documents and Settings\Prahlad\Desktop\GT.wav -> [2010/02/24 22:43:17 | 010,510,000 | ---- | M] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/02/23 21:10:52 | 000,001,374 | ---- | M] ()
 Mozilla Firefox.lnk -> C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk -> [2010/02/19 05:34:23 | 000,001,602 | ---- | M] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Prahlad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/02/19 00:07:22 | 000,109,056 | ---- | M] ()
 SPTH.bkm -> C:\WINDOWS\SPTH.bkm -> [2010/02/18 14:00:51 | 000,000,010 | ---- | M] ()
 NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2010/02/15 11:18:46 | 000,000,069 | ---- | M] ()
 95 C:\Documents and Settings\Prahlad\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Prahlad\Local Settings\temp\*.tmp -> 
 
[Files - No Company Name]
 fitmnsqe.exe -> C:\Documents and Settings\Prahlad\Desktop\fitmnsqe.exe -> [2010/03/11 22:26:09 | 000,293,376 | ---- | C] ()
 FileZilla_3.3.2_win32-setup.exe -> C:\Documents and Settings\Prahlad\My Documents\FileZilla_3.3.2_win32-setup.exe -> [2010/02/26 11:13:57 | 004,160,064 | ---- | C] ()
 GT.wav -> C:\Documents and Settings\Prahlad\Desktop\GT.wav -> [2010/02/24 22:40:53 | 010,510,000 | ---- | C] ()
 SPTH.bkm -> C:\WINDOWS\SPTH.bkm -> [2010/02/18 14:00:51 | 000,000,010 | ---- | C] ()
 dcmvwr.INI -> C:\WINDOWS\dcmvwr.INI -> [2009/10/07 09:56:27 | 000,000,059 | ---- | C] ()
 WORDPAD.INI -> C:\WINDOWS\WORDPAD.INI -> [2009/08/17 13:02:44 | 000,000,754 | ---- | C] ()
 OGACheckControl.dll -> C:\WINDOWS\System32\OGACheckControl.dll -> [2009/08/03 14:07:42 | 000,403,816 | ---- | C] ()
 efscan.ini -> C:\WINDOWS\efscan.ini -> [2009/07/16 21:44:20 | 000,000,765 | ---- | C] ()
 efaxview.ini -> C:\WINDOWS\efaxview.ini -> [2009/07/16 21:44:20 | 000,000,072 | ---- | C] ()
 libavcodec.dll -> C:\WINDOWS\System32\libavcodec.dll -> [2009/06/20 14:13:18 | 004,477,539 | ---- | C] ()
 ff_x264.dll -> C:\WINDOWS\System32\ff_x264.dll -> [2009/06/20 14:13:18 | 000,832,632 | ---- | C] ()
 xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2009/06/20 14:13:18 | 000,829,781 | ---- | C] ()
 libmplayer.dll -> C:\WINDOWS\System32\libmplayer.dll -> [2009/06/20 14:13:18 | 000,557,469 | ---- | C] ()
 ff_libfaad2.dll -> C:\WINDOWS\System32\ff_libfaad2.dll -> [2009/06/20 14:13:18 | 000,336,384 | ---- | C] ()
 ff_libdts.dll -> C:\WINDOWS\System32\ff_libdts.dll -> [2009/06/20 14:13:18 | 000,216,064 | ---- | C] ()
 ff_libmad.dll -> C:\WINDOWS\System32\ff_libmad.dll -> [2009/06/20 14:13:18 | 000,151,552 | ---- | C] ()
 libmpeg2_ff.dll -> C:\WINDOWS\System32\libmpeg2_ff.dll -> [2009/06/20 14:13:18 | 000,146,098 | ---- | C] ()
 ff_liba52.dll -> C:\WINDOWS\System32\ff_liba52.dll -> [2009/06/20 14:13:18 | 000,126,976 | ---- | C] ()
 ff_wmv9.dll -> C:\WINDOWS\System32\ff_wmv9.dll -> [2009/06/20 14:13:18 | 000,098,304 | ---- | C] ()
 ff_samplerate.dll -> C:\WINDOWS\System32\ff_samplerate.dll -> [2009/06/20 14:13:16 | 000,176,640 | ---- | C] ()
 ff_tremor.dll -> C:\WINDOWS\System32\ff_tremor.dll -> [2009/06/20 14:13:16 | 000,117,760 | ---- | C] ()
 ff_unrar.dll -> C:\WINDOWS\System32\ff_unrar.dll -> [2009/06/20 14:13:16 | 000,095,744 | ---- | C] ()
 ff_vfw.dll -> C:\WINDOWS\System32\ff_vfw.dll -> [2009/06/20 13:28:02 | 000,085,504 | ---- | C] ()
 ff_kernelDeint.dll -> C:\WINDOWS\System32\ff_kernelDeint.dll -> [2009/06/14 10:21:32 | 000,256,512 | ---- | C] ()
 TomsMoComp_ff.dll -> C:\WINDOWS\System32\TomsMoComp_ff.dll -> [2009/06/14 10:21:32 | 000,237,056 | ---- | C] ()
 ff_vfw.dll.manifest -> C:\WINDOWS\System32\ff_vfw.dll.manifest -> [2009/06/14 10:21:32 | 000,000,547 | ---- | C] ()
 ts.dll -> C:\WINDOWS\System32\ts.dll -> [2009/01/10 17:17:32 | 000,163,840 | ---- | C] ()
 mkx.dll -> C:\WINDOWS\System32\mkx.dll -> [2009/01/10 17:16:56 | 000,148,480 | ---- | C] ()
 avi.dll -> C:\WINDOWS\System32\avi.dll -> [2009/01/10 17:16:50 | 000,108,032 | ---- | C] ()
 mp4.dll -> C:\WINDOWS\System32\mp4.dll -> [2009/01/10 17:16:14 | 000,141,312 | ---- | C] ()
 ogm.dll -> C:\WINDOWS\System32\ogm.dll -> [2009/01/10 17:15:54 | 000,120,832 | ---- | C] ()
 mmfinfo.dll -> C:\WINDOWS\System32\mmfinfo.dll -> [2009/01/10 17:15:44 | 000,159,744 | ---- | C] ()
 avss.dll -> C:\WINDOWS\System32\avss.dll -> [2009/01/10 17:15:32 | 000,102,400 | ---- | C] ()
 dxr.dll -> C:\WINDOWS\System32\dxr.dll -> [2009/01/10 17:15:28 | 000,246,784 | ---- | C] ()
 avs.dll -> C:\WINDOWS\System32\avs.dll -> [2009/01/10 17:15:12 | 000,097,280 | ---- | C] ()
 mkzlib.dll -> C:\WINDOWS\System32\mkzlib.dll -> [2009/01/10 17:14:08 | 000,079,360 | ---- | C] ()
 mkunicode.dll -> C:\WINDOWS\System32\mkunicode.dll -> [2009/01/10 17:14:06 | 000,023,552 | ---- | C] ()
 xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2008/12/03 17:11:50 | 000,180,224 | ---- | C] ()
 qt-dx331.dll -> C:\WINDOWS\System32\qt-dx331.dll -> [2008/11/06 11:37:32 | 003,596,288 | ---- | C] ()
 dtu100.dll.manifest -> C:\WINDOWS\System32\dtu100.dll.manifest -> [2008/11/06 11:34:00 | 000,000,416 | ---- | C] ()
 unrar.dll -> C:\WINDOWS\System32\unrar.dll -> [2008/10/26 19:16:08 | 000,164,352 | ---- | C] ()
 avisplitter.ini -> C:\WINDOWS\avisplitter.ini -> [2008/10/26 19:16:07 | 000,000,038 | ---- | C] ()
 Listdb.INI -> C:\WINDOWS\Listdb.INI -> [2008/06/11 10:20:10 | 000,000,147 | ---- | C] ()
 instDll.dll -> C:\WINDOWS\System32\instDll.dll -> [2008/02/21 21:26:34 | 000,102,400 | ---- | C] ()
 gspnDll.dll -> C:\WINDOWS\System32\gspnDll.dll -> [2008/02/21 21:26:34 | 000,098,304 | ---- | C] ()
 wwdslcfg.ini -> C:\WINDOWS\wwdslcfg.ini -> [2008/02/21 21:26:34 | 000,013,275 | ---- | C] ()
 cdplayer.ini -> C:\WINDOWS\cdplayer.ini -> [2008/01/22 09:45:42 | 000,001,416 | ---- | C] ()
 Registration.ini -> C:\WINDOWS\System32\Registration.ini -> [2007/10/13 04:30:20 | 000,000,137 | ---- | C] ()
 NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2007/09/27 10:50:35 | 000,000,069 | ---- | C] ()
 Wc32.INI -> C:\WINDOWS\Wc32.INI -> [2007/09/15 07:41:52 | 000,000,000 | ---- | C] ()
 CSGina.dll -> C:\WINDOWS\System32\CSGina.dll -> [2007/09/15 07:33:04 | 000,177,152 | ---- | C] ()
 DLPORTIO.sys -> C:\WINDOWS\System32\drivers\DLPORTIO.sys -> [2007/09/12 04:45:43 | 000,003,584 | ---- | C] ()
 ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2007/09/10 07:36:58 | 000,000,859 | ---- | C] ()
 igfxCoIn_v4820.dll -> C:\WINDOWS\System32\igfxCoIn_v4820.dll -> [2007/09/10 06:24:15 | 000,204,800 | ---- | C] ()
 GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 04:28:52 | 000,030,808 | ---- | C] ()
 GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 04:23:56 | 000,026,489 | ---- | C] ()
 GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 05:09:28 | 000,029,779 | ---- | C] ()
 GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 05:09:28 | 000,026,040 | ---- | C] ()
 MSRTEDIT.DLL -> C:\WINDOWS\System32\MSRTEDIT.DLL -> [1999/01/22 23:46:58 | 000,065,536 | ---- | C] ()
 ODBCSTF.DLL -> C:\WINDOWS\System32\ODBCSTF.DLL -> [1996/11/16 13:30:00 | 000,022,016 | ---- | C] ()
 DOCOBJ.DLL -> C:\WINDOWS\System32\DOCOBJ.DLL -> [1996/11/16 13:30:00 | 000,022,016 | ---- | C] ()
 HLINKPRX.DLL -> C:\WINDOWS\System32\HLINKPRX.DLL -> [1996/11/16 13:30:00 | 000,012,288 | ---- | C] ()
 
[File - Lop Check]
 AVG Security Toolbar -> C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar -> [2009/06/26 00:45:36 | 000,000,000 | ---D | M]
 DriverScanner -> C:\Documents and Settings\All Users\Application Data\DriverScanner -> [2009/08/02 08:11:00 | 000,000,000 | ---D | M]
 GlobalSCAPE -> C:\Documents and Settings\All Users\Application Data\GlobalSCAPE -> [2009/07/13 01:29:01 | 000,000,000 | ---D | M]
 j2 Messenger 4.4 Output -> C:\Documents and Settings\All Users\Application Data\j2 Messenger 4.4 Output -> [2009/09/14 19:49:54 | 000,000,000 | ---D | M]
 NCH Swift Sound -> C:\Documents and Settings\All Users\Application Data\NCH Swift Sound -> [2008/06/12 09:37:23 | 000,000,000 | ---D | M]
 Registry Helper -> C:\Documents and Settings\All Users\Application Data\Registry Helper -> [2008/01/29 02:10:05 | 000,000,000 | ---D | M]
 SecTaskMan -> C:\Documents and Settings\All Users\Application Data\SecTaskMan -> [2009/06/27 07:38:53 | 000,000,000 | ---D | M]
 TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2009/10/27 21:07:28 | 000,000,000 | ---D | M]
 WinZip -> C:\Documents and Settings\All Users\Application Data\WinZip -> [2009/05/27 05:19:23 | 000,000,000 | ---D | M]
 AVGTOOLBAR -> C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR -> [2009/06/11 22:34:23 | 000,000,000 | ---D | M]
 SACore -> C:\Documents and Settings\LocalService\Application Data\SACore -> [2009/07/13 06:32:00 | 000,000,000 | ---D | M]
 Auslogics -> C:\Documents and Settings\Prahlad\Application Data\Auslogics -> [2009/07/17 23:12:10 | 000,000,000 | ---D | M]
 AVGTOOLBAR -> C:\Documents and Settings\Prahlad\Application Data\AVGTOOLBAR -> [2009/07/09 23:16:16 | 000,000,000 | ---D | M]
 com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> C:\Documents and Settings\Prahlad\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> [2008/09/21 07:34:34 | 000,000,000 | ---D | M]
 Dictaphone -> C:\Documents and Settings\Prahlad\Application Data\Dictaphone -> [2008/06/11 23:42:11 | 000,000,000 | ---D | M]
 Exodus -> C:\Documents and Settings\Prahlad\Application Data\Exodus -> [2009/07/06 07:00:39 | 000,000,000 | ---D | M]
 FileZilla -> C:\Documents and Settings\Prahlad\Application Data\FileZilla -> [2010/03/10 10:59:56 | 000,000,000 | ---D | M]
 GlobalSCAPE -> C:\Documents and Settings\Prahlad\Application Data\GlobalSCAPE -> [2009/07/13 01:30:34 | 000,000,000 | ---D | M]
 IrfanView -> C:\Documents and Settings\Prahlad\Application Data\IrfanView -> [2008/02/08 01:47:31 | 000,000,000 | ---D | M]
 j2 Global -> C:\Documents and Settings\Prahlad\Application Data\j2 Global -> [2009/10/30 08:15:17 | 000,000,000 | ---D | M]
 j2 Messenger -> C:\Documents and Settings\Prahlad\Application Data\j2 Messenger -> [2009/09/14 19:50:10 | 000,000,000 | ---D | M]
 LG Electronics -> C:\Documents and Settings\Prahlad\Application Data\LG Electronics -> [2009/12/17 22:13:37 | 000,000,000 | ---D | M]
 NCH Swift Sound -> C:\Documents and Settings\Prahlad\Application Data\NCH Swift Sound -> [2008/04/28 04:48:41 | 000,000,000 | ---D | M]
 Opera -> C:\Documents and Settings\Prahlad\Application Data\Opera -> [2007/10/29 07:55:49 | 000,000,000 | ---D | M]
 Search Settings -> C:\Documents and Settings\Prahlad\Application Data\Search Settings -> [2010/02/16 05:23:01 | 000,000,000 | ---D | M]
 SystemRequirementsLab -> C:\Documents and Settings\Prahlad\Application Data\SystemRequirementsLab -> [2009/07/26 06:03:12 | 000,000,000 | ---D | M]
 TeamViewer -> C:\Documents and Settings\Prahlad\Application Data\TeamViewer -> [2009/11/27 05:22:50 | 000,000,000 | ---D | M]
 Uniblue -> C:\Documents and Settings\Prahlad\Application Data\Uniblue -> [2009/08/02 08:11:00 | 000,000,000 | ---D | M]
 UPD_TEMP -> C:\Documents and Settings\Prahlad\Application Data\UPD_TEMP -> [2008/06/11 10:28:00 | 000,000,000 | ---D | M]
 OGALogon.job -> C:\WINDOWS\Tasks\OGALogon.job -> [2010/03/12 06:39:32 | 000,000,236 | ---- | M] ()
 User_Feed_Synchronization-{6B31BC3A-3BF4-44CD-BA52-D1F3ADD12AD6}.job -> C:\WINDOWS\Tasks\User_Feed_Synchronization-{6B31BC3A-3BF4-44CD-BA52-D1F3ADD12AD6}.job -> [2010/03/12 09:10:10 | 000,000,426 | -H-- | M] ()
 
[File - Purity Scan]
 
 
[Alternate Data Streams]
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

#5
Transcriptionist

Posted 12 March 2010 - 08:44 PM

Member

Topic Starter
Member
102 posts

I'll put up the other file this weekend. There is a power outage here.

#6
NeonFx

Posted 12 March 2010 - 08:57 PM

Malware Removal Dude

Expert
3,798 posts

That's fine. Thanks for letting me know.

#7
Transcriptionist

Posted 14 March 2010 - 07:29 AM

Member

Topic Starter
Member
102 posts

Here is the gmer log file

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-14 09:09:36
Windows 5.1.2600 Service Pack 3
Running: fitmnsqe.exe; Driver: C:\DOCUME~1\Prahlad\LOCALS~1\Temp\pwrdapow.sys

---- System - GMER 1.0.15 ----

SSDT BA7F1246 ZwCreateKey
SSDT BA7F123C ZwCreateThread
SSDT BA7F124B ZwDeleteKey
SSDT BA7F1255 ZwDeleteValueKey
SSDT BA7F125A ZwLoadKey
SSDT BA7F1228 ZwOpenProcess
SSDT BA7F122D ZwOpenThread
SSDT BA7F1264 ZwReplaceKey
SSDT BA7F125F ZwRestoreKey
SSDT BA7F1250 ZwSetValueKey
SSDT BA7F1237 ZwTerminateProcess

---- EOF - GMER 1.0.15 ----

Seems rather small and I am not sure if I have done things correctly. I apologize for the delay in scanning but our power supply is so unpredictable.

#8
Transcriptionist

Posted 23 March 2010 - 10:10 AM

Member

Topic Starter
Member
102 posts

I just wanted to add that I ran the antivirus again and the Trojan is localized to G:

#9
NeonFx

Posted 23 March 2010 - 12:38 PM

Malware Removal Dude

Expert
3,798 posts

I understand that you're saying that because our scans really just focus on the drive that has Windows on it. That's because that's really the only place where they can cause any harm unless there a certain kind of virus that spreads. I don't think yours is one of those.

What is the file that it's detecting called? What is drive G:? Is it an external drive, a network drive or something else?

Answers to these questions will help figure out what to do next.

#10
Transcriptionist

Posted 23 March 2010 - 11:42 PM

Member

Topic Starter
Member
102 posts

My hard disk is partitioned into C, D, E, F, and G.

This Trojan is in partition G.

The scan report says

Begin scan in 'G:\Software\office97'
G:\Software\office97\Office97Install.zip
[0] Archive type: ZIP
--> Office97 Install/UTIL/Everest/Ultimate-kg.exe
[DETECTION] Is the TR/Agent.BYD Trojan
[WARNING] This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted.

Is there any way this can be repaired. I do not want my office mail which is confidential to be compromised.

Thank you for your time and patience.

Edited by Transcriptionist, 23 March 2010 - 11:43 PM.

#11
NeonFx

Posted 24 March 2010 - 01:55 PM

Malware Removal Dude

Expert
3,798 posts

That is not where your emails are saved. That seems to be an illegally downloaded version of Office and these are typically infected; especially their key generation programs. The following should fix your problem:

STEP 1

Run OTS

Under the Paste Fix Here box on the right, paste in the contents of following code box

[Unregister Dlls]
[Registry - Safe List]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> \{28b681b1-6d08-11de-a9f6-0019dbbc087c} -> 
YN -> \{28b681b1-6d08-11de-a9f6-0019dbbc087c} -> 
YN -> \{8a285982-b0a4-11de-aa84-0019dbbc087c} -> 
YN -> \{8a285986-b0a4-11de-aa84-0019dbbc087c} -> 
[Custom Items]
:files
G:\Software\office97\Office97Install.zip
:end
[Empty Temp Folders]
[EmptyFlash]
[ClearAllRestorePoints]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
This will create a log in C:\_OTS\MovedFiles\<date>_<time>.log where date and time are those of when the fix was run. Open it from there if it does not appear automatically on reboot. Please copy and paste or attach the contents of that file here.

Note: You may receive some errors while running the fix. Just press Ok and the fix should continue normally.
If it seems to get stuck, give it some time. It's probably still working.

STEP 2

Let's run a full system scan using an online scanner. This will take a while but it's well worth it.

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.

Once the update is complete, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, adware, dialers, and other riskware
- Archives
- E-mail databases
Click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View report... at the bottom.
Click the Save report... button.
Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

#12
Transcriptionist

Posted 24 March 2010 - 08:14 PM

Member

Topic Starter
Member
102 posts

Thank you. Will do. When I bought the new comp it came with Vista and I asked the shopkeeper to load XP and Windows 97 which the company wanted and which was compatible with the company software.

I will put up the results of the scan by this evening.

Thank you again for your valuable time.

#13
NeonFx

Posted 24 March 2010 - 08:20 PM

Malware Removal Dude

Expert
3,798 posts

No worries

#14
Transcriptionist

Posted 25 March 2010 - 09:51 AM

Member

Topic Starter
Member
102 posts

Here is the OTS log. I will now run the Kaspersky scan and put it up separately.

All Processes Killed
[Registry - Safe List]
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28b681b1-6d08-11de-a9f6-0019dbbc087c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28b681b1-6d08-11de-a9f6-0019dbbc087c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28b681b1-6d08-11de-a9f6-0019dbbc087c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28b681b1-6d08-11de-a9f6-0019dbbc087c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a285982-b0a4-11de-aa84-0019dbbc087c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a285982-b0a4-11de-aa84-0019dbbc087c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a285986-b0a4-11de-aa84-0019dbbc087c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a285986-b0a4-11de-aa84-0019dbbc087c}\ not found.
[Custom Items]
========== FILES ==========
File/Folder G:\Software\office97\Office97Install.zip not found.
[Empty Temp Folders]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Prahlad
->Temp folder emptied: 1706502 bytes
->Temporary Internet Files folder emptied: 5472965 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 45321716 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 618 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 371828 bytes

Total Files Cleaned = 50.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Prahlad
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restorepoints cleared and new OTS Restore Point set!
< End of fix log >
OTS by OldTimer - Version 3.1.27.1 fix logfile created on 03252010_112324