How do I remove searchnu.com/406 redirect?

[raviaditya]

Could you please help me remove searchnu.com/406 redirect malware from my system....

Following is the output of OTL.txt and EXTRAS.t

[raviaditya]

So sorry for the incomplete post.... here are the outputs of OTL.txt and EXTRAS.txt

OTL logfile created on: 5/14/2012 12:01:32 PM - Run 1

OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\a\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 47.74% Memory free

5.98 Gb Paging File | 4.24 Gb Available in Paging File | 70.93% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 158.14 Gb Total Space | 37.91 Gb Free Space | 23.97% Space Free | Partition Type: NTFS

Drive D: | 68.59 Gb Total Space | 50.66 Gb Free Space | 73.86% Space Free | Partition Type: NTFS

Drive F: | 465.76 Gb Total Space | 221.19 Gb Free Space | 47.49% Space Free | Partition Type: NTFS

Computer Name: 21A-L03 | User Name: a | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/14 11:55:08 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\a\Desktop\OTL.exe

PRC - [2012/05/10 10:39:31 | 000,005,632 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\ctrestrt.exe

PRC - [2012/04/12 05:27:08 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE

PRC - [2012/04/12 05:27:00 | 000,175,624 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe

PRC - [2012/04/07 11:47:35 | 000,234,080 | ---- | M] (K7 Computing Pvt Ltd) -- C:\Program Files\K7 Computing\K7TSecurity\K7FWSrvc.exe

PRC - [2012/04/07 11:47:33 | 000,159,328 | ---- | M] (K7 Computing Pvt Ltd) -- C:\Program Files\K7 Computing\K7TSecurity\K7PSSrvc.exe

PRC - [2012/04/03 18:56:36 | 000,197,728 | ---- | M] (K7 Computing Pvt Ltd) -- C:\Program Files\K7 Computing\K7TSecurity\K7RTScan.exe

PRC - [2012/03/16 12:00:11 | 000,218,440 | ---- | M] (K7 Computing Pvt Ltd) -- C:\Program Files\K7 Computing\K7TSecurity\K7TSMngr.exe

PRC - [2012/03/12 17:42:01 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe

PRC - [2012/02/21 00:14:04 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe

PRC - [2012/02/16 15:32:16 | 000,148,576 | ---- | M] (K7 Computing Pvt Ltd) -- C:\Program Files\K7 Computing\K7TSecurity\K7EmlPxy.exe

PRC - [2012/02/16 15:31:55 | 000,159,840 | ---- | M] (K7 Computing Pvt Ltd) -- C:\Program Files\K7 Computing\K7TSecurity\K7TSecurity.exe

PRC - [2011/12/21 19:46:54 | 000,262,752 | ---- | M] (K7 Computing Pvt Ltd) -- C:\Program Files\K7 Computing\K7TSecurity\K7CrvSvc.exe

PRC - [2011/11/05 17:20:22 | 000,097,376 | ---- | M] (K7 Computing Pvt Ltd) -- C:\Program Files\K7 Computing\K7TSecurity\K7TSAlrt.exe

PRC - [2011/11/05 17:20:19 | 000,072,800 | ---- | M] (K7 Computing Pvt Ltd) -- C:\Program Files\K7 Computing\K7TSecurity\K7SysMon.Exe

PRC - [2011/03/15 17:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

PRC - [2010/01/25 10:59:38 | 001,286,144 | ---- | M] (Luidia, Inc.) -- C:\Program Files\Luidia\eBeam Device Service\eBeamDeviceServiceUI.exe

PRC - [2010/01/25 10:59:14 | 000,180,224 | ---- | M] (Luidia, Inc.) -- C:\Program Files\Luidia\eBeam Device Service\eBeamDeviceServiceMain.exe

PRC - [2010/01/20 16:21:58 | 004,673,536 | ---- | M] (Luidia, Inc.) -- C:\Program Files\Luidia\eBeam Interact\eBeamInteractive.exe

PRC - [2009/09/15 18:36:38 | 000,888,752 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe

PRC - [2009/09/11 13:51:48 | 001,811,704 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe

PRC - [2009/07/14 06:44:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/07/14 06:44:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2007/01/11 17:56:56 | 000,063,112 | ---- | M] (CANON INC.) -- C:\Windows\System32\CNAB4RPK.EXE

PRC - [2004/12/14 02:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/28 07:37:01 | 000,444,400 | ---- | M] () -- C:\Users\a\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll

MOD - [2012/04/28 07:36:59 | 003,915,248 | ---- | M] () -- C:\Users\a\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll

MOD - [2012/04/28 07:35:45 | 000,544,240 | ---- | M] () -- C:\Users\a\AppData\Local\Google\Chrome\Application\18.0.1025.168\libglesv2.dll

MOD - [2012/04/28 07:35:44 | 000,117,744 | ---- | M] () -- C:\Users\a\AppData\Local\Google\Chrome\Application\18.0.1025.168\libegl.dll

MOD - [2012/04/28 07:35:34 | 000,122,880 | ---- | M] () -- C:\Users\a\AppData\Local\Google\Chrome\Application\18.0.1025.168\avutil-51.dll

MOD - [2012/04/28 07:35:33 | 000,220,672 | ---- | M] () -- C:\Users\a\AppData\Local\Google\Chrome\Application\18.0.1025.168\avformat-53.dll

MOD - [2012/04/28 07:35:32 | 001,747,456 | ---- | M] () -- C:\Users\a\AppData\Local\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll

MOD - [2012/04/28 06:39:18 | 008,743,584 | ---- | M] () -- C:\Users\a\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll

MOD - [2009/09/11 15:13:18 | 000,244,656 | ---- | M] () -- C:\Program Files\TOSHIBA\TFPU\TFPUCommon.dll

MOD - [2009/01/28 15:27:22 | 000,523,776 | ---- | M] () -- C:\Program Files\Luidia\eBeam Interact\eBeamSAR.dll

MOD - [2008/10/23 14:02:26 | 000,094,208 | ---- | M] () -- C:\Program Files\Luidia\eBeam Interact\VistaCoreSoundAPIWrap.dll

MOD - [2008/08/09 21:56:40 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/04/18 13:53:22 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/04/12 05:27:08 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)

SRV - [2012/04/12 05:27:00 | 000,175,624 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe -- (NitroDriverReadSpool2)

SRV - [2012/04/07 11:47:35 | 000,234,080 | ---- | M] (K7 Computing Pvt Ltd) [Auto | Running] -- C:\Program Files\K7 Computing\K7TSecurity\K7FWSrvc.exe -- (K7FWSrvc)

SRV - [2012/04/07 11:47:33 | 000,159,328 | ---- | M] (K7 Computing Pvt Ltd) [Auto | Running] -- C:\Program Files\K7 Computing\K7TSecurity\K7PSSrvc.exe -- (K7PSSrvc)

SRV - [2012/04/03 18:56:36 | 000,197,728 | ---- | M] (K7 Computing Pvt Ltd) [Auto | Running] -- C:\Program Files\K7 Computing\K7TSecurity\K7RTScan.exe -- (K7RTScan)

SRV - [2012/03/16 12:00:11 | 000,218,440 | ---- | M] (K7 Computing Pvt Ltd) [Auto | Running] -- C:\Program Files\K7 Computing\K7TSecurity\K7TSMngr.exe -- (K7TSMngr)

SRV - [2012/02/21 00:14:04 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)

SRV - [2012/02/16 15:32:16 | 000,148,576 | ---- | M] (K7 Computing Pvt Ltd) [Auto | Running] -- C:\Program Files\K7 Computing\K7TSecurity\K7EmlPxy.exe -- (K7EmlPxy)

SRV - [2011/12/21 19:46:54 | 000,262,752 | ---- | M] (K7 Computing Pvt Ltd) [Auto | Running] -- C:\Program Files\K7 Computing\K7TSecurity\K7CrvSvc.exe -- (K7CrvSvc)

SRV - [2011/11/05 17:20:15 | 000,303,712 | ---- | M] (K7 Computing Pvt Ltd) [On_Demand | Stopped] -- C:\Program Files\K7 Computing\K7TSecurity\K7SpmSrc.exe -- (K7SpmSrc)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2010/01/25 10:59:14 | 000,180,224 | ---- | M] (Luidia, Inc.) [Auto | Running] -- C:\Program Files\Luidia\eBeam Device Service\eBeamDeviceServiceMain.exe -- (eBeam Device Service)

SRV - [2009/09/11 13:51:48 | 001,811,704 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)

SRV - [2009/07/14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/14 06:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

========== Driver Services (SafeList) ==========

DRV - [2012/03/30 10:42:35 | 001,077,816 | ---- | M] (K7 Computing Pvt Ltd) [File_System | Boot | Running] -- C:\Windows\System32\drivers\K7Sentry.sys -- (K7Sentry)

DRV - [2011/07/06 14:09:00 | 000,035,872 | ---- | M] (K7 Computing Pvt Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\K7FWHlpr.sys -- (K7FWHlpr)

DRV - [2009/09/14 10:31:54 | 000,659,328 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)

DRV - [2009/07/14 06:49:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2009/07/14 06:49:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2009/07/14 06:49:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2009/07/14 04:58:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2009/07/14 04:58:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2009/07/14 03:32:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)

DRV - [2009/07/14 03:32:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®

DRV - [2009/04/18 21:00:58 | 000,013,600 | ---- | M] (K7 Computing Pvt Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\K7TdiHlp.sys -- (K7TdiHlp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1779918490-3245665379-4120766740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKU\S-1-5-21-1779918490-3245665379-4120766740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-1779918490-3245665379-4120766740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-1779918490-3245665379-4120766740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-1779918490-3245665379-4120766740-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKU\S-1-5-21-1779918490-3245665379-4120766740-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1779918490-3245665379-4120766740-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@k7computing.com/k7webprotection: C:\Program Files\\K7 Computing\K7TSecurity\npK7SRNPExt.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\a\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\a\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}: C:\Program Files\TOSHIBA\TFPU\FirefoxAddin [2012/04/18 14:05:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\k7srff@k7computing.com: C:\Program Files\K7 Computing\K7TSecurity\K7SR [2012/05/03 11:40:24 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\a\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\a\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\a\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\a\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Platform SE 6 U32 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\system32\npdeployJava1.dll

CHR - plugin: K7Security Suite of Products (Enabled) = C:\Program Files\\K7 Computing\K7TSecurity\npK7SRNPExt.dll

CHR - plugin: Google Update (Enabled) = C:\Users\a\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - Extension: Angry Birds = C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

CHR - Extension: Last.fm free music player = C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbncpldmanoknoahidbgmkgobgmhnafh\2.9.68_0\

CHR - Extension: YouTube = C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Zomato = C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpkojgbclmcfkcangfplnaakcmgoambl\1.0.1_0\

CHR - Extension: ESPN Cricinfo = C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlklinjgampohhihndkofhhaahoicoip\1.0.0_0\

CHR - Extension: TweetDeck = C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\1.4_0\

CHR - Extension: bitly | a simple URL shortener = C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic\1.3.1.5_0\

CHR - Extension: ESPN Cricinfo = C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhlikjoigjegofbedmfmlcfkmhabldh\1.8.4.1_0\

CHR - Extension: Quick Note = C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.3.4_0\

CHR - Extension: FastestChrome - Browse Faster = C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.1.3_0\

CHR - Extension: Send from Gmail (by Google) = C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.12_0\

CHR - Extension: Gmail = C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/11 03:09:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (TFPUPWDBankBHO Class) - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\TOSHIBA\TFPU\TFPUPWDBankBHO.dll (TODO: <Company name>)

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (K7 Web Protection) - {08B3B4B6-02DA-4658-8BA6-5974E3EBB03D} - C:\Program Files\K7 Computing\K7TSecurity\K7SRExt.dll (K7 Computing Pvt Ltd)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)

O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKU\S-1-5-21-1779918490-3245665379-4120766740-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found

O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)

O4 - HKLM..\Run: [K7TSStart] C:\Program Files\K7 Computing\K7TSecurity\K7TSecurity.exe (K7 Computing Pvt Ltd)

O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe (TOSHIBA)

O4 - HKLM..\Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe (TOSHIBA)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\K7WSLsp.dll (K7 Computing Pvt Ltd)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\K7WSLsp.dll (K7 Computing Pvt Ltd)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\K7WSLsp.dll (K7 Computing Pvt Ltd)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\K7WSLsp.dll (K7 Computing Pvt Ltd)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\K7WSLsp.dll (K7 Computing Pvt Ltd)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\K7WSLsp.dll (K7 Computing Pvt Ltd)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\K7WSLsp.dll (K7 Computing Pvt Ltd)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\K7WSLsp.dll (K7 Computing Pvt Ltd)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\K7WSLsp.dll (K7 Computing Pvt Ltd)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\K7WSLsp.dll (K7 Computing Pvt Ltd)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\K7WSLsp.dll (K7 Computing Pvt Ltd)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC83FAE9-80D5-4B72-8366-0999047BFBD6}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)

O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012/01/16 14:01:40 | 000,000,106 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (K7TSDbg)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/14 11:55:02 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\a\Desktop\OTL.exe

[2012/05/11 13:25:39 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\skypePM

[2012/05/11 09:51:15 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Skype

[2012/05/11 09:51:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012/05/11 09:51:04 | 000,000,000 | R--D | C] -- C:\Program Files\Skype

[2012/05/11 09:51:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2012/05/11 09:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[2012/05/11 09:50:25 | 023,511,716 | ---- | C] (Skype Technologies S.A.) -- C:\Users\a\Desktop\SkypeSetupFull.exe

[2012/05/08 10:55:20 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\K7 Computing

[2012/05/07 18:03:55 | 000,000,000 | ---D | C] -- C:\Users\a\Desktop\Today's Class

[2012/05/05 15:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\Searchqu Toolbar

[2012/05/05 15:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis

[2012/05/05 15:00:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel

[2012/05/05 14:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X4

[2012/05/05 14:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\Corel

[2012/05/05 14:00:29 | 000,000,000 | ---D | C] -- C:\Users\a\Documents\LEARN Android

[2012/05/05 10:16:30 | 000,000,000 | ---D | C] -- C:\Users\a\MyAndroidApp

[2012/05/05 10:08:35 | 000,000,000 | ---D | C] -- C:\Users\a\workspace

[2012/05/03 15:48:59 | 000,000,000 | ---D | C] -- C:\Users\a\.android

[2012/05/03 15:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools

[2012/05/03 15:48:39 | 000,000,000 | ---D | C] -- C:\Program Files\Android

[2012/05/03 15:38:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2012/05/03 15:38:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012/05/03 15:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\Sun

[2012/05/03 15:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2012/05/03 15:15:02 | 000,000,000 | ---D | C] -- C:\06 Tablet

[2012/05/03 11:44:46 | 000,005,632 | ---- | C] (Absolute Software Corp.) -- C:\Windows\System32\ctrestrt.exe

[2012/05/03 11:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K7TotalSecurity

[2012/05/03 11:39:03 | 000,000,000 | ---D | C] -- C:\ProgramData\K7TS12Upgr

[2012/05/02 15:42:46 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Nitro PDF

[2012/05/02 15:41:15 | 000,027,144 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalmon2.dll

[2012/05/02 15:41:15 | 000,018,440 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalui2.dll

[2012/05/02 15:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF

[2012/05/02 15:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF

[2012/05/02 15:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF

[2012/05/02 15:39:04 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Downloaded Installations

[2012/05/02 15:30:57 | 000,000,000 | ---D | C] -- C:\Users\a\Documents\OneNote Notebooks

[2012/04/30 12:52:55 | 000,000,000 | ---D | C] -- C:\Users\a\Documents\Corel User Files

[2012/04/25 16:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe

[2012/04/25 16:05:19 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012/04/25 16:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant

[2012/04/20 16:38:22 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Temp

[2012/04/20 16:38:22 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Configuration

[2012/04/18 16:41:07 | 000,000,000 | ---D | C] -- C:\Users\a\Documents\My Scrapbook

[2012/04/18 15:28:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache

[2012/04/18 14:44:59 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\AdobeUM

[2012/04/18 14:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe Systems

[2012/04/18 14:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared

[2012/04/18 14:40:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF

[2012/04/18 14:37:12 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Corel

[2012/04/18 14:34:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel

[2012/04/18 14:29:45 | 000,000,000 | ---D | C] -- C:\GraphCalc

[2012/04/18 14:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBeam Interact

[2012/04/18 14:29:21 | 000,374,064 | ---- | C] (Black Ice Software, Inc.) -- C:\Windows\System32\Tiff32.dll

[2012/04/18 14:29:21 | 000,359,232 | ---- | C] (Black Ice Software, Inc.) -- C:\Windows\System32\BuEMonNT.dll

[2012/04/18 14:29:21 | 000,251,192 | ---- | C] (Black Ice Software, Inc.) -- C:\Windows\System32\BuERmvNT.dll

[2012/04/18 14:29:21 | 000,230,712 | ---- | C] (Black Ice Software, Inc.) -- C:\Windows\System32\BiImgUser.dll

[2012/04/18 14:29:21 | 000,165,176 | ---- | C] (Black Ice Software, Inc.) -- C:\Windows\System32\BuEAppNT.exe

[2012/04/18 14:29:21 | 000,165,168 | ---- | C] (Black Ice Software, Inc.) -- C:\Windows\System32\JPEG32.dll

[2012/04/18 14:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBeam Capture

[2012/04/18 14:28:09 | 000,000,000 | ---D | C] -- C:\Program Files\Luidia

[2012/04/18 14:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA

[2012/04/18 14:05:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Toshiba

[2012/04/18 14:05:48 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\TFPU

[2012/04/18 14:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\TOSHIBA

[2012/04/18 14:05:07 | 000,000,000 | ---D | C] -- C:\Program Files\Fingerprint Sensor

[2012/04/18 14:04:45 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\WinBatch

[2012/04/18 13:48:28 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Local\Diagnostics

========== Files - Modified Within 30 Days ==========

[2012/05/14 11:55:08 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\a\Desktop\OTL.exe

[2012/05/14 11:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/05/14 11:12:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1779918490-3245665379-4120766740-1000UA.job

[2012/05/14 09:53:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/05/14 09:53:34 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe

[2012/05/13 13:12:00 | 000,000,840 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1779918490-3245665379-4120766740-1000Core.job

[2012/05/11 13:25:39 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat

[2012/05/11 09:51:05 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2012/05/10 11:30:08 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/05/10 11:30:08 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/05/10 11:12:09 | 000,135,185 | ---- | M] () -- C:\Users\a\Documents\Voda-9711682306-May 12.pdf

[2012/05/10 10:39:41 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll

[2012/05/10 10:39:31 | 000,005,632 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\ctrestrt.exe

[2012/05/10 10:23:17 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/05/10 10:23:17 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/05/10 10:18:06 | 2408,390,656 | -HS- | M] () -- C:\hiberfil.sys

[2012/05/06 06:02:02 | 003,766,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/05/05 14:53:54 | 000,190,538 | ---- | M] () -- C:\Users\a\Documents\Tanushree_Nagori_050512.pdf

[2012/05/05 14:45:59 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys

[2012/05/05 14:45:51 | 000,000,088 | RHS- | M] () -- C:\ProgramData\CED56F63B7.sys

[2012/05/03 15:50:32 | 001,243,849 | ---- | M] () -- C:\Users\a\Documents\TT_Datasheet_tazPad.pdf

[2012/05/03 11:40:28 | 000,001,923 | ---- | M] () -- C:\Users\Public\Desktop\K7TotalSecurity.lnk

[2012/05/02 15:41:09 | 000,002,017 | ---- | M] () -- C:\Users\Public\Desktop\Nitro Pro 7.lnk

[2012/05/02 15:30:56 | 000,001,280 | ---- | M] () -- C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

[2012/05/02 15:30:22 | 000,056,314 | ---- | M] () -- C:\Users\a\Documents\09th 980601_A1 QP Science.pdf

[2012/05/02 11:22:32 | 000,002,655 | ---- | M] () -- C:\Users\a\Documents\Microsoft Office Excel 2007.lnk

[2012/05/02 11:14:57 | 000,002,377 | ---- | M] () -- C:\Users\a\Desktop\Google Chrome.lnk

[2012/05/01 16:52:21 | 023,511,716 | ---- | M] (Skype Technologies S.A.) -- C:\Users\a\Desktop\SkypeSetupFull.exe

[2012/04/25 21:32:28 | 000,000,512 | ---- | M] () -- C:\Windows\_delis32.ini

[2012/04/25 17:36:42 | 000,933,458 | ---- | M] () -- C:\Users\a\Desktop\Atomic Structure 1.pdf

[2012/04/25 17:14:09 | 000,465,772 | ---- | M] () -- C:\Users\a\Desktop\Atomic Structure.pdf

[2012/04/25 16:51:27 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Content Viewer.lnk

[2012/04/19 12:39:36 | 000,001,158 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP2900 Status Window.lnk

[2012/04/18 16:32:26 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll

[2012/04/18 15:50:38 | 000,183,956 | ---- | M] () -- C:\Users\a\Documents\office lay out.pdf

[2012/04/18 14:40:37 | 000,002,453 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk

[2012/04/18 14:40:37 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 7.0 Professional.lnk

[2012/04/18 14:05:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ATSwpWDF_01007.Wdf

========== Files Created - No Company Name ==========

[2012/05/11 13:25:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2012/05/11 09:51:05 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2012/05/10 11:12:09 | 000,135,185 | ---- | C] () -- C:\Users\a\Documents\Voda-9711682306-May 12.pdf

[2012/05/05 14:53:51 | 000,190,538 | ---- | C] () -- C:\Users\a\Documents\Tanushree_Nagori_050512.pdf

[2012/05/05 12:57:07 | 000,028,496 | ---- | C] () -- C:\Users\a\Desktop\3x2 Pole Kiosk.cdr

[2012/05/03 15:50:30 | 001,243,849 | ---- | C] () -- C:\Users\a\Documents\TT_Datasheet_tazPad.pdf

[2012/05/02 15:41:09 | 000,002,545 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 7.lnk

[2012/05/02 15:41:09 | 000,002,017 | ---- | C] () -- C:\Users\Public\Desktop\Nitro Pro 7.lnk

[2012/05/02 15:30:56 | 000,001,280 | ---- | C] () -- C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

[2012/05/02 15:30:22 | 000,056,314 | ---- | C] () -- C:\Users\a\Documents\09th 980601_A1 QP Science.pdf

[2012/05/02 11:22:32 | 000,002,655 | ---- | C] () -- C:\Users\a\Documents\Microsoft Office Excel 2007.lnk

[2012/04/25 21:31:11 | 000,000,512 | ---- | C] () -- C:\Windows\_delis32.ini

[2012/04/25 17:36:42 | 000,933,458 | ---- | C] () -- C:\Users\a\Desktop\Atomic Structure 1.pdf

[2012/04/25 17:14:09 | 000,465,772 | ---- | C] () -- C:\Users\a\Desktop\Atomic Structure.pdf

[2012/04/25 16:57:20 | 000,001,173 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS5.5.lnk

[2012/04/25 16:55:38 | 000,001,147 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk

[2012/04/25 16:55:05 | 000,001,263 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS5.5.lnk

[2012/04/25 16:51:27 | 000,001,067 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk

[2012/04/25 16:51:27 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Content Viewer.lnk

[2012/04/25 16:49:08 | 000,001,341 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk

[2012/04/25 16:49:01 | 000,001,513 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk

[2012/04/25 16:48:39 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk

[2012/04/25 16:05:15 | 000,001,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk

[2012/04/25 15:39:10 | 1210,514,168 | ---- | C] () -- C:\Users\a\Desktop\study material.rar

[2012/04/18 16:54:57 | 000,443,404 | ---- | C] () -- C:\Users\a\Desktop\21A-CL-IX-CHE-Matter-v0.3.pdf

[2012/04/18 16:54:45 | 000,658,719 | ---- | C] () -- C:\Users\a\Desktop\21A-CL-IX-MAT-Real Nums-v3.pdf

[2012/04/18 15:50:37 | 000,183,956 | ---- | C] () -- C:\Users\a\Documents\office lay out.pdf

[2012/04/18 14:40:37 | 000,002,459 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 7.0.lnk

[2012/04/18 14:40:37 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Designer 7.0.lnk

[2012/04/18 14:40:37 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk

[2012/04/18 14:40:37 | 000,002,447 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 7.0 Professional.lnk

[2012/04/18 14:40:37 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 7.0 Professional.lnk

[2012/04/18 14:37:15 | 000,000,088 | RHS- | C] () -- C:\ProgramData\CED56F63B7.sys

[2012/04/18 14:37:14 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2012/04/18 14:29:21 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BuEResNT.dll

[2012/04/18 14:05:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ATSwpWDF_01007.Wdf

[2012/04/18 13:53:23 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/02/10 18:05:07 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll

[2012/02/10 18:04:53 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe

========== LOP Check ==========

[2012/04/25 16:05:19 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012/04/20 16:38:22 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Configuration

[2012/05/02 15:39:04 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Downloaded Installations

[2012/05/08 10:55:20 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\K7 Computing

[2012/05/02 15:44:04 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Nitro PDF

[2012/04/20 16:38:22 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Temp

[2012/04/18 14:24:32 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\TFPU

[2012/04/18 14:04:45 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\WinBatch

[2009/07/14 10:23:46 | 000,010,866 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

EXTRAS.txt

OTL Extras logfile created on: 5/14/2012 12:01:32 PM - Run 1

OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\a\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 47.74% Memory free

5.98 Gb Paging File | 4.24 Gb Available in Paging File | 70.93% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 158.14 Gb Total Space | 37.91 Gb Free Space | 23.97% Space Free | Partition Type: NTFS

Drive D: | 68.59 Gb Total Space | 50.66 Gb Free Space | 73.86% Space Free | Partition Type: NTFS

Drive F: | 465.76 Gb Total Space | 221.19 Gb Free Space | 47.49% Space Free | Partition Type: NTFS

Computer Name: 21A-L03 | User Name: a | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0E44990B-0631-4B6D-BCFE-1AB6688DE4E7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{0E67A9B1-3838-4177-8F42-03C99EB33115}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{20AD95BE-F485-43E2-A722-9D737AF075A4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{28F740F5-55A2-4179-B11D-749861C0D0A2}" = lport=139 | protocol=6 | dir=in | app=system |

"{315F2A0B-5BD1-4553-BA0D-AEE1BECD9D9D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{3A7ACA63-2B3C-4F1E-8AD6-B67E3229AB39}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{3F17FDAB-19C6-402C-B479-F3C3D56D7721}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{4EDCC80B-08DE-4739-BBD4-2F69A49CFE0B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{6FBC5398-B90E-4725-83B9-959E8DB7E0E4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{75269774-92D6-432A-8C0A-9147587A9C88}" = lport=137 | protocol=17 | dir=in | app=system |

"{85B3ABD8-5B7B-4D54-BE5A-49E1E35F4285}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{8C0BE7E9-A0A0-49CC-956B-0F5881427107}" = lport=138 | protocol=17 | dir=in | app=system |

"{96231B5E-D0CA-417F-A0A2-92F042A43E64}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{9CB96BCE-CD98-445B-85D0-D22FB9346036}" = rport=445 | protocol=6 | dir=out | app=system |

"{AF0A9E73-323A-492D-86E7-B7955AE05855}" = rport=138 | protocol=17 | dir=out | app=system |

"{C8CFDFCA-6DAC-4012-A105-5B5592106CB4}" = rport=10243 | protocol=6 | dir=out | app=system |

"{CD0B379D-E9E9-418F-B29D-8DBE79B3B7F9}" = rport=139 | protocol=6 | dir=out | app=system |

"{CF52428E-4564-4087-BE65-59D3128FCCE7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{CFB06A66-F7BB-43D6-B4F8-B73A2730758B}" = lport=10243 | protocol=6 | dir=in | app=system |

"{D81B89FA-5D07-48AB-AC36-E04E4640DFA3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{DD5F4173-9D1B-4611-98BF-4BF0957BBD5D}" = rport=137 | protocol=17 | dir=out | app=system |

"{E66705B9-EB3C-4739-A19F-E312E65A8995}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{EDF742B0-C5E1-4275-A6EF-3BA7304FDCB7}" = lport=2869 | protocol=6 | dir=in | app=system |

"{FD5084C4-CE72-411D-B691-66695C1883E4}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{004C617A-BDD9-4D35-81A9-E943391C31CB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{079C4F0E-E412-4A08-9B6D-A17E66CB1886}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{268AE769-F732-45FD-AAA6-031E4E67EFDD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{2EA3CF41-B182-4BD6-AEF2-A816AB16CA57}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |

"{359E2DE2-8503-4DCC-A75B-16622FEDD5A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{4013180C-183D-406D-9504-7BC005E01EF6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{4B814748-D6EB-4B93-A687-FDAF96CFCC2B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{68638CA5-C08F-4915-9AA0-05D6395A7CFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{6B43E527-49CB-49B4-9227-8740AC9BEE54}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{77036674-0FED-49D0-A8F5-E529E8722F26}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{78376F34-FBD8-4F8A-98B3-F582F2B0CF9F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{8D9906DC-F104-4598-B1A9-AA6D73EB5A3B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{9E687FD8-CC4B-42F9-87F4-847EFCEFD415}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A0268269-AA78-4BE8-9E10-93CD93955E8C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A21FD5A3-516F-4476-BE4A-F50AE8B44452}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{AD68A3E8-A2F0-4DB7-9F5E-1B69A64BF9AD}" = protocol=6 | dir=out | app=system |

"{B29D83B7-DD12-46BA-998C-95DA637CAC87}" = protocol=6 | dir=in | app=c:\windows\system32\cnab4rpk.exe |

"{B2BE295F-0676-4955-AAE9-E4C729E2377D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{BB229402-6D99-43A4-8B15-03CF17734E62}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{D24E39B1-97FF-49EB-849A-98EDDEE7197F}" = protocol=17 | dir=in | app=c:\windows\system32\cnab4rpk.exe |

"{D5587A2D-5EE5-4274-9965-95A803C5C924}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |

"{D7B7F91D-2285-45C0-8B5E-B912B988B766}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{D7DE3205-C8B4-4B5A-B5D8-4D5C5F778564}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{EE4B5907-600B-414D-A98F-0EC3D9AFED00}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{F6E29CBA-F9BA-4652-A4E3-151F9B51A9AA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW® Graphics Suite X4

"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0

"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java 6 Update 32

"{32A3A4F4-B792-11D6-A78A-00B0D0160320}" = Java SE Development Kit 6 Update 32

"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help

"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4

"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA

"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture

"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw

"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP

"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content

"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters

"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav

"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN

"{83F136F0-2AE5-420C-A0B6-A440AD42591C}" = AuthenTec Fingerprint Software

"{857CC5F0-040E-1016-A173-D55ADD80C260}" = Adobe InDesign CS5.5

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant

"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM

"{A7760E07-4C23-4766-A99E-F715F298E99C}" = TFPU

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional

"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9

"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications ® Core - English

"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86

"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA

"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications ® Core

"{FDE8C4BB-8080-476A-8731-97C32C06E569}" = Nitro Pro 7

"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Android SDK Tools" = Android SDK Tools

"Canon LBP2900" = Canon LBP2900

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.dmp.contentviewer" = Adobe Content Viewer

"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"eBeamCapture_is1" = eBeam Capture 2.3

"eBeamDeviceService_is1" = eBeam Device Service 2.3

"eBeamInteract_is1" = eBeam Interact 2.3

"ENTERPRISE" = Microsoft Office Enterprise 2007

"K7TotalSecurity" = K7TotalSecurity

"Searchqu Toolbar" = Searchqu Toolbar

"TFPU{A7760E07-4C23-4766-A99E-F715F298E99C}" = TOSHIBA Fingerprint Utility

"VLC media player" = VLC media player 0.9.4

"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1779918490-3245665379-4120766740-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 5/1/2012 5:35:36 AM | Computer Name = 21A-L03 | Source = Application Error | ID = 1000

Description = Faulting application name: EXCEL.EXE, version: 12.0.4518.1014, time

stamp: 0x45428263 Faulting module name: VBE6.DLL, version: 6.5.10.20, time stamp:

0x45187577 Exception code: 0xc0000005 Fault offset: 0x00111497 Faulting process id:

0x1328 Faulting application start time: 0x01cd2779fbddd249 Faulting application path:

C:\Program Files\Microsoft Office\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL

Report

Id: 00f38de9-9371-11e1-b008-001e686d1205

Error - 5/1/2012 8:47:11 AM | Computer Name = 21A-L03 | Source = Application Hang | ID = 1002

Description = The program Acrobat.exe version 7.0.0.1333 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 24b0 Start

Time: 01cd27987d443a99 Termination Time: 53 Application Path: C:\Program Files\Adobe\Acrobat

7.0\Acrobat\Acrobat.exe Report Id: c2b04fa0-938b-11e1-b008-001e686d1205

Error - 5/3/2012 4:43:21 AM | Computer Name = 21A-L03 | Source = Application Error | ID = 1000

Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16385,

time stamp: 0x4a5bc60d Faulting module name: ntdll.dll, version: 6.1.7600.16385,

time stamp: 0x4a5bdadb Exception code: 0xc0000022 Fault offset: 0x0007f49f Faulting

process id: 0xb68 Faulting application start time: 0x01cd28f3e17c0d38 Faulting application

path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report

Id: 0910b53e-94fc-11e1-8013-001e686d1205

Error - 5/5/2012 3:27:01 AM | Computer Name = 21A-L03 | Source = Application Hang | ID = 1002

Description = The program CORELDRW.EXE version 14.0.0.567 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 16dc Start

Time: 01cd2a8f1f13e30f Termination Time: 21 Application Path: c:\Program Files\Corel\CorelDRAW

Graphics Suite X4\PROGRAMS\CORELDRW.EXE Report Id: b2ac5a45-9683-11e1-af14-001e686d1205

Error - 5/5/2012 4:41:11 AM | Computer Name = 21A-L03 | Source = MsiInstaller | ID = 11706

Description =

Error - 5/5/2012 5:17:45 AM | Computer Name = 21A-L03 | Source = MsiInstaller | ID = 11706

Description =

Error - 5/6/2012 12:11:51 AM | Computer Name = 21A-L03 | Source = Application Error | ID = 1000

Description = Faulting application name: EXCEL.EXE, version: 12.0.4518.1014, time

stamp: 0x45428263 Faulting module name: VBE6.DLL, version: 6.5.10.20, time stamp:

0x45187577 Exception code: 0xc0000005 Fault offset: 0x00111497 Faulting process id:

0x654 Faulting application start time: 0x01cd2b3226878100 Faulting application path:

C:\Program Files\Microsoft Office\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL

Report

Id: 9ab60792-9731-11e1-aa48-001e686d1205

Error - 5/6/2012 1:47:54 AM | Computer Name = 21A-L03 | Source = Application Error | ID = 1000

Description = Faulting application name: EXCEL.EXE, version: 12.0.4518.1014, time

stamp: 0x45428263 Faulting module name: VBE6.DLL, version: 6.5.10.20, time stamp:

0x45187577 Exception code: 0xc0000005 Fault offset: 0x00111497 Faulting process id:

0x8f8 Faulting application start time: 0x01cd2b3e7c3e834a Faulting application path:

C:\Program Files\Microsoft Office\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL

Report

Id: 05ef142e-973f-11e1-aa48-001e686d1205

Error - 5/9/2012 6:41:18 AM | Computer Name = 21A-L03 | Source = Application Error | ID = 1000

Description = Faulting application name: EXCEL.EXE, version: 12.0.4518.1014, time

stamp: 0x45428263 Faulting module name: VBE6.DLL, version: 6.5.10.20, time stamp:

0x45187577 Exception code: 0xc0000005 Fault offset: 0x00111497 Faulting process id:

0xc78 Faulting application start time: 0x01cd2c615d8ff6a1 Faulting application path:

C:\Program Files\Microsoft Office\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL

Report

Id: 81d59eaf-99c3-11e1-aa48-001e686d1205

Error - 5/11/2012 6:10:50 AM | Computer Name = 21A-L03 | Source = Application Error | ID = 1000

Description = Faulting application name: eBeamScrapbook.exe, version: 2.3.0.0, time

stamp: 0x4b57a0f7 Faulting module name: eBeamScrapbook.exe, version: 2.3.0.0, time

stamp: 0x4b57a0f7 Exception code: 0xc000000d Fault offset: 0x001ccc4a Faulting process

id: 0xf54 Faulting application start time: 0x01cd2f5e49d37760 Faulting application

path: C:\Program Files\Luidia\eBeam Interact\eBeamScrapbook.exe Faulting module

path: C:\Program Files\Luidia\eBeam Interact\eBeamScrapbook.exe Report Id: 94fd1b0b-9b51-11e1-a53a-001e686d1205

[ OSession Events ]

Error - 4/30/2012 12:14:32 PM | Computer Name = 21A-L03 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 18588

seconds with 300 seconds of active time. This session ended with a crash.

Error - 5/1/2012 5:07:59 AM | Computer Name = 21A-L03 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3087

seconds with 1260 seconds of active time. This session ended with a crash.

Error - 5/1/2012 5:35:35 AM | Computer Name = 21A-L03 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1622

seconds with 1620 seconds of active time. This session ended with a crash.

Error - 5/6/2012 12:11:50 AM | Computer Name = 21A-L03 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5245

seconds with 540 seconds of active time. This session ended with a crash.

Error - 5/6/2012 1:47:54 AM | Computer Name = 21A-L03 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5710

seconds with 480 seconds of active time. This session ended with a crash.

Error - 5/9/2012 6:41:18 AM | Computer Name = 21A-L03 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 157582

seconds with 5940 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 5/3/2012 2:10:18 AM | Computer Name = 21A-L03 | Source = Service Control Manager | ID = 7034

Description = The K7Carnivore Service service terminated unexpectedly. It has done

this 1 time(s).

Error - 5/3/2012 2:10:18 AM | Computer Name = 21A-L03 | Source = Service Control Manager | ID = 7034

Description = The K7Privacy Services service terminated unexpectedly. It has done

this 1 time(s).

Error - 5/3/2012 2:10:19 AM | Computer Name = 21A-L03 | Source = Service Control Manager | ID = 7034

Description = The K7RealTime AntiVirus Services service terminated unexpectedly.

It has done this 1 time(s).

Error - 5/3/2012 2:10:19 AM | Computer Name = 21A-L03 | Source = Service Control Manager | ID = 7034

Description = The K7Firewall Services service terminated unexpectedly. It has done

this 1 time(s).

Error - 5/3/2012 2:10:24 AM | Computer Name = 21A-L03 | Source = Service Control Manager | ID = 7030

Description = The K7Computng - EMail Proxy Server service is marked as an interactive

service. However, the system is configured to not allow interactive services.

This service may not function properly.

Error - 5/3/2012 2:10:25 AM | Computer Name = 21A-L03 | Source = Service Control Manager | ID = 7030

Description = The K7Firewall Services service is marked as an interactive service.

However, the system is configured to not allow interactive services. This service

may not function properly.

Error - 5/7/2012 2:06:06 AM | Computer Name = 21A-L03 | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the Netman service.

Error - 5/7/2012 9:50:19 PM | Computer Name = 21A-L03 | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the Wlansvc service.

Error - 5/10/2012 12:48:09 AM | Computer Name = 21A-L03 | Source = EventLog | ID = 6008

Description = The previous system shutdown at 10:10:04 PM on ?5/?9/?2012 was unexpected.

Error - 5/13/2012 1:44:08 AM | Computer Name = 21A-L03 | Source = ACPI | ID = 327693

Description = : The embedded controller (EC) did not respond within the specified

timeout period. This may indicate that there is an error in the EC hardware or

firmware or that the BIOS is accessing the EC incorrectly. You should check with

your computer manufacturer for an upgraded BIOS. In some situations, this error

may cause the computer to function incorrectly.

< End of report >

[Maniac]

Hello raviaditya and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

Step 1

Please uninstall Searchqu Toolbar.

Step 2

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
  IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
  IE - HKU\S-1-5-21-1779918490-3245665379-4120766740-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
  O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
  O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
  O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
  O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
  O4 - HKLM..\Run: [] File not found
  O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
  O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
  
  :files
  C:\Program Files\Searchqu Toolbar
  
  :Commands
  [emptytemp]
  [clearallrestorepoints]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  
• Please post the OTL fix log in your next reply.
  

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

[raviaditya]

Hello! Thanks for your help. Here is the OTLfix log:

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

HKEY_USERS\S-1-5-21-1779918490-3245665379-4120766740-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.

File C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.

File C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.

File C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll deleted successfully.

C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll deleted successfully.

File C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll not found.

========== FILES ==========

C:\Program Files\Searchqu Toolbar\Datamngr folder moved successfully.

C:\Program Files\Searchqu Toolbar folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: a

->Temp folder emptied: 239528948 bytes

->Temporary Internet Files folder emptied: 8939082 bytes

->Java cache emptied: 33131 bytes

->Google Chrome cache emptied: 393931506 bytes

->Flash cache emptied: 63032 bytes

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56466 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 89173511 bytes

RecycleBin emptied: 30706694 bytes

Total Files Cleaned = 727.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.43.0 log created on 05142012_124804

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[Maniac]

How are things now?

[raviaditya]

Perfect! Thanks so much for all your help! You guys are Superstars

[Maniac]

Glad I could help!

Please run OTL and click on CleanUp button.

Some malware prevention tips:

http://forums.malwarebytes.org/index.php?showtopic=104379&pid=515983&st=0entry515983

Safe surfing!

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!