mallware trouble

**yukukuhi** · 2012-09-29, 07:30

OTL log

OTL logfile created on: 29/09/2012 10:51:39 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sai SGK\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

3.18 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 69.87% Memory free
6.36 Gb Paging File | 5.42 Gb Available in Paging File | 85.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 388.84 Gb Total Space | 21.77 Gb Free Space | 5.60% Space Free | Partition Type: NTFS
Drive D: | 9.65 Gb Total Space | 1.44 Gb Free Space | 14.90% Space Free | Partition Type: NTFS
Drive E: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive K: | 7.55 Gb Total Space | 2.53 Gb Free Space | 33.55% Space Free | Partition Type: FAT32
Drive V: | 300.05 Gb Total Space | 7.94 Gb Free Space | 2.65% Space Free | Partition Type: NTFS

Computer Name: HOMEPC | User Name: Sai SGK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Sai SGK\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\AVerMedia\AVerUpdate\AVerUpdateServer.exe (AVerMedia TECHNOLOGIES, Inc.)
PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
PRC - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
PRC - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
PRC - c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\12dc22db56f7933e84654ecc590beba5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\828e99a57411166ccc26d24be089ba44\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\502adc65e43b9d025cba1fd0bfa964a8\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb0e4de1afd3f2efbbf39a5e39f646a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2a5cbab122112cd4291b684e67460c16\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\5b10c18a074132f1ae4a86d860cf9615\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9447bd5b21a91081d4275b4c4401b1f9\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2ab531f4915cccb998c4e852fb7efd00\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
MOD - c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe ()
MOD - C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll ()

========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (AVerUpdateServer) -- C:\Program Files\AVerMedia\AVerUpdate\AVerUpdateServer.exe (AVerMedia TECHNOLOGIES, Inc.)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (AVerScheduleService) -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
SRV - (AVerRemote) -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

========== Driver Services (SafeList) ==========

DRV - (JakNDisMP) -- system32\DRIVERS\JakNDis.sys File not found
DRV - (catchme) -- C:\Users\SAISGK~1\AppData\Local\Temp\catchme.sys File not found
DRV - (appliandMP) -- system32\DRIVERS\appliand.sys File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (AVPolCIR) -- C:\Windows\System32\drivers\AVPolCIR.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (AVerPola) -- C:\Windows\System32\drivers\AVerPola.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (AVER_H193) -- C:\Windows\System32\drivers\AVer888RC.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (CXCIR) -- C:\Windows\System32\drivers\AVer888RCIR.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (PCDSRVC{4F253FFC-7957E8FC-06000000}_0) -- c:\Program Files\PC-Doctor for Windows\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (s125mgmt) -- C:\Windows\System32\drivers\s125mgmt.sys (MCCI Corporation)
DRV - (s125obex) -- C:\Windows\System32\drivers\s125obex.sys (MCCI Corporation)
DRV - (s125mdm) -- C:\Windows\System32\drivers\s125mdm.sys (MCCI Corporation)
DRV - (s125mdfl) -- C:\Windows\System32\drivers\s125mdfl.sys (MCCI Corporation)
DRV - (s125bus) -- C:\Windows\System32\drivers\s125bus.sys (MCCI Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/26
IE - HKLM\..\SearchScopes,DefaultScope = {B9CE2C42-B451-4630-9F92-67736B5ACA32}
IE - HKLM\..\SearchScopes\{B9CE2C42-B451-4630-9F92-67736B5ACA32}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4072363782-845024879-551118666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-IN
IE - HKU\S-1-5-21-4072363782-845024879-551118666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKU\S-1-5-21-4072363782-845024879-551118666-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4072363782-845024879-551118666-1000\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://home.speedbit.com/search.aspx?aff=206&q={searchTerms}
IE - HKU\S-1-5-21-4072363782-845024879-551118666-1000\..\SearchScopes\{B9CE2C42-B451-4630-9F92-67736B5ACA32}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-4072363782-845024879-551118666-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4072363782-845024879-551118666-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

IE - HKU\S-1-5-21-4072363782-845024879-551118666-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/26
IE - HKU\S-1-5-21-4072363782-845024879-551118666-1001\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.jp.msn.com/HPALL/26
IE - HKU\S-1-5-21-4072363782-845024879-551118666-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/26

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.6
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410
FF - prefs.js..keyword.URL: "http://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sai SGK\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Sai SGK\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sai SGK\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sai SGK\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/07 22:10:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/17 15:55:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/23 17:38:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/17 15:55:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/23 17:38:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Sai SGK\AppData\Roaming\IDM\idmmzcc5

[2010/08/07 14:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sai SGK\AppData\Roaming\Mozilla\Extensions
[2012/09/17 15:30:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sai SGK\AppData\Roaming\Mozilla\Firefox\Profiles\frtv5g5k.default\extensions
[2012/09/17 15:30:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Sai SGK\AppData\Roaming\Mozilla\Firefox\Profiles\frtv5g5k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/20 15:53:24 | 000,002,516 | ---- | M] () -- C:\Users\Sai SGK\AppData\Roaming\Mozilla\Firefox\Profiles\frtv5g5k.default\searchplugins\speedbit.xml
[2011/11/20 17:59:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/17 15:55:48 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/05/15 18:44:42 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/09/17 15:55:48 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/15 18:44:42 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/15 18:44:42 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/09/17 15:55:48 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/05/15 18:44:42 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage: http://www.google.co.in/
CHR - default_search_provider: Blekko (Enabled)
CHR - default_search_provider: search_url = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=F32C516772DDEE269756825002B85F4F&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.co.in/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sai SGK\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Sai SGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Sai SGK\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Sai SGK\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Sai SGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Sai SGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Sai SGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Users\Sai SGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/29 10:36:25 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4 - HKU\S-1-5-21-4072363782-845024879-551118666-1000..\Run: [cdloader] C:\Users\Sai SGK\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4072363782-845024879-551118666-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4072363782-845024879-551118666-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4072363782-845024879-551118666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4072363782-845024879-551118666-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} file:///E:/CDVIEWER/CdViewer.cab (AMI DicomDir TreeView Control 2.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9862F47-311C-439F-8B46-076FE32750AB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0403626-04E7-4B74-9C7A-640CDEA3CBDD}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/02/14 09:34:20 | 000,000,000 | -HSD | M] - K:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/29 10:35:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/29 10:28:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/09/29 10:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/09/29 10:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/09/28 11:02:47 | 000,000,000 | ---D | C] -- C:\Users\Sai SGK\Desktop\norandia
[2012/09/28 11:01:50 | 000,000,000 | ---D | C] -- C:\Users\Sai SGK\Desktop\fuf
[2012/09/28 09:49:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sai SGK\Desktop\OTL.exe
[2012/09/26 14:49:26 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2012/09/25 15:04:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/25 15:04:31 | 000,000,000 | ---D | C] -- C:\Users\Sai SGK\AppData\Local\temp
[2012/09/25 09:45:29 | 000,000,000 | ---D | C] -- C:\Users\Sai SGK\Desktop\New folder (3)
[2012/09/24 15:37:15 | 000,000,000 | ---D | C] -- C:\Program Files\ConvertHelper
[2012/09/23 18:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/23 17:44:01 | 000,000,000 | ---D | C] -- C:\Users\Sai SGK\AppData\Roaming\Malwarebytes
[2012/09/23 17:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/23 17:43:21 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/23 17:43:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/23 17:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/23 17:38:28 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/09/23 17:38:28 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/09/23 17:38:25 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/09/23 17:38:25 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/09/23 17:38:25 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/09/23 17:38:18 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/09/23 15:51:58 | 000,000,000 | ---D | C] -- C:\Users\Sai SGK\AppData\Roaming\Foxit Software
[2012/09/22 19:15:10 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/22 19:15:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/22 19:15:08 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/22 19:15:08 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/22 19:15:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/22 19:15:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/22 19:15:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/22 19:15:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/21 17:51:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/21 17:45:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/21 17:45:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/21 17:45:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/21 17:45:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/21 17:40:39 | 004,757,278 | R--- | C] (Swearware) -- C:\Users\Sai SGK\Desktop\ComboFix.exe
[2012/09/21 17:33:43 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/09/21 17:33:43 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/09/21 17:33:42 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012/09/20 17:35:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012/09/20 17:34:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/09/19 18:19:45 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/09/13 19:05:30 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/09/13 19:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/13 19:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/09/12 15:59:20 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/09/09 16:13:10 | 000,000,000 | ---D | C] -- C:\Users\Sai SGK\Desktop\New folder (2)
[2012/09/05 17:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Centricity
[2010/09/21 15:17:15 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Sai SGK\AppData\Roaming\pcouffin.sys
[2010/08/09 18:41:45 | 093,393,016 | ---- | C] (AVG Technologies) -- C:\Users\Sai SGK\avg_free_stf_en_90_851a3009.exe

========== Files - Modified Within 30 Days ==========

[2012/09/29 10:48:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/29 10:44:24 | 000,015,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/29 10:44:24 | 000,015,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/29 10:41:25 | 000,632,188 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/29 10:41:25 | 000,114,180 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/29 10:37:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/29 10:37:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/29 10:37:03 | 2559,897,600 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/29 10:36:25 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/09/29 10:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/29 10:25:17 | 000,000,837 | ---- | M] () -- C:\Users\Sai SGK\Desktop\ERUNT.lnk
[2012/09/29 10:24:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4072363782-845024879-551118666-1000UA.job
[2012/09/28 15:24:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4072363782-845024879-551118666-1000Core.job
[2012/09/28 11:24:26 | 082,489,942 | ---- | M] () -- C:\Users\Sai SGK\Desktop\maria leva comtodos.rar
[2012/09/28 09:50:24 | 000,002,322 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/09/28 09:50:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sai SGK\Desktop\OTL.exe
[2012/09/27 11:38:56 | 000,202,522 | ---- | M] () -- C:\Users\Sai SGK\Desktop\Scan0002.jpg
[2012/09/26 17:13:59 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSai SGK.job
[2012/09/25 18:17:04 | 031,981,568 | ---- | M] () -- C:\Users\Sai SGK\Desktop\0924182801CompositeNew Schedule.mpg
[2012/09/25 14:56:07 | 004,757,278 | R--- | M] (Swearware) -- C:\Users\Sai SGK\Desktop\ComboFix.exe
[2012/09/25 09:32:06 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\ReclaimerResumeInstall_Sai SGK.job
[2012/09/24 18:07:59 | 000,000,000 | ---- | M] () -- C:\Users\Sai SGK\AppData\Roaming\AVSMediaPlayer.m3u
[2012/09/23 17:43:22 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/23 17:38:20 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/09/23 17:38:19 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/09/23 17:38:19 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/09/23 17:38:19 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/09/23 17:38:19 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/09/23 17:38:19 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/09/21 17:44:18 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/21 17:33:00 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/09/21 17:33:00 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/09/21 17:28:05 | 062,031,872 | ---- | M] () -- C:\Users\Sai SGK\Desktop\0917182800CompositeNew Schedule.mpg
[2012/09/21 17:10:52 | 000,376,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/20 17:41:06 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2012/09/18 18:13:16 | 000,001,506 | ---- | M] () -- C:\Users\Sai SGK\Desktop\msseces.exe.lnk
[2012/09/17 15:55:50 | 000,001,992 | ---- | M] () -- C:\Users\Sai SGK\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/16 18:52:16 | 000,003,226 | ---- | M] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
[2012/09/16 18:52:02 | 000,033,846 | ---- | M] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Codec.bmp
[2012/09/16 18:51:53 | 000,850,152 | ---- | M] () -- C:\Windows\System32\SpoonUninstall.exe
[2012/09/13 19:05:30 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/09/10 17:20:58 | 000,067,749 | ---- | M] () -- C:\Users\Sai SGK\Desktop\LACM-4976.jpg
[2012/09/08 18:51:33 | 047,524,240 | ---- | M] () -- C:\Users\Sai SGK\Desktop\001 [SubDesu] Bakuman - 08 (1280x720)[891f0d93]_track2_jpn.aac
[2012/09/08 18:50:36 | 282,239,020 | ---- | M] () -- C:\Users\Sai SGK\Desktop\001 [SubDesu] Bakuman - 08 (1280x720)[891f0d93]_track2_jpn.wav
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/05 15:07:20 | 000,000,949 | ---- | M] () -- C:\Windows\Active Setup Log.BAK

========== Files Created - No Company Name ==========

[2012/09/29 10:25:17 | 000,000,837 | ---- | C] () -- C:\Users\Sai SGK\Desktop\ERUNT.lnk
[2012/09/29 10:14:24 | 001,320,634 | ---- | C] () -- C:\Users\Sai SGK\Desktop\_DSC2969 copy.jpg
[2012/09/28 11:01:02 | 082,489,942 | ---- | C] () -- C:\Users\Sai SGK\Desktop\maria leva comtodos.rar
[2012/09/27 11:38:56 | 000,202,522 | ---- | C] () -- C:\Users\Sai SGK\Desktop\Scan0002.jpg
[2012/09/25 18:17:03 | 031,981,568 | ---- | C] () -- C:\Users\Sai SGK\Desktop\0924182801CompositeNew Schedule.mpg
[2012/09/24 18:22:29 | 000,000,382 | ---- | C] () -- C:\Windows\tasks\ReclaimerResumeInstall_Sai SGK.job
[2012/09/23 17:43:22 | 000,001,029 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/23 16:56:33 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/09/21 17:45:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/21 17:45:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/21 17:45:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/21 17:45:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/21 17:45:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/21 17:27:58 | 062,031,872 | ---- | C] () -- C:\Users\Sai SGK\Desktop\0917182800CompositeNew Schedule.mpg
[2012/09/18 18:13:16 | 000,001,506 | ---- | C] () -- C:\Users\Sai SGK\Desktop\msseces.exe.lnk
[2012/09/18 17:22:41 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/09/16 18:52:16 | 000,033,846 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Codec.bmp
[2012/09/16 18:52:16 | 000,003,226 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
[2012/09/10 17:20:58 | 000,067,749 | ---- | C] () -- C:\Users\Sai SGK\Desktop\LACM-4976.jpg
[2012/09/08 18:50:58 | 047,524,240 | ---- | C] () -- C:\Users\Sai SGK\Desktop\001 [SubDesu] Bakuman - 08 (1280x720)[891f0d93]_track2_jpn.aac
[2012/09/08 18:50:29 | 282,239,020 | ---- | C] () -- C:\Users\Sai SGK\Desktop\001 [SubDesu] Bakuman - 08 (1280x720)[891f0d93]_track2_jpn.wav
[2012/09/05 15:06:58 | 000,000,949 | ---- | C] () -- C:\Windows\Active Setup Log.BAK
[2012/03/31 17:11:42 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012/02/14 19:27:58 | 000,209,040 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2012/02/14 19:27:58 | 000,204,944 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2012/02/14 19:27:58 | 000,196,752 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2012/02/14 19:27:58 | 000,196,752 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2012/02/14 19:27:58 | 000,192,656 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2012/02/14 19:27:58 | 000,024,720 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2012/01/30 18:38:13 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/01/09 17:17:49 | 000,002,738 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp DirectShow Decoder.dat
[2011/08/21 11:22:44 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011/08/20 15:49:42 | 000,109,216 | ---- | C] () -- C:\Windows\System32\EasyHook64.dll
[2011/08/20 15:49:42 | 000,090,784 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll
[2011/07/13 17:37:07 | 000,001,849 | ---- | C] () -- C:\Users\Sai SGK\AppData\Roaming\GhostObjGAFix.xml
[2011/06/05 19:50:24 | 000,002,993 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat
[2011/05/13 20:11:16 | 000,057,061 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpowerAMP.dat
[2011/05/01 19:30:52 | 000,003,012 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp WavPack Codec.dat
[2011/05/01 19:29:11 | 000,001,224 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Wave64 Codec.dat
[2011/05/01 19:25:59 | 000,003,153 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
[2011/05/01 19:25:46 | 000,003,018 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2011/05/01 19:25:40 | 000,002,843 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
[2011/04/27 20:43:55 | 000,003,328 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp AAC Encoder.dat
[2011/04/27 19:52:33 | 000,012,496 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/04/27 19:52:30 | 000,015,607 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/04/26 19:10:04 | 000,850,152 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2011/04/14 17:47:17 | 000,695,642 | ---- | C] () -- C:\Windows\unins000.exe
[2011/04/14 17:47:17 | 000,001,257 | ---- | C] () -- C:\Windows\unins000.dat
[2010/10/17 09:24:07 | 001,627,136 | ---- | C] () -- C:\Windows\System32\fftw3.dll
[2010/10/05 17:30:56 | 000,000,000 | ---- | C] () -- C:\Users\Sai SGK\AppData\Roaming\AVSMediaPlayer.m3u
[2010/09/30 19:01:09 | 001,866,670 | ---- | C] () -- C:\Windows\System32\libfftw3f-3.dll
[2010/09/21 15:17:15 | 000,007,887 | ---- | C] () -- C:\Users\Sai SGK\AppData\Roaming\pcouffin.cat
[2010/09/21 15:17:15 | 000,001,144 | ---- | C] () -- C:\Users\Sai SGK\AppData\Roaming\pcouffin.inf
[2010/09/05 14:09:10 | 000,007,609 | ---- | C] () -- C:\Users\Sai SGK\AppData\Local\Resmon.ResmonCfg
[2010/08/29 23:14:55 | 002,829,321 | ---- | C] () -- C:\Users\Sai SGK\AppData\Local\tmpMRIN1.JPG
[2010/08/29 23:14:17 | 000,007,053 | ---- | C] () -- C:\Users\Sai SGK\AppData\Local\tmpMRIN1_navi.JPG
[2010/08/08 20:31:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/07 18:17:24 | 000,011,148 | ---- | C] () -- C:\Users\Sai SGK\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/14 10:12:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 10:11:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 10:11:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:49:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 06:46:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:C8B8CEBD
@Alternate Data Stream - 204 bytes -> C:\ProgramData\Temp:66633281
@Alternate Data Stream - 195 bytes -> C:\ProgramData\Temp:3440EB47
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:0888F409
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:553CA6CA

< End of report >

Thread: mallware trouble

Thread Tools

Display

Threaded View

Posting Permissions