Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 36

Thread: mallware trouble

  1. #21
    Senior Member
    Join Date
    Nov 2008
    Posts
    113

    Default

    OTL log

    OTL logfile created on: 29/09/2012 10:51:39 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sai SGK\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000c09 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

    3.18 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 69.87% Memory free
    6.36 Gb Paging File | 5.42 Gb Available in Paging File | 85.22% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 388.84 Gb Total Space | 21.77 Gb Free Space | 5.60% Space Free | Partition Type: NTFS
    Drive D: | 9.65 Gb Total Space | 1.44 Gb Free Space | 14.90% Space Free | Partition Type: NTFS
    Drive E: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive K: | 7.55 Gb Total Space | 2.53 Gb Free Space | 33.55% Space Free | Partition Type: FAT32
    Drive V: | 300.05 Gb Total Space | 7.94 Gb Free Space | 2.65% Space Free | Partition Type: NTFS

    Computer Name: HOMEPC | User Name: Sai SGK | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Sai SGK\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
    PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
    PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
    PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
    PRC - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
    PRC - C:\Program Files\AVerMedia\AVerUpdate\AVerUpdateServer.exe (AVerMedia TECHNOLOGIES, Inc.)
    PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
    PRC - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
    PRC - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
    PRC - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
    PRC - c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
    PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    PRC - C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
    PRC - C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
    PRC - C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe (Hewlett-Packard)
    PRC - C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe ()
    PRC - C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\12dc22db56f7933e84654ecc590beba5\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\828e99a57411166ccc26d24be089ba44\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\502adc65e43b9d025cba1fd0bfa964a8\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb0e4de1afd3f2efbbf39a5e39f646a\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2a5cbab122112cd4291b684e67460c16\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\5b10c18a074132f1ae4a86d860cf9615\WindowsBase.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9447bd5b21a91081d4275b4c4401b1f9\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2ab531f4915cccb998c4e852fb7efd00\mscorlib.ni.dll ()
    MOD - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
    MOD - c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
    MOD - C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe ()
    MOD - C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll ()


    ========== Services (SafeList) ==========

    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
    SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
    SRV - (HPDrvMntSvc.exe) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
    SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
    SRV - (GameConsoleService) -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
    SRV - (AVerUpdateServer) -- C:\Program Files\AVerMedia\AVerUpdate\AVerUpdateServer.exe (AVerMedia TECHNOLOGIES, Inc.)
    SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
    SRV - (AVerScheduleService) -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
    SRV - (AVerRemote) -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
    SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


    ========== Driver Services (SafeList) ==========

    DRV - (JakNDisMP) -- system32\DRIVERS\JakNDis.sys File not found
    DRV - (catchme) -- C:\Users\SAISGK~1\AppData\Local\Temp\catchme.sys File not found
    DRV - (appliandMP) -- system32\DRIVERS\appliand.sys File not found
    DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
    DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
    DRV - (AVPolCIR) -- C:\Windows\System32\drivers\AVPolCIR.sys (AVerMedia TECHNOLOGIES, Inc.)
    DRV - (AVerPola) -- C:\Windows\System32\drivers\AVerPola.sys (AVerMedia TECHNOLOGIES, Inc.)
    DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
    DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
    DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
    DRV - (AVER_H193) -- C:\Windows\System32\drivers\AVer888RC.sys (AVerMedia TECHNOLOGIES, Inc.)
    DRV - (CXCIR) -- C:\Windows\System32\drivers\AVer888RCIR.sys (AVerMedia TECHNOLOGIES, Inc.)
    DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
    DRV - (PCDSRVC{4F253FFC-7957E8FC-06000000}_0) -- c:\Program Files\PC-Doctor for Windows\pcdsrvc.pkms (PC-Doctor, Inc.)
    DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
    DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
    DRV - (s125mgmt) -- C:\Windows\System32\drivers\s125mgmt.sys (MCCI Corporation)
    DRV - (s125obex) -- C:\Windows\System32\drivers\s125obex.sys (MCCI Corporation)
    DRV - (s125mdm) -- C:\Windows\System32\drivers\s125mdm.sys (MCCI Corporation)
    DRV - (s125mdfl) -- C:\Windows\System32\drivers\s125mdfl.sys (MCCI Corporation)
    DRV - (s125bus) -- C:\Windows\System32\drivers\s125bus.sys (MCCI Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/26
    IE - HKLM\..\SearchScopes,DefaultScope = {B9CE2C42-B451-4630-9F92-67736B5ACA32}
    IE - HKLM\..\SearchScopes\{B9CE2C42-B451-4630-9F92-67736B5ACA32}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-4072363782-845024879-551118666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-IN
    IE - HKU\S-1-5-21-4072363782-845024879-551118666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
    IE - HKU\S-1-5-21-4072363782-845024879-551118666-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-4072363782-845024879-551118666-1000\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://home.speedbit.com/search.aspx?aff=206&q={searchTerms}
    IE - HKU\S-1-5-21-4072363782-845024879-551118666-1000\..\SearchScopes\{B9CE2C42-B451-4630-9F92-67736B5ACA32}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-4072363782-845024879-551118666-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-4072363782-845024879-551118666-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

    IE - HKU\S-1-5-21-4072363782-845024879-551118666-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/26
    IE - HKU\S-1-5-21-4072363782-845024879-551118666-1001\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.jp.msn.com/HPALL/26
    IE - HKU\S-1-5-21-4072363782-845024879-551118666-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/26

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: ""
    FF - prefs.js..browser.search.order.1: ""
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.6
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410
    FF - prefs.js..keyword.URL: "http://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q="
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sai SGK\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Sai SGK\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sai SGK\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sai SGK\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/07 22:10:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/17 15:55:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/23 17:38:28 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/17 15:55:48 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/23 17:38:28 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Sai SGK\AppData\Roaming\IDM\idmmzcc5

    [2010/08/07 14:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sai SGK\AppData\Roaming\Mozilla\Extensions
    [2012/09/17 15:30:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sai SGK\AppData\Roaming\Mozilla\Firefox\Profiles\frtv5g5k.default\extensions
    [2012/09/17 15:30:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Sai SGK\AppData\Roaming\Mozilla\Firefox\Profiles\frtv5g5k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/08/20 15:53:24 | 000,002,516 | ---- | M] () -- C:\Users\Sai SGK\AppData\Roaming\Mozilla\Firefox\Profiles\frtv5g5k.default\searchplugins\speedbit.xml
    [2011/11/20 17:59:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/09/17 15:55:48 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/05/15 18:44:42 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/09/17 15:55:48 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/05/15 18:44:42 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/05/15 18:44:42 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/09/17 15:55:48 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
    [2012/05/15 18:44:42 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.co.in/
    CHR - default_search_provider: Blekko (Enabled)
    CHR - default_search_provider: search_url = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=F32C516772DDEE269756825002B85F4F&q={searchTerms}
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://www.google.co.in/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sai SGK\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Sai SGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Sai SGK\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Sai SGK\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
    CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Sai SGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Sai SGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Sai SGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: Gmail = C:\Users\Sai SGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/09/29 10:36:25 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [hpsysdrv] c:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
    O4 - HKU\S-1-5-21-4072363782-845024879-551118666-1000..\Run: [cdloader] C:\Users\Sai SGK\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-4072363782-845024879-551118666-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4072363782-845024879-551118666-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4072363782-845024879-551118666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-4072363782-845024879-551118666-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} file:///E:/CDVIEWER/CdViewer.cab (AMI DicomDir TreeView Control 2.1)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9862F47-311C-439F-8B46-076FE32750AB}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0403626-04E7-4B74-9C7A-640CDEA3CBDD}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2012/02/14 09:34:20 | 000,000,000 | -HSD | M] - K:\Autorun.inf -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/29 10:35:37 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/09/29 10:28:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/09/29 10:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2012/09/29 10:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2012/09/28 11:02:47 | 000,000,000 | ---D | C] -- C:\Users\Sai SGK\Desktop\norandia
    [2012/09/28 11:01:50 | 000,000,000 | ---D | C] -- C:\Users\Sai SGK\Desktop\fuf
    [2012/09/28 09:49:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sai SGK\Desktop\OTL.exe
    [2012/09/26 14:49:26 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
    [2012/09/25 15:04:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/09/25 15:04:31 | 000,000,000 | ---D | C] -- C:\Users\Sai SGK\AppData\Local\temp
    [2012/09/25 09:45:29 | 000,000,000 | ---D | C] -- C:\Users\Sai SGK\Desktop\New folder (3)
    [2012/09/24 15:37:15 | 000,000,000 | ---D | C] -- C:\Program Files\ConvertHelper
    [2012/09/23 18:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/09/23 17:44:01 | 000,000,000 | ---D | C] -- C:\Users\Sai SGK\AppData\Roaming\Malwarebytes
    [2012/09/23 17:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/09/23 17:43:21 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/09/23 17:43:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/09/23 17:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012/09/23 17:38:28 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
    [2012/09/23 17:38:28 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2012/09/23 17:38:25 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2012/09/23 17:38:25 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2012/09/23 17:38:25 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
    [2012/09/23 17:38:18 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2012/09/23 15:51:58 | 000,000,000 | ---D | C] -- C:\Users\Sai SGK\AppData\Roaming\Foxit Software
    [2012/09/22 19:15:10 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2012/09/22 19:15:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2012/09/22 19:15:08 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2012/09/22 19:15:08 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2012/09/22 19:15:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2012/09/22 19:15:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2012/09/22 19:15:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2012/09/22 19:15:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2012/09/21 17:51:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/09/21 17:45:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/09/21 17:45:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/09/21 17:45:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/09/21 17:45:03 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/09/21 17:40:39 | 004,757,278 | R--- | C] (Swearware) -- C:\Users\Sai SGK\Desktop\ComboFix.exe
    [2012/09/21 17:33:43 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
    [2012/09/21 17:33:43 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
    [2012/09/21 17:33:42 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
    [2012/09/20 17:35:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
    [2012/09/20 17:34:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
    [2012/09/19 18:19:45 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
    [2012/09/13 19:05:30 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
    [2012/09/13 19:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2012/09/13 19:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2012/09/12 15:59:20 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
    [2012/09/09 16:13:10 | 000,000,000 | ---D | C] -- C:\Users\Sai SGK\Desktop\New folder (2)
    [2012/09/05 17:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Centricity
    [2010/09/21 15:17:15 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Sai SGK\AppData\Roaming\pcouffin.sys
    [2010/08/09 18:41:45 | 093,393,016 | ---- | C] (AVG Technologies) -- C:\Users\Sai SGK\avg_free_stf_en_90_851a3009.exe

    ========== Files - Modified Within 30 Days ==========

    [2012/09/29 10:48:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/09/29 10:44:24 | 000,015,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/29 10:44:24 | 000,015,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/29 10:41:25 | 000,632,188 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/09/29 10:41:25 | 000,114,180 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/09/29 10:37:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/09/29 10:37:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/29 10:37:03 | 2559,897,600 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/29 10:36:25 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
    [2012/09/29 10:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/09/29 10:25:17 | 000,000,837 | ---- | M] () -- C:\Users\Sai SGK\Desktop\ERUNT.lnk
    [2012/09/29 10:24:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4072363782-845024879-551118666-1000UA.job
    [2012/09/28 15:24:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4072363782-845024879-551118666-1000Core.job
    [2012/09/28 11:24:26 | 082,489,942 | ---- | M] () -- C:\Users\Sai SGK\Desktop\maria leva comtodos.rar
    [2012/09/28 09:50:24 | 000,002,322 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/09/28 09:50:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sai SGK\Desktop\OTL.exe
    [2012/09/27 11:38:56 | 000,202,522 | ---- | M] () -- C:\Users\Sai SGK\Desktop\Scan0002.jpg
    [2012/09/26 17:13:59 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSai SGK.job
    [2012/09/25 18:17:04 | 031,981,568 | ---- | M] () -- C:\Users\Sai SGK\Desktop\0924182801CompositeNew Schedule.mpg
    [2012/09/25 14:56:07 | 004,757,278 | R--- | M] (Swearware) -- C:\Users\Sai SGK\Desktop\ComboFix.exe
    [2012/09/25 09:32:06 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\ReclaimerResumeInstall_Sai SGK.job
    [2012/09/24 18:07:59 | 000,000,000 | ---- | M] () -- C:\Users\Sai SGK\AppData\Roaming\AVSMediaPlayer.m3u
    [2012/09/23 17:43:22 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/23 17:38:20 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
    [2012/09/23 17:38:19 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
    [2012/09/23 17:38:19 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
    [2012/09/23 17:38:19 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2012/09/23 17:38:19 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2012/09/23 17:38:19 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2012/09/21 17:44:18 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/09/21 17:33:00 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2012/09/21 17:33:00 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2012/09/21 17:28:05 | 062,031,872 | ---- | M] () -- C:\Users\Sai SGK\Desktop\0917182800CompositeNew Schedule.mpg
    [2012/09/21 17:10:52 | 000,376,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/09/20 17:41:06 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
    [2012/09/18 18:13:16 | 000,001,506 | ---- | M] () -- C:\Users\Sai SGK\Desktop\msseces.exe.lnk
    [2012/09/17 15:55:50 | 000,001,992 | ---- | M] () -- C:\Users\Sai SGK\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/09/16 18:52:16 | 000,003,226 | ---- | M] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
    [2012/09/16 18:52:02 | 000,033,846 | ---- | M] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Codec.bmp
    [2012/09/16 18:51:53 | 000,850,152 | ---- | M] () -- C:\Windows\System32\SpoonUninstall.exe
    [2012/09/13 19:05:30 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2012/09/10 17:20:58 | 000,067,749 | ---- | M] () -- C:\Users\Sai SGK\Desktop\LACM-4976.jpg
    [2012/09/08 18:51:33 | 047,524,240 | ---- | M] () -- C:\Users\Sai SGK\Desktop\001 [SubDesu] Bakuman - 08 (1280x720)[891f0d93]_track2_jpn.aac
    [2012/09/08 18:50:36 | 282,239,020 | ---- | M] () -- C:\Users\Sai SGK\Desktop\001 [SubDesu] Bakuman - 08 (1280x720)[891f0d93]_track2_jpn.wav
    [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/09/05 15:07:20 | 000,000,949 | ---- | M] () -- C:\Windows\Active Setup Log.BAK

    ========== Files Created - No Company Name ==========

    [2012/09/29 10:25:17 | 000,000,837 | ---- | C] () -- C:\Users\Sai SGK\Desktop\ERUNT.lnk
    [2012/09/29 10:14:24 | 001,320,634 | ---- | C] () -- C:\Users\Sai SGK\Desktop\_DSC2969 copy.jpg
    [2012/09/28 11:01:02 | 082,489,942 | ---- | C] () -- C:\Users\Sai SGK\Desktop\maria leva comtodos.rar
    [2012/09/27 11:38:56 | 000,202,522 | ---- | C] () -- C:\Users\Sai SGK\Desktop\Scan0002.jpg
    [2012/09/25 18:17:03 | 031,981,568 | ---- | C] () -- C:\Users\Sai SGK\Desktop\0924182801CompositeNew Schedule.mpg
    [2012/09/24 18:22:29 | 000,000,382 | ---- | C] () -- C:\Windows\tasks\ReclaimerResumeInstall_Sai SGK.job
    [2012/09/23 17:43:22 | 000,001,029 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/23 16:56:33 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    [2012/09/21 17:45:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/09/21 17:45:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/09/21 17:45:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/09/21 17:45:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/09/21 17:45:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/09/21 17:27:58 | 062,031,872 | ---- | C] () -- C:\Users\Sai SGK\Desktop\0917182800CompositeNew Schedule.mpg
    [2012/09/18 18:13:16 | 000,001,506 | ---- | C] () -- C:\Users\Sai SGK\Desktop\msseces.exe.lnk
    [2012/09/18 17:22:41 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/09/16 18:52:16 | 000,033,846 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Codec.bmp
    [2012/09/16 18:52:16 | 000,003,226 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
    [2012/09/10 17:20:58 | 000,067,749 | ---- | C] () -- C:\Users\Sai SGK\Desktop\LACM-4976.jpg
    [2012/09/08 18:50:58 | 047,524,240 | ---- | C] () -- C:\Users\Sai SGK\Desktop\001 [SubDesu] Bakuman - 08 (1280x720)[891f0d93]_track2_jpn.aac
    [2012/09/08 18:50:29 | 282,239,020 | ---- | C] () -- C:\Users\Sai SGK\Desktop\001 [SubDesu] Bakuman - 08 (1280x720)[891f0d93]_track2_jpn.wav
    [2012/09/05 15:06:58 | 000,000,949 | ---- | C] () -- C:\Windows\Active Setup Log.BAK
    [2012/03/31 17:11:42 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2012/02/14 19:27:58 | 000,209,040 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
    [2012/02/14 19:27:58 | 000,204,944 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
    [2012/02/14 19:27:58 | 000,196,752 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
    [2012/02/14 19:27:58 | 000,196,752 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
    [2012/02/14 19:27:58 | 000,192,656 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
    [2012/02/14 19:27:58 | 000,024,720 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
    [2012/01/30 18:38:13 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2012/01/09 17:17:49 | 000,002,738 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp DirectShow Decoder.dat
    [2011/08/21 11:22:44 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
    [2011/08/20 15:49:42 | 000,109,216 | ---- | C] () -- C:\Windows\System32\EasyHook64.dll
    [2011/08/20 15:49:42 | 000,090,784 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll
    [2011/07/13 17:37:07 | 000,001,849 | ---- | C] () -- C:\Users\Sai SGK\AppData\Roaming\GhostObjGAFix.xml
    [2011/06/05 19:50:24 | 000,002,993 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat
    [2011/05/13 20:11:16 | 000,057,061 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpowerAMP.dat
    [2011/05/01 19:30:52 | 000,003,012 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp WavPack Codec.dat
    [2011/05/01 19:29:11 | 000,001,224 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Wave64 Codec.dat
    [2011/05/01 19:25:59 | 000,003,153 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
    [2011/05/01 19:25:46 | 000,003,018 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp FLAC Codec.dat
    [2011/05/01 19:25:40 | 000,002,843 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
    [2011/04/27 20:43:55 | 000,003,328 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp AAC Encoder.dat
    [2011/04/27 19:52:33 | 000,012,496 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
    [2011/04/27 19:52:30 | 000,015,607 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
    [2011/04/26 19:10:04 | 000,850,152 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
    [2011/04/14 17:47:17 | 000,695,642 | ---- | C] () -- C:\Windows\unins000.exe
    [2011/04/14 17:47:17 | 000,001,257 | ---- | C] () -- C:\Windows\unins000.dat
    [2010/10/17 09:24:07 | 001,627,136 | ---- | C] () -- C:\Windows\System32\fftw3.dll
    [2010/10/05 17:30:56 | 000,000,000 | ---- | C] () -- C:\Users\Sai SGK\AppData\Roaming\AVSMediaPlayer.m3u
    [2010/09/30 19:01:09 | 001,866,670 | ---- | C] () -- C:\Windows\System32\libfftw3f-3.dll
    [2010/09/21 15:17:15 | 000,007,887 | ---- | C] () -- C:\Users\Sai SGK\AppData\Roaming\pcouffin.cat
    [2010/09/21 15:17:15 | 000,001,144 | ---- | C] () -- C:\Users\Sai SGK\AppData\Roaming\pcouffin.inf
    [2010/09/05 14:09:10 | 000,007,609 | ---- | C] () -- C:\Users\Sai SGK\AppData\Local\Resmon.ResmonCfg
    [2010/08/29 23:14:55 | 002,829,321 | ---- | C] () -- C:\Users\Sai SGK\AppData\Local\tmpMRIN1.JPG
    [2010/08/29 23:14:17 | 000,007,053 | ---- | C] () -- C:\Users\Sai SGK\AppData\Local\tmpMRIN1_navi.JPG
    [2010/08/08 20:31:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/08/07 18:17:24 | 000,011,148 | ---- | C] () -- C:\Users\Sai SGK\AppData\Roaming\wklnhst.dat

    ========== ZeroAccess Check ==========

    [2009/07/14 10:12:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 10:11:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 10:11:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:49:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 06:46:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:C8B8CEBD
    @Alternate Data Stream - 204 bytes -> C:\ProgramData\Temp:66633281
    @Alternate Data Stream - 195 bytes -> C:\ProgramData\Temp:3440EB47
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:0888F409
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:553CA6CA

    < End of report >

  2. #22
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    How is your system running?

  3. #23
    Senior Member
    Join Date
    Nov 2008
    Posts
    113

    Default

    hi,
    system is running fine, give me a day or two to confirm it.


    By the way what are these folders in c:\ i don't think seeing these folders before.

    MSOCache
    PerfLogs
    programData
    Qoobox
    SYSTEM.SAV

  4. #24
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Ok....let me know how it's running when you get back.

    Those directories you don't need to worry about. We will be removing them when we remove our tools.

  5. #25
    Senior Member
    Join Date
    Nov 2008
    Posts
    113

    Default

    hi,
    It hangs again, it always & only happens few minutes after system fully boots up. i think maybe some programs or some updates is troubleshooting. there is a option in windows 7 - "'event viewer'', there are some errors showing in it. The time of the errors is the same time the system hangs.

    i have attached those details, i thought it will be useful in telling you.

  6. #26
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    Ok this seems to be more of a tech problem you are experiencing more than malware. I think that you would be better served by registering at What the Tech (it is free to do) and starting a topic in the Microsoft Windows forum. Explain what it is that is happening and also be sure to post a link to this topic so that they can see what it is that we have done. The techs there are fantastic and you will certainly be in good hands. Come back here when they are through and we will remove our tools then.

  7. #27
    Senior Member
    Join Date
    Nov 2008
    Posts
    113

    Default

    hi,
    I posted to What the Tech. Thanks man, thanks for helping, but will this thread be open for removing the tools.
    btw your avatar is vegeta right.

  8. #28
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    Yes I saw where you posted at What the Tech. You are in great hands. I will leave this post open as long as we need so when you get back we can remove the tools.

    LOL!! Yes my avitar IS Vegeta. :D

  9. #29
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

    If you are the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

  10. #30
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Topic reopened per original poster request.
    ------

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •