[Jasmyne]

i formatted it using the recovery discs i made long long ago.

Yay!!!

since i have formatted it. i got a free 60 daytrial norton internet security .should i continue with it?

If you want to purchase Norton go ahead and do so, if not go here and download the the Norton removal tool here. Then download the installer for your AV of choice I posted earlier. Then remove the Norton and install the new AV.

and now what about my external hard disk, it may still have that salinity virus and others probably.

For the time being until we get ready to run SalityKiller on it do NOT connect it to computer. First get decide on the antivirus program and we will go from there.

[Advertisements]

i've removed norton and installed MS security essentials.
both have found one w32.dr sality virus and removed it.

[tekkanphan]

i've removed norton and installed MS security essentials.
both have found one w32.dr sality virus and removed it.

[Jasmyne]

Have you used any USB's or your external drive on your computer since the reinstall? Let's make sure that there is nothing on your system before we proceed with the external drives.

Step 1 - OTL Scan

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Please check the box next to Scan All Users.
• Make sure Use SafeList is selected under Extra Registry.
• Under the Custom Scans/Fixes box at the bottom, paste in the following:
  

  netsvcs
  BASESERVICES
  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  dir C:\ /S /A:L /C
  CREATERESTOREPOINT

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Step 2 - ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here

• You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
• Please go here then click on:
  
  

  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

• All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
• Select the option YES, I accept the Terms of Use then click on:
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Scan archives is checked.
• Make sure that the option Remove found threats is NOT checked.
• Now click on Advanced Settings and select the following:
  
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Now click on:
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
• Now click on:
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. OTL Log
2. Extras.txt
3. ESET Online Scan

[tekkanphan]

no,i have not inserted any usb drives since reinstall.

here are the logs

OTL

OTL logfile created on: 09-06-2013 23:30:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\phani\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

3.00 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 65.77% Memory free
6.18 Gb Paging File | 5.21 Gb Available in Paging File | 84.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.53 Gb Total Space | 217.18 Gb Free Space | 75.53% Space Free | Partition Type: NTFS
Drive D: | 10.56 Gb Total Space | 1.64 Gb Free Space | 15.49% Space Free | Partition Type: NTFS

Computer Name: PHANI-PC | User Name: phani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-06-09 23:26:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\phani\Desktop\OTL.exe
PRC - [2013-01-27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013-01-27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2007-09-20 23:42:02 | 000,671,744 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpAgent.exe
PRC - [2007-09-20 23:32:58 | 000,299,008 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe
PRC - [2007-09-06 01:39:54 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007-07-12 17:30:36 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
PRC - [2007-03-30 04:11:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
PRC - [2006-11-02 15:15:07 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013-06-09 10:47:07 | 016,033,160 | ---- | M] () -- C:\WINDOWS\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll
MOD - [2013-06-09 01:35:43 | 003,128,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2007-10-01 08:04:52 | 000,345,384 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007-10-01 08:04:42 | 000,255,384 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007-10-01 08:04:42 | 000,120,208 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007-10-01 08:04:42 | 000,038,184 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2007-09-06 01:33:06 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007-09-06 01:22:04 | 000,389,120 | ---- | M] () -- C:\WINDOWS\System32\btwhidcs.dll


========== Services (SafeList) ==========

SRV - [2013-06-09 10:47:11 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-06-09 01:35:44 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-01-27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2007-12-16 20:34:43 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-09-20 23:32:58 | 000,299,008 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2007-03-05 23:00:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130607.024\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130607.024\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2008-03-04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007-10-01 21:05:52 | 000,183,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007-09-19 10:35:00 | 007,626,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007-08-29 04:17:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007-08-09 09:12:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007-07-31 00:24:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007-07-30 23:12:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007-07-11 23:00:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007-07-10 19:57:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007-06-28 20:39:56 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007-06-19 05:42:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007-04-18 17:33:26 | 000,141,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Apfiltr.sys -- (ApfiltrService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {DC363577-0417-4B93-8127-3491AF6CE6B7}
IE - HKLM\..\SearchScopes\{DC363577-0417-4B93-8127-3491AF6CE6B7}: "URL" = http://slirsredirect...hpcnnbie7-en-in


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2721090859-871738980-3643490546-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKU\S-1-5-21-2721090859-871738980-3643490546-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2721090859-871738980-3643490546-1003\..\SearchScopes,DefaultScope = {DC363577-0417-4B93-8127-3491AF6CE6B7}
IE - HKU\S-1-5-21-2721090859-871738980-3643490546-1003\..\SearchScopes\{DC363577-0417-4B93-8127-3491AF6CE6B7}: "URL" = http://slirsredirect...hpcnnbie7-en-in
IE - HKU\S-1-5-21-2721090859-871738980-3643490546-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013-06-09 01:22:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\phani\AppData\Roaming\Mozilla\Extensions
[2013-06-09 01:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013-06-09 01:35:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2006-09-19 03:11:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-2721090859-871738980-3643490546-1003\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2721090859-871738980-3643490546-1003..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 5.0\resources\en-IN\local\search.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 123.176.37.38 123.176.37.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B85124C2-846A-4FCA-B933-15D9ADF7B92E}: DhcpNameServer = 123.176.37.38 123.176.37.36
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\HPOrganicDk.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\HPOrganicDk.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-12-16 21:44:26 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005-09-11 20:48:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013-06-09 23:26:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\phani\Desktop\OTL.exe
[2013-06-09 10:55:31 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Local\Adobe
[2013-06-09 10:47:34 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Local\Macromedia
[2013-06-09 10:47:34 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Adobe
[2013-06-09 10:47:10 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013-06-09 10:47:10 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013-06-09 10:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013-06-09 10:13:03 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2013-06-09 10:13:03 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2013-06-09 10:13:03 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2013-06-09 10:13:03 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2013-06-09 10:12:58 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013-06-09 10:12:57 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2013-06-09 10:12:57 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2013-06-09 10:12:57 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2013-06-09 09:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2013-06-09 02:10:19 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013-06-09 02:10:19 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2013-06-09 02:10:19 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2013-06-09 02:10:19 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2013-06-09 02:10:16 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013-06-09 02:10:16 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013-06-09 02:10:15 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013-06-09 02:10:15 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013-06-09 02:10:15 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013-06-09 02:10:14 | 000,459,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013-06-09 02:10:13 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013-06-09 02:10:09 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013-06-09 02:10:08 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2013-06-09 02:10:08 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013-06-09 02:10:07 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013-06-09 02:10:05 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013-06-09 02:10:04 | 001,830,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013-06-09 02:10:00 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013-06-09 02:09:56 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013-06-09 02:09:56 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013-06-09 02:09:55 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013-06-09 02:09:53 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013-06-09 02:05:01 | 000,238,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013-06-09 01:54:06 | 000,213,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2013-06-09 01:54:06 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2013-06-09 01:54:06 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2013-06-09 01:42:18 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2013-06-09 01:42:15 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2013-06-09 01:42:15 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2013-06-09 01:34:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013-06-09 01:34:32 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2013-06-09 01:34:27 | 004,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2013-06-09 01:34:27 | 001,686,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013-06-09 01:33:52 | 002,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2013-06-09 01:33:51 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2013-06-09 01:33:51 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2013-06-09 01:33:51 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2013-06-09 01:33:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2013-06-09 01:33:50 | 002,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2013-06-09 01:33:50 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2013-06-09 01:33:50 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2013-06-09 01:33:23 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2013-06-09 01:33:00 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2013-06-09 01:32:24 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2013-06-09 01:29:28 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2013-06-09 01:29:06 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2013-06-09 01:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2013-06-09 01:28:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2013-06-09 01:28:18 | 001,327,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013-06-09 01:28:18 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2013-06-09 01:28:18 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2013-06-09 01:28:03 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2013-06-09 01:27:52 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2013-06-09 01:27:51 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2013-06-09 01:27:50 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2013-06-09 01:27:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2013-06-09 01:27:46 | 000,311,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2013-06-09 01:22:29 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Mozilla
[2013-06-09 01:22:29 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Local\Mozilla
[2013-06-09 01:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013-06-09 01:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013-06-09 01:02:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Symantec
[2013-06-09 00:37:24 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Local\AOL
[2013-06-09 00:31:19 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Local\QuickPlay
[2013-06-09 00:30:44 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Symantec
[2013-06-09 00:29:58 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\DigitalPersona
[2013-06-09 00:29:58 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Local\DigitalPersona
[2013-06-09 00:29:47 | 000,000,000 | R--D | C] -- C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013-06-09 00:29:47 | 000,000,000 | R--D | C] -- C:\Users\phani\Searches
[2013-06-09 00:29:47 | 000,000,000 | R--D | C] -- C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013-06-09 00:29:39 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Identities
[2013-06-09 00:29:31 | 000,000,000 | R--D | C] -- C:\Users\phani\Contacts
[2013-06-09 00:29:29 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Local\VirtualStore
[2013-06-09 00:28:17 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Macromedia
[2013-06-09 00:27:55 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Hewlett-Packard
[2013-06-09 00:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\AOL
[2013-06-09 00:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2013-06-09 00:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2013-06-09 00:21:50 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Macrovision
[2013-06-09 00:20:37 | 000,000,000 | --SD | C] -- C:\Users\phani\AppData\Roaming\Microsoft
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\Videos
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\Saved Games
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\Pictures
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\Music
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\Links
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\Favorites
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\Downloads
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\Documents
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\Desktop
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\AppData\Local\Temporary Internet Files
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\Templates
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\Start Menu
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\SendTo
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\Recent
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\PrintHood
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\NetHood
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\Documents\My Videos
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\Documents\My Pictures
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\Documents\My Music
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\My Documents
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\Local Settings
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\AppData\Local\History
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\Cookies
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\Application Data
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\AppData\Local\Application Data
[2013-06-09 00:20:37 | 000,000,000 | -H-D | C] -- C:\Users\phani\AppData
[2013-06-09 00:20:37 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Local\Temp
[2013-06-09 00:20:37 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Local\Microsoft
[2013-06-09 00:20:37 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Media Center Programs
[2013-06-09 00:20:37 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
[2013-06-09 00:20:37 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
[2013-06-09 00:13:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2013-06-09 00:13:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2013-06-09 00:13:45 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2013-06-09 00:13:45 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2013-06-09 00:13:45 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2013-06-09 00:13:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2013-06-09 00:13:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2013-06-09 00:13:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2013-06-09 00:13:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2013-06-09 00:13:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data

========== Files - Modified Within 30 Days ==========

[2013-06-09 23:27:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-06-09 23:26:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\phani\Desktop\OTL.exe
[2013-06-09 22:53:29 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013-06-09 22:53:29 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013-06-09 19:27:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-06-09 10:47:10 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013-06-09 10:47:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013-06-09 10:27:31 | 000,667,914 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-06-09 10:27:31 | 000,123,912 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-06-09 10:24:52 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013-06-09 10:21:45 | 000,000,163 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2013-06-09 10:21:37 | 000,000,680 | ---- | M] () -- C:\Users\phani\AppData\Local\d3d9caps.dat
[2013-06-09 10:18:50 | 3219,513,344 | -HS- | M] () -- C:\hiberfil.sys
[2013-06-09 10:17:44 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013-06-09 10:13:03 | 000,622,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2013-06-09 10:13:03 | 000,097,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2013-06-09 10:13:03 | 000,037,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2013-06-09 10:13:03 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2013-06-09 10:12:58 | 000,105,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013-06-09 10:12:57 | 000,781,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2013-06-09 10:12:57 | 000,326,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2013-06-09 10:12:57 | 000,043,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2013-06-09 10:08:13 | 029,163,520 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2013-06-09 10:08:12 | 000,327,680 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2013-06-09 10:08:12 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2013-06-09 10:05:21 | 000,866,592 | ---- | M] () -- C:\Users\phani\Desktop\Norton_Removal_Tool.exe
[2013-06-09 10:04:13 | 000,000,127 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2013-06-09 02:15:11 | 000,383,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013-06-09 02:10:19 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013-06-09 02:10:19 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2013-06-09 02:10:19 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2013-06-09 02:10:19 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2013-06-09 02:10:16 | 002,452,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013-06-09 02:10:16 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013-06-09 02:10:15 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013-06-09 02:10:15 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013-06-09 02:10:15 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013-06-09 02:10:14 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013-06-09 02:10:13 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013-06-09 02:10:09 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013-06-09 02:10:08 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2013-06-09 02:10:08 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013-06-09 02:10:07 | 001,383,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013-06-09 02:10:05 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013-06-09 02:10:04 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013-06-09 02:10:00 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013-06-09 02:09:56 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013-06-09 02:09:56 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013-06-09 02:09:55 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013-06-09 02:09:53 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013-06-09 01:54:06 | 000,213,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2013-06-09 01:54:06 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2013-06-09 01:54:06 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2013-06-09 01:42:18 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2013-06-09 01:42:15 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2013-06-09 01:42:15 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2013-06-09 01:34:32 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2013-06-09 01:34:27 | 004,247,552 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2013-06-09 01:34:27 | 001,686,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013-06-09 01:33:52 | 002,855,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2013-06-09 01:33:52 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2013-06-09 01:33:51 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2013-06-09 01:33:51 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2013-06-09 01:33:51 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2013-06-09 01:33:50 | 002,433,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2013-06-09 01:33:50 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2013-06-09 01:33:50 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2013-06-09 01:33:23 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2013-06-09 01:33:00 | 001,645,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2013-06-09 01:32:24 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2013-06-09 01:29:28 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2013-06-09 01:29:06 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2013-06-09 01:28:43 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2013-06-09 01:28:18 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2013-06-09 01:28:18 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2013-06-09 01:28:03 | 000,604,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2013-06-09 01:27:53 | 008,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2013-06-09 01:27:51 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2013-06-09 01:27:49 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2013-06-09 01:27:46 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2013-06-09 01:21:54 | 000,000,870 | ---- | M] () -- C:\Users\phani\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013-06-09 00:29:09 | 000,000,081 | ---- | M] () -- C:\Windows\System32\LOG
[2013-06-09 00:29:05 | 000,000,044 | ---- | M] () -- C:\Windows\System\hpsysdrv.dat
[2013-06-09 00:22:23 | 000,000,000 | RHS- | M] () -- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv2700 Notebook PC_Y5335KV_0U_Q2CE836DQFM_E459208-375_4A_I30CE_SWistron_V80.52_F.2C_T080616_WV3-0_L409_M3070_J320_7Intel_86FD_92.00_#071216_N11AB4353;80864229_(FQ366PA#ACJ)_XMOBILE_CN10_Z.MRK
[2013-06-09 00:13:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdFs_01_00_00.Wdf

========== Files Created - No Company Name ==========

[2013-06-09 12:39:24 | 3219,513,344 | -HS- | C] () -- C:\hiberfil.sys
[2013-06-09 10:47:11 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-06-09 10:24:52 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013-06-09 10:24:41 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013-06-09 10:21:37 | 000,000,680 | ---- | C] () -- C:\Users\phani\AppData\Local\d3d9caps.dat
[2013-06-09 10:05:13 | 000,866,592 | ---- | C] () -- C:\Users\phani\Desktop\Norton_Removal_Tool.exe
[2013-06-09 10:04:13 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2013-06-09 01:44:50 | 029,163,520 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2013-06-09 01:44:50 | 000,327,680 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2013-06-09 01:44:50 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2013-06-09 01:21:54 | 000,000,870 | ---- | C] () -- C:\Users\phani\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013-06-09 01:21:54 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013-06-09 00:29:51 | 000,000,949 | ---- | C] () -- C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013-06-09 00:29:47 | 000,000,944 | ---- | C] () -- C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013-06-09 00:29:30 | 000,000,915 | ---- | C] () -- C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2013-06-09 00:29:09 | 000,000,081 | ---- | C] () -- C:\Windows\System32\LOG
[2013-06-09 00:29:05 | 000,000,044 | ---- | C] () -- C:\Windows\System\hpsysdrv.dat
[2013-06-09 00:27:23 | 000,002,061 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.in.lnk
[2013-06-09 00:22:23 | 000,000,000 | RHS- | C] () -- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv2700 Notebook PC_Y5335KV_0U_Q2CE836DQFM_E459208-375_4A_I30CE_SWistron_V80.52_F.2C_T080616_WV3-0_L409_M3070_J320_7Intel_86FD_92.00_#071216_N11AB4353;80864229_(FQ366PA#ACJ)_XMOBILE_CN10_Z.MRK
[2013-06-09 00:20:37 | 000,000,258 | ---- | C] () -- C:\Users\phani\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013-06-09 00:20:37 | 000,000,240 | ---- | C] () -- C:\Users\phani\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

========== ZeroAccess Check ==========

[2006-11-02 18:24:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2007-12-16 20:57:30 | 011,315,200 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2006-11-02 15:16:04 | 000,614,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006-11-02 15:16:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2006-11-02 15:16:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2006-11-02 15:16:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\appinfo.dll -- (Appinfo)
SRV - [2006-11-02 15:14:49 | 000,058,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\alg.exe -- (ALG)
SRV - [2007-12-16 20:59:19 | 000,750,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\qmgr.dll -- (BITS)
SRV - [2006-11-02 15:16:02 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\BFE.DLL -- (BFE)
SRV - [2006-11-02 15:15:21 | 000,007,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\lsass.exe -- (KeyIso)
SRV - [2006-11-02 15:16:04 | 000,259,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\es.dll -- (EventSystem)
SRV - [2006-11-02 15:16:02 | 000,081,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\browser.dll -- (Browser)
SRV - [2006-11-02 15:16:03 | 000,123,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2006-11-02 15:16:12 | 000,545,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\rpcss.dll -- (DcomLaunch)
SRV - [2007-12-16 20:57:28 | 000,204,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2006-11-02 15:16:04 | 000,083,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2006-11-02 15:16:04 | 000,034,816 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\eapsvc.dll -- (EapHost)
SRV - [2006-11-02 15:16:05 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\hidserv.dll -- (hidserv)
SRV - [2007-12-16 20:54:57 | 000,286,208 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2006-11-02 15:16:05 | 000,361,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2013-01-27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
No service found with a name of NisSrv
SRV - [2006-11-02 15:16:13 | 000,292,864 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\swprv.dll -- (swprv)
SRV - [2006-11-02 15:16:05 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\mmcss.dll -- (MMCSS)
SRV - [2006-11-02 15:16:11 | 000,273,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\netman.dll -- (Netman)
SRV - [2006-11-02 15:16:11 | 000,235,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\netprofm.dll -- (netprofm)
SRV - [2006-11-02 15:16:11 | 000,171,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\nlasvc.dll -- (NlaSvc)
SRV - [2006-11-02 15:16:12 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\nsisvc.dll -- (nsi)
SRV - [2006-11-02 15:16:13 | 000,221,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2006-11-02 15:15:46 | 000,124,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\spoolsv.exe -- (Spooler)
SRV - [2006-11-02 15:15:21 | 000,007,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\lsass.exe -- (ProtectedStorage)
SRV - [2006-11-02 18:04:35 | 000,560,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2006-11-02 15:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\rasauto.dll -- (RasAuto)
SRV - [2006-11-02 15:16:12 | 000,234,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\rasmans.dll -- (RasMan)
SRV - [2006-11-02 15:16:12 | 000,545,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\rpcss.dll -- (RpcSs)
SRV - [2006-11-02 15:16:12 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\seclogon.dll -- (seclogon)
SRV - [2006-11-02 15:15:21 | 000,007,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\lsass.exe -- (SamSs)
SRV - [2006-11-02 18:05:09 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wscsvc.dll -- (wscsvc)
SRV - [2006-11-02 15:16:13 | 000,121,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\srvsvc.dll -- (LanmanServer)
SRV - [2006-11-02 15:16:13 | 000,245,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2007-12-16 20:43:25 | 002,605,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\SLsvc.exe -- (slsvc)
SRV - [2006-11-02 15:16:12 | 000,595,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\schedsvc.dll -- (Schedule)
SRV - [2006-11-02 15:16:13 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\tapisrv.dll -- (TapiSrv)
SRV - [2006-11-02 15:16:13 | 000,245,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\shsvcs.dll -- (Themes)
SRV - [2006-11-02 15:16:12 | 000,152,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\profsvc.dll -- (ProfSvc)
SRV - [2006-11-02 15:15:51 | 000,924,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\VSSVC.exe -- (VSS)
SRV - [2006-11-02 15:16:02 | 000,310,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\audiosrv.dll -- (Audiosrv)
SRV - [2006-11-02 15:16:02 | 000,310,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2007-12-16 21:43:12 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2007-12-16 20:34:43 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006-11-02 15:16:13 | 000,989,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wevtsvc.dll -- (Eventlog)
SRV - [2007-12-16 19:52:06 | 000,396,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2006-11-02 18:04:41 | 000,451,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wiaservc.dll -- (stisvc)
SRV - [2006-11-02 15:15:26 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2006-11-02 15:16:14 | 000,161,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2006-11-02 15:16:16 | 001,568,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wuaueng.dll -- (wuauserv)
SRV - [2006-11-02 15:16:04 | 000,146,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dot3svc.dll -- (dot3svc)
SRV - [2007-12-16 23:01:27 | 000,502,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wlansvc.dll -- (Wlansvc)
SRV - [2006-11-02 15:16:14 | 000,156,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008-10-29 11:50:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008-10-29 11:59:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008-10-30 09:29:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\WINDOWS\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007-08-27 08:40:03 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\WINDOWS\SoftwareDistribution\Download\f411dcb0df2de951a1b7d68be5b8fec7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007-08-27 07:31:58 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\WINDOWS\SoftwareDistribution\Download\f411dcb0df2de951a1b7d68be5b8fec7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008-10-28 07:45:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\WINDOWS\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006-11-02 15:15:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\WINDOWS\explorer.exe
[2006-11-02 15:15:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe

< MD5 for: SERVICES >
[2006-09-19 03:11:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\WINDOWS\System32\drivers\etc\services
[2006-09-19 03:11:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.EXE >
[2006-11-02 15:15:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\WINDOWS\System32\services.exe
[2006-11-02 15:15:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006-11-02 18:10:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\WINDOWS\System32\en-US\services.exe.mui
[2006-11-02 18:10:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2006-11-02 18:23:55 | 000,001,688 | ---- | M] () MD5=CD37AF3AB3916666198BFFC8C0C611EB -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2006-11-02 18:23:55 | 000,001,688 | ---- | M] () MD5=CD37AF3AB3916666198BFFC8C0C611EB -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006-09-19 03:16:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\System32\wbem\services.mof
[2006-09-19 03:16:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.mof

< MD5 for: SERVICES.MSC >
[2006-11-02 18:11:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\System32\en-US\services.msc
[2006-09-19 02:59:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\System32\services.msc
[2006-11-02 18:11:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006-09-19 02:59:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f\services.msc

< MD5 for: SVCHOST.EXE >
[2006-11-02 15:15:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\WINDOWS\System32\svchost.exe
[2006-11-02 15:15:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe

< MD5 for: USERINIT.EXE >
[2006-11-02 15:15:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\WINDOWS\System32\userinit.exe
[2006-11-02 15:15:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006-11-02 15:15:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\WINDOWS\System32\winlogon.exe
[2006-11-02 15:15:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is C0B6-6039
Directory of C:\
09-06-2013 00:13 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
09-06-2013 00:13 <JUNCTION> Application Data [C:\ProgramData]
09-06-2013 00:13 <JUNCTION> Desktop [C:\Users\Public\Desktop]
09-06-2013 00:13 <JUNCTION> Documents [C:\Users\Public\Documents]
09-06-2013 00:13 <JUNCTION> Favorites [C:\Users\Public\Favorites]
09-06-2013 00:13 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
09-06-2013 00:13 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
09-06-2013 00:13 <SYMLINKD> All Users [C:\ProgramData]
09-06-2013 00:13 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
09-06-2013 00:13 <JUNCTION> Application Data [C:\ProgramData]
09-06-2013 00:13 <JUNCTION> Desktop [C:\Users\Public\Desktop]
09-06-2013 00:13 <JUNCTION> Documents [C:\Users\Public\Documents]
09-06-2013 00:13 <JUNCTION> Favorites [C:\Users\Public\Favorites]
09-06-2013 00:13 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
09-06-2013 00:13 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
09-06-2013 00:13 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
09-06-2013 00:13 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
09-06-2013 00:13 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
09-06-2013 00:13 <JUNCTION> My Documents [C:\Users\Default\Documents]
09-06-2013 00:13 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09-06-2013 00:13 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09-06-2013 00:13 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
09-06-2013 00:13 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
09-06-2013 00:13 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
09-06-2013 00:13 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
09-06-2013 00:13 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
09-06-2013 00:13 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
09-06-2013 00:13 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
09-06-2013 00:13 <JUNCTION> My Music [C:\Users\Default\Music]
09-06-2013 00:13 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
09-06-2013 00:13 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\phani
09-06-2013 00:20 <JUNCTION> Application Data [C:\Users\phani\AppData\Roaming]
09-06-2013 00:20 <JUNCTION> Cookies [C:\Users\phani\AppData\Roaming\Microsoft\Windows\Cookies]
09-06-2013 00:20 <JUNCTION> Local Settings [C:\Users\phani\AppData\Local]
09-06-2013 00:20 <JUNCTION> My Documents [C:\Users\phani\Documents]
09-06-2013 00:20 <JUNCTION> NetHood [C:\Users\phani\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09-06-2013 00:20 <JUNCTION> PrintHood [C:\Users\phani\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09-06-2013 00:20 <JUNCTION> Recent [C:\Users\phani\AppData\Roaming\Microsoft\Windows\Recent]
09-06-2013 00:20 <JUNCTION> SendTo [C:\Users\phani\AppData\Roaming\Microsoft\Windows\SendTo]
09-06-2013 00:20 <JUNCTION> Start Menu [C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu]
09-06-2013 00:20 <JUNCTION> Templates [C:\Users\phani\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\phani\AppData\Local
09-06-2013 00:20 <JUNCTION> Application Data [C:\Users\phani\AppData\Local]
09-06-2013 00:20 <JUNCTION> History [C:\Users\phani\AppData\Local\Microsoft\Windows\History]
09-06-2013 00:20 <JUNCTION> Temporary Internet Files [C:\Users\phani\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\phani\Documents
09-06-2013 00:20 <JUNCTION> My Music [C:\Users\phani\Music]
09-06-2013 00:20 <JUNCTION> My Pictures [C:\Users\phani\Pictures]
09-06-2013 00:20 <JUNCTION> My Videos [C:\Users\phani\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
09-06-2013 00:13 <JUNCTION> My Music [C:\Users\Public\Music]
09-06-2013 00:13 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
09-06-2013 00:13 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
50 Dir(s) 232,943,849,472 bytes free

< End of report >

[tekkanphan]

Extras



OTL Extras logfile created on: 09-06-2013 23:30:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\phani\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

3.00 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 65.77% Memory free
6.18 Gb Paging File | 5.21 Gb Available in Paging File | 84.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.53 Gb Total Space | 217.18 Gb Free Space | 75.53% Space Free | Partition Type: NTFS
Drive D: | 10.56 Gb Total Space | 1.64 Gb Free Space | 15.49% Space Free | Partition Type: NTFS

Computer Name: PHANI-PC | User Name: phani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2721090859-871738980-3643490546-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EB3BDE85-5851-42A9-8069-C16E09C0E687}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{570A95DE-0DF7-49DD-AF0C-16639AC45040}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{77556F29-ACC0-4425-91A4-672325FDD4EF}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{85DE38AC-ED4D-45E1-9456-B677F442BB01}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{AAA44608-1195-40FA-A5DD-4C39DE5D417E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{BDA61E22-DE66-45EE-93E3-E597686BA596}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.5500
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{546A0B92-34FF-4796-A39A-4842FAF0B70E}" = ESU for Microsoft Vista
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B53620C0-3A83-4F50-A7AB-175DB64C1CE3}" = HP User Guides 0090
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C7AF7F33-9092-997E-2D29-DE8095863FE3}" = DigitalPersona Personal 3.0.0
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIM_6" = AIM 6
"AOL Toolbar" = AOL Toolbar 5.0
"Business Contact Manager for Outlook 2007" = Business Contact Manager for Outlook 2007
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"PROHYBRIDR" = 2007 Microsoft Office system
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 08-06-2013 15:35:30 | Computer Name = phani-PC | Source = MsiInstaller | ID = 11500
Description =

Error - 08-06-2013 16:47:59 | Computer Name = phani-PC | Source = WerSvc | ID = 5007
Description =

Error - 09-06-2013 00:03:42 | Computer Name = phani-PC | Source = WerSvc | ID = 5007
Description =

Error - 09-06-2013 00:54:35 | Computer Name = phani-PC | Source = WerSvc | ID = 5007
Description =

[ DigitalPersona Pro Events ]
Error - 08-06-2013 15:00:23 | Computer Name = phani-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 08-06-2013 16:52:12 | Computer Name = phani-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 08-06-2013 23:57:06 | Computer Name = phani-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 09-06-2013 00:50:43 | Computer Name = phani-PC | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

[ System Events ]
Error - 09-06-2013 01:49:15 | Computer Name = phani-PC | Source = Microsoft Antimalware | ID = 2003
Description = %%860 has encountered an error trying to update the engine. New Engine
Version: Previous Engine Version: Engine Type: %%886 User: phani-PC\phani Error Code:
0x80070002 Error description: The system cannot find the file specified.

Error - 09-06-2013 01:49:16 | Computer Name = phani-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%854

Source
Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%886 Update Type: %%803 User: phani-PC\phani Current Engine Version: Previous
Engine Version: 0.0.0.0 Error code: 0x80070002 Error description: The system cannot
find the file specified.

Error - 09-06-2013 09:30:58 | Computer Name = phani-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 09-06-2013 09:30:58 | Computer Name = phani-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 09-06-2013 09:30:58 | Computer Name = phani-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 09-06-2013 09:30:58 | Computer Name = phani-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 09-06-2013 09:30:58 | Computer Name = phani-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 09-06-2013 09:30:58 | Computer Name = phani-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 09-06-2013 09:30:58 | Computer Name = phani-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 09-06-2013 09:30:58 | Computer Name = phani-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =


< End of report >

[tekkanphan]

online scan

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8e007cd06fbbfc48af85a569f7025a3b
# engine=14033
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-06-09 08:15:18
# local_time=2013-06-10 01:45:18 (+0530, India Standard Time)
# country="India"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=5892 16776574 100 100 0 208339846 0 0
# scanned=146187
# found=2
# cleaned=0
# scan_time=6539
sh=9E818BA19004665C251A744966AB35FAA5709CD7 ft=1 fh=42d6915ac8245590 vn="Win32/InstallCore.BL application" ac=I fn="C:\Users\phani\Downloads\Chrome_Setup.exe"
sh=2CADEDEF55C02D42EA8108148FE2F25B112D1266 ft=1 fh=c157128a3b3e2b64 vn="Win32/Sality.NBA virus" ac=I fn="D:\HP\RECOVERY\RestoreWiz.exe"

[Jasmyne]

Let's kill those files and then use SalityKiller on just your D drive to make sure there are no more Sality infected files on that drive.

Step 1 - OTL Fix

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the code box below. To do this, highlight everything inside the code box, right click and click Copy.

:Commands
[createrestorepoint]

:Files
C:\Users\phani\Downloads\Chrome_Setup.exe

:Commands
[emptytemp]

2. Please re-open on your desktop.
3. Place the mouse pointer inside the textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the button. Post the log it produces in your next reply.

Step 2 - Sality Killer

The following program may need to be run several times and no guarantee can be given

• Make sure that SalityKiller.exe is saved in the root of disk C:\.
• Press Win+R key sequence.
• In the new window copy and paste the following:
  

  C:\SalityKiller.exe -p D:\ -l C:\salitykillerlog.txt

• Click OK button.
• A reboot might be required after disinfection.
• Post the log located at C:\salitykillerlog.txt with your next reply.

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. OTL Fix
2. OTL Log
3. SalityKiller Log

[tekkanphan]

OTL fix


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Users\phani\Downloads\Chrome_Setup.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: phani
->Temp folder emptied: 52871737 bytes
->Temporary Internet Files folder emptied: 1708631 bytes
->FireFox cache emptied: 394219027 bytes
->Flash cache emptied: 7542 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42171768 bytes
RecycleBin emptied: 1789 bytes

Total Files Cleaned = 468.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06102013_211406

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[tekkanphan]

new Otl

OTL logfile created on: 10-06-2013 21:52:47 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\phani\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

3.00 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 71.67% Memory free
6.18 Gb Paging File | 5.38 Gb Available in Paging File | 87.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.53 Gb Total Space | 218.92 Gb Free Space | 76.14% Space Free | Partition Type: NTFS
Drive D: | 10.56 Gb Total Space | 1.64 Gb Free Space | 15.49% Space Free | Partition Type: NTFS

Computer Name: PHANI-PC | User Name: phani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-06-10 09:09:54 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2013-06-09 23:26:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\phani\Desktop\OTL.exe
PRC - [2013-01-27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013-01-27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2007-09-20 23:42:02 | 000,671,744 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpAgent.exe
PRC - [2007-09-20 23:32:58 | 000,299,008 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe
PRC - [2007-09-06 01:39:54 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007-07-12 17:30:36 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
PRC - [2007-03-30 04:11:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe


========== Modules (No Company Name) ==========

MOD - [2007-10-01 08:04:52 | 000,345,384 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007-10-01 08:04:42 | 000,255,384 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007-10-01 08:04:42 | 000,120,208 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007-10-01 08:04:42 | 000,038,184 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2007-09-06 01:33:06 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007-09-06 01:22:04 | 000,389,120 | ---- | M] () -- C:\WINDOWS\System32\btwhidcs.dll


========== Services (SafeList) ==========

SRV - [2013-06-09 10:47:11 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-06-09 01:35:44 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-01-27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2007-12-16 20:34:43 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-09-20 23:32:58 | 000,299,008 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2007-03-05 23:00:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130607.024\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130607.024\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2008-03-04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007-10-01 21:05:52 | 000,183,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007-09-19 10:35:00 | 007,626,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007-08-29 04:17:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007-08-09 09:12:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007-07-31 00:24:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007-07-30 23:12:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007-07-11 23:00:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007-07-10 19:57:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007-06-28 20:39:56 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007-06-19 05:42:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007-04-18 17:33:26 | 000,141,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Apfiltr.sys -- (ApfiltrService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {DC363577-0417-4B93-8127-3491AF6CE6B7}
IE - HKLM\..\SearchScopes\{DC363577-0417-4B93-8127-3491AF6CE6B7}: "URL" = http://slirsredirect...hpcnnbie7-en-in

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {DC363577-0417-4B93-8127-3491AF6CE6B7}
IE - HKCU\..\SearchScopes\{DC363577-0417-4B93-8127-3491AF6CE6B7}: "URL" = http://slirsredirect...hpcnnbie7-en-in
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013-06-09 01:22:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\phani\AppData\Roaming\Mozilla\Extensions
[2013-06-10 15:02:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\qwi9ijnr.default\extensions
[2013-06-10 14:57:29 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\qwi9ijnr.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2013-06-10 14:59:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\qwi9ijnr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013-06-10 15:02:25 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\qwi9ijnr.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013-06-09 01:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013-06-09 01:35:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2006-09-19 03:11:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 5.0\resources\en-IN\local\search.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 123.176.37.38 123.176.37.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B85124C2-846A-4FCA-B933-15D9ADF7B92E}: DhcpNameServer = 123.176.37.38 123.176.37.36
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\HPOrganicDk.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\HPOrganicDk.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-12-16 21:44:26 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005-09-11 20:48:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013-06-10 21:14:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-06-10 10:32:50 | 000,000,000 | ---D | C] -- C:\Users\phani\Documents\6-042j-fall-2010
[2013-06-09 23:26:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\phani\Desktop\OTL.exe
[2013-06-09 10:55:31 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Local\Adobe
[2013-06-09 10:47:34 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Local\Macromedia
[2013-06-09 10:47:34 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Adobe
[2013-06-09 10:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013-06-09 09:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2013-06-09 01:34:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013-06-09 01:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2013-06-09 01:22:29 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Mozilla
[2013-06-09 01:22:29 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Local\Mozilla
[2013-06-09 01:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013-06-09 01:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013-06-09 01:02:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Symantec
[2013-06-09 00:37:24 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Local\AOL
[2013-06-09 00:31:19 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Local\QuickPlay
[2013-06-09 00:30:44 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Symantec
[2013-06-09 00:29:58 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\DigitalPersona
[2013-06-09 00:29:58 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Local\DigitalPersona
[2013-06-09 00:29:47 | 000,000,000 | R--D | C] -- C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013-06-09 00:29:47 | 000,000,000 | R--D | C] -- C:\Users\phani\Searches
[2013-06-09 00:29:47 | 000,000,000 | R--D | C] -- C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013-06-09 00:29:39 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Identities
[2013-06-09 00:29:31 | 000,000,000 | R--D | C] -- C:\Users\phani\Contacts
[2013-06-09 00:29:29 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Local\VirtualStore
[2013-06-09 00:28:17 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Macromedia
[2013-06-09 00:27:55 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Hewlett-Packard
[2013-06-09 00:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\AOL
[2013-06-09 00:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2013-06-09 00:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2013-06-09 00:21:50 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Macrovision
[2013-06-09 00:20:37 | 000,000,000 | --SD | C] -- C:\Users\phani\AppData\Roaming\Microsoft
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\Videos
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\Saved Games
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\Pictures
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\Music
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\Links
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\Favorites
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\Downloads
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\Documents
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\Desktop
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\AppData\Local\Temporary Internet Files
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\Templates
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\Start Menu
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\SendTo
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\Recent
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\PrintHood
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\NetHood
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\Documents\My Videos
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\Documents\My Pictures
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\Documents\My Music
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\My Documents
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\Local Settings
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\AppData\Local\History
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\Cookies
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\Application Data
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\AppData\Local\Application Data
[2013-06-09 00:20:37 | 000,000,000 | -H-D | C] -- C:\Users\phani\AppData
[2013-06-09 00:20:37 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Local\Temp
[2013-06-09 00:20:37 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Local\Microsoft
[2013-06-09 00:20:37 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Media Center Programs
[2013-06-09 00:20:37 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
[2013-06-09 00:20:37 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
[2013-06-09 00:13:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2013-06-09 00:13:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2013-06-09 00:13:45 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2013-06-09 00:13:45 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2013-06-09 00:13:45 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2013-06-09 00:13:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2013-06-09 00:13:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2013-06-09 00:13:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2013-06-09 00:13:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2013-06-09 00:13:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data

========== Files - Modified Within 30 Days ==========

[2013-06-10 21:35:44 | 000,000,163 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2013-06-10 21:27:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-06-10 21:25:02 | 000,670,050 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-06-10 21:25:02 | 000,126,048 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-06-10 21:17:07 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013-06-10 21:17:07 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013-06-10 21:16:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-06-10 21:16:36 | 3219,513,344 | -HS- | M] () -- C:\hiberfil.sys
[2013-06-10 21:15:42 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013-06-10 17:47:12 | 000,000,938 | ---- | M] () -- C:\Users\phani\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013-06-10 10:17:47 | 000,383,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013-06-10 09:35:00 | 001,654,487 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2013-06-09 23:26:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\phani\Desktop\OTL.exe
[2013-06-09 10:24:52 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013-06-09 10:21:37 | 000,000,680 | ---- | M] () -- C:\Users\phani\AppData\Local\d3d9caps.dat
[2013-06-09 10:08:13 | 029,163,520 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2013-06-09 10:08:12 | 000,327,680 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2013-06-09 10:08:12 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2013-06-09 10:05:21 | 000,866,592 | ---- | M] () -- C:\Users\phani\Desktop\Norton_Removal_Tool.exe
[2013-06-09 10:04:13 | 000,000,127 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2013-06-09 01:21:54 | 000,000,870 | ---- | M] () -- C:\Users\phani\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013-06-09 00:29:09 | 000,000,081 | ---- | M] () -- C:\Windows\System32\LOG
[2013-06-09 00:29:05 | 000,000,044 | ---- | M] () -- C:\Windows\System\hpsysdrv.dat
[2013-06-09 00:22:23 | 000,000,000 | RHS- | M] () -- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv2700 Notebook PC_Y5335KV_0U_Q2CE836DQFM_E459208-375_4A_I30CE_SWistron_V80.52_F.2C_T080616_WV3-0_L409_M3070_J320_7Intel_86FD_92.00_#071216_N11AB4353;80864229_(FQ366PA#ACJ)_XMOBILE_CN10_Z.MRK
[2013-06-09 00:13:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdFs_01_00_00.Wdf

========== Files Created - No Company Name ==========

[2013-06-10 17:47:12 | 000,000,938 | ---- | C] () -- C:\Users\phani\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013-06-10 09:35:00 | 001,654,487 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2013-06-09 12:39:24 | 3219,513,344 | -HS- | C] () -- C:\hiberfil.sys
[2013-06-09 10:47:11 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-06-09 10:24:52 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013-06-09 10:24:41 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013-06-09 10:21:37 | 000,000,680 | ---- | C] () -- C:\Users\phani\AppData\Local\d3d9caps.dat
[2013-06-09 10:05:13 | 000,866,592 | ---- | C] () -- C:\Users\phani\Desktop\Norton_Removal_Tool.exe
[2013-06-09 10:04:13 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2013-06-09 01:44:50 | 029,163,520 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2013-06-09 01:44:50 | 000,327,680 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2013-06-09 01:44:50 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2013-06-09 01:21:54 | 000,000,870 | ---- | C] () -- C:\Users\phani\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013-06-09 01:21:54 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013-06-09 00:29:51 | 000,000,949 | ---- | C] () -- C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013-06-09 00:29:47 | 000,000,944 | ---- | C] () -- C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013-06-09 00:29:30 | 000,000,915 | ---- | C] () -- C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2013-06-09 00:29:09 | 000,000,081 | ---- | C] () -- C:\Windows\System32\LOG
[2013-06-09 00:29:05 | 000,000,044 | ---- | C] () -- C:\Windows\System\hpsysdrv.dat
[2013-06-09 00:27:23 | 000,002,061 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.in.lnk
[2013-06-09 00:22:23 | 000,000,000 | RHS- | C] () -- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv2700 Notebook PC_Y5335KV_0U_Q2CE836DQFM_E459208-375_4A_I30CE_SWistron_V80.52_F.2C_T080616_WV3-0_L409_M3070_J320_7Intel_86FD_92.00_#071216_N11AB4353;80864229_(FQ366PA#ACJ)_XMOBILE_CN10_Z.MRK
[2013-06-09 00:20:37 | 000,000,258 | ---- | C] () -- C:\Users\phani\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013-06-09 00:20:37 | 000,000,240 | ---- | C] () -- C:\Users\phani\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

========== ZeroAccess Check ==========

[2006-11-02 18:24:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-06-10 09:12:53 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013-06-10 09:00:46 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006-11-02 15:16:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013-06-09 00:29:58 | 000,000,000 | ---D | M] -- C:\Users\phani\AppData\Roaming\DigitalPersona

========== Purity Check ==========



< End of report >

[tekkanphan]

Sality killer

22:07:17:450 3992 scanning threads ...
22:07:20:227 3992
22:07:20:227 3992 scanning processes ...
22:07:20:352 3992
22:07:20:352 3992 scanning D:\ ...
22:07:20:352 1528
Monitoring thread started
22:09:15:995 3992
22:09:16:057 1528
Monitoring thread stopped
22:09:16:057 3992
completed
22:09:16:057 3992 Infected files: 0
22:09:16:057 3992 Infected processes: 0
22:09:16:057 3992 Infected threads: 0
22:09:16:057 3992 Cured files: 0
22:09:16:057 3992 Will be cured on reboot: 0
22:09:16:057 3992 Executed registry scripts: 0

[Jasmyne]

Okay, let's check the entire system just to be certain it is gone.

• Download and unpack the file SalityKiller.exe in the root of disk C:\.
• Press Win+R key sequence.
• In the new window copy and paste the following:

• C:\SalityKiller.exe -l C:\salitykillerlog.txt

• Click OK button.
• A reboot might be required after disinfection.

Post the log located at C:\salitykillerlog.txt with your next reply.
[/quote]

[tekkanphan]

sality killer

08:37:46:759 0280 scanning threads ...
08:37:49:473 0280
08:37:49:473 0280 scanning processes ...
08:37:49:692 0280
08:37:49:692 0280 fixing registry ...
08:37:49:692 3904
Monitoring thread started
08:37:49:692 0280 SalityRegCure: Restoring general registry keys
08:37:49:707 0280 SalityRegCure: Fixing system.ini
08:37:49:723 0280
08:37:49:723 0280 scanning drives ...
08:37:49:723 0280 scanning C:\ ...
09:32:53:881 0280 scanning D:\ ...
09:33:37:951 0280
09:33:39:636 3904
Monitoring thread stopped
09:33:39:636 0280
completed
09:33:39:636 0280 Infected files: 0
09:33:39:636 0280 Infected processes: 0
09:33:39:636 0280 Infected threads: 0
09:33:39:651 0280 Cured files: 0
09:33:39:651 0280 Will be cured on reboot: 0
09:33:39:651 0280 Executed registry scripts: 1

[Jasmyne]

Now we know the system is clean, let's work on the removable drives.

You will need to do this for each one of your removable drives (USB's & external hard drives).

• Download and unpack the file SalityKiller.exe in the root of disk C:\.
• Press Win+R key sequence.
• In the new window copy and paste the following:
  

  C:\SalityKiller.exe -r -l C:\salitykillerlog.txt

• Click OK button.
• A reboot might be required after disinfection.

Post the log located at C:\salitykillerlog.txt with your next reply.

[tekkanphan]

23:34:27:597 4864 scanning threads ...
23:34:30:015 4864
23:34:30:015 4864 scanning processes ...
23:34:30:078 4864
23:34:30:078 4864 fixing registry ...
23:34:30:078 4748
Monitoring thread started
23:34:30:078 4864 SalityRegCure: Restoring general registry keys
23:34:30:078 4864 SalityRegCure: Fixing system.ini
23:34:30:093 4864
23:34:30:093 4864 scanning drives ...
23:34:30:093 4864 scanning C:\ ...
00:02:50:743 4864 scanning D:\ ...
00:03:07:638 4864 scanning F:\ ...
01:30:08:989 4864
01:30:08:989 4748
Monitoring thread stopped
01:30:08:989 4864
completed
01:30:08:989 4864 Infected files: 0
01:30:08:989 4864 Infected processes: 0
01:30:08:989 4864 Infected threads: 0
01:30:08:989 4864 Cured files: 0
01:30:08:989 4864 Will be cured on reboot: 0
01:30:08:989 4864 Executed registry scripts: 1

[tekkanphan]

i dont know why sality is showing nothing . may be because MS essentials caught some