Jump to content
ann37

Infected with Vista Antispyware 2012

Recommended Posts

My computer is infected with Vista Antispyware 2012. I followed the steps in this post: http://www.bleepingcomputer.com/virus-removal/remove-vista-antispyware-2012 -- editing the registry, stopping the rogue process and running MBAM -- and while it looked like it had worked, I soon started getting the popups again. Now when I run rkill, I get three cascading dialog boxes saying 'Installation failed'. But after rkill runs, the log doesn't list any rogue processes that it killed. Can you help?

Share this post


Link to post
Share on other sites

Hello ann37! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check. Check the Scan All Users too.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

  • :\_OTL\MovedFiles
    • in most cases this will be C:\_OTL\MovedFiles

Share this post


Link to post
Share on other sites

Hi Maniac, thanks for the help...

A quick update on the situation - The Security Center is on the blink. I can't turn on Windows Firewall / Windows Defender. So after I posted the message yesterday, I did the following:

1. Took my laptop off the network, and re-ran a full MBAM scan (when my laptop was completely isolated and - hopefully - safe from the Big Bad World out there ;) ). MBAM found more trojans, and cleaned them up.

2. Connected it to the internet again, and re-ran the full MBAM scan to verify that the scan was clean, which it was.

3. Reinstalled McAfee, and ran a full system scan to ensure it was clean -- clean, again.

4. I downloaded MSE on a different laptop, and tried installed it on the (ex-?)infected machine from a USB drive.

It was at this point that I read your reply, and I followed through on your suggestion, and here's the OTL log...

*****************************************OTL.Txt*******************************************************

OTL logfile created on: 12/13/2011 11:03:31 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Anu\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 39.35% Memory free

4.22 Gb Paging File | 2.73 Gb Available in Paging File | 64.61% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 66.48 Gb Total Space | 6.10 Gb Free Space | 9.17% Space Free | Partition Type: NTFS

Drive D: | 8.04 Gb Total Space | 0.01 Gb Free Space | 0.14% Space Free | Partition Type: NTFS

Computer Name: ANU-PC | User Name: Anu | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Anu\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)

PRC - C:\Program Files\Giraffic\Veoh_Giraffic.exe (Giraffic)

PRC - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)

PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)

PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)

PRC - c:\Program Files\McAfee\MSC\mcupdmgr.exe (McAfee, Inc.)

PRC - c:\Program Files\McAfee\MSC\mcupdui.exe (McAfee, Inc.)

PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)

PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)

PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)

PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC)

PRC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)

PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)

PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Veoh Networks\VeohWebPlayer\QtNetwork4.dll ()

MOD - C:\Program Files\Veoh Networks\VeohWebPlayer\QtWebKit4.dll ()

MOD - C:\Program Files\Veoh Networks\VeohWebPlayer\QtScript4.dll ()

MOD - C:\Program Files\Veoh Networks\VeohWebPlayer\phonon4.dll ()

MOD - C:\Program Files\Veoh Networks\VeohWebPlayer\QtGui4.dll ()

MOD - C:\Program Files\Veoh Networks\VeohWebPlayer\QtCore4.dll ()

MOD - C:\Program Files\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll ()

MOD - C:\Program Files\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files\Sony\Reader\Data\bin\launcher\connectionDetector.dll ()

MOD - C:\Program Files\Sony\Reader\Data\bin\launcher\fsk.dll ()

MOD - C:\Program Files\Sony\Reader\Data\bin\launcher\FskNetInterface.dll ()

MOD - C:\Program Files\Sony\Reader\Data\bin\launcher\FskTimeHardware.dll ()

MOD - C:\Program Files\Sony\Reader\Data\bin\launcher\ticket.dll ()

MOD - C:\Program Files\Sony\Reader\Data\bin\launcher\ebookDeviceNotifier.dll ()

MOD - C:\Program Files\Sony\Reader\Data\bin\FskinLocalize.dll ()

MOD - C:\Program Files\Sony\Reader\Data\bin\FskPower.dll ()

MOD - C:\Program Files\Sony\Reader\Data\bin\FskDocumentViewer.dll ()

MOD - C:\Program Files\Sony\Reader\Data\bin\FskMobileMediaDevice.dll ()

MOD - C:\Program Files\Sony\Reader\Data\bin\Fskin.dll ()

MOD - C:\Program Files\Sony\Reader\Data\bin\FskMediaPlayers.dll ()

MOD - C:\Program Files\Sony\Reader\Data\bin\launcher\USBDetector.dll ()

MOD - C:\Program Files\Sony\Reader\Data\bin\FskSecurity.dll ()

MOD - C:\Program Files\Sony\Reader\Data\bin\launcher\ebookUsb.dll ()

MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()

MOD - C:\Program Files\Hp\QuickPlay\Kernel\common\MCEMediaStatus.dll ()

MOD - C:\Windows\System32\igfxTMM.dll ()

========== Win32 Services (SafeList) ==========

SRV - (XMLProvS) -- File not found

SRV - (LiveUpdate Notice Ex) -- File not found

SRV - (Giraffic) -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)

SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)

SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)

SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)

SRV - (Sony SCSI Helper Service) -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)

SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)

SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)

SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)

SRV - (WDBtnMgrSvc.exe) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC)

SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)

SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)

SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)

SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)

SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)

========== Driver Services (SafeList) ==========

DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)

DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)

DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)

DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)

DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)

DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)

DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)

DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys ()

DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys ()

DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)

DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)

DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )

DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)

DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (SQTECH905C) -- C:\Windows\System32\drivers\Capt905c.sys (Service & Quality Technology.)

DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)

DRV - (QCMerced) -- C:\Windows\System32\drivers\lvcm.sys (Logitech Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=PRESARIO&pf=laptop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-1294823542-3328240290-2395254551-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKU\S-1-5-21-1294823542-3328240290-2395254551-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKU\S-1-5-21-1294823542-3328240290-2395254551-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-1294823542-3328240290-2395254551-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-1294823542-3328240290-2395254551-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-1294823542-3328240290-2395254551-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1294823542-3328240290-2395254551-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)

FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)

FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Anu\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Anu\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Anu\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Anu\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/14 02:04:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/12 07:48:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/13 07:05:23 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\web@veoh.com: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009/02/17 11:45:54 | 000,000,000 | ---D | M]

[2008/12/14 08:57:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anu\AppData\Roaming\Mozilla\Extensions

[2008/12/14 08:57:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anu\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2011/05/12 21:02:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anu\AppData\Roaming\Mozilla\Firefox\Profiles\v1hkvv97.default\extensions

[2009/09/17 21:24:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anu\AppData\Roaming\Mozilla\Firefox\Profiles\v1hkvv97.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/12/05 11:32:34 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Anu\AppData\Roaming\Mozilla\Firefox\Profiles\v1hkvv97.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}

[2008/12/14 08:57:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/11/12 07:48:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2011/11/12 07:48:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010/06/07 07:17:53 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll

[2010/09/02 22:04:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2010/09/02 22:04:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2010/09/02 22:04:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2010/09/02 22:04:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2010/09/02 22:04:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2010/09/02 22:04:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2010/09/02 22:04:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2010/06/07 07:18:33 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll

[2010/06/07 07:17:30 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll

[2011/11/05 21:13:01 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2011/03/12 18:20:02 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2011/11/05 21:13:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/03/12 18:20:02 | 000,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2011/11/05 21:13:01 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2011/11/05 21:13:01 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2011/11/12 07:48:42 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

[2011/11/05 21:13:01 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2011/11/05 21:13:01 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

Hosts file not found

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [igfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe (Logitech Inc.)

O4 - HKLM..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe (Logitech Inc.)

O4 - HKLM..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe (Logitech Inc.)

O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [QCDriverInstaller] C:\Program Files\Common Files\Logitech\QCDriver3\Lqdsw.exe (Logitech Inc.)

O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)

O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-1294823542-3328240290-2395254551-1000..\Run: [] File not found

O4 - HKU\S-1-5-21-1294823542-3328240290-2395254551-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1294823542-3328240290-2395254551-1000..\Run: [Google Update] C:\Users\Anu\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

O4 - HKU\S-1-5-21-1294823542-3328240290-2395254551-1000..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1294823542-3328240290-2395254551-1000..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)

O4 - HKU\S-1-5-21-1294823542-3328240290-2395254551-1000..\Run: [WebCamRT.exe] File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O13 - gopher Prefix: missing

O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-21-1294823542-3328240290-2395254551-1000\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4ED3F3FE-2EEB-44ED-8E81-35804BE0C73E}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\Windows\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\Windows\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Anu\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Anu\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) -C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) -C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) -C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) -C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) -C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/04/24 11:23:53 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2005/09/11 07:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]

O33 - MountPoints2\{08085fd8-bd9e-11dc-afcc-001b3838df60}\Shell\AutoRun\command - "" = ntde1ect.com

O33 - MountPoints2\{08085fd8-bd9e-11dc-afcc-001b3838df60}\Shell\explore\Command - "" = ntde1ect.com

O33 - MountPoints2\{08085fd8-bd9e-11dc-afcc-001b3838df60}\Shell\open\Command - "" = ntde1ect.com

O33 - MountPoints2\{08085fe0-bd9e-11dc-afcc-001b3838df60}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

O33 - MountPoints2\{08086224-bd9e-11dc-afcc-001b3838df60}\Shell - "" = AutoRun

O33 - MountPoints2\{08086224-bd9e-11dc-afcc-001b3838df60}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a

O33 - MountPoints2\{18a369b3-b21f-11dc-b8a3-001b3838df60}\Shell\Auto\command - "" = recycled\SVCH0ST.EXE

O33 - MountPoints2\{18a369b3-b21f-11dc-b8a3-001b3838df60}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL recycled\SVCH0ST.EXE

O33 - MountPoints2\{31ebfeca-d572-11dd-96ac-001b3838df60}\Shell\Auto\command - "" = H:\recycled\SVCH0ST.EXE

O33 - MountPoints2\{31ebfeca-d572-11dd-96ac-001b3838df60}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\recycled\SVCH0ST.EXE

O33 - MountPoints2\{3cc4402c-a5b7-11dc-a239-001b3838df60}\Shell\AutoRun\command - "" = H:\Autorun.exe /run

O33 - MountPoints2\{3cc4402c-a5b7-11dc-a239-001b3838df60}\Shell\Shell00\Command - "" = H:\Autorun.exe /run

O33 - MountPoints2\{3cc4402c-a5b7-11dc-a239-001b3838df60}\Shell\Shell01\Command - "" = H:\Autorun.exe /action

O33 - MountPoints2\{3cc4402c-a5b7-11dc-a239-001b3838df60}\Shell\Shell02\Command - "" = H:\Autorun.exe /uninstall

O33 - MountPoints2\{3cc4431f-a5b7-11dc-a239-001b3838df60}\Shell - "" = AutoRun

O33 - MountPoints2\{3cc4431f-a5b7-11dc-a239-001b3838df60}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a

O33 - MountPoints2\{5948ab02-5d44-11dc-833c-001b3838df60}\Shell\Auto\command - "" = recycled\SVCH0ST.EXE

O33 - MountPoints2\{5948ab02-5d44-11dc-833c-001b3838df60}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL recycled\SVCH0ST.EXE

O33 - MountPoints2\{5eeb1a35-0fc2-11dd-8943-001b3838df60}\Shell\Autoplay\Command - "" = C:\Windows\System32\smss.exe -- [2009/04/10 22:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation)

O33 - MountPoints2\{5eeb1a35-0fc2-11dd-8943-001b3838df60}\Shell\AutoRun\command - "" = C:\Windows\System32\smss.exe -- [2009/04/10 22:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation)

O33 - MountPoints2\{5eeb1a35-0fc2-11dd-8943-001b3838df60}\Shell\Explore\Command - "" = C:\Windows\System32\smss.exe -- [2009/04/10 22:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation)

O33 - MountPoints2\{5eeb1a35-0fc2-11dd-8943-001b3838df60}\Shell\Open\Command - "" = C:\Windows\System32\smss.exe -- [2009/04/10 22:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation)

O33 - MountPoints2\{5eeb1a39-0fc2-11dd-8943-001b3838df60}\Shell\Autoplay\Command - "" = C:\Windows\System32\smss.exe -- [2009/04/10 22:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation)

O33 - MountPoints2\{5eeb1a39-0fc2-11dd-8943-001b3838df60}\Shell\AutoRun\command - "" = C:\Windows\System32\smss.exe -- [2009/04/10 22:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation)

O33 - MountPoints2\{5eeb1a39-0fc2-11dd-8943-001b3838df60}\Shell\Explore\Command - "" = C:\Windows\System32\smss.exe -- [2009/04/10 22:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation)

O33 - MountPoints2\{5eeb1a39-0fc2-11dd-8943-001b3838df60}\Shell\Open\Command - "" = C:\Windows\System32\smss.exe -- [2009/04/10 22:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation)

O33 - MountPoints2\{8630f174-f42c-11dc-a435-001b3838df60}\Shell - "" = AutoRun

O33 - MountPoints2\{8630f174-f42c-11dc-a435-001b3838df60}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a

O33 - MountPoints2\{895043cf-c14d-11dd-ad51-001b3838df60}\Shell\AutoRun\command - "" = H:\WDSetup.exe

O33 - MountPoints2\{9e3f8ead-7dbd-11df-8c21-001b3838df60}\Shell - "" = AutoRun

O33 - MountPoints2\{9e3f8ead-7dbd-11df-8c21-001b3838df60}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true

O33 - MountPoints2\{df4f23df-4ab1-11dc-9caa-001b3838df60}\Shell\Auto\command - "" = recycled\SVCH0ST.EXE

O33 - MountPoints2\{df4f23df-4ab1-11dc-9caa-001b3838df60}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL recycled\SVCH0ST.EXE

O33 - MountPoints2\{f0eb00db-e648-11de-b7b1-001b3838df60}\Shell\AutoRun\command - "" = F:\setup.exe

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\WDSetup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\.DEFAULT\...exe [@ = Y7] -- "C:\Windows\system32\config\systemprofile\AppData\Local\utm.exe" -a "%1" %*

O37 - HKU\S-1-5-18\...exe [@ = Y7] -- "C:\Windows\system32\config\systemprofile\AppData\Local\utm.exe" -a "%1" %*

O37 - HKU\S-1-5-21-1294823542-3328240290-2395254551-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/12/13 23:16:11 | 000,000,000 | ---D | C] -- C:\Windows\LastGood

[2011/12/13 23:12:37 | 000,150,856 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe

[2011/12/13 22:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2011/12/13 22:46:08 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys

[2011/12/13 22:41:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Anu\Desktop\OTL.exe

[2011/12/13 22:41:45 | 008,068,864 | ---- | C] (Microsoft Corporation) -- C:\Users\Anu\Desktop\mseinstall.exe

[2011/12/13 14:28:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2011/12/13 14:24:10 | 000,130,424 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\Mpfp.sys

[2011/12/13 14:22:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee

[2011/12/13 14:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com

[2011/12/13 14:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee

[2011/12/12 18:42:35 | 000,080,136 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys

[2011/12/12 18:42:35 | 000,040,648 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfesmfk.sys

[2011/12/12 18:42:35 | 000,035,368 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys

[2011/12/12 18:39:39 | 000,034,376 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdk.sys

[2011/12/12 15:20:35 | 087,846,047 | ---- | C] (Microsoft Corporation) -- C:\Users\Anu\Desktop\McAfee Homeware.EXE

[2011/12/12 07:26:29 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2011/12/12 02:16:33 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2011/12/11 21:53:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011/12/11 21:53:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011/12/11 21:53:06 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2011/12/11 21:53:06 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011/12/11 21:53:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2011/12/11 21:43:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2011/12/11 21:43:39 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2011/12/11 21:39:07 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011/12/11 21:36:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2011/12/11 21:35:28 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll

[2011/12/11 21:35:28 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll

[2011/12/11 21:34:47 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll

[2011/12/11 21:34:47 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax

[2011/12/11 21:34:47 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax

[2011/12/11 21:34:46 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax

[2011/12/11 18:23:12 | 000,000,000 | ---D | C] -- C:\Users\Anu\AppData\Roaming\Malwarebytes

[2011/12/11 18:23:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/12/11 18:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/12/11 18:22:57 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/12/11 18:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/12/11 17:51:59 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Anu\Desktop\mbam-setup.exe

[2011/11/15 02:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Giraffic

[2011/11/15 02:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\Giraffic

[2008/12/29 18:15:55 | 001,851,544 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe

[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/13 23:02:30 | 000,597,784 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/12/13 23:02:30 | 000,102,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/12/13 22:58:29 | 000,000,149 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini

[2011/12/13 22:54:19 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/12/13 22:54:18 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/12/13 22:54:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/12/13 22:51:01 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At46.job

[2011/12/13 22:51:01 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At45.job

[2011/12/13 22:50:13 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif

[2011/12/13 22:42:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1294823542-3328240290-2395254551-1000UA.job

[2011/12/13 22:38:50 | 008,068,864 | ---- | M] (Microsoft Corporation) -- C:\Users\Anu\Desktop\mseinstall.exe

[2011/12/13 22:01:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Anu\Desktop\OTL.exe

[2011/12/13 21:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At44.job

[2011/12/13 21:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At43.job

[2011/12/13 20:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At42.job

[2011/12/13 20:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At41.job

[2011/12/13 19:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At40.job

[2011/12/13 19:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At39.job

[2011/12/13 18:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At38.job

[2011/12/13 18:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At37.job

[2011/12/13 17:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At36.job

[2011/12/13 17:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At35.job

[2011/12/13 16:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At34.job

[2011/12/13 16:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At33.job

[2011/12/13 15:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At32.job

[2011/12/13 15:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At31.job

[2011/12/13 14:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At30.job

[2011/12/13 14:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At29.job

[2011/12/13 13:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At28.job

[2011/12/13 13:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At27.job

[2011/12/13 12:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At26.job

[2011/12/13 12:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At25.job

[2011/12/13 11:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At24.job

[2011/12/13 11:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At23.job

[2011/12/13 11:14:52 | 000,005,000 | ---- | M] () -- C:\Users\Anu\AppData\Local\d3d9caps.dat

[2011/12/13 10:51:01 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At22.job

[2011/12/13 10:51:01 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At21.job

[2011/12/13 10:41:05 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1294823542-3328240290-2395254551-1000Core.job

[2011/12/13 09:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At20.job

[2011/12/13 09:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At19.job

[2011/12/13 08:51:01 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At18.job

[2011/12/13 08:51:01 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At17.job

[2011/12/13 07:51:01 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At16.job

[2011/12/13 07:51:01 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At15.job

[2011/12/13 06:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At14.job

[2011/12/13 06:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At13.job

[2011/12/13 05:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At12.job

[2011/12/13 05:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At11.job

[2011/12/13 04:51:01 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At9.job

[2011/12/13 04:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At10.job

[2011/12/13 03:51:01 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At8.job

[2011/12/13 03:51:01 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At7.job

[2011/12/13 03:14:07 | 000,103,365 | ---- | M] () -- C:\Windows\System32\itusbcore.dat

[2011/12/13 03:14:07 | 000,000,197 | ---- | M] () -- C:\Windows\System32\itlsvc.dat

[2011/12/13 02:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At6.job

[2011/12/13 02:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At5.job

[2011/12/13 01:51:01 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At3.job

[2011/12/13 01:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At4.job

[2011/12/13 00:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At2.job

[2011/12/13 00:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At1.job

[2011/12/12 23:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At48.job

[2011/12/12 23:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At47.job

[2011/12/12 18:19:34 | 000,011,582 | -HS- | M] () -- C:\Users\Anu\AppData\Local\466854s6s482j726v103v8aqt4l4

[2011/12/12 18:19:34 | 000,011,582 | -HS- | M] () -- C:\ProgramData\466854s6s482j726v103v8aqt4l4

[2011/12/12 15:19:27 | 000,189,440 | ---- | M] () -- C:\Users\Anu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/12/12 14:51:04 | 000,001,205 | ---- | M] () -- C:\Users\Anu\Desktop\FixNCR.reg

[2011/12/12 08:02:11 | 000,000,000 | ---- | M] () -- C:\ProgramData\VyBUphY4.exe.b

[2011/12/12 02:14:17 | 233,703,389 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011/12/12 01:37:06 | 000,000,112 | ---- | M] () -- C:\ProgramData\m5F11w.dat

[2011/12/12 01:37:06 | 000,000,000 | ---- | M] () -- C:\Windows\System32\a1O6U4L.com.b

[2011/12/12 00:53:42 | 000,447,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/12/11 21:37:26 | 000,044,942 | ---- | M] () -- C:\Users\Anu\Documents\cc_20111211_213659.reg

[2011/12/11 21:06:49 | 000,196,608 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2011/12/11 17:51:12 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Anu\Desktop\mbam-setup.exe

[2011/12/11 17:34:53 | 000,011,158 | -HS- | M] () -- C:\ProgramData\783383h8n008h676t544x5xqc2c4

[2011/12/11 17:34:52 | 000,011,158 | -HS- | M] () -- C:\Users\Anu\AppData\Local\783383h8n008h676t544x5xqc2c4

[2011/11/24 07:43:53 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/13 22:50:13 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif

[2011/12/13 22:48:27 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2011/12/13 14:29:30 | 000,006,351 | ---- | C] () -- C:\Windows\System32\Config.MPF

[2011/12/13 03:14:07 | 000,103,365 | ---- | C] () -- C:\Windows\System32\itusbcore.dat

[2011/12/13 03:14:07 | 000,000,197 | ---- | C] () -- C:\Windows\System32\itlsvc.dat

[2011/12/12 14:53:18 | 000,001,205 | ---- | C] () -- C:\Users\Anu\Desktop\FixNCR.reg

[2011/12/12 14:38:34 | 000,011,582 | -HS- | C] () -- C:\Users\Anu\AppData\Local\466854s6s482j726v103v8aqt4l4

[2011/12/12 12:30:09 | 000,011,582 | -HS- | C] () -- C:\ProgramData\466854s6s482j726v103v8aqt4l4

[2011/12/12 08:02:11 | 000,000,000 | ---- | C] () -- C:\ProgramData\VyBUphY4.exe.b

[2011/12/12 01:37:06 | 000,000,000 | ---- | C] () -- C:\Windows\System32\a1O6U4L.com.b

[2011/12/12 01:34:44 | 000,000,112 | ---- | C] () -- C:\ProgramData\m5F11w.dat

[2011/12/12 01:34:42 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At48.job

[2011/12/12 01:34:41 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At47.job

[2011/12/12 01:34:40 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At46.job

[2011/12/12 01:34:39 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At45.job

[2011/12/12 01:34:37 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At44.job

[2011/12/12 01:34:35 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At42.job

[2011/12/12 01:34:35 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At43.job

[2011/12/12 01:34:33 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At41.job

[2011/12/12 01:34:32 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At40.job

[2011/12/12 01:34:31 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At39.job

[2011/12/12 01:34:29 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At38.job

[2011/12/12 01:34:26 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At37.job

[2011/12/12 01:34:25 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At36.job

[2011/12/12 01:34:22 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At35.job

[2011/12/12 01:34:21 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At34.job

[2011/12/12 01:34:20 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At33.job

[2011/12/12 01:34:19 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At32.job

[2011/12/12 01:34:17 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At31.job

[2011/12/12 01:34:16 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At30.job

[2011/12/12 01:34:14 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At29.job

[2011/12/12 01:34:12 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At28.job

[2011/12/12 01:34:09 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At27.job

[2011/12/12 01:34:08 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At26.job

[2011/12/12 01:34:07 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At25.job

[2011/12/12 01:34:06 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At24.job

[2011/12/12 01:34:04 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At23.job

[2011/12/12 01:34:03 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At22.job

[2011/12/12 01:34:02 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At21.job

[2011/12/12 01:34:01 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At20.job

[2011/12/12 01:34:00 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At19.job

[2011/12/12 01:33:59 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At18.job

[2011/12/12 01:33:58 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At17.job

[2011/12/12 01:33:57 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At16.job

[2011/12/12 01:33:55 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At15.job

[2011/12/12 01:33:54 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At14.job

[2011/12/12 01:33:53 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At13.job

[2011/12/12 01:33:52 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At12.job

[2011/12/12 01:33:51 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At11.job

[2011/12/12 01:33:49 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At10.job

[2011/12/12 01:33:49 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At9.job

[2011/12/12 01:33:47 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At8.job

[2011/12/12 01:33:46 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At7.job

[2011/12/12 01:33:45 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At6.job

[2011/12/12 01:33:43 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At5.job

[2011/12/12 01:33:42 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At4.job

[2011/12/12 01:33:41 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At3.job

[2011/12/12 01:33:40 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At2.job

[2011/12/12 01:33:38 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At1.job

[2011/12/12 00:48:43 | 233,703,389 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2011/12/11 21:37:20 | 000,044,942 | ---- | C] () -- C:\Users\Anu\Documents\cc_20111211_213659.reg

[2011/12/11 17:29:09 | 000,011,158 | -HS- | C] () -- C:\Users\Anu\AppData\Local\783383h8n008h676t544x5xqc2c4

[2011/12/11 17:29:09 | 000,011,158 | -HS- | C] () -- C:\ProgramData\783383h8n008h676t544x5xqc2c4

[2011/09/18 11:54:21 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2011/09/18 11:54:21 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2011/08/22 22:30:28 | 000,718,336 | ---- | C] () -- C:\Windows\System32\pwNative.exe

[2011/08/22 22:30:26 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys

[2011/08/22 22:29:34 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys

[2009/09/17 21:39:27 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/09/17 21:39:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/09/16 23:28:08 | 000,005,000 | ---- | C] () -- C:\Users\Anu\AppData\Local\d3d9caps.dat

[2009/02/27 12:01:05 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll

[2008/09/18 23:02:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/03/22 08:09:04 | 000,000,241 | ---- | C] () -- C:\Windows\QSync.INI

[2008/03/22 08:06:24 | 000,005,187 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

[2008/03/22 08:06:20 | 000,000,780 | ---- | C] () -- C:\Windows\_delis32.ini

[2008/03/22 08:05:54 | 000,147,456 | ---- | C] () -- C:\Windows\System32\MimicICM.dll

[2008/03/22 07:59:43 | 000,081,920 | R--- | C] () -- C:\Windows\bwUnin-6.1.4.36-8876480L.exe

[2007/12/07 22:33:00 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat

[2007/12/07 16:30:45 | 000,000,021 | ---- | C] () -- C:\Windows\PI4_setup.ini

[2007/11/29 17:11:56 | 000,000,112 | ---- | C] () -- C:\Windows\AHDL41.INI

[2007/09/12 21:22:13 | 000,189,440 | ---- | C] () -- C:\Users\Anu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/08/21 20:19:28 | 000,000,126 | ---- | C] () -- C:\Windows\mdm.ini

[2007/08/21 20:19:21 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2007/08/21 20:19:21 | 000,000,422 | ---- | C] () -- C:\Windows\ODBC.INI

[2007/08/21 20:02:56 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat

[2007/08/21 09:19:28 | 000,008,791 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate

[2007/04/24 11:09:10 | 000,103,489 | ---- | C] () -- C:\Windows\hpqins13.dat

[2007/03/05 09:34:28 | 000,676,224 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL

[2007/02/27 12:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2007/01/31 09:03:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1187.dll

[2007/01/31 07:39:28 | 000,180,224 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2006/12/13 22:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2006/12/13 22:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 04:47:37 | 000,447,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 02:33:01 | 000,597,784 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 02:33:01 | 000,102,350 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006/03/09 16:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[1999/01/27 09:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll

[1998/12/06 12:56:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\verinst.exe

[1998/04/23 20:00:00 | 000,000,218 | ---- | C] () -- C:\Windows\FRONTPG.INI

[1997/06/13 03:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll

========== LOP Check ==========

[2010/08/04 22:09:25 | 000,000,000 | ---D | M] -- C:\Users\Anu\AppData\Roaming\Barnes & Noble

[2007/10/06 23:12:39 | 000,000,000 | ---D | M] -- C:\Users\Anu\AppData\Roaming\BitTorrent

[2010/06/15 21:48:01 | 000,000,000 | ---D | M] -- C:\Users\Anu\AppData\Roaming\calibre

[2008/03/22 08:05:45 | 000,000,000 | ---D | M] -- C:\Users\Anu\AppData\Roaming\FotoWire

[2010/02/28 14:58:31 | 000,000,000 | ---D | M] -- C:\Users\Anu\AppData\Roaming\Logia

[2007/12/24 06:57:16 | 000,000,000 | ---D | M] -- C:\Users\Anu\AppData\Roaming\muvee Technologies

[2010/11/03 21:21:25 | 000,000,000 | ---D | M] -- C:\Users\Anu\AppData\Roaming\OverDrive

[2009/08/07 18:04:52 | 000,000,000 | ---D | M] -- C:\Users\Anu\AppData\Roaming\SSH

[2007/09/22 22:31:05 | 000,000,000 | ---D | M] -- C:\Users\Anu\AppData\Roaming\StarNet

[2007/12/29 21:21:22 | 000,000,000 | ---D | M] -- C:\Users\Anu\AppData\Roaming\WildTangent

[2011/12/13 00:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At1.job

[2011/12/13 04:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At10.job

[2011/12/13 05:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At11.job

[2011/12/13 05:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At12.job

[2011/12/13 06:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At13.job

[2011/12/13 06:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At14.job

[2011/12/13 07:51:01 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At15.job

[2011/12/13 07:51:01 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At16.job

[2011/12/13 08:51:01 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At17.job

[2011/12/13 08:51:01 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At18.job

[2011/12/13 09:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At19.job

[2011/12/13 00:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At2.job

[2011/12/13 09:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At20.job

[2011/12/13 10:51:01 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At21.job

[2011/12/13 10:51:01 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At22.job

[2011/12/13 11:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At23.job

[2011/12/13 11:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At24.job

[2011/12/13 12:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At25.job

[2011/12/13 12:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At26.job

[2011/12/13 13:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At27.job

[2011/12/13 13:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At28.job

[2011/12/13 14:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At29.job

[2011/12/13 01:51:01 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At3.job

[2011/12/13 14:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At30.job

[2011/12/13 15:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At31.job

[2011/12/13 15:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At32.job

[2011/12/13 16:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At33.job

[2011/12/13 16:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At34.job

[2011/12/13 17:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At35.job

[2011/12/13 17:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At36.job

[2011/12/13 18:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At37.job

[2011/12/13 18:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At38.job

[2011/12/13 19:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At39.job

[2011/12/13 01:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At4.job

[2011/12/13 19:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At40.job

[2011/12/13 20:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At41.job

[2011/12/13 20:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At42.job

[2011/12/13 21:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At43.job

[2011/12/13 21:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At44.job

[2011/12/13 22:51:01 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At45.job

[2011/12/13 22:51:01 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At46.job

[2011/12/12 23:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At47.job

[2011/12/12 23:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At48.job

[2011/12/13 02:51:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At5.job

[2011/12/13 02:51:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At6.job

[2011/12/13 03:51:01 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At7.job

[2011/12/13 03:51:01 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At8.job

[2011/12/13 04:51:01 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At9.job

[2011/12/13 22:51:48 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Share this post


Link to post
Share on other sites

And Extras.Txt (The previous post was too long otherwise)

*****************************************************************Extras.Txt*********************************************************

OTL Extras logfile created on: 12/13/2011 11:03:31 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Anu\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 39.35% Memory free

4.22 Gb Paging File | 2.73 Gb Available in Paging File | 64.61% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 66.48 Gb Total Space | 6.10 Gb Free Space | 9.17% Space Free | Partition Type: NTFS

Drive D: | 8.04 Gb Total Space | 0.01 Gb Free Space | 0.14% Space Free | Partition Type: NTFS

Computer Name: ANU-PC | User Name: Anu | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

.exe [@ = Y7] -- "C:\Windows\system32\config\systemprofile\AppData\Local\utm.exe" -a "%1" %*

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

.exe [@ = Y7] -- "C:\Windows\system32\config\systemprofile\AppData\Local\utm.exe" -a "%1" %*

[HKEY_USERS\S-1-5-21-1294823542-3328240290-2395254551-1000\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

"UacDisableNotify" = 1

"InternetSettingsDisableNotify" = 1

"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1729751F-3B65-4DB9-9AE7-01D1A0C1E905}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{247A8660-D88A-4674-804B-28C6BE16ECA4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{2C867477-5E6B-4F1F-A5B0-2E9ED6FFFFCD}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{58DA3277-BD52-44D6-93F9-A4E7614D51FF}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{67DE483E-E6F1-4AC3-97ED-AE3432A1F558}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{744D5C5F-09C6-46C3-8182-7C44600015AA}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{969689E1-EE52-4C3B-ACC2-4E8BEC172761}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{B9F22328-E21D-41F5-9C49-725667EC9A8F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{ED965DF9-31E9-48E2-82EC-FF198FF5D711}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01805BF0-44B0-4852-82C2-4371FC760EB0}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |

"{08D5852D-0501-4558-98CC-60E1F6AB1DAB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{18CDF69B-2AC8-47E5-A6D8-4D581A618267}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{20997349-BF94-45BD-AA84-CFF2731B00CE}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{2DFD7940-699C-47F3-A607-D138B8706178}" = protocol=6 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |

"{32B09911-8DAB-4F8A-B41C-2B78B42745BA}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe |

"{3E2819C1-B266-4857-84B4-5DFD814F1E66}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |

"{3F1638E9-89C8-4581-A1B1-CEB48298C2D7}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |

"{43D9BB6B-BAB7-4A4C-AB3D-27D995234B6B}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe |

"{4CA7B5A8-30FA-4D1A-93BF-9ADCC28BACEC}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{5263EB6C-C32D-42ED-85BA-6ACF0EFA275E}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{82B69806-0A7A-4AD9-AAB0-1A44DD3FFDC0}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |

"{84964846-0ADE-4863-A648-CE7765AD75F2}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{8AE16EBC-4B3D-4062-9263-E09201417410}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{95ABFE9C-2A3B-41D6-AF85-73A9527A52A9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{99291079-71A8-4A0D-AAE5-C2DCDB1718CF}" = protocol=17 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |

"{9AE3BB75-5C7E-4512-9A74-700D12723E3F}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe |

"{9F854534-00F2-4FC6-9DCE-27D00FE51D06}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{A058BB97-2E90-440A-BF60-A6A89D0B59D7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{AE77FDAF-6303-41C3-AC47-1F1CC65C24BB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{AE822D6E-D635-49D0-B853-50645B02C421}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |

"{B0E7ADF8-5A75-41E5-A2CA-A5BF5D3E553D}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |

"{CD66D156-144D-480D-97AC-217704BFEE2C}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |

"{DE82AD2D-3DE1-4448-A5E0-BFD16704725B}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe |

"{E46EF6BD-30D5-4D22-8096-47CDEC4EF496}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{E9ABEF36-31CC-4421-A97D-A3758930422C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{EA468C31-1C10-4FED-A10C-B6C3D4C56FE1}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{EF4D2579-A066-4B99-B6E7-217A0D9CE243}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |

"TCP Query User{01491785-CC86-4A58-ACBC-EF2F53A970D3}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |

"TCP Query User{31B00E79-1A7D-4AD5-9DC4-A9CD2E145630}C:\program files\starnet\x-win32 8.1\xwin32.exe" = protocol=6 | dir=in | app=c:\program files\starnet\x-win32 8.1\xwin32.exe |

"TCP Query User{82B65307-11F0-4332-8F28-0D8CCAE8CCCB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{86254D6F-D298-4B0A-AA65-97C872E89E06}C:\program files\starnet\x-win32 8.1\xwin32.exe" = protocol=6 | dir=in | app=c:\program files\starnet\x-win32 8.1\xwin32.exe |

"TCP Query User{FFD6F6C0-F018-40B0-8698-A3F35B606289}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |

"UDP Query User{0004D9A0-0744-4EED-AEF9-CBCEE3EE584C}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |

"UDP Query User{2824E6AC-2E13-4AC4-BE49-6C2D131A8120}C:\program files\starnet\x-win32 8.1\xwin32.exe" = protocol=17 | dir=in | app=c:\program files\starnet\x-win32 8.1\xwin32.exe |

"UDP Query User{446D07D9-02C3-49A9-A634-45E0B2A678AB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{9E8AEC83-B3B8-41CD-BFF2-A2125C96C08D}C:\program files\starnet\x-win32 8.1\xwin32.exe" = protocol=17 | dir=in | app=c:\program files\starnet\x-win32 8.1\xwin32.exe |

"UDP Query User{E0BA2929-0DFA-43D4-9B03-D8AFDADEFE48}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA

"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0

"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library

"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive

"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant

"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check

"{25B932C7-EB2B-422E-910D-504FB00DAE43}" = Reader Library by Sony

"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer

"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 D3

"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes

"{35B8CC58-F128-4169-82EB-0E6CB0C3AFE6}" = ArcSoft PhotoImpression

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module

"{3FFB3B34-D639-4384-9AE9-DDE58430D86F}" = MSCU for Microsoft Vista

"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.2

"{4723f199-fa64-4233-8e6e-9fccc95a18ee}" = Python 2.6.5

"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client

"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio

"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin

"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update

"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check

"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7CF6E959-07C5-4F5B-AAEC-7406DFFDC20E}" = Adobe FrameMaker v7.2

"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2

"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio

"{88A548E6-4B09-43E7-AD55-3C7D1B37706D}" = ESU for Microsoft Vista

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5

"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web

"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)

"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)

"{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007

"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007

"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)

"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007

"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007

"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support

"{94DCBD4E-72BA-4338-8977-530EF33C42A1}" = calibre

"{984F10FD-11FD-4BED-8163-92DB81E6A825}" = Logitech IM Video Companion

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver

"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1

"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{B6335C5F-0064-4F90-8447-52614F8F0CE0}" = HP User Guides 0079

"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader

"{BB412CA7-661F-49A0-BA80-02493197C3C8}" = X-Win32 8.1

"{BDCEB6A6-5966-4291-861A-058F49A2195A}_is1" = MiniTool Partition Recovery 5.0

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9

"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant

"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)

"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime

"{F2E6CAF1-D651-4A74-8CC6-D92FE81FDBCC}" = WD Drive Manager (x86)

"{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor

"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components

"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour

"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)

"7-Zip" = 7-Zip 4.57

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"BN_DesktopReader" = Barnes & Noble Desktop Reader

"CCleaner" = CCleaner

"CNXT_AUDIO_HDA" = Conexant HD Audio

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = HDAUDIO Soft Data Fax Modem with SmartCP

"CutePDF Writer Installation" = CutePDF Writer 2.7

"Dell Printer Software Uninstall" = Dell Printer Software Uninstall

"Digital Editions" = Adobe Digital Editions

"EASEUS Data Recovery Wizard Free Edition 5.5.1_is1" = EASEUS Data Recovery Wizard Free Edition 5.5.1

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Giraffic" = Giraffic Video Accelerator

"HDMI" = Intel® Graphics Media Accelerator Driver

"HP Photosmart Essential" = HP Photosmart Essential 2.0

"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA

"IsoBuster_is1" = IsoBuster 2.3

"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)

"Logitech Print Service" = Logitech Print Service

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Security Client" = Microsoft Security Essentials

"MiniTool Power Data Recovery_is1" = MiniTool Power Data Recovery

"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)

"MSC" = McAfee SecurityCenter

"Picasa 3" = Picasa 3

"PRJPRO" = Microsoft Office Project Professional 2007

"RealPlayer 12.0" = RealPlayer

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Veoh Web Player Beta" = Veoh Web Player

"VISPRO" = Microsoft Office Visio Professional 2007

"VLC media player" = VideoLAN VLC media player 0.8.6c

"WebDesigner" = Microsoft Expression Web

"WebPost" = Microsoft Web Publishing Wizard 1.53

"WildTangent hplaptop Master Uninstall" = My HP Games

"WinRAR archiver" = WinRAR archiver

"WinX DVD Ripper_is1" = WinX DVD Ripper 4.1.4

"Xvid Video Codec 1.3.2" = Xvid Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1294823542-3328240290-2395254551-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"pycrypto-py2.6" = Python 2.6 pycrypto-2.0.1

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 10/8/2011 12:26:12 PM | Computer Name = Anu-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 10/8/2011 12:26:16 PM | Computer Name = Anu-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 10/8/2011 12:26:16 PM | Computer Name = Anu-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 10/8/2011 12:26:16 PM | Computer Name = Anu-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 10/8/2011 12:26:16 PM | Computer Name = Anu-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 10/8/2011 12:26:30 PM | Computer Name = Anu-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 10/8/2011 12:26:30 PM | Computer Name = Anu-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 11/5/2011 1:35:36 PM | Computer Name = Anu-PC | Source = MsiInstaller | ID = 1013

Description =

Error - 11/5/2011 3:24:14 PM | Computer Name = Anu-PC | Source = Application Error | ID = 1000

Description = Faulting application AcroRd32.exe, version 8.1.0.137, time stamp 0x46444e37,

faulting module MSVCR80.dll, version 8.0.50727.6195, time stamp 0x4dcddbf3, exception

code 0xc0000005, fault offset 0x0001508e, process id 0x588, application start time

0x01cc9bf07e027b90.

Error - 11/6/2011 3:29:08 PM | Computer Name = Anu-PC | Source = Windows Search Service | ID = 3013

Description =

[ OSession Events ]

Error - 4/9/2008 8:52:16 PM | Computer Name = Anu-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 4579

seconds with 300 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 12/14/2011 2:56:34 AM | Computer Name = Anu-PC | Source = Service Control Manager | ID = 7023

Description =

Error - 12/14/2011 2:56:34 AM | Computer Name = Anu-PC | Source = Service Control Manager | ID = 7003

Description =

Error - 12/14/2011 2:56:34 AM | Computer Name = Anu-PC | Source = Service Control Manager | ID = 7003

Description =

Error - 12/14/2011 2:56:34 AM | Computer Name = Anu-PC | Source = Service Control Manager | ID = 7023

Description =

Error - 12/14/2011 2:59:09 AM | Computer Name = Anu-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 12/14/2011 2:59:09 AM | Computer Name = Anu-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 12/14/2011 3:01:36 AM | Computer Name = Anu-PC | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%854

Source

Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature

Type: %%800 Update Type: %%803 User: Anu-PC\Anu Current Engine Version: Previous Engine

Version: 0.0.0.0 Error code: 0x80070005 Error description: Access is denied.

Error - 12/14/2011 3:01:36 AM | Computer Name = Anu-PC | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%854

Source

Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature

Type: %%801 Update Type: %%803 User: Anu-PC\Anu Current Engine Version: Previous Engine

Version: 0.0.0.0 Error code: 0x80070005 Error description: Access is denied.

Error - 12/14/2011 3:01:36 AM | Computer Name = Anu-PC | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%854

Source

Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature

Type: %%800 Update Type: %%803 User: Anu-PC\Anu Current Engine Version: Previous Engine

Version: 0.0.0.0 Error code: 0x80070005 Error description: Access is denied.

Error - 12/14/2011 3:01:36 AM | Computer Name = Anu-PC | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%854

Source

Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature

Type: %%801 Update Type: %%803 User: Anu-PC\Anu Current Engine Version: Previous Engine

Version: 0.0.0.0 Error code: 0x80070005 Error description: Access is denied.

< End of report >

Share this post


Link to post
Share on other sites

Step 1

You have two installed and active antivirus programs on your system: Microsoft Security Essentials and McAfee SecurityCenter.

Two antivirus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. Please remove one of them. If you have paid for McAfee leave it, if not leave Security Essentials.

Step 2

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:OTL
SRV - (XMLProvS) -- File not found
O4 - HKU\S-1-5-21-1294823542-3328240290-2395254551-1000..\Run: [] File not found
O33 - MountPoints2\{df4f23df-4ab1-11dc-9caa-001b3838df60}\Shell\Auto\command - "" = recycled\SVCH0ST.EXE
O37 - HKU\.DEFAULT\...exe [@ = Y7] -- "C:\Windows\system32\config\systemprofile\AppData\Local\utm.exe" -a "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = Y7] -- "C:\Windows\system32\config\systemprofile\AppData\Local\utm.exe" -a "%1" %*
[2008/12/29 18:15:55 | 001,851,544 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe
[2011/12/12 18:19:34 | 000,011,582 | -HS- | M] () -- C:\Users\Anu\AppData\Local\466854s6s482j726v103v8aqt4l4
[2011/12/12 18:19:34 | 000,011,582 | -HS- | M] () -- C:\ProgramData\466854s6s482j726v103v8aqt4l4
[2011/12/12 08:02:11 | 000,000,000 | ---- | M] () -- C:\ProgramData\VyBUphY4.exe.b
[2011/12/12 01:37:06 | 000,000,112 | ---- | M] () -- C:\ProgramData\m5F11w.dat
[2011/12/12 01:37:06 | 000,000,000 | ---- | M] () -- C:\Windows\System32\a1O6U4L.com.b
[2011/12/11 17:34:53 | 000,011,158 | -HS- | M] () -- C:\ProgramData\783383h8n008h676t544x5xqc2c4
[2011/12/11 17:34:52 | 000,011,158 | -HS- | M] () -- C:\Users\Anu\AppData\Local\783383h8n008h676t544x5xqc2c4

:files
C:\Windows\tasks\*.job

:Commands
[resethosts]
[emptytemp]
[clearallrestorepoints]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log".
  • Please post that log in your next reply.

Share this post


Link to post
Share on other sites

Ok.. Some more updates:

1. I uninstalled the old flash player (and some other programs) yesterday, through CCleaner -- I decided to take the opportunity to clean up the system some. So the OTL log will be slightly different.

2. I uninstalled McAfee, and am running OTL now... I'll post the log once it's done...

Thanks.

Share this post


Link to post
Share on other sites

Here's what happened. OTL "finished" running fairly quickly (< 1 minute), and then said it needed to reboot. But it got stuck on the Windows splash screen for about 1 hour while rebooting, so I just pulled the battery out, and rebooted it manually. When it booted up, it came up with the log (below)...

I wondered if it got stuck on reboot because it was trying to create a restore point, and I didn't have enough disk space to do it?

Here's the log:

All processes killed

========== OTL ==========

Service XMLProvS stopped successfully!

Service XMLProvS deleted successfully!

File File not found not found.

Registry value HKEY_USERS\S-1-5-21-1294823542-3328240290-2395254551-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df4f23df-4ab1-11dc-9caa-001b3838df60}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df4f23df-4ab1-11dc-9caa-001b3838df60}\ not found.

File C:\recycled\SVCH0ST.EXE not found.

Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ deleted successfully.

Registry key HKEY_USERS\.DEFAULT\Software\Classes\Y7\ deleted successfully.

HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!

Registry key HKEY_USERS\S-1-5-18\Software\Classes\.exe\ not found.

Registry key HKEY_USERS\S-1-5-18\Software\Classes\Y7\ not found.

HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!

C:\Program Files\install_flash_player.exe moved successfully.

C:\Users\Anu\AppData\Local\466854s6s482j726v103v8aqt4l4 moved successfully.

C:\ProgramData\466854s6s482j726v103v8aqt4l4 moved successfully.

C:\ProgramData\VyBUphY4.exe.b moved successfully.

C:\ProgramData\m5F11w.dat moved successfully.

C:\Windows\System32\a1O6U4L.com.b moved successfully.

C:\ProgramData\783383h8n008h676t544x5xqc2c4 moved successfully.

C:\Users\Anu\AppData\Local\783383h8n008h676t544x5xqc2c4 moved successfully.

========== FILES ==========

C:\Windows\tasks\At1.job moved successfully.

C:\Windows\tasks\At10.job moved successfully.

C:\Windows\tasks\At11.job moved successfully.

C:\Windows\tasks\At12.job moved successfully.

C:\Windows\tasks\At13.job moved successfully.

C:\Windows\tasks\At14.job moved successfully.

C:\Windows\tasks\At15.job moved successfully.

C:\Windows\tasks\At16.job moved successfully.

C:\Windows\tasks\At17.job moved successfully.

C:\Windows\tasks\At18.job moved successfully.

C:\Windows\tasks\At19.job moved successfully.

C:\Windows\tasks\At2.job moved successfully.

C:\Windows\tasks\At20.job moved successfully.

C:\Windows\tasks\At21.job moved successfully.

C:\Windows\tasks\At22.job moved successfully.

C:\Windows\tasks\At23.job moved successfully.

C:\Windows\tasks\At24.job moved successfully.

C:\Windows\tasks\At25.job moved successfully.

C:\Windows\tasks\At26.job moved successfully.

C:\Windows\tasks\At27.job moved successfully.

C:\Windows\tasks\At28.job moved successfully.

C:\Windows\tasks\At29.job moved successfully.

C:\Windows\tasks\At3.job moved successfully.

C:\Windows\tasks\At30.job moved successfully.

C:\Windows\tasks\At31.job moved successfully.

C:\Windows\tasks\At32.job moved successfully.

C:\Windows\tasks\At33.job moved successfully.

C:\Windows\tasks\At34.job moved successfully.

C:\Windows\tasks\At35.job moved successfully.

C:\Windows\tasks\At36.job moved successfully.

C:\Windows\tasks\At37.job moved successfully.

C:\Windows\tasks\At38.job moved successfully.

C:\Windows\tasks\At39.job moved successfully.

C:\Windows\tasks\At4.job moved successfully.

C:\Windows\tasks\At40.job moved successfully.

C:\Windows\tasks\At41.job moved successfully.

C:\Windows\tasks\At42.job moved successfully.

C:\Windows\tasks\At43.job moved successfully.

C:\Windows\tasks\At44.job moved successfully.

C:\Windows\tasks\At45.job moved successfully.

C:\Windows\tasks\At46.job moved successfully.

C:\Windows\tasks\At47.job moved successfully.

C:\Windows\tasks\At48.job moved successfully.

C:\Windows\tasks\At5.job moved successfully.

C:\Windows\tasks\At6.job moved successfully.

C:\Windows\tasks\At7.job moved successfully.

C:\Windows\tasks\At8.job moved successfully.

C:\Windows\tasks\At9.job moved successfully.

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1294823542-3328240290-2395254551-1000Core.job moved successfully.

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1294823542-3328240290-2395254551-1000UA.job moved successfully.

========== COMMANDS ==========

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Anu

->Temp folder emptied: 5894033 bytes

->Temporary Internet Files folder emptied: 283190 bytes

->Java cache emptied: 16666239 bytes

->FireFox cache emptied: 51614511 bytes

->Flash cache emptied: 666 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 367616 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 5165046 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 76.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 12142011_194216

Files\Folders moved on Reboot...

C:\Users\Anu\AppData\Local\Temp\ehmsas.txt moved successfully.

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Also, I can't turn on Microsoft Security Center ( or Windows Firewall / Windows Defender)... When I try to rut it on with the GUI, I get the following error: "Due to an unidentified error, Windows can't turn it on" -- or words to that effect... I think this is a side-effect of the virus.. Do you know how I can turn Microsoft Security Center on again?

Thanks!

Share this post


Link to post
Share on other sites

Restoring the registry to a pre-virus clean restore state didn't help... Can I use OTL to turn of Windows Security Center, or will I have to reinstall it? (This is a lot of questions :) ) Thanks very much for your help.

Share this post


Link to post
Share on other sites

Hi,

My apologies for the extended delay. Maniac is away and I will be helping in his place.

Please update MBAM, run a Quick Scan, and post its log. Grab a fresh copy of ComboFix, run it, and post its log in addition to a fresh DDS log.

Describe what issues you are currently experiencing.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.