1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

malware/virus removal

Discussion in 'Virus & Other Malware Removal' started by satbahadur, Feb 1, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. satbahadur

    satbahadur Thread Starter

    Joined:
    Jan 30, 2013
    Messages:
    57
    Before I post all the files requested I can not get dds.scr program run it freezes after displaying the message "Two logs shall be created on your Desktop" please help next I have saved Highjack log and gmr and one other log from RSIT I
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Post the logs you`ve got available....;)

    Kevin..
     
  3. satbahadur

    satbahadur Thread Starter

    Joined:
    Jan 30, 2013
    Messages:
    57
    I have logs of Highjack and gmr however dds did not work on my computer
    here are the logs

    Highjack
    ----------------------------------------------------------
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:29:32 PM, on 2/1/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\netdde.exe
    C:\Program Files\Application Updater\ApplicationUpdater.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.in.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: (no name) - {5BFEFF94-6411-4B74-A947-4969134B24DE} - (no file)
    R3 - URLSearchHook: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)
    F2 - REG:system.ini: Shell=
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: GomPicker - {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - C:\Program Files\GRETECH\GomPicker\GomPickerBHO.dll
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Updater Service (IBUpdaterService) - Unknown owner - C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    --
    End of file - 4828 bytes

    GMR
    ----------------------------------------------------
    GMER 2.0.18454 - http://www.gmer.net
    Rootkit scan 2013-02-01 16:49:51
    Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHT2040AH_PL rev.006C 37.26GB
    Running: kcwrgv2l.exe; Driver: C:\DOCUME~1\Dad\LOCALS~1\Temp\pgwcyfod.sys

    ---- System - GMER 2.0 ----
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwAssignProcessToJobObject [0xAA5550DA]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0xAA555CA6]
    SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys ZwCreateThread [0xAA707670]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteFile [0xAA555EB8]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteKey [0xAA559714]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteValueKey [0xAA559756]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwLoadKey [0xAA5598FA]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xAA555DCA]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenProcess [0xAA555282]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenThread [0xAA555482]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwProtectVirtualMemory [0xAA5555C2]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwQueryValueKey [0xAA55985E]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRenameKey [0xAA5597A8]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwReplaceKey [0xAA5597EA]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRestoreKey [0xAA559824]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetContextThread [0xAA555068]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetInformationFile [0xAA555F6A]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetValueKey [0xAA55969C]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSuspendThread [0xAA554FE6]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateProcess [0xAA554EEE]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateThread [0xAA554F46]
    ---- User code sections - GMER 2.0 ----
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[908] ntdll.dll!KiUserApcDispatcher 7C90E430 5 Bytes JMP 00414FF0 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[908] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A70001
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[908] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71A10022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[908] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 71AE0022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2604] ntdll.dll!KiUserApcDispatcher 7C90E430 5 Bytes JMP 0043AA00 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2604] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2604] USER32.dll!GetGUIThreadInfo + FB 7E428023 6 Bytes JMP 71AE001E
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2604] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 719E0022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2604] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 71A20022
    ---- Files - GMER 2.0 ----
    File C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\fsm_service_var_1.js.data 0 bytes
    ---- EOF - GMER 2.0 ----
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Ok, do the following:

    Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

    • Please close all open programs and internet browsers.
    • Double click on Adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

    Next,

    Download Malwarebytes from one of the following links and save it to your desktop.:


    http://www.malwarebytes.org/mbam.php
    http://www.softpedia.com/get/Antivirus/Malwarebytes-Anti-Malware.shtml
    http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Post both logs.....

    Kevin....
     
  5. satbahadur

    satbahadur Thread Starter

    Joined:
    Jan 30, 2013
    Messages:
    57
    I just read your instructions Thanks I am going to start I will inform you after I finish Thanks again

    Satbahadur
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    OK....(y)
     
  7. satbahadur

    satbahadur Thread Starter

    Joined:
    Jan 30, 2013
    Messages:
    57
    Thanks a lot for your attention and help. It took me almost an hour to do the scanning I got one Log from AdwareCleaner and 2 Logs from MalwareBytes I am attaching all 3 Log Files aswell

    AdwareCleaner
    -------------------------------------------------
    # AdwCleaner v2.109 - Logfile created 02/02/2013 at 16:57:42
    # Updated 26/01/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Dad - USER-48EF0404BA
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Dad\Desktop\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****
    Stopped & Deleted : Application Updater
    Stopped & Deleted : IBUpdaterService
    ***** [Files / Folders] *****
    File Deleted : C:\Documents and Settings\Dad\Local Settings\Application Data\funmoods.crx
    File Deleted : C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
    File Deleted : C:\user.js
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\IBUpdaterService
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
    Folder Deleted : C:\Documents and Settings\Dad\Application Data\Funmoods
    Folder Deleted : C:\Documents and Settings\Dad\Application Data\PerformerSoft
    Folder Deleted : C:\Documents and Settings\Dad\Application Data\PriceGong
    Folder Deleted : C:\Documents and Settings\Dad\Application Data\Search Settings
    Folder Deleted : C:\Documents and Settings\Dad\Local Settings\Application Data\Conduit
    Folder Deleted : C:\Documents and Settings\Dad\Local Settings\Application Data\Wajam
    Folder Deleted : C:\Program Files\Application Updater
    Folder Deleted : C:\Program Files\Common Files\spigot
    ***** [Registry] *****
    Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Cr_Installer
    Key Deleted : HKCU\Software\Crossrider
    Key Deleted : HKCU\Software\DataMngr
    Key Deleted : HKCU\Software\Funmoods
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\InstalledBrowserExtensions
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441179}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011501160}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441179}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501160}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\PriceGong
    Key Deleted : HKCU\Software\Search Settings
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKLM\Software\Application Updater
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\Software\BrowserMngr
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\Software\Funmoods
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441179}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Funmoods
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PricePeep
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin
    Key Deleted : HKLM\Software\Search Settings
    Key Deleted : HKLM\Software\Tarma Installer
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v8.0.6001.18702
    [OK] Registry is clean.
    -\\ Google Chrome v [Unable to get version]
    File : C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
    Deleted [l.5] : search_url = "hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=downl[...]
    *************************
    AdwCleaner[S1].txt - [9026 octets] - [02/02/2013 16:57:42]
    ########## EOF - C:\AdwCleaner[S1].txt - [9086 octets] ##########

    MalwareBytes
    ----------------------------------------------
    mbam-log-2013-02-02 (17-22-09)
    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org
    Database version: v2013.02.02.09
    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Dad :: USER-48EF0404BA [administrator]
    Protection: Enabled
    2/2/2013 5:22:09 PM
    mbam-log-2013-02-02 (17-22-09).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 298570
    Time elapsed: 12 minute(s), 4 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 21
    HKCR\Typelib\{0597D3BE-9A4D-4426-A8A7-572AD299852E} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{4E7F49ED-8C94-4AAA-A407-3010D099B11A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04D2B915-19FF-41E9-994D-95DC898BEA43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0696F815-A3A9-490A-BB14-9EC3350B1276} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4e7f49ed-8c94-4aaa-a407-3010d099b11a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d09094b3-b426-4f16-a6d9-e211fe222127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0e8a6cb6-3b14-491d-8bba-86a95a62ff72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D7E63AF-274B-426B-B51D-ADF161DF7F24} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7895609d-c8b4-4cf5-a2c7-28223d0c3d92} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8be781d8-5e70-423d-82de-9e4756fce53c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f02c0832-c85c-4b93-8c6f-9df20121a10d} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TelevisionFanaticbar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\MozillaPlugins\@TelevisionFanatic.com/Plugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\TelevisionFanaticService (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    Registry Values Detected: 2
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Data: a[Éê°HM˜9yÓR؀ -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
    Registry Data Items Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 6
    C:\Downloads\PDFConverterSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Downloads\PopularScreenSavers.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
    C:\Downloads\UtilityChest.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
    C:\Downloads\VideoDownloadConvert.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dad\wgsdgsdgdsgsd.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dad\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Quarantined and deleted successfully.
    (end)

    protection-log-2013-02-02
    -------------------------------------------
    2013/02/02 17:18:18 -0500 USER-48EF0404BA Dad MESSAGE Starting protection
    2013/02/02 17:18:18 -0500 USER-48EF0404BA Dad MESSAGE Protection started successfully
    2013/02/02 17:18:18 -0500 USER-48EF0404BA Dad MESSAGE Starting IP protection
    2013/02/02 17:18:36 -0500 USER-48EF0404BA Dad MESSAGE IP Protection started successfully
    2013/02/02 17:18:51 -0500 USER-48EF0404BA Dad MESSAGE Executing scheduled update: Daily
    2013/02/02 17:19:22 -0500 USER-48EF0404BA Dad MESSAGE Starting database refresh
    2013/02/02 17:19:22 -0500 USER-48EF0404BA Dad MESSAGE Stopping IP protection
    2013/02/02 17:19:23 -0500 USER-48EF0404BA Dad MESSAGE IP Protection stopped successfully
    2013/02/02 17:19:49 -0500 USER-48EF0404BA Dad MESSAGE Database refreshed successfully
    2013/02/02 17:19:49 -0500 USER-48EF0404BA Dad MESSAGE Starting IP protection
    2013/02/02 17:19:59 -0500 USER-48EF0404BA Dad MESSAGE Scheduled update executed successfully: database updated from version v2012.12.14.11 to version v2013.02.02.09
    2013/02/02 17:20:42 -0500 USER-48EF0404BA Dad MESSAGE IP Protection started successfully
    2013/02/02 17:47:04 -0500 USER-48EF0404BA MESSAGE Starting protection
    2013/02/02 17:47:04 -0500 USER-48EF0404BA MESSAGE Protection started successfully
    2013/02/02 17:47:04 -0500 USER-48EF0404BA MESSAGE Starting IP protection
    2013/02/02 17:47:48 -0500 USER-48EF0404BA Dad MESSAGE IP Protection started successfully

    I am sure after this all that Problems and Viruses on my computer will be eliminated. Thanks a lot for your help

    Satbahadur
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Continue as follows please:

    Download Security Check by screen317 from either of the following:
    http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Next,

    Download [​IMG] OTL from any of the following links and save to your Desktop:


    http://oldtimer.geekstogo.com/OTL.exe
    http://itxassociates.com/OT-Tools/OTL.com
    http://www.itxassociates.com/OT-Tools/OTL.scr
    • Double click on the icon [​IMG] to run it, Vista or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top, make sure Standard output is selected.
    • Select Scan all users
    • Under the Extra Registry section, check Use SafeList
    • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
    • Under the Custom Scan box paste this in:

      Code:
      netsvcs
      %systemroot%\*. /mp /s
      %systemroot%\*. /rp /s
      msconfig
      %SYSTEMDRIVE%\*.exe
      %LOCALAPPDATA%\*.exe
      %systemdrive%\$Recycle.Bin|@;true;true;true /fp
      /md5start
      consrv.dll
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      /md5stop
      CREATERESTOREPOINT
      
    • Click the [​IMG] button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

    Kevin
     
  9. satbahadur

    satbahadur Thread Starter

    Joined:
    Jan 30, 2013
    Messages:
    57
    I am sincerly grateful of your help. Although you have suggested and may have facilitated with plenty of fixes, but I am still looking for some other annoying thing on my computer. That is I am unable to see or config my wireless connection, security center and windows update, as all three utilities were in notification area with icons but all have disappeared now. I am still perplexed by this. I hope after all these logs the problems will cleaar. Here are the logs you have requested.

    Security Check
    ----------------------------------------
    Results of screen317's Security Check version 0.99.57
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Spybot - Search & Destroy
    Windows Defender
    Malwarebytes Anti-Malware version 1.70.0.1100
    Java(TM) 6 Update 26
    Java 2 Runtime Environment Standard Edition v1.3.1_10
    Java version out of Date!
    Adobe Flash Player 11.5.502.146
    Adobe Reader 9 Adobe Reader out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    Windows Defender MSMpEng.exe
    Windows Defender MSASCui.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Spybot Teatimer.exe is disabled!
    Malwarebytes' Anti-Malware mbamscheduler.exe
    Windows Defender MsMpEng.exe
    Windows Defender MSASCui.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 22% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````

    OTL
    ------------------------------------
    OTL logfile created on: 2/2/2013 9:57:43 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dad\Desktop\Cleaning
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1023.36 Mb Total Physical Memory | 334.86 Mb Available Physical Memory | 32.72% Memory free
    2.78 Gb Paging File | 2.15 Gb Available in Paging File | 77.47% Paging File free
    Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.26 Gb Total Space | 13.48 Gb Free Space | 36.17% Space Free | Partition Type: NTFS
    Drive D: | 492.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: USER-48EF0404BA | User Name: Dad | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/02/02 21:52:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\Cleaning\OTL.exe
    PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    PRC - [2012/09/07 10:07:12 | 001,677,144 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    PRC - [2012/09/07 10:07:12 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    PRC - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/04/13 19:12:12 | 000,256,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\msagent\agentsvr.exe
    PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
    PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
    PRC - [2002/09/20 17:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
    MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
    MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
    MOD - [2012/10/09 01:36:58 | 000,006,656 | ---- | M] () -- C:\Program Files\GRETECH\GomPicker\FunctionHandler.dll
    MOD - [2012/08/23 09:38:24 | 000,574,840 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
    MOD - [2012/08/21 17:18:44 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
    MOD - [2012/05/30 02:02:10 | 000,520,464 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
    MOD - [2001/10/10 23:01:36 | 000,063,816 | ---- | M] () -- C:\Program Files\Microsoft Office\Office10\BLNMGRPS.DLL
    MOD - [2001/10/10 23:01:34 | 000,080,200 | ---- | M] () -- C:\Program Files\Microsoft Office\Office10\BLNMGR.DLL


    ========== Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDUpdateService)
    SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
    SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - [2013/01/16 23:56:51 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/09/07 10:07:12 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
    SRV - [2011/03/14 10:27:28 | 000,271,712 | ---- | M] () [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
    SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
    SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC)
    SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
    SRV - [2008/04/13 19:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
    SRV - [2008/04/13 19:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
    SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
    SRV - [2002/09/20 17:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xpsec.sys -- (xpsec)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xcpip.sys -- (xcpip)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\u302mgmt.sys -- (u302mgmt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\u302mdm.sys -- (u302mdm)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\u302mdfl.sys -- (u302mdfl)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\u302bus.sys -- (u302bus)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (RkHit)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (cpuz134)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btwusb.sys -- (BTWUSB)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver)
    DRV - File not found [2010/03/25 22:35:10] [Kernel | Auto | Stopped] -- -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
    DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2012/12/02 18:13:29 | 000,076,544 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
    DRV - [2012/10/30 05:32:35 | 000,272,216 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys -- (RapportCerberus_43926)
    DRV - [2012/09/07 10:07:30 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
    DRV - [2012/09/07 10:07:30 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
    DRV - [2012/09/07 10:07:28 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
    DRV - [2012/05/30 02:02:09 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys -- (RapportIaso)
    DRV - [2011/06/02 10:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
    DRV - [2009/11/11 07:26:02 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
    DRV - [2008/04/13 14:00:02 | 000,225,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
    DRV - [2007/11/29 19:35:44 | 000,163,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2005/04/19 12:03:26 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2004/05/15 18:29:12 | 000,701,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2001/08/17 07:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8}: "URL" = http://search.mywebsearch.com/myweb...&n=77ee415e&psa=&st=sb&searchfor={searchTerms}
    IE - HKLM\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = http://search.mywebsearch.com/myweb...&n=77ed7a31&psa=&st=sb&searchfor={searchTerms}


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://rnd009.googlepages.com/google.html
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://rnd009.googlepages.com/google.html
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-1715567821-854245398-49474851-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKU\S-1-5-21-1715567821-854245398-49474851-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-1715567821-854245398-49474851-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.in.msn.com/
    IE - HKU\S-1-5-21-1715567821-854245398-49474851-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKU\S-1-5-21-1715567821-854245398-49474851-1004\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
    IE - HKU\S-1-5-21-1715567821-854245398-49474851-1004\..\URLSearchHook: {5BFEFF94-6411-4B74-A947-4969134B24DE} - No CLSID value found
    IE - HKU\S-1-5-21-1715567821-854245398-49474851-1004\..\SearchScopes,DefaultScope = {EB9F23D5-CA46-40FB-A801-BA42709B4915}
    IE - HKU\S-1-5-21-1715567821-854245398-49474851-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1715567821-854245398-49474851-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-1715567821-854245398-49474851-1004\..\SearchScopes\{7A7077AA-2495-4BAA-80DD-D410E2580019}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-1715567821-854245398-49474851-1004\..\SearchScopes\{EB9F23D5-CA46-40FB-A801-BA42709B4915}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=744028&p={searchTerms}
    IE - HKU\S-1-5-21-1715567821-854245398-49474851-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@ei.UtilityChest_49.com/Plugin: C:\Program Files\UtilityChest_49EI\Installr\1.bin\NP49EISB.dll (Utility Chest)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2013/02/02 12:48:05 | 000,000,000 | ---D | M]
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.100: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor


    ========== Chrome ==========

    CHR - default_search_provider: Funmoods ()
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - homepage: http://ca.search.yahoo.com?type=744028&fr=spigot-yhp-ch
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
    CHR - plugin: getPlusPlus for Adobe 162100 (Enabled) = C:\Program Files\NOS\bin\np_gp.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll

    O1 HOSTS File: ([2012/03/29 08:57:29 | 000,000,826 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    O2 - BHO: (GretechBHO Class) - {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - C:\Program Files\GRETECH\GomPicker\GomPickerBHO.dll (Gretech Corporation)
    O3 - HKU\S-1-5-21-1715567821-854245398-49474851-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1715567821-854245398-49474851-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1715567821-854245398-49474851-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
    O7 - HKU\S-1-5-21-1715567821-854245398-49474851-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
    O7 - HKU\S-1-5-21-1715567821-854245398-49474851-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/downl...584-842756A66467/MicrosoftDownloadManager.cab (Microsoft Download Manager ActiveX control)
    O16 - DPF: {CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_3_1_10-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab (SysInfo Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4FBB18F-B890-4456-BB06-292B41B5AF14}: DhcpNameServer = 192.168.2.1
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/09/27 12:50:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2001/08/23 07:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
    O33 - MountPoints2\{203f8800-a3b8-11df-940e-000fb391bb04}\Shell - "" = AutoRun
    O33 - MountPoints2\{203f8800-a3b8-11df-940e-000fb391bb04}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{7848b470-3cd5-11e2-a32f-000802da2486}\Shell - "" = AutoRun
    O33 - MountPoints2\{7848b470-3cd5-11e2-a32f-000802da2486}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{7848b470-3cd5-11e2-a32f-000802da2486}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{93cf3f50-b044-11dd-9016-000fb391bb04}\Shell - "" = Autorun
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: EventSystem - File not found
    NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Sharedaccess - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: WmdmPmSN - File not found

    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk - Reg Error: Value error. - File not found
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE - (WinZip Computing, Inc.)
    MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    MsConfig - StartUpReg: SpeedyComputer - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: TelevisionFanatic Browser Plugin Loader - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: TelevisionFanatic Search Scope Monitor - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 0
    MsConfig - State: "services" - 0
    MsConfig - State: "startup" - 2

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/02/02 18:36:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Local Settings\Application Data\Deployment
    [2013/02/02 17:17:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Malwarebytes
    [2013/02/02 17:16:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/02/02 17:16:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2013/02/02 17:16:40 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2013/02/02 17:16:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013/02/02 17:07:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\My Documents\Clean
    [2013/02/02 17:04:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Desktop\Cleaning
    [2013/02/02 12:54:07 | 000,232,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
    [2013/02/02 12:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
    [2013/02/02 12:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\My Documents\My Downloads
    [2013/02/02 12:48:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Download Manager
    [2013/02/02 12:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Download Manager
    [2013/02/01 18:11:14 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
    [2013/02/01 15:45:38 | 000,000,000 | ---D | C] -- C:\rsit
    [2013/02/01 15:29:42 | 000,509,440 | ---- | C] (Tech Support Guy System) -- C:\Documents and Settings\Dad\Desktop\SysInfo.exe
    [2013/02/01 12:35:23 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Dad\Desktop\dds.scr
    [2013/01/31 09:01:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\IIS Temporary Compressed Files
    [2013/01/31 09:01:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Cache
    [2013/01/31 09:01:02 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpctrs.dll
    [2013/01/31 09:01:02 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
    [2013/01/31 09:01:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\snprfdll.dll
    [2013/01/31 09:01:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
    [2013/01/31 09:01:01 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
    [2013/01/31 09:01:01 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
    [2013/01/31 09:01:01 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
    [2013/01/31 09:01:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fcachdll.dll
    [2013/01/31 09:01:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
    [2013/01/31 09:01:01 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
    [2013/01/31 09:01:01 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
    [2013/01/31 09:01:01 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regtrace.exe
    [2013/01/31 09:01:01 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
    [2013/01/31 09:01:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
    [2013/01/31 09:01:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsiisex.dll
    [2013/01/31 09:00:35 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
    [2013/01/31 09:00:35 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
    [2013/01/31 09:00:35 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
    [2013/01/31 09:00:34 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
    [2013/01/31 09:00:34 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
    [2013/01/31 09:00:34 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
    [2013/01/31 09:00:34 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
    [2013/01/31 09:00:33 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
    [2013/01/31 09:00:33 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
    [2013/01/31 09:00:33 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
    [2013/01/31 09:00:33 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
    [2013/01/31 09:00:33 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
    [2013/01/31 09:00:33 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
    [2013/01/31 09:00:33 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
    [2013/01/31 09:00:33 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
    [2013/01/31 09:00:32 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
    [2013/01/31 09:00:32 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
    [2013/01/31 09:00:32 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
    [2013/01/31 09:00:32 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aspperf.dll
    [2013/01/31 09:00:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w3svapi.dll
    [2013/01/31 09:00:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
    [2013/01/31 09:00:32 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
    [2013/01/31 09:00:32 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w3ctrs.dll
    [2013/01/31 09:00:31 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
    [2013/01/31 09:00:31 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisreset.exe
    [2013/01/31 09:00:31 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
    [2013/01/31 09:00:31 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
    [2013/01/31 09:00:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftpsapi2.dll
    [2013/01/31 09:00:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
    [2013/01/31 09:00:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisrstap.dll
    [2013/01/31 09:00:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
    [2013/01/31 09:00:30 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
    [2013/01/31 09:00:30 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
    [2013/01/31 09:00:30 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
    [2013/01/31 09:00:30 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsloc.dll
    [2013/01/31 09:00:30 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
    [2013/01/31 09:00:30 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wamregps.dll
    [2013/01/31 09:00:30 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
    [2013/01/31 09:00:30 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iismui.dll
    [2013/01/31 09:00:30 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
    [2013/01/31 09:00:29 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
    [2013/01/31 09:00:29 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\convlog.exe
    [2013/01/31 09:00:29 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
    [2013/01/31 09:00:29 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
    [2013/01/31 09:00:29 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\infoctrs.dll
    [2013/01/31 09:00:29 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
    [2013/01/31 09:00:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
    [2013/01/31 09:00:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\admxprox.dll
    [2013/01/31 09:00:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
    [2013/01/31 09:00:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
    [2013/01/31 08:59:14 | 000,000,000 | ---D | C] -- C:\Inetpub
    [2013/01/31 08:41:45 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\simptcp.dll
    [2013/01/31 08:41:45 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
    [2013/01/31 06:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\Vtools Toolbar
    [2013/01/31 06:43:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Vtools
    [2013/01/31 06:43:50 | 000,000,000 | ---D | C] -- C:\Program Files\Vtools
    [2013/01/30 12:52:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
    [2013/01/30 07:47:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
    [2013/01/30 07:47:48 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
    [2013/01/30 07:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
    [2013/01/20 20:47:18 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
    [2013/01/20 19:50:23 | 038,808,920 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Dad\My Documents\FileFormatConverters.exe
    [2013/01/19 09:06:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\My Documents\GomPlayer
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/02/02 22:19:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{30B0C8CA-0968-48BE-8B86-A453A4D8BE23}.job
    [2013/02/02 22:03:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/02/02 22:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
    [2013/02/02 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
    [2013/02/02 21:56:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/02/02 21:19:39 | 000,446,830 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/02/02 21:19:39 | 000,078,104 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/02/02 21:17:54 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2013/02/02 21:14:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/02/02 21:14:43 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys
    [2013/02/02 18:38:58 | 000,000,278 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\Current local time in India – Delhi – New Delhi.url
    [2013/02/02 18:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
    [2013/02/02 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
    [2013/02/02 17:16:43 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/02/02 16:56:19 | 000,580,235 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\adwcleaner.exe
    [2013/02/02 16:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
    [2013/02/02 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
    [2013/02/02 14:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
    [2013/02/02 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
    [2013/02/02 12:49:46 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/02/02 11:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
    [2013/02/02 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
    [2013/02/02 10:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
    [2013/02/02 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
    [2013/02/02 08:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
    [2013/02/02 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
    [2013/02/02 07:17:53 | 000,004,885 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/02/01 22:11:48 | 000,320,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/02/01 19:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
    [2013/02/01 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
    [2013/02/01 18:45:36 | 000,451,840 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\TeamSpybot-20130201-184534.cab
    [2013/02/01 18:45:36 | 000,437,201 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\Desktop-20130201-184534.png
    [2013/02/01 18:44:40 | 000,449,828 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\TeamSpybot-20130201-184438.cab
    [2013/02/01 18:44:40 | 000,435,045 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\Desktop-20130201-184438.png
    [2013/02/01 17:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
    [2013/02/01 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
    [2013/02/01 15:29:43 | 000,509,440 | ---- | M] (Tech Support Guy System) -- C:\Documents and Settings\Dad\Desktop\SysInfo.exe
    [2013/02/01 13:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
    [2013/02/01 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
    [2013/02/01 12:35:25 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Dad\Desktop\dds.scr
    [2013/02/01 12:27:32 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\HiJackThis.lnk
    [2013/02/01 12:03:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/02/01 12:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
    [2013/02/01 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
    [2013/02/01 09:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
    [2013/02/01 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
    [2013/02/01 07:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
    [2013/02/01 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
    [2013/02/01 06:36:27 | 001,210,951 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\report.pdf
    [2013/02/01 06:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
    [2013/02/01 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
    [2013/01/31 23:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
    [2013/01/31 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
    [2013/01/31 20:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
    [2013/01/31 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
    [2013/01/31 13:39:12 | 000,008,486 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\error.JPG
    [2013/01/31 13:25:56 | 000,051,262 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\tb 3.JPG
    [2013/01/31 13:25:28 | 000,041,801 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\tb 2.JPG
    [2013/01/31 13:24:56 | 000,008,687 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\tb1.JPG
    [2013/01/31 13:22:40 | 000,000,155 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\i_view32.ini
    [2013/01/31 11:19:18 | 000,000,659 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\Tech Support Guy - Welcome Guide (2).url
    [2013/01/31 08:37:35 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/01/30 21:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
    [2013/01/30 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
    [2013/01/30 15:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
    [2013/01/30 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
    [2013/01/30 09:58:08 | 000,000,620 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
    [2013/01/30 08:38:16 | 000,000,082 | ---- | M] () -- C:\WINDOWS\WININIT.INI
    [2013/01/30 07:48:27 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
    [2013/01/30 07:48:27 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
    [2013/01/30 07:47:59 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\Spybot-S&D Start Center.lnk
    [2013/01/30 05:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
    [2013/01/30 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
    [2013/01/30 00:32:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
    [2013/01/30 00:07:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
    [2013/01/29 19:09:06 | 571,322,368 | ---- | M] () -- C:\xpsp3_5512.080413-2113_usa_x86fre_spcd.iso
    [2013/01/28 07:39:41 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\Main Wikipedia.url
    [2013/01/28 06:58:58 | 000,000,309 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\My Document.lnk
    [2013/01/20 19:50:27 | 038,808,920 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Dad\My Documents\FileFormatConverters.exe
    [2013/01/20 16:08:13 | 057,607,105 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\Hardware_&_DIY.ZIP
    [2013/01/19 15:44:34 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2013/01/18 01:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
    [2013/01/18 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
    [2013/01/17 15:23:02 | 000,014,535 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\Document 66.rtf
    [2013/01/17 02:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
    [2013/01/17 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
    [2013/01/17 01:28:58 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
    [2013/01/16 23:56:37 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/01/16 23:56:37 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/01/08 06:33:37 | 000,000,495 | ---- | M] () -- C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to i_view32.lnk
    [2013/01/08 04:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
    [2013/01/08 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
    [2013/01/06 00:34:35 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/02/02 17:51:07 | 000,580,235 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\adwcleaner.exe
    [2013/02/02 17:16:43 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/02/02 12:54:04 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2013/02/02 12:50:51 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
    [2013/02/01 18:45:36 | 000,451,840 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\TeamSpybot-20130201-184534.cab
    [2013/02/01 18:45:35 | 000,437,201 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\Desktop-20130201-184534.png
    [2013/02/01 18:44:40 | 000,449,828 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\TeamSpybot-20130201-184438.cab
    [2013/02/01 18:44:39 | 000,435,045 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\Desktop-20130201-184438.png
    [2013/02/01 06:36:27 | 001,210,951 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\report.pdf
    [2013/01/31 13:25:56 | 000,051,262 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\tb 3.JPG
    [2013/01/31 13:25:28 | 000,041,801 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\tb 2.JPG
    [2013/01/31 13:24:56 | 000,008,687 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\tb1.JPG
    [2013/01/31 11:38:27 | 000,008,486 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\error.JPG
    [2013/01/31 11:19:18 | 000,000,659 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\Tech Support Guy - Welcome Guide (2).url
    [2013/01/31 09:01:02 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
    [2013/01/31 09:01:02 | 000,008,002 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.h
    [2013/01/31 09:01:01 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
    [2013/01/31 09:01:01 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.h
    [2013/01/31 09:00:32 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
    [2013/01/31 09:00:32 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
    [2013/01/31 09:00:32 | 000,005,379 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.h
    [2013/01/31 09:00:32 | 000,002,024 | ---- | C] () -- C:\WINDOWS\System32\axctrnm.h
    [2013/01/31 09:00:30 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
    [2013/01/31 09:00:29 | 000,003,276 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.h
    [2013/01/31 09:00:28 | 000,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib
    [2013/01/31 09:00:28 | 000,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib
    [2013/01/31 09:00:28 | 000,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib
    [2013/01/31 09:00:28 | 000,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib
    [2013/01/31 09:00:28 | 000,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib
    [2013/01/31 09:00:28 | 000,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib
    [2013/01/31 09:00:27 | 000,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib
    [2013/01/31 09:00:27 | 000,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib
    [2013/01/31 09:00:27 | 000,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib
    [2013/01/31 09:00:27 | 000,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib
    [2013/01/31 09:00:27 | 000,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib
    [2013/01/31 09:00:27 | 000,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib
    [2013/01/31 09:00:24 | 000,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib
    [2013/01/31 09:00:24 | 000,000,698 | ---- | C] () -- C:\WINDOWS\System32\inetsrv.mib
    [2013/01/31 09:00:23 | 000,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib
    [2013/01/31 09:00:23 | 000,020,079 | ---- | C] () -- C:\WINDOWS\System32\http.mib
    [2013/01/31 09:00:23 | 000,006,179 | ---- | C] () -- C:\WINDOWS\System32\ftp.mib
    [2013/01/31 09:00:22 | 000,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib
    [2013/01/31 09:00:22 | 000,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib
    [2013/01/31 09:00:22 | 000,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib
    [2013/01/31 08:37:35 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/01/31 08:37:35 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Dad\Start Menu\Programs\Internet Explorer.lnk
    [2013/01/30 07:48:27 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
    [2013/01/30 07:48:25 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
    [2013/01/30 07:48:24 | 000,000,620 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
    [2013/01/30 07:47:59 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
    [2013/01/30 07:47:59 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\Spybot-S&D Start Center.lnk
    [2013/01/29 14:41:10 | 571,322,368 | ---- | C] () -- C:\xpsp3_5512.080413-2113_usa_x86fre_spcd.iso
    [2013/01/29 14:39:54 | 000,000,155 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\i_view32.ini
    [2013/01/29 09:55:15 | 1073,139,712 | -HS- | C] () -- C:\hiberfil.sys
    [2013/01/28 06:58:58 | 000,000,309 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\My Document.lnk
    [2013/01/20 16:06:33 | 057,607,105 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\Hardware_&_DIY.ZIP
    [2013/01/17 15:23:02 | 000,014,535 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\Document 66.rtf
    [2013/01/08 06:33:37 | 000,000,495 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to i_view32.lnk
    [2012/12/03 20:59:24 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\FASTApp.html
    [2012/09/28 11:52:02 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
    [2012/09/22 16:15:58 | 020,480,000 | ---- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\store-pp.jbs
    [2012/08/21 10:48:09 | 000,002,055 | ---- | C] () -- C:\Documents and Settings\Dad\doscmd
    [2012/07/09 06:08:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/03/29 19:03:13 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\winweim.dll
    [2012/01/31 21:40:56 | 000,000,075 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
    [2011/12/22 12:27:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\{B97FB304-C360-4239-A69D-3279961A7392}
    [2011/12/15 19:01:11 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
    [2011/12/15 06:10:18 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2011/10/22 14:44:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\bibstats
    [2011/09/20 10:25:20 | 000,000,272 | ---- | C] () -- C:\WINDOWS\reimage.ini
    [2011/04/04 15:22:15 | 000,012,562 | -HS- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\sns26gx5n4j3fx46a0a60g14b7lq4tq3t6217
    [2011/04/04 15:22:15 | 000,012,562 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\sns26gx5n4j3fx46a0a60g14b7lq4tq3t6217
    [2010/12/29 07:35:15 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\lakerda1967.sys
    [2010/12/29 07:33:47 | 000,010,584 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\docXConverter (3).ini
    [2010/10/27 05:05:07 | 000,102,811 | ---- | C] () -- C:\Documents and Settings\Dad\Shattering some myths on Kashmir.htm
    [2010/10/25 07:52:04 | 000,018,249 | ---- | C] () -- C:\Documents and Settings\Dad\Optimizing Windows XP Services.htm
    [2010/10/25 03:49:52 | 000,117,963 | ---- | C] () -- C:\Documents and Settings\Dad\Services Guide for Windows XP.htm
    [2010/10/25 02:52:15 | 000,050,643 | ---- | C] () -- C:\Documents and Settings\Dad\Turn Off Unnecessary Windows XP Services JasonN_com.htm
    [2010/06/17 19:32:34 | 000,940,282 | ---- | C] () -- C:\Program Files\fastfilerenamer.zip
    [2009/12/15 09:09:31 | 015,046,752 | ---- | C] () -- C:\Documents and Settings\Dad\SHRI HANUMAAN CHALISA.mp3
    [2009/12/13 09:41:39 | 000,005,353 | ---- | C] () -- C:\Documents and Settings\Dad\Toronto Weather.rtf
    [2009/11/09 09:25:35 | 015,040,966 | ---- | C] () -- C:\Documents and Settings\Dad\UNCENSORED_ISSUE1.pdf
    [2009/09/15 21:52:49 | 001,869,617 | -H-- | C] () -- C:\Documents and Settings\All Users\JapjiSahib.mp3
    [2009/09/15 21:52:49 | 001,746,833 | -H-- | C] () -- C:\Documents and Settings\All Users\Mool_mantar.mp3
    [2009/08/22 15:15:11 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\Dad\.boxit.ini
    [2009/08/03 06:19:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dad\.gtk-bookmarks
    [2009/07/24 22:01:22 | 000,000,030 | ---- | C] () -- C:\Documents and Settings\Dad\.gtkrc-2.0
    [2009/03/03 09:40:47 | 000,440,230 | ---- | C] () -- C:\Documents and Settings\Dad\Notetab.pdf
    [2008/11/08 18:51:09 | 000,086,016 | ---- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/11/07 19:21:38 | 006,291,456 | ---- | C] () -- C:\Documents and Settings\Dad\NTUSER.bak

    ========== ZeroAccess Check ==========

    [2011/01/20 10:04:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2008/04/13 19:11:53 | 000,472,064 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2012/09/11 19:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\A-PDF
    [2012/01/31 21:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
    [2012/12/02 18:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
    [2011/02/19 20:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mytaxexpress
    [2012/02/13 16:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mytaxexpress-efile
    [2012/03/29 13:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
    [2011/04/10 18:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
    [2010/08/19 09:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2011/12/31 06:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Acapela Group
    [2012/09/16 16:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2012/09/15 18:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\DriverCure
    [2012/09/18 21:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\FreeSmith
    [2009/07/24 18:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\gourmet
    [2012/04/11 21:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\NewspaperDirect
    [2011/09/20 09:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\ParetoLogic
    [2012/02/24 20:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\PySolFC
    [2009/02/11 08:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\tinySpell
    [2011/04/10 18:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Trusteer
    [2011/12/22 09:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Uniblue
    [2013/01/31 07:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Vtools
    [2010/08/17 22:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\WordWeb
    [2011/04/27 17:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Trusteer
    [2011/08/21 01:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Priti\Application Data\Trusteer
    [2011/08/05 22:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rohit\Application Data\Trusteer

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %systemroot%\*. /mp /s >

    < %systemroot%\*. /rp /s >

    < %SYSTEMDRIVE%\*.exe >
    [2004/06/11 16:33:28 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe
    Invalid Environment Variable: LOCALAPPDATA

    < %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

    < MD5 for: EXPLORER.EXE >
    [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
    [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
    [2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    [2012/11/13 14:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe

    < MD5 for: SVCHOST.EXE >
    [2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
    [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
    [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
    [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
    [2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
    [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
    [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
    [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    [2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    [2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
    [2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\WINDOWS\$NtUninstallKB26527$] -> -> Unknown point type
    [C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
    [C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 88 bytes -> C:\xpsp3_5512.080413-2113_usa_x86fre_spcd.iso:SummaryInformation
    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Dad\Desktop\lfx.exe:SummaryInformation
    < End of report >

    Extras
    ------------------------------------------
    OTL Extras logfile created on: 2/2/2013 9:57:43 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dad\Desktop\Cleaning
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1023.36 Mb Total Physical Memory | 334.86 Mb Available Physical Memory | 32.72% Memory free
    2.78 Gb Paging File | 2.15 Gb Available in Paging File | 77.47% Paging File free
    Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.26 Gb Total Space | 13.48 Gb Free Space | 36.17% Space Free | Partition Type: NTFS
    Drive D: | 492.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: USER-48EF0404BA | User Name: Dad | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
    "3540:UDP" = 3540:UDP:*:Enabled:peer Name Resolution Protocol (PNRP)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
    "3540:UDP" = 3540:UDP:*:Enabled:peer Name Resolution Protocol (PNRP)

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{0373EE20-70B7-437F-8746-09F4F0857DE8}" = Vtools Toolbar v6.7
    "{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
    "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
    "{23970E31-948B-466E-8376-1224D32FDF0C}" = Convert
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
    "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{36A9D3F8-3FCF-4FBA-A8AD-3C1CE56C8AF4}" = Philips Device Manager
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{57F06897-6735-4B97-9DF3-DE8BC27879D4}" = Philips Device Plug-in
    "{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
    "{68249B6E-B714-11D7-88E8-0050DA21757E}" = Java 2 Runtime Environment Standard Edition v1.3.1_10
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7CDA2B02-E0A4-4EB5-8533-050D535BA43A}" = Media Converter for Philips
    "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
    "{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
    "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
    "{EC86822D-3A20-11D5-801B-00E029348F40}" = SMSC IrCC V4.10.1999.4
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F16F258A-6300-4A1C-BC49-7929EFF455E2}" = TIPCIxx20
    "{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1033}" = Nero 7 Essentials
    "{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom NetXtreme Ethernet Controller
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Agere Systems Soft Modem" = Agere Systems AC'97 Modem
    "ATI Display Driver" = ATI Display Driver
    "Audacity_is1" = Audacity 1.2.6
    "Business-in-a-Box" = Business-in-a-Box
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "GOM Picker" = GOM PICKER
    "GOM Player" = GOM Player
    "GOM Video Converter" = GOM Video Converter
    "Gtk+ Runtime Environment" = Gtk+ Runtime Environment 2.8.8-rc2
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "InstallShield_{F16F258A-6300-4A1C-BC49-7929EFF455E2}" = Texas Instruments PCIxx20 drivers.
    "IrfanView" = IrfanView (remove only)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "myTaxExpress EFile 2011_is1" = myTaxExpress EFile 2011
    "myTaxExpress NETFILE 2011_is1" = myTaxExpress NETFILE 2011
    "PySol Fan Club edition_is1" = PySol Fan Club edition v.2.0
    "Rapport_msi" = Rapport
    "Shockwave" = Shockwave
    "Sudoku2PDF Pro_is1" = Sudoku2PDF Pro 2.6
    "Time Stopper4.0" = Time Stopper
    "tinySpell_is1" = tinySpell 1.7.010
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "WebPost" = Microsoft Web Publishing Wizard 1.52
    "WIC" = Windows Imaging Component
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinZip" = WinZip
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "WordWeb" = WordWeb
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1715567821-854245398-49474851-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "2543445229.www.ndtv.com" = NDTV Play

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 2/2/2013 6:01:47 PM | Computer Name = USER-48EF0404BA | Source = VSS | ID = 8193
    Description = Volume Shadow Copy Service error: Unexpected error calling routine
    CoCreateInstance. hr = 0x80040206.

    Error - 2/2/2013 6:12:24 PM | Computer Name = USER-48EF0404BA | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    Error - 2/2/2013 6:46:47 PM | Computer Name = USER-48EF0404BA | Source = EventSystem | ID = 4609
    Description = The COM+ Event System detected a bad return code during its internal
    processing. HRESULT was 80070424 from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
    Please contact Microsoft Product Support Services to report this erro

    Error - 2/2/2013 6:46:47 PM | Computer Name = USER-48EF0404BA | Source = VSS | ID = 8193
    Description = Volume Shadow Copy Service error: Unexpected error calling routine
    CoCreateInstance. hr = 0x80040206.

    Error - 2/2/2013 6:47:01 PM | Computer Name = USER-48EF0404BA | Source = EventSystem | ID = 4609
    Description = The COM+ Event System detected a bad return code during its internal
    processing. HRESULT was 80070424 from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
    Please contact Microsoft Product Support Services to report this erro

    Error - 2/2/2013 6:47:01 PM | Computer Name = USER-48EF0404BA | Source = VSS | ID = 8193
    Description = Volume Shadow Copy Service error: Unexpected error calling routine
    CoCreateInstance. hr = 0x80040206.

    Error - 2/2/2013 10:15:18 PM | Computer Name = USER-48EF0404BA | Source = EventSystem | ID = 4609
    Description = The COM+ Event System detected a bad return code during its internal
    processing. HRESULT was 80070424 from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
    Please contact Microsoft Product Support Services to report this erro

    Error - 2/2/2013 10:15:19 PM | Computer Name = USER-48EF0404BA | Source = VSS | ID = 8193
    Description = Volume Shadow Copy Service error: Unexpected error calling routine
    CoCreateInstance. hr = 0x80040206.

    Error - 2/2/2013 10:15:34 PM | Computer Name = USER-48EF0404BA | Source = EventSystem | ID = 4609
    Description = The COM+ Event System detected a bad return code during its internal
    processing. HRESULT was 80070424 from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
    Please contact Microsoft Product Support Services to report this erro

    Error - 2/2/2013 10:15:34 PM | Computer Name = USER-48EF0404BA | Source = VSS | ID = 8193
    Description = Volume Shadow Copy Service error: Unexpected error calling routine
    CoCreateInstance. hr = 0x80040206.

    [ System Events ]
    Error - 2/2/2013 10:15:36 PM | Computer Name = USER-48EF0404BA | Source = Service Control Manager | ID = 7023
    Description = The WebClient service terminated with the following error: %%2

    Error - 2/2/2013 10:15:36 PM | Computer Name = USER-48EF0404BA | Source = Service Control Manager | ID = 7003
    Description = The Spybot-S&D 2 Updating Service service depends on the following
    nonexistent service: seclogon

    Error - 2/2/2013 10:15:36 PM | Computer Name = USER-48EF0404BA | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
    Center Service service to connect.

    Error - 2/2/2013 10:15:36 PM | Computer Name = USER-48EF0404BA | Source = Service Control Manager | ID = 7000
    Description = The Spybot-S&D 2 Security Center Service service failed to start due
    to the following error: %%1053

    Error - 2/2/2013 10:15:36 PM | Computer Name = USER-48EF0404BA | Source = Service Control Manager | ID = 7000
    Description = The Yahoo! Updater service failed to start due to the following error:
    %%2

    Error - 2/2/2013 10:15:36 PM | Computer Name = USER-48EF0404BA | Source = Service Control Manager | ID = 7000
    Description = The Power Control [2010/03/25 22:35:10] service failed to start due
    to the following error: %%2

    Error - 2/2/2013 10:15:36 PM | Computer Name = USER-48EF0404BA | Source = Service Control Manager | ID = 7023
    Description = The Computer Browser service terminated with the following error:
    %%1060

    Error - 2/2/2013 10:15:36 PM | Computer Name = USER-48EF0404BA | Source = Service Control Manager | ID = 7023
    Description = The Windows Time service terminated with the following error: %%2

    Error - 2/2/2013 11:00:00 PM | Computer Name = USER-48EF0404BA | Source = Schedule | ID = 7901
    Description = The At23.job command failed to start due to the following error: %%2147942402

    Error - 2/2/2013 11:00:00 PM | Computer Name = USER-48EF0404BA | Source = Schedule | ID = 7901
    Description = The At47.job command failed to start due to the following error: %%2147942402


    < End of report >

    Thanks again for your help

    Satbahadur
     

    Attached Files:

  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Your system still has a lot of malware/infection present, run the following:

    Re-Run [​IMG] by double left click, Vista and Widows 7 users accept UAC alert.
    • Under the [​IMG] box at the bottom, paste in the following, start with and include the colon plus OTL . :OTL

      Code:
      :OTL
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xpsec.sys -- (xpsec)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xcpip.sys -- (xcpip)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
      IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://rnd009.googlepages.com/google.html
      IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://rnd009.googlepages.com/google.html
      IE - HKLM\..\SearchScopes\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8}: "URL" = http://search.mywebsearch.com/mywebs...r={searchTerms}
      IE - HKLM\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = http://search.mywebsearch.com/mywebs...r={searchTerms}
      IE - HKU\S-1-5-21-1715567821-854245398-49474851-1004\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
      IE - HKU\S-1-5-21-1715567821-854245398-49474851-1004\..\URLSearchHook: {5BFEFF94-6411-4B74-A947-4969134B24DE} - No CLSID value found
      FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found
      CHR - default_search_provider: Funmoods ()
      O3 - HKU\S-1-5-21-1715567821-854245398-49474851-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O16 - DPF: {CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} http://java.sun.com/products/plugin/...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
      O33 - MountPoints2\{203f8800-a3b8-11df-940e-000fb391bb04}\Shell - "" = AutoRun
      O33 - MountPoints2\{203f8800-a3b8-11df-940e-000fb391bb04}\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\{7848b470-3cd5-11e2-a32f-000802da2486}\Shell - "" = AutoRun
      O33 - MountPoints2\{7848b470-3cd5-11e2-a32f-000802da2486}\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\{7848b470-3cd5-11e2-a32f-000802da2486}\Shell\AutoRun\command - "" = E:\AutoRun.exe
      O33 - MountPoints2\{93cf3f50-b044-11dd-9016-000fb391bb04}\Shell - "" = Autorun
      MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk - Reg Error: Value error. - File not found
      MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - Reg Error: Value error. File not found
      MsConfig - StartUpReg: SpeedyComputer - hkey= - key= - Reg Error: Value error. File not found
      MsConfig - StartUpReg: TelevisionFanatic Browser Plugin Loader - hkey= - key= - Reg Error: Value error. File not found
      MsConfig - StartUpReg: TelevisionFanatic Search Scope Monitor - hkey= - key= - Reg Error: Value error. File not found
      [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      [3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
      [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [2013/02/02 22:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
      [2013/02/02 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
      [2013/02/02 18:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
      [2013/02/02 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
      [2013/02/02 16:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
      [2013/02/02 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
      [2013/02/02 14:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
      [2013/02/02 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
      [2013/02/02 11:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
      [2013/02/02 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
      [2013/02/02 10:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
      [2013/02/02 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
      [2013/02/02 08:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
      [2013/02/02 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
      [2013/02/01 19:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
      [2013/02/01 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
      [2013/02/01 17:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
      [2013/02/01 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
      [2013/02/01 13:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
      [2013/02/01 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
      [2013/02/01 12:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
      [2013/02/01 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
      [2013/02/01 09:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
      [2013/02/01 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
      [2013/02/01 07:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
      [2013/02/01 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
      [2013/02/01 06:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
      [2013/02/01 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
      [2013/01/31 23:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
      [2013/01/31 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
      [2013/01/31 20:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
      [2013/01/31 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
      [2013/01/30 21:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
      [2013/01/30 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
      [2013/01/30 15:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
      [2013/01/30 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
      [2013/01/30 05:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
      [2013/01/30 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
      [2013/01/30 00:32:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
      [2013/01/30 00:07:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
      [2013/01/18 01:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
      [2013/01/18 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
      [2013/01/17 02:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
      [2013/01/17 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
      [2013/01/08 04:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
      [2013/01/08 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
      [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      [3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
      [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      @Alternate Data Stream - 88 bytes -> C:\xpsp3_5512.080413-2113_usa_x86fre_spcd.iso:SummaryInformation
      @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Dad\Desktop\lfx.exe:SummaryInformation
      :Files
      ipconfig /flushdns /c
      :Commands
      [emptytemp]
      [CREATERESTOREPOINT]
      
    • Then click [​IMG] button at the top
    • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
    • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

    Next,

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Next,

    Run the MGA Diagnostic Tool and post back the report it creates:
    • Download MGADiag to your desktop.
    • Double-click on MGADiag.exe to launch the program
    • Click "Continue"
    • Ensure that the "Windows" tab is selected (it should be by default).
    • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
    • Paste the MGA Diagnostic Report back here in your next reply.

    Post those 3 logs, also give update on current issues/concerns..

    Kevin
     
  11. satbahadur

    satbahadur Thread Starter

    Joined:
    Jan 30, 2013
    Messages:
    57
    Hi Kevin
    I am little frustrated by having this malware/infection present. I went ahead as suggested and ran OTL as directed. It did not work as expected while running it freezes and all the icons on opening screen along with taskbar disappears I tried 3 times with same results. Although it creates a folder C:\_OTL\MovedFiles folder, when checking it is empty. Next I ran the Combofix and it also freezes after a message Rootkit and does not make a file C:\ComboFix.txt. Lastly when I used MGA Diagnostic Tool it did created a report which I am posting. I hope to receive your next directions as in this post I have only MGA Diagnostic Report as other two failed to work on my laptop for a unspecified reason. Thank

    Satbahadur

    The MGA Diagnostic Report
    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-VTY8B-KX7GP-Y8VYB
    Windows Product Key Hash: Hli9BCJ6bGXvFUwxfnpZRyBG/VA=
    Windows Product ID: 55274-OEM-2245332-53824
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 5.1.2600.2.00010100.3.0.pro
    ID: {7EF33B64-8737-4BBF-AAD5-0DBEF8F1FEAA}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: Yes
    Version: 1.9.40.0
    WgaTray.exe Signed By: Microsoft
    WgaLogon.dll Signed By: Microsoft

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 114 Blocked VLK 2
    Microsoft Publisher 2002 - 100 Genuine
    Microsoft Office XP Professional with FrontPage - 114 Blocked VLK 2
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-230-1

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE; Win32)
    Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{7EF33B64-8737-4BBF-AAD5-0DBEF8F1FEAA}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-Y8VYB</PKey><PID>55274-OEM-2245332-53824</PID><PIDType>3</PIDType><SID>S-1-5-21-1715567821-854245398-49474851</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Compaq nc6000 (DV939C#ABA) </Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>68BDD Ver. F.15</Version><SMBIOSVersion major="2" minor="3"/><Date>20060830000000.000000+000</Date></BIOS><HWID>66B93707018400EC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90190409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Publisher 2002</Name><Ver>10</Ver><Val>B128FD8CC4B4004</Val><Hash>Vb2e86j8DAXInLL4wCY3su2GvgU=</Hash><Pid>54197-640-0000025-16365</Pid><PidType>14</PidType></Product><Product GUID="{90280409-6000-11D3-8CFE-0050048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office XP Professional with FrontPage</Name><Ver>10</Ver><Val>39476F84C4B4004</Val><Hash>4iCnywwNW1w4s9ukTIwGMGxyGic=</Hash><Pid>54185-640-0000025-17209</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="10" Result="114"/><App Id="16" Version="10" Result="114"/><App Id="17" Version="10" Result="114"/><App Id="18" Version="10" Result="114"/><App Id="19" Version="10" Result="100"/><App Id="1A" Version="10" Result="114"/><App Id="1B" Version="10" Result="114"/></Applications></Office></Software></GenuineResults>

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: yes
    Marker string from BIOS: 87CC:Compaq Computer Corporation|1A25A:Compaq Computer Corporation|1FFEA:Compaq Computer Corporation|1A202:Compaq Computer Corporation|1A202:Compaq Computer Corporation|1FFEA:Hewlett-Packard Company|1A202:Hewlett-Packard Company
    Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

    OEM Activation 2.0 Data-->
    N/A
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    OK, if OTL and Combofix are freezing we try different tool:

    Please download the latest version of TDSSKiller from here:
    http://support.kaspersky.com/downloads/utils/tdsskiller.exe and save it to your Desktop.

    • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.


      [​IMG]

    • Put a checkmark beside loaded modules.


      [​IMG]

    • A reboot will be needed to apply the changes. Do it.
    • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
    • Then click on Change parameters in TDSSKiller.
    • Check all boxes then click OK.


      [​IMG]

    • Click the Start Scan button.


      [​IMG]

    • The scan will be quick.
    • If a suspicious object is detected, the default action will be Skip, click on Continue.


      [​IMG]

    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.


      [​IMG]

    • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
    • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Kevin....
     
  13. satbahadur

    satbahadur Thread Starter

    Joined:
    Jan 30, 2013
    Messages:
    57
    Hi Kevin
    I am deeply impressed by your immediate attention to my problem.

    As indicated I did the scan on TDSSKiller and have the log file at C:\ here I found 3 files namely
    · TDSSKiller.2.8.15.0_04.02.2013_13.57.30_log.txt
    · TDSSKiller.2.8.15.0_04.02.2013_13.47.45_log.txt
    · AdwCleaner[S1].txt
    The files seems large therefore I have attached them on this post the attachment did not allow me to attach one log file TDSSKiller.2.8.15.0_04.02.2013_13.57.30_log.txt therefore I have divided the file in 2 parts

    Now all log files are attached Thanks
    Satbahadur
     

    Attached Files:

  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    The logs from TDSSKiller show the presence of TDSS file system \Device\Harddisk0\DR0 ( TDSS File System ) but no presence of TDL3 or TDL4 infection.

    OK can you delete Combofix from your Desktop, d/l a fresh copy from here :- http://download.bleepingcomputer.com/sUBs/ComboFix.exe save to Desktop and run one more time, post log in reply...

    Kevin
     
  15. satbahadur

    satbahadur Thread Starter

    Joined:
    Jan 30, 2013
    Messages:
    57
    Hi Kevin
    Thi time Combofix worked perfectly; I sending Log file here and attaching aswell Thanks

    ComboFix Log File
    ------------------------------------
    ComboFix 13-02-03.03 - Dad 02/05/2013 6:50.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.568 [GMT -5:00]
    Running from: c:\documents and settings\Dad\Desktop\Cleaning\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Application Data\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
    c:\documents and settings\Dad\Recent\Desktop(2).ini
    c:\documents and settings\Dad\WINDOWS
    c:\documents and settings\Dad\WINDOWS\Sti_Trace.log
    c:\documents and settings\Dad\WINDOWS\win.ini
    c:\windows\explorer(2).exe
    c:\windows\system32\Cache
    c:\windows\system32\ctfmon(2).exe
    c:\windows\system32\linkinfo(2).dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_RKHIT
    -------\Legacy_TELEVISIONFANATICSERVICE
    -------\Service_RkHit
    -------\Service_xcpip
    -------\Service_xpsec
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-05 to 2013-02-05 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-04 18:42 . 2013-02-04 18:51 -------- d-----w- C:\TDSSKiller_Quarantine
    2013-02-04 14:11 . 2013-02-04 17:58 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
    2013-02-04 14:10 . 2013-02-04 14:10 -------- d-----w- c:\documents and settings\Dad\Local Settings\Application Data\SlimWare Utilities Inc
    2013-02-04 05:21 . 2013-02-04 05:21 -------- d-----w- C:\_OTL
    2013-02-04 05:07 . 2013-02-04 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2013-02-02 23:36 . 2013-02-02 23:36 -------- d-----w- c:\documents and settings\Dad\Local Settings\Application Data\Deployment
    2013-02-02 22:17 . 2013-02-02 22:17 -------- d-----w- c:\documents and settings\Dad\Application Data\Malwarebytes
    2013-02-02 22:16 . 2013-02-02 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2013-02-02 22:16 . 2013-02-02 22:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-02-02 22:16 . 2012-12-14 21:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-02-02 17:54 . 2013-01-17 06:28 232336 ------w- c:\windows\system32\MpSigStub.exe
    2013-02-02 17:48 . 2013-02-02 17:48 -------- d-----w- c:\program files\Microsoft Download Manager
    2013-02-01 23:11 . 2013-02-01 23:11 -------- d-----w- c:\program files\SystemRequirementsLab
    2013-02-01 20:45 . 2013-02-01 20:46 -------- d-----w- C:\rsit
    2013-01-31 14:00 . 2001-08-23 12:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
    2013-01-31 13:59 . 2013-01-31 14:01 -------- d-----w- C:\Inetpub
    2013-01-31 13:41 . 2001-08-23 12:00 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
    2013-01-31 13:41 . 2001-08-23 12:00 18944 ----a-w- c:\windows\system32\simptcp.dll
    2013-01-31 11:43 . 2013-01-31 12:18 -------- d-----w- c:\documents and settings\Dad\Application Data\Vtools
    2013-01-30 17:44 . 2006-12-29 05:31 19569 ----a-w- c:\windows\000001_.tmp
    2013-01-30 12:47 . 2009-01-25 17:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
    2013-01-30 12:47 . 2013-01-30 12:48 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
    2013-01-21 01:47 . 2013-01-21 01:47 -------- d-----w- c:\program files\MSECache
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-17 04:56 . 2012-09-20 18:12 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-17 04:56 . 2011-09-09 14:05 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-02 23:13 . 2012-12-02 23:14 95744 -c--a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
    2012-12-02 23:13 . 2012-12-02 23:14 76544 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
    2012-12-02 23:13 . 2012-12-02 23:14 67584 -c--a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
    2012-12-02 23:13 . 2012-12-02 23:14 28672 -c--a-w- c:\windows\system32\drivers\usbccid.sys
    2012-12-02 23:13 . 2012-12-02 23:14 27520 -c--a-w- c:\windows\system32\drivers\ew_juextctrl.sys
    2012-12-02 23:13 . 2012-12-02 23:14 1112288 -c--a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
    2012-12-02 23:13 . 2012-12-02 23:14 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
    2012-12-02 23:13 . 2012-12-02 23:14 861696 -c--a-w- c:\windows\system32\drivers\mod7700.sys
    2012-12-02 23:13 . 2012-12-02 23:14 25856 -c--a-w- c:\windows\system32\drivers\ewdcsc.sys
    2012-12-02 23:13 . 2012-12-02 23:14 245376 -c--a-w- c:\windows\system32\drivers\ewusbnet.sys
    2012-12-02 23:13 . 2012-12-02 23:14 199168 -c--a-w- c:\windows\system32\drivers\ewusbmdm.sys
    2012-12-02 23:13 . 2012-12-02 23:14 19200 -c--a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
    2012-12-02 23:13 . 2012-12-02 23:14 11136 -c--a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
    2012-12-02 23:13 . 2012-12-02 23:14 102784 -c--a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
    2012-11-13 01:25 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
    backup=c:\windows\pss\Event Reminder.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedyComputer
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TelevisionFanatic Browser Plugin Loader
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TelevisionFanatic Search Scope Monitor
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
    "c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
    "c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
    "c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
    "3540:UDP"= 3540:UDP:peer Name Resolution Protocol (PNRP)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    .
    R1 RapportCerberus_43926;RapportCerberus_43926;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys [10/30/2012 5:32 AM 272216]
    R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [9/7/2012 10:07 AM 71480]
    R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [9/7/2012 10:07 AM 166840]
    R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/4/2004 7:00 AM 14336]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2/2/2013 5:16 PM 398184]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/2/2013 5:16 PM 682344]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [9/7/2012 10:07 AM 976728]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [1/30/2013 7:47 AM 1103392]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1/30/2013 7:47 AM 1369624]
    R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [12/2/2012 6:14 PM 76544]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/2/2013 5:16 PM 21104]
    R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys [5/30/2012 2:02 AM 21520]
    S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/03/25 22:35]; [x]
    S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [1/30/2013 7:47 AM 168384]
    S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 10:08 AM 11336]
    S3 cpuz134;cpuz134; [x]
    S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [9/7/2012 10:07 AM 65848]
    S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2/4/2013 9:11 AM 13024]
    S3 u302bus;HSPADataCard WMC Bus Driver (WDM);c:\windows\system32\DRIVERS\u302bus.sys --> c:\windows\system32\DRIVERS\u302bus.sys [?]
    S3 u302mdfl;HSPADataCard Modem Filter;c:\windows\system32\DRIVERS\u302mdfl.sys --> c:\windows\system32\DRIVERS\u302mdfl.sys [?]
    S3 u302mdm;HSPADataCard Modem Driver;c:\windows\system32\DRIVERS\u302mdm.sys --> c:\windows\system32\DRIVERS\u302mdm.sys [?]
    S3 u302mgmt;HSPADataCard USB Device Management Drivers (WDM);c:\windows\system32\DRIVERS\u302mgmt.sys --> c:\windows\system32\DRIVERS\u302mgmt.sys [?]
    S4 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe [3/14/2011 10:27 AM 271712]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-05 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 04:56]
    .
    2013-01-30 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-01-30 19:08]
    .
    2013-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-05 16:02]
    .
    2013-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-05 16:02]
    .
    2013-01-30 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-01-30 19:07]
    .
    2013-01-30 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-01-30 19:07]
    .
    2013-02-05 c:\windows\Tasks\User_Feed_Synchronization-{30B0C8CA-0968-48BE-8B86-A453A4D8BE23}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchAssistant =
    TCP: DhcpNameServer = 192.168.2.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{5BFEFF94-6411-4B74-A947-4969134B24DE} - (no file)
    SafeBoot-28466839.sys
    SafeBoot-54088132.sys
    AddRemove-Yahoo! Toolbar - c:\progra~1\Yahoo!\Common\UNYT_W~1.EXE
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-02-05 07:09
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1715567821-854245398-49474851-1004\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(2788)
    c:\windows\system32\WININET.dll
    c:\program files\Trusteer\Rapport\bin\rooksbas.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\netdde.exe
    c:\windows\system32\inetsrv\inetinfo.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\tcpsvcs.exe
    c:\windows\System32\snmp.exe
    c:\program files\Analog Devices\SoundMAX\SMAgent.exe
    .
    **************************************************************************
    .
    Completion time: 2013-02-05 07:16:12 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-02-05 12:16
    .
    Pre-Run: 14,537,658,368 bytes free
    Post-Run: 14,617,059,328 bytes free
    .
    - - End Of File - - EFE9E0AE6EDB5DD0FD82F1805B757BAB
    ----------------------------------------------------------------End of File

    Attached ComboFix.txt

    Satbahadur
     

    Attached Files:

  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1087822

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice