Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Affected with W32.gaobot.worm.gen.u [Solved]

Started by bengaluru , Sep 20 2009 08:09 PM

  • This topic is locked This topic is locked

#31
bengaluru
Posted 03 October 2009 - 02:15 PM

bengaluru

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
Hi Tweene,

Here is the OTS Log 


OTS logfile created on: 03/10/2009 2:08:31 PM - Run 3
OTS by OldTimer - Version 3.0.20.0	 Folder = C:\Users\Nidhi\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16890)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
1013.57 Mb Total Physical Memory | 438.32 Mb Available Physical Memory | 43.25% Memory free
2.22 Gb Paging File | 1.12 Gb Available in Paging File | 50.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.18 Gb Total Space | 51.23 Gb Free Space | 51.66% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.32 Gb Free Space | 63.22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NIDHIPC
Current User Name: Nidhi
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
apmsgfwd.exe -> C:\Program Files\DellTPad\ApMsgFwd.exe -> [2007/04/18 00:48:18 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.)
apntex.exe -> C:\Program Files\DellTPad\Apntex.exe -> [2006/09/08 19:06:08 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.)
apoint.exe -> C:\Program Files\DellTPad\Apoint.exe -> [2007/04/17 23:31:58 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.)
avgnsx.exe -> C:\Program Files\AVG\AVG8\avgnsx.exe -> [2009/09/23 18:28:54 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsx.exe -> C:\Program Files\AVG\AVG8\avgrsx.exe -> [2009/09/23 18:28:54 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgtray.exe -> C:\Program Files\AVG\AVG8\avgtray.exe -> [2009/09/23 18:28:32 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/09/23 18:28:17 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
dlg.exe -> C:\Program Files\Digital Line Detect\DLG.exe -> [2006/11/03 19:02:14 | 00,050,688 | ---- | M] (Avanquest Software )
ehmsas.exe -> C:\Windows\ehome\ehmsas.exe -> [2006/11/02 08:35:32 | 00,037,376 | ---- | M] (Microsoft Corporation)
ehtray.exe -> C:\Windows\ehome\ehtray.exe -> [2006/11/02 08:35:32 | 00,125,440 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\Windows\Explorer.EXE -> [2008/10/29 02:20:29 | 02,923,520 | ---- | M] (Microsoft Corporation)
fsssvc.exe -> C:\Program Files\Windows Live\Family Safety\fsssvc.exe -> [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation)
fsui.exe -> C:\Program Files\Windows Live\Family Safety\fsui.exe -> [2009/02/06 18:08:58 | 00,454,000 | ---- | M] (Microsoft Corporation)
googledesktop.exe -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -> [2008/08/02 12:24:15 | 00,029,744 | ---- | M] (Google)
googledesktop.exe -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -> [2008/08/02 12:24:15 | 00,029,744 | ---- | M] (Google)
googleupdate.exe -> C:\Users\Nidhi\AppData\Local\Google\Update\GoogleUpdate.exe -> [2008/09/04 21:48:26 | 00,133,104 | ---- | M] (Google Inc.)
hidfind.exe -> C:\Program Files\DellTPad\HidFind.exe -> [2006/09/08 19:10:22 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.)
hkcmd.exe -> C:\Windows\System32\hkcmd.exe -> [2007/05/16 00:53:24 | 00,154,392 | ---- | M] (Intel Corporation)
igfxpers.exe -> C:\Windows\System32\igfxpers.exe -> [2007/05/16 00:53:28 | 00,133,912 | ---- | M] (Intel Corporation)
igfxsrvc.exe -> C:\Windows\System32\igfxsrvc.exe -> [2007/05/16 00:53:30 | 00,252,696 | ---- | M] (Intel Corporation)
ipodservice.exe -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.)
issch.exe -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> [2006/10/03 12:37:04 | 00,081,920 | ---- | M] (Macrovision Corporation)
ituneshelper.exe -> C:\Program Files\iTunes\iTunesHelper.exe -> [2009/06/05 13:39:22 | 00,292,136 | ---- | M] (Apple Inc.)
mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
msascui.exe -> C:\Program Files\Windows Defender\MSASCui.exe -> [2007/08/24 01:17:20 | 01,006,264 | ---- | M] (Microsoft Corporation)
msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
ots.exe -> C:\Users\Nidhi\Desktop\OTS.exe -> [2009/10/02 22:37:03 | 00,519,168 | ---- | M] (OldTimer Tools)
pcmservice.exe -> C:\Program Files\Dell\MediaDirect\PCMService.exe -> [2007/04/16 17:10:26 | 00,184,320 | ---- | M] (CyberLink Corp.)
quickset.exe -> C:\Program Files\Dell\QuickSet\quickset.exe -> [2007/02/20 14:01:12 | 01,125,088 | ---- | M] (Dell Inc)
roxwatch9.exe -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> [2006/11/05 12:13:00 | 00,159,744 | ---- | M] (Sonic Solutions)
sdwinsec.exe -> C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -> [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.)
stacsv.exe -> C:\Windows\System32\STacSV.exe -> [2007/06/25 01:17:00 | 00,094,208 | ---- | M] (SigmaTel, Inc.)
sttray.exe -> C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe -> [2007/06/25 01:17:04 | 00,405,504 | ---- | M] (SigmaTel, Inc.)
teatimer.exe -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -> [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.)
wmiprvse.exe -> C:\Windows\System32\wbem\wmiprvse.exe -> [2009/03/02 21:59:26 | 00,247,296 | ---- | M] (Microsoft Corporation)
xaudio.exe -> C:\Windows\System32\DRIVERS\xaudio.exe -> [2006/08/04 20:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.)
yahooauservice.exe -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 16:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.)
ymsgr_tray.exe -> C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe -> [2009/05/26 21:06:32 | 00,079,088 | ---- | M] (Yahoo! Inc.)
 
[Win32 Services - Safe List]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.)
(avg8wd) AVG Free8 WatchDog [Win32_Own | Auto | Running] -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/09/23 18:28:17 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/27 14:00:25 | 00,069,632 | ---- | M] (Microsoft Corporation)
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> C:\Program Files\DellSupport\brkrsvc.exe -> [2007/03/19 13:44:44 | 00,070,656 | ---- | M] ()
(ehRecvr) Windows Media Center Receiver Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehRecvr.exe -> [2007/08/24 01:15:46 | 00,291,840 | ---- | M] (Microsoft Corporation)
(ehSched) Windows Media Center Scheduler Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehsched.exe -> [2006/11/02 08:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation)
(ehstart) Windows Media Center Service Launcher [Win32_Shared | Auto | Stopped] -> C:\Windows\ehome\ehstart.dll -> [2006/11/02 08:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation)
(Eventlog) Windows Event Log [Win32_Shared | Auto | Running] -> C:\Windows\System32\wevtsvc.dll -> [2006/11/02 05:46:13 | 00,989,696 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -> [2008/06/19 21:18:04 | 00,046,104 | ---- | M] (Microsoft Corporation)
(fsssvc) Windows Live Family Safety [Win32_Own | Auto | Running] -> C:\Program Files\Windows Live\Family Safety\fsssvc.exe -> [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation)
(GoogleDesktopManager-061008-081103) Google Desktop Manager 5.7.806.10245 [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -> [2008/08/02 12:24:15 | 00,029,744 | ---- | M] (Google)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2008/06/19 21:17:49 | 00,881,664 | ---- | M] (Microsoft Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2008/06/19 21:17:50 | 00,132,096 | ---- | M] (Microsoft Corporation)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> [2006/11/05 12:15:12 | 00,880,640 | ---- | M] (Sonic Solutions)
(RoxWatch9) Roxio Hard Drive Watcher 9 [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> [2006/11/05 12:13:00 | 00,159,744 | ---- | M] (Sonic Solutions)
(SBSDWSCService) SBSD Security Center Service [Win32_Own | Auto | Running] -> C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -> [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.)
(STacSV) SigmaTel Audio Service [Win32_Own | Auto | Running] -> C:\Windows\System32\STacSV.exe -> [2007/06/25 01:17:00 | 00,094,208 | ---- | M] (SigmaTel, Inc.)
(stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -> [2006/09/14 15:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.)
(WinDefend) Windows Defender [Win32_Shared | Auto | Running] -> C:\Program Files\Windows Defender\mpsvc.dll -> [2007/08/24 01:17:20 | 00,265,912 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2006/11/02 08:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation)
(XAudioService) XAudioService [Win32_Own | Auto | Running] -> C:\Windows\System32\DRIVERS\xaudio.exe -> [2006/08/04 20:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.)
(YahooAUService) Yahoo! Updater [Win32_Own | Auto | Running] -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 16:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.)
 
[Driver Services - Safe List]
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2006/11/02 05:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.)
(adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2006/11/02 05:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.)
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.)
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2006/11/02 05:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.)
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006/11/02 05:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.)
(aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2007/08/24 01:16:26 | 00,017,592 | ---- | M] (Acer Laboratories Inc.)
(ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP/Vista [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\Apfiltr.sys -> [2007/04/12 20:02:56 | 00,157,184 | ---- | M] (Alps Electric Co., Ltd.)
(arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2006/11/02 05:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.)
(arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2006/11/02 05:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.)
(AvgLdx86) AVG Free AVI Loader Driver x86 [Kernel | System | Running] -> C:\Windows\System32\Drivers\avgldx86.sys -> [2009/09/23 18:33:36 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> C:\Windows\System32\Drivers\avgmfx86.sys -> [2009/09/23 18:33:29 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgTdiX) AVG Free8 Network Redirector [Kernel | System | Running] -> C:\Windows\System32\Drivers\avgtdix.sys -> [2009/09/23 18:33:52 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\bcm4sbxp.sys -> [2006/11/21 08:25:44 | 00,045,568 | ---- | M] (Broadcom Corporation)
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006/11/02 04:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.)
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006/11/02 04:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.)
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006/11/02 04:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.)
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006/11/02 04:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.)
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006/11/02 04:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.)
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006/11/02 04:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.)
(cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2007/08/24 01:16:26 | 00,019,128 | ---- | M] (CMD Technology, Inc.)
(DSproct) DSproct [Kernel | On_Demand | Stopped] -> C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -> [2006/10/05 18:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.)
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> C:\Windows\System32\DRIVERS\dsunidrv.sys -> [2007/02/25 13:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.)
(e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\e1e6032.sys -> [2006/11/02 03:30:55 | 00,200,704 | ---- | M] (Intel Corporation)
(E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\E1G60I32.sys -> [2006/11/02 03:30:54 | 00,117,760 | ---- | M] (Intel Corporation)
(elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2006/11/02 05:51:34 | 00,316,520 | ---- | M] (Emulex)
(fssfltr) fssfltr [Kernel | Auto | Running] -> C:\Windows\System32\DRIVERS\fssfltr.sys -> [2009/02/06 18:08:52 | 00,055,280 | ---- | M] (Microsoft Corporation)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\Drivers\GEARAspiWDM.sys -> [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.)
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2006/11/02 05:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\HSX_DPV.sys -> [2006/11/02 22:43:30 | 00,986,624 | ---- | M] (Conexant Systems, Inc.)
(HSXHWAZL) HSXHWAZL [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\HSXHWAZL.sys -> [2006/11/02 22:42:18 | 00,206,848 | ---- | M] (Conexant Systems, Inc.)
(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\system32\drivers\iastor.sys -> [2007/02/12 17:36:54 | 00,277,784 | ---- | M] (Intel Corporation)
(iaStorV) Intel RAID Controller Vista [Kernel | Boot | Running] -> C:\Windows\system32\drivers\iastorv.sys -> [2006/11/02 05:51:25 | 00,232,040 | ---- | M] (Intel Corporation)
(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\igdkmd32.sys -> [2007/05/16 00:53:24 | 01,674,240 | ---- | M] (Intel Corporation)
(iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006/11/02 05:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH)
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006/11/02 05:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006/11/02 05:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2006/11/02 05:50:04 | 00,065,640 | ---- | M] (LSI Logic)
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2006/11/02 05:50:05 | 00,065,640 | ---- | M] (LSI Logic)
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2006/11/02 05:50:10 | 00,065,640 | ---- | M] (LSI Logic)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\Windows\System32\DRIVERS\mdmxsdk.sys -> [2006/06/19 17:26:58 | 00,012,672 | ---- | M] (Conexant)
(megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2006/11/02 05:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation)
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006/11/02 05:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation)
(NETw4v32) Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\NETw4v32.sys -> [2007/02/25 10:14:00 | 02,216,448 | ---- | M] (Intel Corporation)
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006/11/02 05:50:19 | 00,045,160 | ---- | M] (IBM Corporation)
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006/11/02 03:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies)
(nvraid) nvraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2006/11/02 05:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation)
(nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvstor.sys -> [2006/11/02 05:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\PxHelp20.sys -> [2006/07/24 04:00:00 | 00,036,528 | ---- | M] (Sonic Solutions)
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2006/11/02 05:51:45 | 00,900,712 | ---- | M] (QLogic Corporation)
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006/11/02 05:50:35 | 00,106,088 | ---- | M] (QLogic Corporation)
(R300) R300 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\atikmdag.sys -> [2006/11/02 03:36:43 | 02,028,032 | ---- | M] (ATI Technologies Inc.)
(rimmptsk) rimmptsk [Kernel | Auto | Running] -> C:\Windows\System32\DRIVERS\rimmptsk.sys -> [2006/11/27 03:48:44 | 00,032,256 | ---- | M] (REDC)
(rimsptsk) rimsptsk [Kernel | Auto | Running] -> C:\Windows\System32\DRIVERS\rimsptsk.sys -> [2006/11/27 03:48:44 | 00,043,520 | ---- | M] (REDC)
(rismxdp) Ricoh xD-Picture Card Driver [Kernel | Auto | Running] -> C:\Windows\System32\DRIVERS\rixdptsk.sys -> [2006/11/27 03:48:46 | 00,037,376 | ---- | M] (REDC)
(RMCAST) RMCAST (Pgm) Protocol Driver [Kernel | Auto | Running] -> C:\Windows\System32\DRIVERS\RMCAST.sys -> [2008/05/09 21:21:06 | 00,113,664 | ---- | M] (Microsoft Corporation)
(s115bus) Sony Ericsson Device 115 driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\s115bus.sys -> [2007/04/23 13:54:46 | 00,083,208 | ---- | M] (MCCI Corporation)
(s115mdfl) Sony Ericsson Device 115 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\s115mdfl.sys -> [2007/04/23 13:54:48 | 00,015,112 | ---- | M] (MCCI Corporation)
(s115mdm) Sony Ericsson Device 115 USB WMC Modem Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\s115mdm.sys -> [2007/04/23 13:54:48 | 00,108,680 | ---- | M] (MCCI Corporation)
(s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\s115mgmt.sys -> [2007/04/23 13:54:50 | 00,100,488 | ---- | M] (MCCI Corporation)
(s115obex) Sony Ericsson Device 115 USB WMC OBEX Interface [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\s115obex.sys -> [2007/04/23 13:54:50 | 00,098,568 | ---- | M] (MCCI Corporation)
(secdrv) Security Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\secdrv.sys -> [2006/11/02 02:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid2.sys -> [2006/11/02 05:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.)
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2006/11/02 05:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems)
(sonyhcb) Sony Digital Imaging Base [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\sonyhcb.sys -> [2001/11/05 09:23:14 | 00,006,097 | ---- | M] (Sony Corporation)
(sonyhcs) Sony Digital Imaging Video [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\sonyhcs.sys -> [2001/11/05 09:23:52 | 00,299,923 | ---- | M] (Sony Corporation)
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\stwrt.sys -> [2007/06/25 01:17:04 | 00,326,656 | ---- | M] (SigmaTel, Inc.)
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006/11/02 05:50:05 | 00,035,944 | ---- | M] (LSI Logic)
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006/11/02 05:49:56 | 00,031,848 | ---- | M] (LSI Logic)
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006/11/02 05:50:03 | 00,034,920 | ---- | M] (LSI Logic)
(uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2006/11/02 05:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.)
(UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.)
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2006/11/02 05:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.)
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\Drivers\usbaapl.sys -> [2009/06/05 11:42:38 | 00,039,424 | ---- | M] (Apple, Inc.)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\usbaudio.sys -> [2006/11/02 04:55:04 | 00,071,552 | ---- | M] (Microsoft Corporation)
(viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2007/08/24 01:16:26 | 00,020,152 | ---- | M] (VIA Technologies, Inc.)
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2006/11/02 05:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd)
(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\HSX_CNXT.sys -> [2006/11/02 22:42:08 | 00,659,968 | ---- | M] (Conexant Systems, Inc.)
(XAudio) XAudio [Kernel | Auto | Running] -> C:\Windows\System32\DRIVERS\xaudio.sys -> [2006/08/04 20:39:10 | 00,008,192 | ---- | M] (Conexant Systems, Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Default_Secondary_Page_URL" -> [Binary data over 100 bytes] -> 
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\Windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://discoverbangalore.com/ -> 
HKEY_CURRENT_USER\: Main\\"StartPageCache" -> 1 -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/08/09 03:02:25 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> C:\PROGRAM FILES\AVG\AVG8\FIREFOX [C:\PROGRAM FILES\AVG\AVG8\FIREFOX] -> [2009/09/23 18:28:10 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\avg@igeared -> C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED [C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED] -> [2009/09/23 18:29:45 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
< HOSTS File > (27 bytes and 1 lines) -> C:\Windows\System32\drivers\etc\Hosts -> 
Reset Hosts
127.0.0.1	   localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [&Yahoo! Toolbar Helper] -> [2009/07/30 22:44:14 | 00,909,040 | ---- | M] (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 04:16:42 | 00,059,032 | ---- | M] (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2009/09/23 18:29:03 | 01,111,320 | ---- | M] (AVG Technologies CZ, s.r.o.)
{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} [HKLM] -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [Windows Live Family Safety Browser Helper Class] -> [2009/02/06 18:08:44 | 00,061,808 | ---- | M] (Microsoft Corporation)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> [2008/06/10 04:27:02 | 00,509,328 | ---- | M] (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/02/17 17:11:04 | 00,408,440 | ---- | M] (Microsoft Corporation)
{A3BC75A2-1F87-4686-AA43-5347D756017C} [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/07/24 09:55:58 | 01,090,816 | ---- | M] ()
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> c:\program files\google\googletoolbar1.dll [Google Toolbar Helper] -> [2007/08/23 17:54:07 | 02,193,280 | R--- | M] (Google Inc.)
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKLM] -> C:\Program Files\BAE\BAE.dll [CBrowserHelperObject Object] -> [2007/03/16 06:20:26 | 00,098,304 | ---- | M] (Dell Inc.)
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} [HKLM] -> C:\Program Files\Free Download Manager\iefdm2.dll [FDMIECookiesBHO Class] -> [2008/06/18 07:56:52 | 00,094,208 | ---- | M] ()
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [SingleInstance Class] -> [2009/07/30 22:44:02 | 00,159,472 | ---- | M] (Yahoo! Inc)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> c:\program files\google\googletoolbar1.dll [&Google] -> [2007/08/23 17:54:07 | 02,193,280 | R--- | M] (Google Inc.)
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009/07/24 09:55:58 | 01,090,816 | ---- | M] ()
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2009/07/30 22:44:14 | 00,909,040 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> c:\program files\google\googletoolbar1.dll [&Google] -> [2007/08/23 17:54:07 | 02,193,280 | R--- | M] (Google Inc.)
WebBrowser\\"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009/07/24 09:55:58 | 01,090,816 | ---- | M] ()
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Apoint" -> C:\Program Files\DellTPad\Apoint.exe [C:\Program Files\DellTPad\Apoint.exe] -> [2007/04/17 23:31:58 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.)
"AVG8_TRAY" -> C:\Program Files\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> [2009/09/23 18:28:32 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.)
"dscactivate" -> C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ["C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"] -> [2007/11/15 09:24:00 | 00,016,384 | ---- | M] ( )
"ECenter" -> c:\dell\E-Center\EULALauncher.exe [c:\dell\E-Center\EULALauncher.exe] -> [2007/03/16 06:20:42 | 00,017,920 | ---- | M] ( )
"fssui" -> C:\Program Files\Windows Live\Family Safety\fsui.exe ["C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun] -> [2009/02/06 18:08:58 | 00,454,000 | ---- | M] (Microsoft Corporation)
"Google Desktop Search" -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> [2008/08/02 12:24:15 | 00,029,744 | ---- | M] (Google)
"HotKeysCmds" -> C:\Windows\System32\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> [2007/05/16 00:53:24 | 00,154,392 | ---- | M] (Intel Corporation)
"IgfxTray" -> C:\Windows\System32\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> [2007/05/16 00:53:32 | 00,138,008 | ---- | M] (Intel Corporation)
"ISUSPM Startup" -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> [2006/10/03 12:35:42 | 00,221,184 | ---- | M] (Macrovision Corporation)
"ISUSScheduler" -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2006/10/03 12:37:04 | 00,081,920 | ---- | M] (Macrovision Corporation)
"iTunesHelper" -> C:\Program Files\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2009/06/05 13:39:22 | 00,292,136 | ---- | M] (Apple Inc.)
"Malwarebytes Anti-Malware (reboot)" -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2009/09/10 14:53:56 | 01,312,080 | ---- | M] (Malwarebytes Corporation)
"Microsoft Works Portfolio" -> C:\Program Files\Microsoft Works\WksSb.exe [C:\Program Files\Microsoft Works\WksSb.exe /AllUsers] -> [2006/06/05 05:20:22 | 00,749,568 | ---- | M] (Microsoft® Corporation)
"Microsoft Works Update Detection" -> C:\Program Files\Microsoft Works\WkDetect.exe [C:\Program Files\Microsoft Works\WkDetect.exe] -> [2000/08/08 16:00:00 | 00,028,739 | ---- | M] (Microsoft® Corporation)
"PCMService" -> C:\Program Files\Dell\MediaDirect\PCMService.exe ["C:\Program Files\Dell\MediaDirect\PCMService.exe"] -> [2007/04/16 17:10:26 | 00,184,320 | ---- | M] (CyberLink Corp.)
"Persistence" -> C:\Windows\System32\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> [2007/05/16 00:53:28 | 00,133,912 | ---- | M] (Intel Corporation)
"QuickTime Task" -> C:\Program Files\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2009/05/26 17:18:30 | 00,413,696 | ---- | M] (Apple Inc.)
"SigmatelSysTrayApp" -> C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe] -> [2007/06/25 01:17:04 | 00,405,504 | ---- | M] (SigmaTel, Inc.)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2007/08/24 01:17:20 | 01,006,264 | ---- | M] (Microsoft Corporation)
"WorksFUD" -> C:\Program Files\Microsoft Works\wkfud.exe [C:\Program Files\Microsoft Works\wkfud.exe] -> [2000/08/08 16:00:00 | 00,024,576 | ---- | M] (Microsoft® Corporation)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"CollaborationHost" -> C:\Windows\System32\p2phost.exe [C:\Windows\system32\p2phost.exe -s] -> [2006/11/02 08:35:38 | 00,191,488 | ---- | M] (Microsoft Corporation)
"ehTray.exe" -> C:\Windows\ehome\ehTray.exe [C:\Windows\ehome\ehTray.exe] -> [2006/11/02 08:35:32 | 00,125,440 | ---- | M] (Microsoft Corporation)
"Google Update" -> C:\Users\Nidhi\AppData\Local\Google\Update\GoogleUpdate.exe ["C:\Users\Nidhi\AppData\Local\Google\Update\GoogleUpdate.exe" /c] -> [2008/09/04 21:48:26 | 00,133,104 | ---- | M] (Google Inc.)
"googletalk" -> C:\Users\Nidhi\AppData\Roaming\Google\Google Talk\googletalk.exe [C:\Users\Nidhi\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart] -> [2007/01/01 17:22:02 | 03,739,648 | ---- | M] (Google)
"Messenger (Yahoo!)" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> [2009/05/26 21:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.)
"MsnMsgr" -> C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe ["C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"SpybotSD TeaTimer" -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.)
"WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2006/11/02 08:34:50 | 02,159,104 | ---- | M] (Microsoft Corporation)
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [2] -> File not found
\\"ConsentPromptBehaviorUser" ->  [1] -> File not found
\\"EnableInstallerDetection" ->  [1] -> File not found
\\"EnableLUA" ->  [1] -> File not found
\\"EnableSecureUIAPaths" ->  [1] -> File not found
\\"EnableVirtualization" ->  [1] -> File not found
\\"PromptOnSecureDesktop" ->  [1] -> File not found
\\"ValidateAdminCodeSignatures" ->  [0] -> File not found
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"scforceoption" ->  [0] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"FilterAdministratorToken" ->  [0] -> File not found
\\"DisableRegistryTools" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
\UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" ->  [1] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" ->  [2] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" ->  [7] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIB" ->  [8] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" ->  [9] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" ->  [13] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" ->  [17] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll [Menu: Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search && Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab [Java Plug-in 1.6.0] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
CabBuilder [HKLM] -> http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.0.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{7B7F40DA-D114-489E-BC1C-E555E56B63ED}\\DhcpNameServer -> 192.168.0.1   (Intel(R) PRO/Wireless 3945ABG Network Connection) -> 
{B6C4DF43-D66F-41E8-A6C2-95CA1AAE070B}\\DhcpNameServer -> 163.244.112.71 10.101.101.100 163.244.101.69 163.244.100.254 163.244.112.254 10.101.101.254   (Broadcom 440x 10/100 Integrated Controller) -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [2008/08/02 12:24:16 | 00,113,664 | ---- | M] (Google)
C:\Windows\System32\avgrsstx.dll -> C:\Windows\System32\avgrsstx.dll -> [2009/09/23 18:33:53 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\Windows\explorer.exe -> [2008/10/29 02:20:29 | 02,923,520 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> C:\Windows\System32\igfxdev.dll -> [2007/05/16 00:53:26 | 00,204,800 | ---- | M] (Intel Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> Reg Error: Key error. [] -> File not found
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2006/09/18 17:43:36 | 00,000,024 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> File not found
exefile [open] -> "%1" %* -> File not found
 
 
[Files/Folders - Created Within 30 Days]
ProgramData -> C:\ProgramData -> [2009/10/01 20:17:07 | 00,000,000 | ---D | M]
Adobe -> C:\ProgramData\Adobe -> [2009/10/01 20:17:07 | 00,000,000 | ---D | M]
AVG Security Toolbar -> C:\ProgramData\AVG Security Toolbar -> [2009/09/23 18:29:46 | 00,000,000 | ---D | M]
avg8 -> C:\ProgramData\avg8 -> [2009/09/23 18:52:04 | 00,000,000 | ---D | M]
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2009/09/20 21:52:38 | 00,000,000 | ---D | M]
Microsoft -> C:\ProgramData\Microsoft -> [2009/09/20 12:44:47 | 00,000,000 | --SD | M]
Microsoft Help -> C:\ProgramData\Microsoft Help -> [2009/09/20 18:14:31 | 00,000,000 | ---D | M]
Spybot - Search & Destroy -> C:\ProgramData\Spybot - Search & Destroy -> [2009/09/28 18:42:20 | 00,000,000 | ---D | M]
Symantec -> C:\ProgramData\Symantec -> [2009/10/02 20:53:15 | 00,000,000 | ---D | M]
Yahoo! Companion -> C:\ProgramData\Yahoo! Companion -> [2009/09/20 18:14:33 | 00,000,000 | ---D | M]
Roaming -> C:\Users\Nidhi\AppData\Roaming -> [2009/09/23 17:55:23 | 00,000,000 | ---D | M]
AVG8 -> C:\Users\Nidhi\AppData\Roaming\AVG8 -> [2009/09/23 17:55:23 | 00,000,000 | ---D | M]
Malwarebytes -> C:\Users\Nidhi\AppData\Roaming\Malwarebytes -> [2009/09/20 21:52:47 | 00,000,000 | ---D | M]
Microsoft -> C:\Users\Nidhi\AppData\Roaming\Microsoft -> [2009/09/16 20:53:35 | 00,000,000 | --SD | M]
Mozilla -> C:\Users\Nidhi\AppData\Roaming\Mozilla -> [2009/09/23 20:06:13 | 00,000,000 | ---D | M]
Local -> C:\Users\Nidhi\AppData\Local -> [2009/10/01 19:47:38 | 00,000,000 | ---D | M]
MediaDirect -> C:\Users\Nidhi\AppData\Local\MediaDirect -> [2009/09/20 18:14:33 | 00,000,000 | ---D | M]
Microsoft -> C:\Users\Nidhi\AppData\Local\Microsoft -> [2009/09/16 20:53:35 | 00,000,000 | ---D | M]
Microsoft Help -> C:\Users\Nidhi\AppData\Local\Microsoft Help -> [2009/09/20 18:14:33 | 00,000,000 | ---D | M]
temp -> C:\Users\Nidhi\AppData\Local\temp -> [2009/10/03 14:07:49 | 00,000,000 | ---D | M]
Common Files -> C:\Program Files\Common Files -> [2009/10/01 19:32:19 | 00,000,000 | ---D | M]
Symantec Shared -> C:\Program Files\Common Files\Symantec Shared -> [2009/10/02 20:53:15 | 00,000,000 | ---D | M]
Program Files -> C:\Program Files -> [2009/10/02 22:00:20 | 00,000,000 | R--D | M]
AVG -> C:\Program Files\AVG -> [2009/09/23 18:28:07 | 00,000,000 | ---D | M]
Common Files -> C:\Program Files\Common Files -> [2009/10/01 19:32:19 | 00,000,000 | ---D | M]
Google -> C:\Program Files\Google -> [2009/09/20 18:14:29 | 00,000,000 | ---D | M]
HijackThis -> C:\Program Files\HijackThis -> [2009/09/20 14:37:10 | 00,000,000 | ---D | M]
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/10/02 22:00:30 | 00,000,000 | ---D | M]
Microsoft Silverlight -> C:\Program Files\Microsoft Silverlight -> [2009/09/20 18:14:30 | 00,000,000 | ---D | M]
Microsoft Works -> C:\Program Files\Microsoft Works -> [2009/09/20 18:14:31 | 00,000,000 | ---D | M]
Mozilla Firefox -> C:\Program Files\Mozilla Firefox -> [2009/09/23 20:06:19 | 00,000,000 | ---D | M]
Spybot - Search & Destroy -> C:\Program Files\Spybot - Search & Destroy -> [2009/09/24 16:01:09 | 00,000,000 | ---D | M]
Trend Micro -> C:\Program Files\Trend Micro -> [2009/09/20 11:07:02 | 00,000,000 | ---D | M]
Windows Mail -> C:\Program Files\Windows Mail -> [2009/09/20 18:14:31 | 00,000,000 | ---D | M]
OTS.exe -> C:\Users\Nidhi\Desktop\OTS.exe -> [2009/10/02 22:36:53 | 00,519,168 | ---- | C] (OldTimer Tools)
RootRepeal.exe -> C:\Users\Nidhi\Desktop\RootRepeal.exe -> [2009/10/02 22:27:50 | 00,472,064 | ---- | C] ( )
mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2009/10/02 22:00:22 | 00,038,224 | ---- | C] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2009/10/02 22:00:20 | 00,019,160 | ---- | C] (Malwarebytes Corporation)
mbam-setup.exe -> C:\Users\Nidhi\Desktop\mbam-setup.exe -> [2009/10/02 21:56:20 | 04,045,528 | ---- | C] (Malwarebytes Corporation									)
TFC.exe -> C:\Users\Nidhi\Desktop\TFC.exe -> [2009/10/02 21:19:23 | 00,271,872 | ---- | C] (OldTimer Tools)
Adobe -> C:\ProgramData\Adobe -> [2009/10/01 20:17:07 | 00,000,000 | ---D | C]
$RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2009/10/01 19:45:09 | 00,000,000 | -HSD | C]
temp -> C:\Windows\temp -> [2009/10/01 19:36:11 | 00,000,000 | ---D | C]
CF28910.exe -> C:\Windows\System32\CF28910.exe -> [2009/10/01 19:19:35 | 00,320,000 | ---- | C] (Microsoft Corporation)
Combo-Fix -> C:\Combo-Fix -> [2009/10/01 19:19:35 | 00,000,000 | ---D | C]
swsc.exe -> C:\Windows\System32\swsc.exe -> [2009/10/01 18:41:07 | 00,031,744 | ---- | C] (Microsoft Corporation)
SWREG.exe -> C:\Windows\SWREG.exe -> [2009/09/28 22:04:00 | 00,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> C:\Windows\SWSC.exe -> [2009/09/28 22:04:00 | 00,136,704 | ---- | C] (SteelWerX)
NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2009/09/28 22:04:00 | 00,031,232 | ---- | C] (NirSoft)
SWXCACLS.exe -> C:\Windows\SWXCACLS.exe -> [2009/09/28 22:03:59 | 00,212,480 | ---- | C] (SteelWerX)
Qoobox -> C:\Qoobox -> [2009/09/28 21:48:18 | 00,000,000 | ---D | C]
Avenger -> C:\Avenger -> [2009/09/28 18:45:18 | 00,000,000 | ---D | C]
Spybot - Search & Destroy -> C:\ProgramData\Spybot - Search & Destroy -> [2009/09/24 15:51:42 | 00,000,000 | ---D | C]
$AVG8.VAULT$ -> C:\$AVG8.VAULT$ -> [2009/09/23 18:38:43 | 00,000,000 | ---D | C]
avgrsstx.dll -> C:\Windows\System32\avgrsstx.dll -> [2009/09/23 18:33:53 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.)
avgtdix.sys -> C:\Windows\System32\drivers\avgtdix.sys -> [2009/09/23 18:33:52 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.)
avgldx86.sys -> C:\Windows\System32\drivers\avgldx86.sys -> [2009/09/23 18:33:36 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.)
avgmfx86.sys -> C:\Windows\System32\drivers\avgmfx86.sys -> [2009/09/23 18:33:29 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.)
Avg -> C:\Windows\System32\drivers\Avg -> [2009/09/23 18:29:53 | 00,000,000 | ---D | C]
AVG Security Toolbar -> C:\ProgramData\AVG Security Toolbar -> [2009/09/23 18:29:46 | 00,000,000 | ---D | C]
avg8 -> C:\ProgramData\avg8 -> [2009/09/23 18:28:03 | 00,000,000 | ---D | C]
avg_free_stb_all_8_32_cnet.exe -> C:\Users\Nidhi\Desktop\avg_free_stb_all_8_32_cnet.exe -> [2009/09/23 17:55:27 | 00,848,712 | ---- | C] (AVG Technologies)
mysetup.exe -> C:\Users\Nidhi\Desktop\mysetup.exe -> [2009/09/21 18:11:06 | 04,045,528 | ---- | C] (Malwarebytes Corporation									)
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2009/09/20 21:52:38 | 00,000,000 | ---D | C]
ERDNT -> C:\Windows\ERDNT -> [2009/09/20 21:49:20 | 00,000,000 | ---D | C]
HijackThis -> C:\HijackThis -> [2009/09/20 11:28:44 | 00,000,000 | ---D | C]
L2SecHC.dll -> C:\Windows\System32\L2SecHC.dll -> [2009/09/10 07:34:26 | 00,123,904 | ---- | C] (Microsoft Corporation)
wlansec.dll -> C:\Windows\System32\wlansec.dll -> [2009/09/10 07:34:25 | 00,297,984 | ---- | C] (Microsoft Corporation)
wlanmsm.dll -> C:\Windows\System32\wlanmsm.dll -> [2009/09/10 07:34:25 | 00,290,816 | ---- | C] (Microsoft Corporation)
wlansvc.dll -> C:\Windows\System32\wlansvc.dll -> [2009/09/10 07:34:24 | 00,502,272 | ---- | C] (Microsoft Corporation)
wlanhlp.dll -> C:\Windows\System32\wlanhlp.dll -> [2009/09/10 07:34:23 | 00,067,584 | ---- | C] (Microsoft Corporation)
wlanapi.dll -> C:\Windows\System32\wlanapi.dll -> [2009/09/10 07:34:23 | 00,047,104 | ---- | C] (Microsoft Corporation)
tcpip.sys -> C:\Windows\System32\drivers\tcpip.sys -> [2009/09/10 07:33:54 | 00,813,568 | ---- | C] (Microsoft Corporation)
netio.sys -> C:\Windows\System32\drivers\netio.sys -> [2009/09/10 07:33:53 | 00,213,592 | ---- | C] (Microsoft Corporation)
netiohlp.dll -> C:\Windows\System32\netiohlp.dll -> [2009/09/10 07:33:50 | 00,103,936 | ---- | C] (Microsoft Corporation)
tcpipcfg.dll -> C:\Windows\System32\tcpipcfg.dll -> [2009/09/10 07:33:47 | 00,167,424 | ---- | C] (Microsoft Corporation)
netiougc.exe -> C:\Windows\System32\netiougc.exe -> [2009/09/10 07:33:46 | 00,022,016 | ---- | C] (Microsoft Corporation)
ARP.EXE -> C:\Windows\System32\ARP.EXE -> [2009/09/10 07:33:46 | 00,019,968 | ---- | C] (Microsoft Corporation)
ROUTE.EXE -> C:\Windows\System32\ROUTE.EXE -> [2009/09/10 07:33:46 | 00,017,920 | ---- | C] (Microsoft Corporation)
MRINFO.EXE -> C:\Windows\System32\MRINFO.EXE -> [2009/09/10 07:33:46 | 00,011,264 | ---- | C] (Microsoft Corporation)
TCPSVCS.EXE -> C:\Windows\System32\TCPSVCS.EXE -> [2009/09/10 07:33:46 | 00,009,728 | ---- | C] (Microsoft Corporation)
NETSTAT.EXE -> C:\Windows\System32\NETSTAT.EXE -> [2009/09/10 07:33:45 | 00,027,136 | ---- | C] (Microsoft Corporation)
netevent.dll -> C:\Windows\System32\netevent.dll -> [2009/09/10 07:33:45 | 00,015,360 | ---- | C] (Microsoft Corporation)
finger.exe -> C:\Windows\System32\finger.exe -> [2009/09/10 07:33:45 | 00,010,240 | ---- | C] (Microsoft Corporation)
HOSTNAME.EXE -> C:\Windows\System32\HOSTNAME.EXE -> [2009/09/10 07:33:45 | 00,008,704 | ---- | C] (Microsoft Corporation)
WMVCORE.DLL -> C:\Windows\System32\WMVCORE.DLL -> [2009/09/10 07:28:54 | 02,433,536 | ---- | C] (Microsoft Corporation)
mf.dll -> C:\Windows\System32\mf.dll -> [2009/09/10 07:28:53 | 02,855,424 | ---- | C] (Microsoft Corporation)
mfps.dll -> C:\Windows\System32\mfps.dll -> [2009/09/10 07:28:51 | 00,098,816 | ---- | C] (Microsoft Corporation)
rrinstaller.exe -> C:\Windows\System32\rrinstaller.exe -> [2009/09/10 07:28:51 | 00,052,736 | ---- | C] (Microsoft Corporation)
mfpmp.exe -> C:\Windows\System32\mfpmp.exe -> [2009/09/10 07:28:51 | 00,024,576 | ---- | C] (Microsoft Corporation)
mferror.dll -> C:\Windows\System32\mferror.dll -> [2009/09/10 07:28:50 | 00,002,048 | ---- | C] (Microsoft Corporation)
jscript.dll -> C:\Windows\System32\jscript.dll -> [2009/09/10 07:24:27 | 00,512,000 | ---- | C] (Microsoft Corporation)
 
[Files/Folders - Modified Within 30 Days]
18 C:\Users\Nidhi\Documents\*.tmp files -> C:\Users\Nidhi\Documents\*.tmp -> 
ntuser.dat -> C:\Users\Nidhi\ntuser.dat -> [2009/10/03 14:19:03 | 03,932,160 | -HS- | M] ()
GoogleUpdateTaskUserS-1-5-21-2934146092-3137938891-3697879613-1000UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2934146092-3137938891-3697879613-1000UA.job -> [2009/10/03 14:16:04 | 00,000,908 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2009/10/03 14:01:00 | 00,003,456 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2009/10/03 14:01:00 | 00,003,456 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2009/10/03 13:59:06 | 00,067,584 | --S- | M] ()
incavi.avm -> C:\Windows\System32\drivers\Avg\incavi.avm -> [2009/10/03 10:03:47 | 42,223,851 | ---- | M] ()
OTS.exe -> C:\Users\Nidhi\Desktop\OTS.exe -> [2009/10/02 22:37:03 | 00,519,168 | ---- | M] (OldTimer Tools)
settings.dat -> C:\Users\Nidhi\Desktop\settings.dat -> [2009/10/02 22:31:23 | 00,000,000 | ---- | M] ()
RootRepeal.exe -> C:\Users\Nidhi\Desktop\RootRepeal.exe -> [2009/10/02 22:31:08 | 00,472,064 | ---- | M] ( )
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2009/10/02 22:19:34 | 00,000,006 | -H-- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/10/02 22:19:27 | 10,634,52672 | -HS- | M] ()
IconCache.db -> C:\Users\Nidhi\AppData\Local\IconCache.db -> [2009/10/02 22:18:06 | 04,195,236 | -H-- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/10/02 22:00:25 | 00,000,823 | ---- | M] ()
mbam-setup.exe -> C:\Users\Nidhi\Desktop\mbam-setup.exe -> [2009/10/02 21:58:16 | 04,045,528 | ---- | M] (Malwarebytes Corporation									)
TFC.exe -> C:\Users\Nidhi\Desktop\TFC.exe -> [2009/10/02 21:19:27 | 00,271,872 | ---- | M] (OldTimer Tools)
Inherit.exe -> C:\Users\Nidhi\Desktop\Inherit.exe -> [2009/10/02 21:09:53 | 00,085,504 | ---- | M] ()
microavi.avg -> C:\Windows\System32\drivers\Avg\microavi.avg -> [2009/10/02 17:38:49 | 00,004,566 | ---- | M] ()
Adobe Reader 7.0.lnk -> C:\Users\Public\Desktop\Adobe Reader 7.0.lnk -> [2009/10/01 20:17:32 | 00,001,903 | ---- | M] ()
Adobe Reader Speed Launch.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> [2009/10/01 20:17:31 | 00,001,926 | ---- | M] ()
AcRdB7_0_9.sta -> C:\Users\Public\Documents\AcRdB7_0_9.sta -> [2009/10/01 20:10:45 | 00,000,082 | ---- | M] ()
d3d9caps.dat -> C:\Users\Nidhi\AppData\Local\d3d9caps.dat -> [2009/10/01 19:47:38 | 00,000,680 | ---- | M] ()
system.ini -> C:\Windows\system.ini -> [2009/10/01 19:36:29 | 00,000,215 | ---- | M] ()
CF28910.exe -> C:\Windows\System32\CF28910.exe -> [2009/10/01 19:18:36 | 00,320,000 | ---- | M] (Microsoft Corporation)
Combo-Fix.exe -> C:\Users\Nidhi\Desktop\Combo-Fix.exe -> [2009/10/01 18:42:23 | 03,324,272 | R--- | M] ()
miniavi.avg -> C:\Windows\System32\drivers\Avg\miniavi.avg -> [2009/10/01 18:20:45 | 00,492,629 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Nidhi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/09/29 06:33:10 | 00,074,752 | ---- | M] ()
hosts -> C:\Windows\System32\drivers\etc\hosts -> [2009/09/28 22:28:15 | 00,000,027 | ---- | M] ()
Chapter 3 Bio Notes.docx -> C:\Users\Nidhi\Documents\Chapter 3 Bio Notes.docx -> [2009/09/26 17:23:03 | 00,015,170 | ---- | M] ()
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2009/09/26 14:42:50 | 00,623,972 | ---- | M] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2009/09/26 14:42:50 | 00,109,172 | ---- | M] ()
PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2009/09/26 14:42:49 | 00,716,948 | ---- | M] ()
Win32kDiag.exe -> C:\Users\Nidhi\Desktop\Win32kDiag.exe -> [2009/09/25 06:18:21 | 00,047,616 | ---- | M] ()
Spybot - Search & Destroy.lnk -> C:\Users\Nidhi\Desktop\Spybot - Search & Destroy.lnk -> [2009/09/24 15:51:58 | 00,001,060 | ---- | M] ()
MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2009/09/24 06:57:21 | 16,601,0143 | ---- | M] ()
reregisterie.cmd -> C:\Users\Nidhi\Documents\reregisterie.cmd -> [2009/09/23 19:39:04 | 00,002,306 | ---- | M] ()
AVG Free 8.5.lnk -> C:\Users\Public\Desktop\AVG Free 8.5.lnk -> [2009/09/23 18:34:01 | 00,001,652 | ---- | M] ()
avgrsstx.dll -> C:\Windows\System32\avgrsstx.dll -> [2009/09/23 18:33:53 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgtdix.sys -> C:\Windows\System32\drivers\avgtdix.sys -> [2009/09/23 18:33:52 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgldx86.sys -> C:\Windows\System32\drivers\avgldx86.sys -> [2009/09/23 18:33:36 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgmfx86.sys -> C:\Windows\System32\drivers\avgmfx86.sys -> [2009/09/23 18:33:29 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.)
avi7.avg -> C:\Windows\System32\drivers\Avg\avi7.avg -> [2009/09/23 18:30:27 | 06,061,540 | ---- | M] ()
avg_free_stb_all_8_32_cnet.exe -> C:\Users\Nidhi\Desktop\avg_free_stb_all_8_32_cnet.exe -> [2009/09/23 17:54:56 | 00,848,712 | ---- | M] (AVG Technologies)
Safari.lnk -> C:\Users\Public\Desktop\Safari.lnk -> [2009/09/21 22:38:39 | 00,002,281 | ---- | M] ()
UserTile.png -> C:\Users\Nidhi\AppData\Roaming\UserTile.png -> [2009/09/21 21:43:26 | 00,026,340 | ---- | M] ()
mysetup.exe -> C:\Users\Nidhi\Desktop\mysetup.exe -> [2009/09/21 18:13:21 | 04,045,528 | ---- | M] (Malwarebytes Corporation									)
Nidhi Ravishankar- Zara Zara.mp3 -> C:\Users\Nidhi\Desktop\Nidhi Ravishankar- Zara Zara.mp3 -> [2009/09/20 12:09:18 | 04,813,473 | ---- | M] ()
QuickSet.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk -> [2009/09/20 11:42:43 | 00,002,485 | ---- | M] ()
GoogleUpdateTaskUserS-1-5-21-2934146092-3137938891-3697879613-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2934146092-3137938891-3697879613-1000Core.job -> [2009/09/20 01:16:04 | 00,000,856 | ---- | M] ()
Chapter 1 Bio Notes.doc -> C:\Users\Nidhi\Documents\Chapter 1 Bio Notes.doc -> [2009/09/16 19:49:22 | 00,037,888 | ---- | M] ()
Chapter 1 Bio Notes.docx -> C:\Users\Nidhi\Documents\Chapter 1 Bio Notes.docx -> [2009/09/16 19:15:56 | 00,016,346 | ---- | M] ()
Chapter 2 Bio Notes.pdf -> C:\Users\Nidhi\Documents\Chapter 2 Bio Notes.pdf -> [2009/09/16 19:12:39 | 01,230,626 | ---- | M] ()
Chapter 1 Bio Notes.pdf -> C:\Users\Nidhi\Documents\Chapter 1 Bio Notes.pdf -> [2009/09/16 19:07:49 | 00,690,961 | ---- | M] ()
Chemistry- Chapter 1 Notes.doc -> C:\Users\Nidhi\Documents\Chemistry- Chapter 1 Notes.doc -> [2009/09/15 10:00:19 | 03,197,440 | ---- | M] ()
Chapter 1 Physics Notes Concepts of Motion.docx -> C:\Users\Nidhi\Documents\Chapter 1 Physics Notes Concepts of Motion.docx -> [2009/09/14 18:34:43 | 00,027,571 | ---- | M] ()
Physics Chapter 1 Notes Concepts of Motion.doc -> C:\Users\Nidhi\Documents\Physics Chapter 1 Notes Concepts of Motion.doc -> [2009/09/14 07:43:04 | 00,059,904 | ---- | M] ()
PEV.exe -> C:\Windows\PEV.exe -> [2009/09/14 02:12:36 | 00,229,888 | ---- | M] ()
Chemistry- Chapter 1 Notes.docx -> C:\Users\Nidhi\Documents\Chemistry- Chapter 1 Notes.docx -> [2009/09/11 19:53:14 | 00,147,892 | ---- | M] ()
Chapter_1_-__Structure_&_Bonding.doc -> C:\Users\Nidhi\Documents\Chapter_1_-__Structure_&_Bonding.doc -> [2009/09/11 19:51:28 | 03,183,616 | ---- | M] ()
Chapter_1_-__Structure_&_Bonding.pdf -> C:\Users\Nidhi\Documents\Chapter_1_-__Structure_&_Bonding.pdf -> [2009/09/10 17:40:09 | 03,601,510 | ---- | M] ()
Timetable.doc -> C:\Users\Nidhi\Documents\Timetable.doc -> [2009/09/10 15:16:46 | 00,044,032 | ---- | M] ()
Timetable.docx -> C:\Users\Nidhi\Documents\Timetable.docx -> [2009/09/10 15:16:26 | 00,014,600 | ---- | M] ()
Bio150- Course Syllabus.pdf -> C:\Users\Nidhi\Documents\Bio150- Course Syllabus.pdf -> [2009/09/10 15:07:39 | 00,298,477 | ---- | M] ()
mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation)
 
[Files - No Company Name]
settings.dat -> C:\Users\Nidhi\Desktop\settings.dat -> [2009/10/02 22:31:23 | 00,000,000 | ---- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/10/02 22:00:25 | 00,000,823 | ---- | C] ()
Inherit.exe -> C:\Users\Nidhi\Desktop\Inherit.exe -> [2009/10/02 21:09:53 | 00,085,504 | ---- | C] ()
Adobe Reader 7.0.lnk -> C:\Users\Public\Desktop\Adobe Reader 7.0.lnk -> [2009/10/01 20:17:32 | 00,001,903 | ---- | C] ()
Adobe Reader Speed Launch.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> [2009/10/01 20:17:31 | 00,001,926 | ---- | C] ()
AcRdB7_0_9.sta -> C:\Users\Public\Documents\AcRdB7_0_9.sta -> [2009/10/01 20:10:46 | 00,000,082 | ---- | C] ()
Combo-Fix.exe -> C:\Users\Nidhi\Desktop\Combo-Fix.exe -> [2009/10/01 18:41:26 | 03,324,272 | R--- | C] ()
PEV.exe -> C:\Windows\PEV.exe -> [2009/09/28 22:04:00 | 00,229,888 | ---- | C] ()
sed.exe -> C:\Windows\sed.exe -> [2009/09/28 22:04:00 | 00,098,816 | ---- | C] ()
grep.exe -> C:\Windows\grep.exe -> [2009/09/28 22:04:00 | 00,080,412 | ---- | C] ()
zip.exe -> C:\Windows\zip.exe -> [2009/09/28 22:04:00 | 00,068,096 | ---- | C] ()
avenger.exe -> C:\Users\Nidhi\Desktop\avenger.exe -> [2009/09/28 18:31:17 | 00,731,136 | ---- | C] ()
Win32kDiag.exe -> C:\Users\Nidhi\Desktop\Win32kDiag.exe -> [2009/09/25 06:18:20 | 00,047,616 | ---- | C] ()
Spybot - Search & Destroy.lnk -> C:\Users\Nidhi\Desktop\Spybot - Search & Destroy.lnk -> [2009/09/24 15:51:58 | 00,001,060 | ---- | C] ()
reregisterie.cmd -> C:\Users\Nidhi\Documents\reregisterie.cmd -> [2009/09/23 19:38:29 | 00,002,306 | ---- | C] ()
AVG Free 8.5.lnk -> C:\Users\Public\Desktop\AVG Free 8.5.lnk -> [2009/09/23 18:34:01 | 00,001,652 | ---- | C] ()
incavi.avm -> C:\Windows\System32\drivers\Avg\incavi.avm -> [2009/09/23 18:30:56 | 42,223,851 | ---- | C] ()
microavi.avg -> C:\Windows\System32\drivers\Avg\microavi.avg -> [2009/09/23 18:30:54 | 00,004,566 | ---- | C] ()
miniavi.avg -> C:\Windows\System32\drivers\Avg\miniavi.avg -> [2009/09/23 18:30:27 | 00,492,629 | ---- | C] ()
avi7.avg -> C:\Windows\System32\drivers\Avg\avi7.avg -> [2009/09/23 18:29:53 | 06,061,540 | ---- | C] ()
IconCache.db -> C:\Users\Nidhi\AppData\Local\IconCache.db -> [2009/09/22 18:09:30 | 04,195,236 | -H-- | C] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/09/22 06:24:14 | 10,634,52672 | -HS- | C] ()
Nidhi Ravishankar- Zara Zara.mp3 -> C:\Users\Nidhi\Desktop\Nidhi Ravishankar- Zara Zara.mp3 -> [2009/09/20 11:59:17 | 04,813,473 | ---- | C] ()
Chapter 3 Bio Notes.docx -> C:\Users\Nidhi\Documents\Chapter 3 Bio Notes.docx -> [2009/09/16 20:46:57 | 00,015,170 | ---- | C] ()
Chapter 1 Bio Notes.doc -> C:\Users\Nidhi\Documents\Chapter 1 Bio Notes.doc -> [2009/09/16 19:49:18 | 00,037,888 | ---- | C] ()
Chapter 2 Bio Notes.pdf -> C:\Users\Nidhi\Documents\Chapter 2 Bio Notes.pdf -> [2009/09/16 19:12:39 | 01,230,626 | ---- | C] ()
Chapter 1 Bio Notes.pdf -> C:\Users\Nidhi\Documents\Chapter 1 Bio Notes.pdf -> [2009/09/16 19:07:49 | 00,690,961 | ---- | C] ()
Chapter 1 Bio Notes.docx -> C:\Users\Nidhi\Documents\Chapter 1 Bio Notes.docx -> [2009/09/14 17:19:52 | 00,016,346 | ---- | C] ()
Chemistry- Chapter 1 Notes.doc -> C:\Users\Nidhi\Documents\Chemistry- Chapter 1 Notes.doc -> [2009/09/14 07:43:48 | 03,197,440 | ---- | C] ()
Physics Chapter 1 Notes Concepts of Motion.doc -> C:\Users\Nidhi\Documents\Physics Chapter 1 Notes Concepts of Motion.doc -> [2009/09/14 07:43:02 | 00,059,904 | ---- | C] ()
Chapter 1 Physics Notes Concepts of Motion.docx -> C:\Users\Nidhi\Documents\Chapter 1 Physics Notes Concepts of Motion.docx -> [2009/09/12 10:47:27 | 00,027,571 | ---- | C] ()
Chapter_1_-__Structure_&_Bonding.doc -> C:\Users\Nidhi\Documents\Chapter_1_-__Structure_&_Bonding.doc -> [2009/09/10 20:24:19 | 03,183,616 | ---- | C] ()
Chemistry- Chapter 1 Notes.docx -> C:\Users\Nidhi\Documents\Chemistry- Chapter 1 Notes.docx -> [2009/09/10 18:01:28 | 00,147,892 | ---- | C] ()
Chapter_1_-__Structure_&_Bonding.pdf -> C:\Users\Nidhi\Documents\Chapter_1_-__Structure_&_Bonding.pdf -> [2009/09/10 17:40:08 | 03,601,510 | ---- | C] ()
Timetable.doc -> C:\Users\Nidhi\Documents\Timetable.doc -> [2009/09/10 15:16:45 | 00,044,032 | ---- | C] ()
Timetable.docx -> C:\Users\Nidhi\Documents\Timetable.docx -> [2009/09/10 15:16:24 | 00,014,600 | ---- | C] ()
Bio150- Course Syllabus.pdf -> C:\Users\Nidhi\Documents\Bio150- Course Syllabus.pdf -> [2009/09/10 15:07:38 | 00,298,477 | ---- | C] ()
wlan.tmf -> C:\Windows\System32\wlan.tmf -> [2009/09/10 07:34:24 | 01,657,350 | ---- | C] ()
winscp.rnd -> C:\Users\Nidhi\AppData\Roaming\winscp.rnd -> [2009/06/16 11:39:04 | 00,000,600 | ---- | C] ()
PUTTY.RND -> C:\Users\Nidhi\AppData\Local\PUTTY.RND -> [2009/06/16 11:34:42 | 00,000,600 | ---- | C] ()
d3d9caps.dat -> C:\Users\Nidhi\AppData\Local\d3d9caps.dat -> [2008/11/07 23:46:47 | 00,000,680 | ---- | C] ()
ODBC.INI -> C:\Windows\ODBC.INI -> [2007/09/01 12:53:59 | 00,000,376 | ---- | C] ()
wklnhst.dat -> C:\Users\Nidhi\AppData\Roaming\wklnhst.dat -> [2007/09/01 12:46:42 | 00,000,120 | ---- | C] ()
UserTile.png -> C:\Users\Nidhi\AppData\Roaming\UserTile.png -> [2007/08/30 18:44:14 | 00,026,340 | ---- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Nidhi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2007/08/30 18:14:54 | 00,074,752 | ---- | C] ()
GDIPFONTCACHEV1.DAT -> C:\Users\Nidhi\AppData\Local\GDIPFONTCACHEV1.DAT -> [2007/08/30 13:22:56 | 00,130,992 | ---- | C] ()
igfxTMM.dll -> C:\Windows\System32\igfxTMM.dll -> [2007/08/24 01:20:03 | 00,249,856 | ---- | C] ()
igfxCoIn_v1253.dll -> C:\Windows\System32\igfxCoIn_v1253.dll -> [2007/08/24 01:20:03 | 00,204,800 | ---- | C] ()
igmedkrn.dll -> C:\Windows\System32\igmedkrn.dll -> [2007/08/24 01:20:02 | 00,910,304 | ---- | C] ()
rixdicon.dll -> C:\Windows\System32\rixdicon.dll -> [2007/08/24 01:19:56 | 00,016,480 | ---- | C] ()
px.ini -> C:\Windows\System32\px.ini -> [2006/11/07 15:25:58 | 00,000,000 | ---- | C] ()
desktop.ini -> C:\Program Files\desktop.ini -> [2006/11/02 08:50:50 | 00,000,174 | -HS- | C] ()
sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 08:35:32 | 00,005,632 | ---- | C] ()
atitmmxx.dll -> C:\Windows\System32\atitmmxx.dll -> [2006/11/02 06:25:44 | 00,159,744 | ---- | C] ()
win.ini -> C:\Windows\win.ini -> [2006/11/02 06:23:31 | 00,000,219 | ---- | C] ()
system.ini -> C:\Windows\system.ini -> [2006/11/02 06:23:31 | 00,000,215 | ---- | C] ()
pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 03:40:29 | 00,013,750 | ---- | C] ()
CddbPlaylist2Roxio.dll -> C:\Windows\System32\CddbPlaylist2Roxio.dll -> [2006/09/17 00:36:50 | 00,520,192 | ---- | C] ()
CddbFileTaggerRoxio.dll -> C:\Windows\System32\CddbFileTaggerRoxio.dll -> [2006/09/17 00:36:50 | 00,204,800 | ---- | C] ()
 
[Files/Folders - Unicode - All]
C:\Users\Nidhi\Documents\2008-05-28 ?? 21-59 ??? ??.bmp -> C:\Users\Nidhi\Documents\2008-05-28 오후 21-59 비율로 스캔.bmp -> [2008/06/01 20:19:26 | 20,983,014 | ---- | M] ()
C:\Users\Nidhi\Documents\2008-05-28 ?? 21-59 ??? ??.bmp -> C:\Users\Nidhi\Documents\2008-05-28 오후 21-59 비율로 스캔.bmp -> [2008/06/01 20:24:33 | 20,983,014 | ---- | C] ()
 
[HardLinks - Junction Points - Mount Points - Symbolic Links]
capilock.dat -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\capilock.dat -> HardLink
 
[Alternate Data Streams]
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:73828A71
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A2947BEA
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:82591FF7
< End of report >


I will now download Gmer and post the log.
  • 0

Advertisements

#32
Tweene
Posted 03 October 2009 - 03:13 PM

Tweene

    Trusted Helper

  • Malware Removal
  • 1,387 posts
Hi


Maybe you've missed something with the OTS step :

Try again to disable spybot (or uninstall it)

Right click on the OTS icon and select "run as administrator"
You have to paste the script in the Paste Fix Here box, and then click on the Run Fix button.
The tool will work for a few seconds and it will give you a log : I need this one.



Please try again the first step and post the logs of OTS and gmer :)
  • 0

#33
bengaluru
Posted 03 October 2009 - 03:29 PM

bengaluru

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
Hi Tweene

Here is the Gmer Log

GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-10-03 17:26:44
Windows 6.0.6000
Running: gmer.exe; Driver: C:\Users\Nidhi\AppData\Local\Temp\awtdqpow.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[912] ADVAPI32.dll!RegOpenKeyExA 75730DDF 7 Bytes JMP 0009F7BF C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Family Safety Service/Microsoft Corporation)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3792] kernel32.dll!ExitProcess 7596D84E 5 Bytes JMP 05052422 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3792] USER32.dll!MessageBoxA 76C356DF 5 Bytes JMP 050523CC C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3792] USER32.dll!MessageBoxW 76C6FBED 5 Bytes JMP 050523F7 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2776] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2776] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2776] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2776] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2776] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2776] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2776] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2776] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2776] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2776] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2776] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2776] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2776] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2776] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2776] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2776] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2776] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2776] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [611390A5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2776] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2776] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2776] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [611390DD] C:\Program Files\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
  • 0

#34
bengaluru
Posted 03 October 2009 - 05:55 PM

bengaluru

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts

Hi


Maybe you've missed something with the OTS step :

Try again to disable spybot (or uninstall it)

Right click on the OTS icon and select "run as administrator"
You have to paste the script in the Paste Fix Here box, and then click on the Run Fix button.
The tool will work for a few seconds and it will give you a log : I need this one.



Please try again the first step and post the logs of OTS and gmer :)



Hello Tweene,

Here is the Log as requested.

All Processes Killed
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
[Files/Folders - Created Within 30 Days]
C:\ProgramData\Symantec\SubEng folder moved successfully.
C:\ProgramData\Symantec folder moved successfully.
C:\Windows\System32\CF28910.exe moved successfully.
[Files/Folders - Modified Within 30 Days]
File C:\Windows\System32\CF28910.exe not found!
[Purity]
Purity scan complete.
[Empty Temp Folders]


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Nidhi
->Temp folder emptied: 36390848 bytes
File delete failed. C:\Users\Nidhi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 18570467 bytes
->Java cache emptied: 38376 bytes
->Apple Safari cache emptied: 35457411 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 123848 bytes
RecycleBin emptied: 1889316 bytes

Total Files Cleaned = 88.19 mb

< End of fix log >
OTS by OldTimer - Version 3.0.20.0 fix logfile created on 10032009_194820

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#35
bengaluru
Posted 03 October 2009 - 06:00 PM

bengaluru

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
After I ran the OTS Fix, the computer was rebooted and two files called desktop.ini plus another file called ~SENHOUSE.docx was created on the desktop. Is this Ok ? What do I do with these files ?
  • 0

#36
Tweene
Posted 04 October 2009 - 03:57 AM

Tweene

    Trusted Helper

  • Malware Removal
  • 1,387 posts
Hello


These files are legit :
- desktop.ini is a legit file, but it was hidden, don't worry about it, it will be hidden again at the end.
- ~SENHOUSE.docx is legit too. When you work with Word, it creates temporary hidden files, but when you finish your work, Word sometimes forget to delete these files : you can delete it if you want.


Your computer may be slow because the RAM has only 1Go to run Vista and you have many startup programs : we can disable some of them at the end if you want :)



Your last logs look clean to me, before going on some general scans, can you give me some news about firefox and Internet explorer ?
Remember, if you can't run some programs, just drag them (the exe files, not the shortcuts) into inherit.exe and it will restore their permissions.


Please run TFC one more time.


You have used Malwarebytes before. If you still have it on your machine please update and run a Quick Scan. Post the scan report back here.


If you no-longer have Malwarebytes, Posted Image please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
  • 0

#37
bengaluru
Posted 04 October 2009 - 06:04 AM

bengaluru

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts

Your last logs look clean to me, before going on some general scans, can you give me some news about firefox and Internet explorer ?


Because I was having access problems, I uninstalled Firefox. IE seems to be working fine since yesterday.

Remember, if you can't run some programs, just drag them (the exe files, not the shortcuts) into inherit.exe and it will restore their permissions.


I dragged all the exe files to Inherit.exe but it does not work. Maybe I should drag only the ones that I need to run and click on it... Right ? Please educate me a little on how this works.

Thanks for all your help. I will post the malawarebytes log.
  • 0

#38
bengaluru
Posted 04 October 2009 - 06:23 AM

bengaluru

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
Hi Tweene,

Here is the mbam Log

Malwarebytes' Anti-Malware 1.41
Database version: 2897
Windows 6.0.6000

04/10/2009 8:21:54 AM
mbam-log-2009-10-04 (08-21-54).txt

Scan type: Quick Scan
Objects scanned: 90275
Time elapsed: 15 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#39
Tweene
Posted 04 October 2009 - 07:24 AM

Tweene

    Trusted Helper

  • Malware Removal
  • 1,387 posts
If you still have a problem with permissions, try Inherit.exe :

- select the icon of an exe file which does not run and drag it into inherit.exe

Remember what you did with CFScript.txt and Combofix.exe Posted Image
It is the same, refering to the picture above, drag an exe file into Inherit.exe

maybe the UAC will ask you what to do : "accept" (or allow it)

- wait a little, a small window should pop up telling you "OK" ( do you see it ? )

Then, the program which was not working is supposed to run if you double click on it.




Please run TFC one more time


THEN


It would be a good idea to have an online scan to look for any remnants.

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

  • 0

#40
bengaluru
Posted 04 October 2009 - 02:56 PM

bengaluru

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
I ran TFC once again as suggested.

I could not run the Online scanner as it does nothing after accepting. Maybe the Java application is being interrrupted. How do I overcome this ?
  • 0

Advertisements

#41
Tweene
Posted 04 October 2009 - 03:18 PM

Tweene

    Trusted Helper

  • Malware Removal
  • 1,387 posts
Oops my bad.


Try to update Java with JavaRa

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Then try again the Kaspersky scan.



If it still does not run, try AVP

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


  • 0

#42
bengaluru
Posted 04 October 2009 - 06:54 PM

bengaluru

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts

Oops my bad.


Try to update Java with JavaRa

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Then try again the Kaspersky scan.


Everytime I download Javara.zip. it downloads, but diappears from the desktop. I tried several times but it happens everytime. I did a search, but unable to find it.

Any clues ?
  • 0

#43
Tweene
Posted 04 October 2009 - 11:51 PM

Tweene

    Trusted Helper

  • Malware Removal
  • 1,387 posts
Hello


It's weird, what happen when you try to download something else ? Are you able to download AVP ?


Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 16.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u16-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u16-windows-i586.exe and select "Run as an Administrator.")

Edited by Tweene, 04 October 2009 - 11:51 PM.

  • 0

#44
bengaluru
Posted 05 October 2009 - 06:47 AM

bengaluru

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
Thanks Tweene.

I have removed all the earlier versions of Java and also installed Java SE Runtime Environment (JRE)JRE 6 Update 16successfully.

Now I will try to download the Kapersky Online scanner and check if scans. Will post the log when completed.

Edited by bengaluru, 05 October 2009 - 06:48 AM.

  • 0

#45
Tweene
Posted 05 October 2009 - 11:09 AM

Tweene

    Trusted Helper

  • Malware Removal
  • 1,387 posts
Ok, good :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP