[bengaluru]

Hello Tweene,

As you said the Online scan took really a very long time. Here is the Log.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, October 6, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, October 06, 2009 00:43:04
Records in database: 2918912
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 135407
Threats found: 3
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 03:26:09


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Windows\System32\cngaudit.dll.vir Infected: Trojan.Win32.Sirefef.a 1
C:\Users\Nidhi\Shared\bottom sick puppies [cd rip].mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\Nidhi\Shared\The Black Halo.wma Infected: Trojan-Downloader.WMA.GetCodec.a 1

Selected area has been scanned.

[Advertisements]

Hello


It sometimes take even longer


Ok, it finds three things, we will take care of two them, the last one is in a quarantine folder, so it will wait a little.

Be careful with songs you download, some of them are infected



Please download OTM by OldTimer

• Save it to your desktop.
• Please double-click OTM.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :Files
  C:\Users\Nidhi\Shared\bottom sick puppies [cd rip].mp3
  C:\Users\Nidhi\Shared\The Black Halo.wma

• Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Please post the log and tell me how your computer is running.


EDIT : typo

Edited by Tweene, 06 October 2009 - 03:32 PM.

[Tweene]

Hello


It sometimes take even longer


Ok, it finds three things, we will take care of two them, the last one is in a quarantine folder, so it will wait a little.

Be careful with songs you download, some of them are infected



Please download OTM by OldTimer

• Save it to your desktop.
• Please double-click OTM.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :Files
  C:\Users\Nidhi\Shared\bottom sick puppies [cd rip].mp3
  C:\Users\Nidhi\Shared\The Black Halo.wma

• Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Please post the log and tell me how your computer is running.


EDIT : typo

Edited by Tweene, 06 October 2009 - 03:32 PM.

[bengaluru]

Hi Tweene,

This took only a few seconds and here is the log

========== FILES ==========
C:\Users\Nidhi\Shared\bottom sick puppies [cd rip].mp3 moved successfully.
C:\Users\Nidhi\Shared\The Black Halo.wma moved successfully.

OTM by OldTimer - Version 3.0.0.6 log created on 10062009_183545

[Tweene]

Hi

Ok, good job. Do you have any problem ?

[bengaluru]

Hi Tweene,

I dont see any problem as such. But again I had to try several times to download the OTM to my desktop. Everytime I see it download and also the icon on the desktop, but it disappears in a moment. Doing a search revealed "No files found" Finally I had to download it another folder and run it from there.

Also I tried to uninstall HijackThis, but get an error message that I do not have appropriate access to uninstall.

What do we do with the one in Quarantine ? Also we downloaded several applications in this process - what do I with them - keep them or delete them ?

If you think my system is clean, I would like to thank you sincerely from the bottom of my heart for all your help, patience, prompt responses and walking me through the entire process. Thank you very much and God Bless you. What you are doing is amazing social service and these good deeds will pay you back some day.

[Tweene]

Hello

You're welcome.


Don't worry with the tools you have downloaded, we will uninstall them at the end with the quarantine folders.

Also I tried to uninstall HijackThis, but get an error message that I do not have appropriate access to uninstall.

It seems that many of your programs have this problem, Inherit.exe again ... but Hijackthis will be deleted at the end too.


Which browser do you use to download files ? Are you using Firefox ? If so, have you setting it to ask where the downloads go ?


You have downloaded OTM to another folder, ok now what happen if you try to move it to the desktop ?
I'd like to see something.

Please download SystemLook from one of the links below and save it to your Desktop (or to another folder if you can't do it)
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  

  :filefind
  otm.*
  javara.*

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

[bengaluru]

Also I tried to uninstall HijackThis, but get an error message that I do not have appropriate access to uninstall.

It seems that many of your programs have this problem, Inherit.exe again ... but Hijackthis will be deleted at the end too.

I tried dragging the exe file to inherit.exe, but it does not work. Once I drag the exe file, which application do I click ? I tried both inherit.exe, which only opens a small window and says "OK". The other application gives the same error as before.

Which browser do you use to download files ? Are you using Firefox ? If so, have you setting it to ask where the downloads go ?

I used IE and Google Chrome. I have not installed Firefox after I uninstalled it.

You have downloaded OTM to another folder, ok now what happen if you try to move it to the desktop ?

I was able to move it to the desktop by dragging.

Here is the log for SystemLook.

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 19:17 on 07/10/2009 by Nidhi (Administrator - Elevation successful)

========== filefind ==========

Searching for "otm.*"
C:\Users\Nidhi\AppData\Roaming\Microsoft\Windows\Recent\OTM.lnk --a--- 589 bytes [22:36 06/10/2009] [00:48 07/10/2009] A530E4A8EAC319654A8A48D258559982
C:\Users\Nidhi\Desktop\Anti Virus\OTM.exe --a--- 408064 bytes [22:34 06/10/2009] [22:34 06/10/2009] 30B926B210989FBFCB1A632B8ECADA22
C:\Users\Nidhi\Desktop\Anti Virus\OTM.txt --a--- 474 bytes [22:36 06/10/2009] [22:36 06/10/2009] F35EAFA00879DB383C50A801E3B2BE60
C:\Windows\Prefetch\OTM.EXE-F32133BD.pf --a--- 31944 bytes [22:35 06/10/2009] [22:35 06/10/2009] D6E168487C595A6EB431DEADC4526AFD

Searching for "javara.*"
No files found.

-=End Of File=-

[Tweene]

Hello


Your last logs look clean to me, but the infection changed some of the permissions you have with some programs.
Here is how it is supposed to work : if you still have "blocked" programs, drag them (the exe file, not the shortcut) one by one into Inherit.exe, wait for the OK, and then the "blocked" program will run/open again.

If I understand, you drag the .exe file (of a blocked program) into Inherit.exe, you have the "OK" but when you try to run the program, you still have the same error message ?

Please tell me which program you can't run.

[bengaluru]

Thank you Tweene for all your help. Take care.

I will try your suggestion for the programs that do not give me access.

[Tweene]

Ok

Let me know the result

[bengaluru]

Hi Tweene,

The applications that were not working are now working. Thanks very much for all your help.

[Tweene]

Hello


Ok, GREAT job


I'd like to verify something

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

[bengaluru]

Hi Tweene,

I could not download it to the desktop and so I downloaded to another folder and then dragged it to the desktop.

It ran for a while and then had an error message as follows:

Exception Processing Message 0xc0000013 Parameters 0x75CA023C0x86A4 Ox5CA023C Ox75CA023C. It has three button Cancel - Try Again and Continue......but none of the buttons work and I have to go to my Task Manager to End the Process.

But it created one txt file and here is the Log. It did not create the Extras.Txt

OTL logfile created on: 12/10/2009 5:27:41 PM - Run 1
OTL by OldTimer - Version 3.0.20.0 Folder = C:\Users\Nidhi\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16890)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1013.57 Mb Total Physical Memory | 336.21 Mb Available Physical Memory | 33.17% Memory free
2.22 Gb Paging File | 0.82 Gb Available in Paging File | 36.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.18 Gb Total Space | 50.67 Gb Free Space | 51.09% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.32 Gb Free Space | 63.22% Space Free | Partition Type: NTFS
Drive E: | 248.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NIDHIPC
Current User Name: Nidhi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
PRC - c:\program files\common files\installshield\updateservice\isuspm.exe (Macrovision Corporation)
PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\HidFind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe (Yahoo! Inc.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Users\Nidhi\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Users\Nidhi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
PRC - C:\Windows\System32\STacSV.exe (SigmaTel, Inc.)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - E:\AOD\SETUP.EXE (InstallShield Software Corporation)
PRC - E:\Ctmanual\English\Setup.exe (InstallShield Software Corporation)
PRC - E:\CTRun\CTLaunch.exe (Creative Technology Ltd.)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DSBrokerService [On_Demand | Stopped]) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (fsssvc [Auto | Running]) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager-061008-081103 [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (RoxMediaDB9 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9 [Auto | Running]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (STacSV [Auto | Running]) -- C:\Windows\System32\STacSV.exe (SigmaTel, Inc.)
SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (XAudioService [Auto | Running]) -- C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
SRV - (YahooAUService [Auto | Running]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (DSproct [On_Demand | Stopped]) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (dsunidrv [Auto | Running]) -- C:\Windows\System32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (e1express [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\e1e6032.sys (Intel Corporation)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (fssfltr [Auto | Running]) -- C:\Windows\System32\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (iaStor [Boot | Running]) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (iaStorV [Boot | Running]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (igfx [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (mdmxsdk [Auto | Running]) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (NETw4v32 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NETw4v32.sys (Intel Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (R300 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (rimmptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [Auto | Running]) -- C:\Windows\System32\DRIVERS\rixdptsk.sys (REDC)
DRV - (RMCAST [Auto | Running]) -- C:\Windows\System32\DRIVERS\RMCAST.sys (Microsoft Corporation)
DRV - (s115bus [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\s115bus.sys (MCCI Corporation)
DRV - (s115mdfl [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\s115mdfl.sys (MCCI Corporation)
DRV - (s115mdm [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\s115mdm.sys (MCCI Corporation)
DRV - (s115mgmt [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\s115mgmt.sys (MCCI Corporation)
DRV - (s115obex [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\s115obex.sys (MCCI Corporation)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (sonyhcb [Boot | Running]) -- C:\Windows\system32\DRIVERS\sonyhcb.sys (Sony Corporation)
DRV - (sonyhcs [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\sonyhcs.sys (Sony Corporation)
DRV - (STHDA [On_Demand | Running]) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\Windows\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (V0080Dev [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\V0080Dev.sys (Creative Technology Ltd.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (winachsf [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio [Auto | Running]) -- C:\Windows\System32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://discoverbangalore.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/09 03:02:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/09/23 18:28:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/09/23 18:29:45 | 00,000,000 | ---D | M]

[2009/09/23 20:06:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/01/17 19:06:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/08/23 12:27:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/08/02 12:24:15 | 00,122,880 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2007/12/19 08:57:38 | 00,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2008/06/30 22:02:00 | 00,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2009/07/24 00:12:00 | 00,001,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml

O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe (Microsoft® Corporation)
O4 - HKCU..\Run: [CollaborationHost] C:\Windows\System32\p2phost.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\Nidhi\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [googletalk] C:\Users\Nidhi\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKLM..\RunOnce: ["C:\Program Files\Creative\Creative WebCam Live! Pro\WebCam Center"] C:\Program Files\Creative\Creative WebCam Live! Pro\WebCam Center\CTFrameGrabber.ax (Creative Technology Ltd)
O4 - HKCU..\RunOnce: [AVG Security Toolbar_updatecleanup] C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://ak.imgag.com/...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/09 09:06:08 | 00,000,000 | ---D | C] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/01 20:17:07 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2009/09/23 18:29:46 | 00,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2009/09/23 18:28:03 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8
[2009/09/20 21:52:38 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/10/04 18:12:47 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009/09/24 15:51:42 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/09/23 17:55:23 | 00,000,000 | ---D | C] -- C:\Users\Nidhi\AppData\Roaming\AVG8
[2009/10/12 10:25:53 | 00,000,000 | ---D | C] -- C:\Users\Nidhi\AppData\Roaming\Creative
[2009/09/20 21:52:47 | 00,000,000 | ---D | C] -- C:\Users\Nidhi\AppData\Roaming\Malwarebytes
[2009/10/04 18:13:38 | 00,000,000 | ---D | C] -- C:\Users\Nidhi\AppData\Roaming\Skype
[2009/10/04 18:16:57 | 00,000,000 | ---D | C] -- C:\Users\Nidhi\AppData\Roaming\skypePM
[2009/09/28 22:22:39 | 00,000,000 | ---D | C] -- C:\Users\Nidhi\AppData\Local\temp
[2009/10/04 18:13:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/09/23 18:28:07 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/10/12 14:49:33 | 00,000,000 | ---D | C] -- C:\Program Files\Creative
[2009/09/20 14:37:09 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2009/10/09 09:06:08 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/10/02 22:00:20 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/09 09:02:42 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/10/04 18:13:00 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/09/24 15:51:42 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/09/20 11:07:02 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/12 17:26:11 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Users\Nidhi\Desktop\OTL.exe
[2009/10/12 16:06:15 | 00,106,496 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\V0080Sti.dll
[2009/10/12 16:06:15 | 00,036,864 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\V0080Pin.dll
[2009/10/12 16:06:15 | 00,020,480 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\V0080Cfg.exe
[2009/10/12 16:06:15 | 00,020,480 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\V0080Pin.crl
[2009/10/12 16:06:14 | 00,086,016 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\CtDrvIns.exe
[2009/10/12 16:06:14 | 00,081,920 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\V0080Ext.ax
[2009/10/12 16:06:14 | 00,065,536 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\CtCamMgr.dll
[2009/10/12 16:06:14 | 00,036,864 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\CtRegApp.dll
[2009/10/12 16:06:11 | 00,503,507 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\V0080Dev.sys
[2009/10/12 16:06:09 | 01,125,376 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\V0080Evx.sys
[2009/10/12 16:06:09 | 00,049,152 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\V0080Hwx.dll
[2009/10/12 16:06:09 | 00,028,672 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\V0080Ext.crl
[2009/10/12 16:06:09 | 00,020,480 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\V0080Srv.exe
[2009/10/12 16:06:08 | 00,126,976 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\V0080Vfw.dll
[2009/10/12 16:05:39 | 00,000,000 | ---D | C] -- C:\Windows\CtDrvInstall
[2009/10/12 10:25:54 | 00,000,000 | ---D | C] -- C:\Users\Nidhi\Documents\WebCam Center
[2009/10/09 09:07:36 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2009/10/09 09:07:35 | 00,026,600 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2009/10/09 08:53:15 | 00,000,000 | ---D | C] -- C:\Windows\LastGood
[2009/10/09 08:51:16 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/10/06 18:35:45 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/10/05 07:11:50 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/10/05 07:11:50 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/10/05 07:11:50 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/10/05 07:11:50 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/10/05 06:37:02 | 16,664,352 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Nidhi\Desktop\jre-6u16-windows-i586.exe
[2009/10/04 16:44:34 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/10/03 19:48:20 | 00,000,000 | ---D | C] -- C:\_OTS
[2009/10/03 19:24:58 | 00,000,000 | ---D | C] -- C:\Users\Nidhi\Desktop\Anti Virus
[2009/10/02 22:00:22 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/10/02 22:00:20 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/10/01 19:45:09 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/10/01 19:36:11 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/10/01 19:19:35 | 00,000,000 | ---D | C] -- C:\Combo-Fix
[2009/10/01 18:41:07 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\swsc.exe
[2009/09/28 22:04:00 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/09/28 22:04:00 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/09/28 22:04:00 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/09/28 22:03:59 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/09/28 21:48:18 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/09/28 18:45:18 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/09/23 18:38:43 | 00,000,000 | ---D | C] -- C:\$AVG8.VAULT$
[2009/09/23 18:33:53 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/09/23 18:33:52 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/09/23 18:33:36 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/09/23 18:33:29 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/09/23 18:29:53 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/09/20 21:49:20 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/09/20 11:28:44 | 00,000,000 | ---D | C] -- C:\HijackThis

========== Files - Modified Within 30 Days ==========

[2009/10/12 17:26:04 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Users\Nidhi\Desktop\OTL.exe
[2009/10/12 17:20:52 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/12 17:20:49 | 00,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/12 17:20:48 | 00,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/12 16:16:07 | 00,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2934146092-3137938891-3697879613-1000UA.job
[2009/10/12 16:03:32 | 00,001,534 | ---- | M] () -- C:\Windows\Ä
[2009/10/12 14:49:54 | 00,002,191 | ---- | M] () -- C:\Users\Public\Desktop\Creative WebCam Center.lnk
[2009/10/12 13:19:02 | 00,013,919 | ---- | M] () -- C:\Users\Nidhi\Documents\Chapter 2- Chem Polar bond.docx
[2009/10/11 09:33:01 | 42,673,000 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/10/09 18:34:57 | 00,023,211 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/10/09 09:07:48 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/10/09 09:03:07 | 00,001,731 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/10/05 20:59:09 | 00,727,366 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/10/05 20:59:09 | 00,626,876 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/10/05 20:59:09 | 00,110,016 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/10/05 13:32:14 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/05 13:32:07 | 10,634,52672 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/05 07:51:30 | 04,305,375 | -H-- | M] () -- C:\Users\Nidhi\AppData\Local\IconCache.db
[2009/10/05 07:11:03 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/10/05 07:11:03 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/10/05 07:11:03 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/10/05 07:11:02 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/10/05 06:42:01 | 16,664,352 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Nidhi\Desktop\jre-6u16-windows-i586.exe
[2009/10/04 21:46:07 | 00,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2009/10/04 19:45:02 | 00,209,464 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2009/10/04 18:16:58 | 00,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2009/10/04 18:13:02 | 00,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2009/10/01 20:17:32 | 00,001,903 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 7.0.lnk
[2009/10/01 20:17:31 | 00,001,926 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/10/01 20:10:45 | 00,000,082 | ---- | M] () -- C:\Users\Public\Documents\AcRdB7_0_9.sta
[2009/10/01 19:47:38 | 00,000,680 | ---- | M] () -- C:\Users\Nidhi\AppData\Local\d3d9caps.dat
[2009/10/01 19:36:29 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/10/01 18:20:45 | 00,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/09/29 06:33:10 | 00,074,752 | ---- | M] () -- C:\Users\Nidhi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/28 22:28:15 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/09/26 17:23:03 | 00,015,170 | ---- | M] () -- C:\Users\Nidhi\Documents\Chapter 3 Bio Notes.docx
[2009/09/24 06:57:21 | 16,601,0143 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/09/23 19:39:04 | 00,002,306 | ---- | M] () -- C:\Users\Nidhi\Documents\reregisterie.cmd
[2009/09/23 18:34:01 | 00,001,652 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk
[2009/09/23 18:33:53 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/09/23 18:33:52 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/09/23 18:33:36 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/09/23 18:33:29 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/09/23 18:30:27 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/09/21 21:43:26 | 00,026,340 | ---- | M] () -- C:\Users\Nidhi\AppData\Roaming\UserTile.png
[2009/09/20 12:09:18 | 04,813,473 | ---- | M] () -- C:\Users\Nidhi\Desktop\Nidhi Ravishankar- Zara Zara.mp3
[2009/09/20 11:42:43 | 00,002,485 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
[2009/09/20 01:16:04 | 00,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2934146092-3137938891-3697879613-1000Core.job
[2009/09/16 19:49:22 | 00,037,888 | ---- | M] () -- C:\Users\Nidhi\Documents\Chapter 1 Bio Notes.doc
[2009/09/16 19:15:56 | 00,016,346 | ---- | M] () -- C:\Users\Nidhi\Documents\Chapter 1 Bio Notes.docx
[2009/09/16 19:12:39 | 01,230,626 | ---- | M] () -- C:\Users\Nidhi\Documents\Chapter 2 Bio Notes.pdf
[2009/09/16 19:07:49 | 00,690,961 | ---- | M] () -- C:\Users\Nidhi\Documents\Chapter 1 Bio Notes.pdf
[2009/09/15 10:00:19 | 03,197,440 | ---- | M] () -- C:\Users\Nidhi\Documents\Chemistry- Chapter 1 Notes.doc
[2009/09/14 18:34:43 | 00,027,571 | ---- | M] () -- C:\Users\Nidhi\Documents\Chapter 1 Physics Notes Concepts of Motion.docx
[2009/09/14 07:43:04 | 00,059,904 | ---- | M] () -- C:\Users\Nidhi\Documents\Physics Chapter 1 Notes Concepts of Motion.doc
[2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\Windows\PEV.exe

========== Files - No Company Name ==========
[2009/10/12 16:06:15 | 00,014,217 | ---- | C] () -- C:\Windows\System\SenF2111.csr
[2009/10/12 16:06:15 | 00,014,174 | ---- | C] () -- C:\Windows\System\SenH2111.csr
[2009/10/12 16:06:15 | 00,003,525 | ---- | C] () -- C:\Windows\System32\drivers\CamH2111.bin
[2009/10/12 16:06:14 | 00,005,295 | ---- | C] () -- C:\Windows\VF0080.uns
[2009/10/12 16:06:14 | 00,003,525 | ---- | C] () -- C:\Windows\System32\drivers\CamF2111.bin
[2009/10/12 15:55:33 | 00,001,534 | ---- | C] () -- C:\Windows\Ä
[2009/10/12 14:49:54 | 00,002,191 | ---- | C] () -- C:\Users\Public\Desktop\Creative WebCam Center.lnk
[2009/10/12 13:18:55 | 00,013,919 | ---- | C] () -- C:\Users\Nidhi\Documents\Chapter 2- Chem Polar bond.docx
[2009/10/09 09:07:48 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/10/09 09:03:07 | 00,001,731 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/10/04 19:45:02 | 00,209,464 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/10/04 18:16:58 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/04 18:13:02 | 00,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2009/10/01 20:17:32 | 00,001,903 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 7.0.lnk
[2009/10/01 20:17:31 | 00,001,926 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/10/01 20:10:46 | 00,000,082 | ---- | C] () -- C:\Users\Public\Documents\AcRdB7_0_9.sta
[2009/09/28 22:04:00 | 00,229,888 | ---- | C] () -- C:\Windows\PEV.exe
[2009/09/28 22:04:00 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/09/28 22:04:00 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/09/28 22:04:00 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/09/23 19:38:29 | 00,002,306 | ---- | C] () -- C:\Users\Nidhi\Documents\reregisterie.cmd
[2009/09/23 18:34:01 | 00,001,652 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk
[2009/09/23 18:30:56 | 42,673,000 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/09/23 18:30:54 | 00,023,211 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/09/23 18:30:27 | 00,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/09/23 18:29:53 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/09/22 18:09:30 | 04,305,375 | -H-- | C] () -- C:\Users\Nidhi\AppData\Local\IconCache.db
[2009/09/22 06:24:14 | 10,634,52672 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/20 11:59:17 | 04,813,473 | ---- | C] () -- C:\Users\Nidhi\Desktop\Nidhi Ravishankar- Zara Zara.mp3
[2009/09/16 20:46:57 | 00,015,170 | ---- | C] () -- C:\Users\Nidhi\Documents\Chapter 3 Bio Notes.docx
[2009/09/16 19:49:18 | 00,037,888 | ---- | C] () -- C:\Users\Nidhi\Documents\Chapter 1 Bio Notes.doc
[2009/09/16 19:12:39 | 01,230,626 | ---- | C] () -- C:\Users\Nidhi\Documents\Chapter 2 Bio Notes.pdf
[2009/09/16 19:07:49 | 00,690,961 | ---- | C] () -- C:\Users\Nidhi\Documents\Chapter 1 Bio Notes.pdf
[2009/09/14 17:19:52 | 00,016,346 | ---- | C] () -- C:\Users\Nidhi\Documents\Chapter 1 Bio Notes.docx
[2009/09/14 07:43:48 | 03,197,440 | ---- | C] () -- C:\Users\Nidhi\Documents\Chemistry- Chapter 1 Notes.doc
[2009/09/14 07:43:02 | 00,059,904 | ---- | C] () -- C:\Users\Nidhi\Documents\Physics Chapter 1 Notes Concepts of Motion.doc
[2009/06/16 11:39:04 | 00,000,600 | ---- | C] () -- C:\Users\Nidhi\AppData\Roaming\winscp.rnd
[2009/06/16 11:34:42 | 00,000,600 | ---- | C] () -- C:\Users\Nidhi\AppData\Local\PUTTY.RND
[2008/11/07 23:46:47 | 00,000,680 | ---- | C] () -- C:\Users\Nidhi\AppData\Local\d3d9caps.dat
[2007/09/01 12:53:59 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/09/01 12:46:42 | 00,000,120 | ---- | C] () -- C:\Users\Nidhi\AppData\Roaming\wklnhst.dat
[2007/08/30 18:44:14 | 00,026,340 | ---- | C] () -- C:\Users\Nidhi\AppData\Roaming\UserTile.png
[2007/08/30 18:14:54 | 00,074,752 | ---- | C] () -- C:\Users\Nidhi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/30 13:22:56 | 00,130,992 | ---- | C] () -- C:\Users\Nidhi\AppData\Local\GDIPFONTCACHEV1.DAT
[2007/08/24 01:20:03 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/08/24 01:20:03 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1253.dll
[2007/08/24 01:20:02 | 00,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/24 01:19:56 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2006/11/07 15:25:58 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 06:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/17 00:36:50 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:82591FF7
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A2947BEA
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:73828A71

========== Files - Unicode (All) ==========
[2008/06/01 20:24:33 | 20,983,014 | ---- | C] ()(C:\Users\Nidhi\Documents\2008-05-28 ?? 21-59 ??? ??.bmp) -- C:\Users\Nidhi\Documents\2008-05-28 오후 21-59 비율로 스캔.bmp
[2008/06/01 20:19:26 | 20,983,014 | ---- | M] ()(C:\Users\Nidhi\Documents\2008-05-28 ?? 21-59 ??? ??.bmp) -- C:\Users\Nidhi\Documents\2008-05-28 오후 21-59 비율로 스캔.bmp
< End of report >

[Tweene]

Hello


Almost done.


Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  O16 - DPF: CabBuilder http://ak.imgag.com/imgag/kiw/toolbar/down...llerControl.cab (Reg Error: Key error.)
  [2009/10/12 15:55:33 | 00,001,534 | ---- | C] () -- C:\Windows\Ä
  
  :Commands
  [emptytemp]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post the log

[bengaluru]

Hi Tweene,

Here is the Log from OTL

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control CabBuilder
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\CabBuilder\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\CabBuilder\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\CabBuilder\ not found.
C:\Windows\Ä moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Nidhi
File delete failed. C:\Users\Nidhi\AppData\Local\Temp\~DF63B9.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 109592655 bytes
File delete failed. C:\Users\Nidhi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 61833637 bytes
->Java cache emptied: 25621458 bytes
->Google Chrome cache emptied: 73616762 bytes
->Apple Safari cache emptied: 185049557 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 1174468 bytes
RecycleBin emptied: 89124 bytes

Total Files Cleaned = 435.81 mb


OTL by OldTimer - Version 3.0.20.0 log created on 10132009_185523

Files\Folders moved on Reboot...
C:\Users\Nidhi\AppData\Local\Temp\~DF63B9.tmp moved successfully.

Registry entries deleted on Reboot...