virus still there ???

View previous topic View next topic Go down

virus still there ???

Post by 3dsoundz on 22nd September 2010, 1:38 am

Last week i thought i got virus thru itunes update which i still am not sure is true or not but i finished mbam scan n by mistake restarted computer so could not post the scan result yesterday again a pop of virus scan came up so did mbam scan n got almost 15 some infections removed them but for some reason could not post the results again so please help me to make sure nothing is hidding deep inside my computer

Also another problem is my email account keeps sending spam emails to my contacts i did some reading n it sounded like malwares are sometimes responsible for it so if it is related problem please for that too or i will askagain after 1st problem is solved

THANKS

3dsoundz
Intermediate
Intermediate

Posts Posts : 127
Joined Joined : 2009-10-26
OS OS : win xp sp3
Points Points : 27688
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus still there ???

Post by 3dsoundz on 22nd September 2010, 11:25 pm

i am running mbam everyday 2-3 times and still the suckers r there sitting inside my computer so please help while wiriting this i have this pop msg from win shortcut saying mal soft was removed from your computer clik here to complete the removal..................and i m sayin yeah right !!!

3dsoundz
Intermediate
Intermediate

Posts Posts : 127
Joined Joined : 2009-10-26
OS OS : win xp sp3
Points Points : 27688
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus still there ???

Post by Belahzur on 22nd September 2010, 11:45 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: virus still there ???

Post by 3dsoundz on 23rd September 2010, 12:23 am

OTL

OTL logfile created on: 9/22/2010 7:17:44 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Amit\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.21 Gb Total Space | 109.19 Gb Free Space | 74.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 465.76 Gb Total Space | 87.34 Gb Free Space | 18.75% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DARSHMEET
Current User Name: Amit
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/22 19:17:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amit\Desktop\OTL.exe
PRC - [2010/09/14 01:58:33 | 001,956,136 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/09/14 01:58:32 | 006,795,048 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer.exe
PRC - [2010/09/07 10:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/07/24 16:05:26 | 000,762,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/02/03 08:22:18 | 001,004,544 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\Ares.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/30 12:48:28 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/08/08 00:03:41 | 000,524,288 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/05/26 10:08:26 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/09/15 02:01:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2003/10/29 03:06:00 | 000,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe


========== Modules (SafeList) ==========

MOD - [2010/09/22 19:17:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amit\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (SQLAgent$SONY_MEDIAMGR)
SRV - File not found [On_Demand | Stopped] -- -- (MSSQL$SONY_MEDIAMGR)
SRV - File not found [Auto | Stopped] -- C:\Program Files\KService\KService.exe -- (KService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\IDrive\IDriveWebM.exe -- (IDrivePlugin)
SRV - File not found [Auto | Stopped] -- C:\Program Files\IDrive\IDriveE Service.exe -- (IDriveE Service)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (AOL ACS)
SRV - [2010/09/14 01:58:33 | 001,956,136 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/08/06 08:12:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/30 12:48:28 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\ZDNDIS5.SYS -- (ZDNDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\zd1201u.sys -- (ZD1201U) ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\PCAMPR5.SYS -- (PCAMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - [2010/09/22 17:18:28 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\MpEngineStore\MpKslb1aae9a9.sys -- (MpKslb1aae9a9)
DRV - [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/25 16:49:20 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\tbhsd.sys -- (tbhsd)
DRV - [2009/07/24 16:05:26 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\vx3000.sys -- (VX3000)
DRV - [2009/03/27 09:44:55 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mxopswd.sys -- (MXOPSWD)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2004/11/29 03:53:18 | 000,258,560 | R--- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\zd1211u.sys -- (WLAN(WLAN)) 802.11b+g USB Wireless LAN Adapter Driver(WLAN)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/06/30 14:54:04 | 000,019,200 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\zdbrgsys.sys -- (ZDBRGSYS)
DRV - [2004/01/14 12:30:00 | 000,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\zdpndis5.sys -- (ZDPNDIS5)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local

FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox

[2010/05/29 10:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amit\Application Data\Mozilla\Extensions
[2010/05/29 10:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amit\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/09/16 08:33:38 | 000,002,075 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/03/29 22:01:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe File not found
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\Amit\Start Menu\Programs\Startup\avast.lnk = C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/12/19 21:57:59 | 000,000,000 | ---D | M]
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} [You must be registered and logged in to see this link.] (SysProWmi Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Snapfish Activia)
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} [You must be registered and logged in to see this link.] (Pixami Image Editor Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 4 Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} [You must be registered and logged in to see this link.] (Shutterfly Picture Upload Plugin)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} [You must be registered and logged in to see this link.] (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [You must be registered and logged in to see this link.] (GpcContainer Class)
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} [You must be registered and logged in to see this link.] (AxRUploadControl Object)
O16 - DPF: Garmin Communicator Plug-In [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Amit\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Amit\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/06 20:41:59 | 000,000,000 | ---D | M] - G:\Autodesk Maya 2010 X86 Full Pack[h33t][Dave3737] -- [ NTFS ]
O32 - AutoRun File - [2010/05/06 20:36:59 | 000,000,000 | ---D | M] - G:\Autodesk MotionBuilder 7.5 Extension 1 -- [ NTFS ]
O32 - AutoRun File - [2010/05/06 20:37:45 | 000,000,000 | ---D | M] - G:\Autodesk.3ds.Max.2009.32bit.64bit -- [ NTFS ]
O32 - AutoRun File - [2010/05/06 20:37:45 | 000,000,000 | ---D | M] - G:\AUTODESK_SOFTIMAGE_V2010_WIN64-XFORCE -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Documents and Settings\Amit\My Documents\CAUY77P4.
File not found -- C:\Documents and Settings\Amit\My Documents\CA43VRQW.
[2010/09/22 19:17:04 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Amit\Desktop\OTL.exe
[2010/09/22 17:18:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/09/20 22:05:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/09/20 20:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/09/19 17:52:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amit\Desktop\sju dandia 2009
[2010/09/17 15:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 8
[2010/09/15 20:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/15 20:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/15 20:42:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/15 20:41:10 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/09/15 20:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/09/15 20:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/13 19:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/09/13 17:49:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2010/09/13 17:46:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/09/13 17:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2010/09/13 17:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/09/12 17:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amit\Application Data\TeamViewer
[2010/09/12 17:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010/09/11 17:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime(2)
[2010/09/04 07:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/09/04 07:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/09/03 21:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amit\Application Data\Alexandra Burke - All Night Long (Ft Pitbull)
[2010/08/27 21:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amit\Local Settings\Application Data\eMusic
[2010/08/27 21:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amit\Application Data\eMusic
[2010/08/27 21:31:34 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Amit\Desktop\My eMusic
[2010/08/27 21:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\eMusic Download Manager
[2010/08/27 10:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\MP3MyMP3 3.0
[2007/06/18 21:05:32 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Amit\Application Data\pcouffin.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\Amit\My Documents\CAUY77P4.
File not found -- C:\Documents and Settings\Amit\My Documents\CA43VRQW.
[2010/09/22 19:17:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amit\Desktop\OTL.exe
[2010/09/22 19:08:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/09/22 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/09/22 18:08:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/09/22 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/09/22 17:54:24 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/22 17:17:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/09/22 17:13:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/22 17:12:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/09/22 01:54:57 | 000,000,902 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/09/22 01:54:56 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\MAPISVC.INF
[2010/09/22 01:54:05 | 000,000,262 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/09/22 01:51:27 | 014,417,920 | ---- | M] () -- C:\Documents and Settings\Amit\ntuser.dat
[2010/09/22 01:51:27 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Amit\NTUSER.INI
[2010/09/22 01:08:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/09/22 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/09/22 00:41:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/09/22 00:08:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/09/22 00:00:38 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\NeroLiveEpgUpdate-DARSHMEET_Amit.job
[2010/09/21 23:08:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/09/21 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/09/21 22:08:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/09/21 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/09/21 21:08:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/09/21 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/09/21 20:08:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/09/21 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/09/20 22:14:15 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/09/20 22:14:11 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/19 17:08:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/09/19 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/09/19 16:08:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/09/19 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/09/19 15:08:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/09/19 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/09/19 14:08:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/09/19 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/09/19 13:08:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/09/19 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/09/19 12:08:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/09/19 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/09/19 11:08:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/09/19 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/09/19 10:08:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/09/19 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/09/19 09:08:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/09/19 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/09/19 08:08:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/09/19 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/09/18 18:43:17 | 000,387,351 | ---- | M] () -- C:\Documents and Settings\Amit\My Documents\TV first_steps_iphone_en.pdf
[2010/09/18 18:42:40 | 000,407,170 | ---- | M] () -- C:\Documents and Settings\Amit\My Documents\TV first_steps_partnerlist_en.pdf
[2010/09/18 18:42:27 | 000,478,125 | ---- | M] () -- C:\Documents and Settings\Amit\My Documents\TV first_steps_permanent_access_en.pdf
[2010/09/18 18:39:41 | 000,450,346 | ---- | M] () -- C:\Documents and Settings\Amit\My Documents\TV first_steps_spontaneous_support_en.pdf
[2010/09/18 18:37:01 | 000,016,955 | ---- | M] () -- C:\Documents and Settings\Amit\My Documents\43E7B49CE24731E2CDAD225D9DF10642335E4615.torrent
[2010/09/18 07:09:58 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Amit\Application Data\inst.exe
[2010/09/18 07:09:58 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Amit\Application Data\pcouffin.sys
[2010/09/18 07:09:58 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Amit\Application Data\pcouffin.cat
[2010/09/18 07:09:56 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Amit\Application Data\pcouffin.inf
[2010/09/18 07:08:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/09/17 17:01:01 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/09/17 16:06:35 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/17 15:19:32 | 000,000,636 | ---- | M] () -- C:\Documents and Settings\Amit\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8.lnk
[2010/09/17 15:19:32 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Amit\Desktop\DVDFab 8.lnk
[2010/09/15 20:41:39 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/15 20:40:52 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/13 21:14:46 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Amit\Desktop\Revo Uninstaller.lnk
[2010/09/13 17:46:29 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WrdvkQ.dat
[2010/09/13 17:46:26 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/09/13 17:46:26 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/09/13 17:46:26 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/09/13 17:46:26 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/09/13 17:46:26 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/09/13 17:46:26 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/09/13 17:44:44 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/09/13 17:44:44 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/09/13 17:44:44 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/09/13 17:44:44 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/09/13 17:44:44 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/09/09 18:25:39 | 000,023,610 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\.wtav
[2010/09/07 10:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/09/07 10:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/07 09:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/09/04 18:06:25 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SeaTools for Windows.lnk
[2010/09/03 22:18:28 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/03 22:18:27 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\Amit\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/27 21:38:50 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/27 14:02:37 | 000,047,644 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/27 10:39:12 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\Amit\Desktop\MP3MyMP3 3.0.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/20 21:51:22 | 014,417,920 | ---- | C] () -- C:\Documents and Settings\Amit\ntuser.dat
[2010/09/18 18:43:17 | 000,387,351 | ---- | C] () -- C:\Documents and Settings\Amit\My Documents\TV first_steps_iphone_en.pdf
[2010/09/18 18:42:40 | 000,407,170 | ---- | C] () -- C:\Documents and Settings\Amit\My Documents\TV first_steps_partnerlist_en.pdf
[2010/09/18 18:40:30 | 000,478,125 | ---- | C] () -- C:\Documents and Settings\Amit\My Documents\TV first_steps_permanent_access_en.pdf
[2010/09/18 18:39:41 | 000,450,346 | ---- | C] () -- C:\Documents and Settings\Amit\My Documents\TV first_steps_spontaneous_support_en.pdf
[2010/09/18 18:37:01 | 000,016,955 | ---- | C] () -- C:\Documents and Settings\Amit\My Documents\43E7B49CE24731E2CDAD225D9DF10642335E4615.torrent
[2010/09/17 17:01:00 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/09/17 15:19:32 | 000,000,636 | ---- | C] () -- C:\Documents and Settings\Amit\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8.lnk
[2010/09/17 15:19:32 | 000,000,618 | ---- | C] () -- C:\Documents and Settings\Amit\Desktop\DVDFab 8.lnk
[2010/09/15 20:43:57 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/15 20:41:39 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/15 20:40:51 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/13 21:14:46 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Amit\Desktop\Revo Uninstaller.lnk
[2010/09/13 20:49:47 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/09/13 17:46:29 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\WrdvkQ.dat
[2010/09/13 17:46:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/09/13 17:46:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/09/13 17:46:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/09/13 17:46:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/09/13 17:46:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/09/13 17:46:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/09/13 17:46:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/09/13 17:46:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/09/13 17:46:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/09/13 17:46:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/09/13 17:46:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/09/13 17:46:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/09/13 17:46:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/09/13 17:46:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/09/13 17:46:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/09/13 17:46:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/09/13 17:46:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/09/13 17:46:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/09/13 17:46:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/09/13 17:46:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/09/13 17:46:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/09/13 17:46:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/09/13 17:46:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/09/13 17:46:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/09/13 17:44:44 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/09/13 17:44:44 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/09/13 17:44:44 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/09/13 17:44:44 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/09/13 17:44:44 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/09/13 17:44:44 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/09/13 17:44:44 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/09/13 17:44:44 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/09/13 17:44:44 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/09/13 17:44:44 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/09/13 17:44:44 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/09/13 17:44:44 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/09/13 17:44:44 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/09/13 17:44:44 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/09/13 17:44:44 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/09/13 17:44:44 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/09/13 17:44:44 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/09/13 17:44:44 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/09/13 17:44:44 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/09/13 17:44:44 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/09/13 17:44:44 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/09/13 17:44:44 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/09/13 17:44:44 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/09/13 17:44:44 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/09/09 17:42:05 | 000,023,610 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.wtav
[2010/09/05 09:08:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/27 10:39:12 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\Amit\Desktop\MP3MyMP3 3.0.lnk
[2010/08/14 13:02:35 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Amit\Application Data\inst.exe
[2010/08/13 21:21:26 | 000,161,536 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/19 06:18:04 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Amit\Application Data\Windowz.exe
[2010/05/19 06:01:58 | 003,508,170 | ---- | C] () -- C:\Documents and Settings\Amit\Application Data\Alexandra Burke - All Night Long (Ft Pitbull).zip
[2010/05/02 21:47:30 | 000,000,177 | ---- | C] () -- C:\Documents and Settings\Amit\Application Data\default.rss
[2010/05/01 18:30:49 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2010/02/14 21:55:30 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/01/30 16:42:59 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2010/01/29 17:32:38 | 000,000,120 | ---- | C] () -- C:\WINDOWS\CIS_Setup_3.13.126709.581_XP_Vista_x32.INI
[2009/12/03 21:34:31 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/11/27 21:11:39 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2009/11/25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/09/15 21:46:29 | 000,010,791 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/07/30 15:11:06 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/05/20 17:35:55 | 000,005,184 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2009/03/27 08:43:05 | 000,000,295 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2008/11/30 19:12:48 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\cl31cl3.dll
[2008/11/05 12:21:29 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/11/05 12:21:29 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/10/29 18:25:09 | 000,011,700 | ---- | C] () -- C:\Documents and Settings\Amit\Local Settings\Application Data\fyte.ban
[2008/10/29 18:25:08 | 000,017,723 | ---- | C] () -- C:\Documents and Settings\Amit\Local Settings\Application Data\zosyqi._sy
[2008/10/29 18:25:08 | 000,014,156 | ---- | C] () -- C:\Documents and Settings\Amit\Application Data\utofiv.dll
[2008/10/29 18:25:08 | 000,014,092 | ---- | C] () -- C:\Documents and Settings\Amit\Local Settings\Application Data\puxytaqaj.exe
[2008/10/29 18:25:08 | 000,013,706 | ---- | C] () -- C:\Program Files\Common Files\vasosicuv.scr
[2008/10/29 18:25:08 | 000,012,515 | ---- | C] () -- C:\Documents and Settings\Amit\Application Data\xonemo.db
[2008/10/29 18:25:08 | 000,011,886 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\itihelymy.com
[2008/10/02 23:25:09 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2008/01/11 17:57:24 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\Amit\Local Settings\Application Data\is_downloader.txt
[2007/06/18 21:05:34 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Amit\Application Data\pcouffin.log
[2007/06/18 21:05:32 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Amit\Application Data\pcouffin.cat
[2007/06/18 21:05:32 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Amit\Application Data\pcouffin.inf
[2007/03/09 09:37:48 | 000,057,792 | ---- | C] () -- C:\Program Files\MC
[2007/02/13 22:57:08 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\Amit\Application Data\.zreglib
[2007/01/18 23:08:14 | 000,000,080 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2006/10/12 20:51:44 | 000,000,262 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/07/18 21:48:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/07/01 07:46:58 | 000,167,936 | ---- | C] () -- C:\Program Files\diskinst.exe
[2006/07/01 07:46:58 | 000,000,389 | ---- | C] () -- C:\Program Files\proginfo.txt
[2006/07/01 07:46:58 | 000,000,113 | ---- | C] () -- C:\Program Files\instruct.ini
[2006/07/01 07:46:58 | 000,000,073 | ---- | C] () -- C:\Program Files\cdboot.phx
[2006/04/22 15:40:18 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/02/02 08:39:08 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2005/12/21 21:10:27 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\tvqenc.dll
[2005/12/10 20:12:11 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2005/12/09 17:48:40 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/09/25 11:16:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MusicEditor.INI
[2005/07/07 12:24:27 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\Amit\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/06/25 13:02:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AudStu.INI
[2005/06/25 12:57:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\netMedic.INI
[2005/06/25 12:48:34 | 000,012,499 | ---- | C] () -- C:\WINDOWS\System32\EONSYSREV_1.DLL
[2005/06/23 20:39:04 | 000,000,024 | ---- | C] () -- C:\WINDOWS\magix.ini
[2005/06/21 20:05:47 | 000,000,210 | ---- | C] () -- C:\WINDOWS\CleaningLab.INI
[2005/06/21 18:02:31 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2005/06/21 18:00:14 | 000,000,919 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2005/06/15 17:04:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/13 20:16:08 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/06/05 18:18:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2005/03/04 12:54:02 | 000,000,049 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/03/04 12:07:46 | 000,000,456 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/12/19 19:41:10 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Amit\Application Data\PFP120JPR.{PB
[2004/12/19 19:41:10 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Amit\Application Data\PFP120JCM.{PB
[2004/12/17 18:44:47 | 000,001,233 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/12/09 01:42:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/09 01:37:34 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/12/09 01:11:28 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 23:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 06:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 06:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 06:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 06:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 06:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2003/01/07 16:15:26 | 000,000,255 | ---- | C] () -- C:\WINDOWS\System32\dlbkcoin.ini
[2002/11/13 14:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbkvs.dll
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 300 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D6E5D55
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EFB0FE0
< End of report >

3dsoundz
Intermediate
Intermediate

Posts Posts : 127
Joined Joined : 2009-10-26
OS OS : win xp sp3
Points Points : 27688
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus still there ???

Post by 3dsoundz on 23rd September 2010, 12:24 am

EXTRA

OTL Extras logfile created on: 9/22/2010 7:17:44 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Amit\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.21 Gb Total Space | 109.19 Gb Free Space | 74.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 465.76 Gb Total Space | 87.34 Gb Free Space | 18.75% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DARSHMEET
Current User Name: Amit
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Documents and Settings\Amit\My Documents\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Documents and Settings\Amit\My Documents\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Documents and Settings\Amit\My Documents\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"14238:TCP" = 14238:TCP:*:Enabled:darshmeet
"1755:TCP" = 1755:TCP:*:Enabled:windows media player
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\kdx\KHost.exe" = C:\WINDOWS\kdx\KHost.exe:*:Enabled:Delivery Manager -- (Kontiki Inc.)
"C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui -- ()
"C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.exe" = C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.exe:*:Disabled:802.11b+g USB Wireless LAN Utility -- File not found
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Disabled:Ares p2p for windows -- (Ares Development Group)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe" = C:\Program Files\Alwil Software\Avast5\AvastUI.exe:*:Enabled:AvastUI -- (AVAST Software)
"C:\Documents and Settings\Amit\Local Settings\temp\st2O1.exe" = C:\Documents and Settings\Amit\Local Settings\temp\st2O1.exe:*:Enabled:115026 -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0165ddcd-ad77-4399-9154-3b7995d97fb0}" = Nero BackItUp 4
"{01772c61-36fe-40d8-bb24-74b51f432ed4}" = mp3PRO Plug-in
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero BurningROM
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0b2a6e9a-45b7-440d-b462-d94279b33c16}" = Blu-ray Disc Authoring Plug-in
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1038fc87-7a70-44f3-b81f-fb59ac3efba4}" = Nero Move it
"{1099EEAB-C4BC-4F66-980F-2269856A71CD}" = Native Instruments Traktor
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 21
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3a3c49bd-ea24-4408-ad21-8fd4415aabf4}" = Nero MediaHome 4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{47AA42FD-0450-4CB4-ADAF-B6E770AA7B2F}" = Sony Media Manager 2.2
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1" = Sothink Movie DVD Maker
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.1
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{59b09088-aa39-44f7-b983-09ed7b4de511}" = Nero 9
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6C2EDF63-C83B-4AAD-AC26-1784660F618B}" = Advanced Disk Cleaner
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{75B61CF0-B8A8-46E2-8709-C4A79898AC1D}" = Data Lifeguard Diagnostic for Windows
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{80a3a731-db53-4c5a-a92c-7a7355372342}" = Gracenote Plug-in
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{857c605f-be51-4d93-b838-c8849df7492d}" = DTS Plug-in
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{87DABCF7-2C38-4996-8FBE-053CA6536168}" = Sony ACID Pro 6.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Franįais, Deutsch
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C7DD94A8-F775-426C-B56C-8E555A59F9E2}" = Garmin Communicator Plugin
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDE4CC8B-134B-421E-943C-90799E56F664}" = Dell Media Experience Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Ares" = Ares 2.1.1
"avast5" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"BitTornado" = BitTornado 0.3.17
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Dell AIO Printer A920" = Dell AIO Printer A920
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8_is1" = DVDFab 8.0.0.5 (25/08/2010)
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"HaaliMkx" = Haali Media Splitter
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MP3MyMP3_is1" = MP3MyMP3 3.0
"Mp3tag" = Mp3tag v2.46a
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"Revo Uninstaller" = Revo Uninstaller 1.89
"Samsung CLP-310 Series" = Samsung CLP-310 Series
"SBC Yahoo! Applications" = SBC Yahoo! Applications
"TeamViewer 5" = TeamViewer 5
"TweakNow PowerPack 2009_is1" = TweakNow PowerPack 2009
"VLC media player" = VideoLAN VLC media player 0.8.6e
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2b
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/11/2010 6:02:37 PM | Computer Name = DARSHMEET | Source = Bonjour Service | ID = 100
Description = 320: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/11/2010 6:02:37 PM | Computer Name = DARSHMEET | Source = Bonjour Service | ID = 100
Description = 304: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/11/2010 6:02:37 PM | Computer Name = DARSHMEET | Source = Bonjour Service | ID = 100
Description = 480: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/11/2010 6:02:37 PM | Computer Name = DARSHMEET | Source = Bonjour Service | ID = 100
Description = 492: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/13/2010 7:41:51 PM | Computer Name = DARSHMEET | Source = Application Error | ID = 1000
Description = Faulting application cfJyF1yJ.exe, version 0.0.0.0, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x0000985e.

Error - 9/17/2010 2:17:46 PM | Computer Name = DARSHMEET | Source = Application Hang | ID = 1002
Description = Hanging application DVDFab.exe, version 7.0.9.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/17/2010 3:46:12 PM | Computer Name = DARSHMEET | Source = Application Hang | ID = 1002
Description = Hanging application DVDFab.exe, version 7.0.9.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/17/2010 4:22:57 PM | Computer Name = DARSHMEET | Source = Application Hang | ID = 1002
Description = Hanging application DVDFab.exe, version 8.0.0.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/17/2010 4:49:22 PM | Computer Name = DARSHMEET | Source = Application Hang | ID = 1002
Description = Hanging application DVDFab.exe, version 8.0.0.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/19/2010 11:53:07 AM | Computer Name = DARSHMEET | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

[ System Events ]
Error - 9/22/2010 6:42:45 PM | Computer Name = DARSHMEET | Source = atapi | ID = 262159
Description = The device, \Device\Ide\IdePort0, is not ready for access yet.

Error - 9/22/2010 6:42:45 PM | Computer Name = DARSHMEET | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 9/22/2010 6:44:21 PM | Computer Name = DARSHMEET | Source = atapi | ID = 262159
Description = The device, \Device\Ide\IdePort0, is not ready for access yet.

Error - 9/22/2010 6:45:57 PM | Computer Name = DARSHMEET | Source = atapi | ID = 262159
Description = The device, \Device\Ide\IdePort0, is not ready for access yet.

Error - 9/22/2010 6:45:57 PM | Computer Name = DARSHMEET | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 9/22/2010 6:47:33 PM | Computer Name = DARSHMEET | Source = PlugPlayManager | ID = 12
Description = The device '_NEC DVD_RW ND-3550A' (IDE\CdRom_NEC_DVD_RW_ND-3550A____________________1.04____\5&1ce3bd75&0&0.0.0)
disappeared from the system without first being prepared for removal.

Error - 9/22/2010 6:47:34 PM | Computer Name = DARSHMEET | Source = PlugPlayManager | ID = 12
Description = The device 'HL-DT-ST CD-RW GCE-8483B' (IDE\CdRomHL-DT-ST_CD-RW_GCE-8483B________________B105____\5&1ce3bd75&0&0.1.0)
disappeared from the system without first being prepared for removal.

Error - 9/22/2010 7:00:00 PM | Computer Name = DARSHMEET | Source = Schedule | ID = 7901
Description = The At43.job command failed to start due to the following error: %%2147942402

Error - 9/22/2010 7:08:00 PM | Computer Name = DARSHMEET | Source = Schedule | ID = 7901
Description = The At19.job command failed to start due to the following error: %%2147942402

Error - 9/22/2010 8:00:00 PM | Computer Name = DARSHMEET | Source = Schedule | ID = 7901
Description = The At44.job command failed to start due to the following error: %%2147942402


< End of report >

3dsoundz
Intermediate
Intermediate

Posts Posts : 127
Joined Joined : 2009-10-26
OS OS : win xp sp3
Points Points : 27688
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus still there ???

Post by Belahzur on 23rd September 2010, 12:26 am

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: virus still there ???

Post by 3dsoundz on 23rd September 2010, 1:06 am

COMBOFIX SCAN

ComboFix 10-09-22.05 - Amit 09/22/2010 19:53:13.11.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1620 [GMT -5:00]
Running from: c:\documents and settings\Amit\Desktop\Combo-Fix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\.wtav
c:\documents and settings\Amit\Application Data\inst.exe
c:\documents and settings\Amit\Application Data\Microsoft\~DFK27885c.tmp
c:\documents and settings\Amit\Application Data\Microsoft\1eaadjc.dll
c:\documents and settings\Amit\Application Data\Microsoft\bass.dll
c:\documents and settings\Amit\Application Data\Microsoft\kfgresk.dll
c:\documents and settings\Amit\Application Data\Microsoft\mjcriu.dll
c:\documents and settings\Amit\Application Data\Microsoft\peaadje.dll
c:\documents and settings\Amit\Application Data\Microsoft\qwadjb.dll
c:\documents and settings\Amit\Application Data\Microsoft\rsaadjd.dll
c:\documents and settings\Amit\g2mdlhlpx.exe
c:\program files\Mozilla Firefox\searchplugins\google_search.xml
c:\windows\tempf.txt

Infected copy of c:\windows\system32\drivers\ql12160.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-08-23 to 2010-09-23 )))))))))))))))))))))))))))))))
.

2010-09-23 00:52 . 2010-09-23 00:52 -------- d-----w- c:\windows\LastGood
2010-09-22 22:18 . 2010-09-22 22:18 -------- d-----w- c:\windows\system32\MpEngineStore
2010-09-21 03:06 . 2010-09-21 03:06 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-21 03:05 . 2010-09-21 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-09-17 20:19 . 2010-09-21 03:05 -------- d-----w- c:\program files\DVDFab 8
2010-09-16 01:42 . 2010-09-16 01:42 -------- d-----w- c:\program files\iPod
2010-09-16 01:42 . 2010-09-16 01:43 -------- d-----w- c:\program files\iTunes
2010-09-16 01:42 . 2010-09-16 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-16 01:41 . 2010-09-16 01:41 -------- d-----w- c:\program files\QuickTime
2010-09-16 01:40 . 2010-09-16 01:40 -------- d-----w- c:\program files\Apple Software Update
2010-09-16 01:40 . 2010-09-16 01:40 -------- d-----w- c:\program files\Bonjour
2010-09-14 01:32 . 2010-09-14 01:32 -------- d-----w- c:\documents and settings\Administrator\PrivacIE
2010-09-14 01:16 . 2010-09-14 01:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-09-13 23:32 . 2010-09-13 23:32 58056 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-13 22:49 . 2010-09-13 22:49 -------- d-----w- c:\documents and settings\NetworkService\PrivacIE
2010-09-13 22:49 . 2010-09-13 22:49 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-09-13 22:46 . 2010-09-13 22:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-09-13 22:45 . 2010-09-13 23:32 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2010-09-13 22:45 . 2010-09-13 22:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-09-12 22:25 . 2010-09-12 22:25 -------- d-----w- c:\documents and settings\Amit\Application Data\TeamViewer
2010-09-12 22:25 . 2010-09-12 22:25 -------- d-----w- c:\program files\TeamViewer
2010-09-11 22:06 . 2010-09-14 01:40 -------- d-----w- c:\program files\QuickTime(2)
2010-09-05 14:08 . 2010-09-22 22:54 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-04 13:07 . 2010-09-04 13:07 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-09-04 02:39 . 2010-09-04 02:39 -------- d-----w- c:\documents and settings\Amit\Application Data\Alexandra Burke - All Night Long (Ft Pitbull)
2010-09-01 14:12 . 2010-09-01 14:12 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-08-28 02:32 . 2010-08-28 02:38 -------- d-----w- c:\documents and settings\Amit\Application Data\eMusic
2010-08-28 02:32 . 2010-08-28 02:32 -------- d-----w- c:\documents and settings\Amit\Local Settings\Application Data\eMusic
2010-08-28 02:31 . 2010-08-28 02:38 -------- d-----w- c:\program files\eMusic Download Manager
2010-08-27 15:39 . 2010-09-21 02:41 -------- d-----w- c:\program files\MP3MyMP3 3.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-22 22:12 . 2008-10-03 04:25 -------- d-----w- c:\program files\IDrive
2010-09-22 03:37 . 2010-05-29 02:57 -------- d-----w- c:\program files\SpaceQuery(2)
2010-09-21 03:05 . 2006-04-08 21:19 -------- d-----w- c:\documents and settings\Amit\Application Data\Azureus
2010-09-18 12:10 . 2007-06-19 02:05 -------- d-----w- c:\documents and settings\Amit\Application Data\Vso
2010-09-18 12:09 . 2007-06-19 02:05 47360 -c--a-w- c:\documents and settings\Amit\Application Data\pcouffin.sys
2010-09-18 12:09 . 2007-06-19 02:05 47360 -c--a-w- c:\documents and settings\Amit\Application Data\pcouffin.sys
2010-09-17 20:19 . 2006-04-05 02:25 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-09-16 01:42 . 2007-11-02 22:43 -------- d-----w- c:\program files\Common Files\Apple
2010-09-16 01:19 . 2010-07-20 02:05 452104 ----a-w- c:\documents and settings\Amit\Application Data\Real\Update\setup3.12\setup.exe
2010-09-14 02:44 . 2004-12-09 06:40 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2010-09-14 01:38 . 2009-12-20 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-09-13 22:46 . 2010-09-13 22:46 112 ----a-w- c:\documents and settings\All Users\Application Data\WrdvkQ.dat
2010-09-07 15:12 . 2010-07-17 23:28 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-01-29 22:34 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-01-29 22:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-01-29 22:35 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-01-29 22:35 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-01-29 22:35 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-01-29 22:35 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-01-29 22:35 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-01-29 22:35 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-28 18:45 . 2010-07-09 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-08-28 18:44 . 2009-06-23 02:37 -------- d-----w- c:\program files\DivX
2010-08-27 19:02 . 2009-11-28 05:54 47644 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-16 02:28 . 2010-08-16 02:23 -------- d-----w- c:\documents and settings\Amit\Application Data\GARMIN
2010-08-16 02:28 . 2010-08-16 02:28 -------- d-----w- c:\program files\Garmin GPS Plugin
2010-08-16 02:28 . 2010-08-16 02:28 -------- d-----w- c:\program files\DIFX
2010-08-16 02:28 . 2010-08-16 02:28 -------- d-----w- c:\program files\Garmin
2010-08-15 21:46 . 2005-08-28 03:28 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-08-14 02:21 . 2010-08-14 02:21 161536 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-14 02:13 . 2010-08-14 02:13 310208 ----a-w- c:\documents and settings\Amit\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
2010-08-14 01:21 . 2009-10-24 14:38 -------- d-----w- c:\program files\Vuze
2010-08-14 01:20 . 2010-08-14 01:20 -------- d-----w- c:\program files\Conduit
2010-08-14 01:19 . 2009-11-28 16:33 -------- d-----w- c:\documents and settings\Amit\Application Data\Skype
2010-08-14 01:15 . 2009-11-28 16:38 -------- d-----w- c:\documents and settings\Amit\Application Data\skypePM
2010-08-06 14:15 . 2010-01-30 22:01 58056 ----a-w- c:\documents and settings\Amit\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-06 14:15 . 2010-08-06 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-08-06 14:12 . 2004-12-19 23:52 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-06 14:07 . 2010-08-06 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
2010-08-06 13:23 . 2010-08-06 13:23 -------- d-----w- c:\program files\Adobe Media Player
2010-08-06 13:12 . 2010-08-06 13:12 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-08-06 12:43 . 2010-08-06 12:43 503808 ----a-w- c:\documents and settings\Amit\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4d6997dc-n\msvcp71.dll
2010-08-06 12:43 . 2010-08-06 12:43 499712 ----a-w- c:\documents and settings\Amit\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4d6997dc-n\jmc.dll
2010-08-06 12:43 . 2010-08-06 12:43 348160 ----a-w- c:\documents and settings\Amit\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4d6997dc-n\msvcr71.dll
2010-08-06 12:43 . 2010-08-06 12:43 61440 ----a-w- c:\documents and settings\Amit\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3eb955a9-n\decora-sse.dll
2010-08-06 12:43 . 2010-08-06 12:43 12800 ----a-w- c:\documents and settings\Amit\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3eb955a9-n\decora-d3d.dll
2010-08-01 19:23 . 2010-08-01 19:23 -------- d-----w- c:\program files\Common Files\Java
2010-08-01 19:07 . 2004-12-09 06:32 -------- d-----w- c:\program files\Java
2010-08-01 01:15 . 2010-07-09 22:10 -------- d-----w- c:\documents and settings\Amit\Application Data\DivX
2010-07-27 23:44 . 2010-07-27 23:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 23:44 . 2010-07-27 23:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-17 10:00 . 2010-04-17 16:26 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-10 01:07 . 2010-07-10 01:07 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-30 12:31 . 2004-08-04 11:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-25 13:19 . 2010-04-16 12:55 439816 ----a-w- c:\documents and settings\Amit\Application Data\Real\Update\setup3.10\setup.exe
2008-10-29 23:25 . 2008-10-29 23:25 13706 -c--a-w- c:\program files\Common Files\vasosicuv.scr
2007-03-09 14:37 . 2007-03-09 14:37 57792 -c--a-w- c:\program files\MC
2006-07-01 12:46 . 2006-07-01 12:46 73 -c--a-w- c:\program files\cdboot.phx
2006-07-01 12:46 . 2006-07-01 12:46 389 -c--a-w- c:\program files\proginfo.txt
2006-07-01 12:46 . 2006-07-01 12:46 167936 -c--a-w- c:\program files\diskinst.exe
2006-07-01 12:46 . 2006-07-01 12:46 113 -c--a-w- c:\program files\instruct.ini
2009-11-01 16:54 . 2009-10-31 16:22 45223968 --sha-w- c:\windows\SYSTEM32\DRIVERS\fidbox.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-26 185896]
"VX3000"="c:\windows\vVX3000.exe" [2009-07-24 762208]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-09-18 53248]

c:\documents and settings\Amit\Start Menu\Programs\Startup\
avast.lnk - c:\program files\Alwil Software\Avast5\AvastUI.exe [2010-1-29 2838912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-12-9 24576]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
path=
backup=
backupExtension=Common Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^802.11b+g USB Wireless LAN Utility.lnk]
backup=c:\windows\pss\802.11b+g USB Wireless LAN Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
backupExtension=Common Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
backupExtension=Common Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Amit^Start Menu^Programs^Startup^IDrive Tray.lnk]
backup=c:\windows\pss\IDrive Tray.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2009-02-03 13:22 1004544 ----a-w- c:\program files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
2004-04-15 08:32 270336 ----a-w- c:\program files\Dell AIO Printer A920\dlbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 13:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2009-07-24 21:05 118640 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 16:50 155648 ----a-w- c:\windows\SYSTEM32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 10:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2008-08-08 05:03 524288 ----a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 19:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2009-07-24 21:05 762208 ----a-w- c:\windows\vVX3000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\kdx\\KHost.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\SYSTEM32\\hkcmd.exe"=
"c:\\Program Files\\Alwil Software\\Avast5\\AvastUI.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"14238:TCP"= 14238:TCP:darshmeet
"1755:TCP"= 1755:TCP:windows media player
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [1/29/2010 5:35 PM 165584]
R1 MpKslb1aae9a9;MpKslb1aae9a9;c:\windows\SYSTEM32\MpEngineStore\MpKslb1aae9a9.sys [9/22/2010 5:18 PM 28752]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [1/29/2010 5:35 PM 17744]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [9/17/2010 5:00 PM 1956136]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 IDriveE Service;IDriveE Service;"c:\program files\IDrive\IDriveE Service.exe" --> c:\program files\IDrive\IDriveE Service.exe [?]
S2 IDrivePlugin;IDrivePlugin;"c:\program files\IDrive\IDriveWebM.exe" --> c:\program files\IDrive\IDriveWebM.exe [?]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 WLAN(WLAN);802.11b+g USB Wireless LAN Adapter Driver(WLAN);c:\windows\SYSTEM32\DRIVERS\zd1211u.sys [6/5/2005 6:18 PM 258560]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 ZD1201U;ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB);c:\windows\system32\DRIVERS\zd1201u.sys --> c:\windows\system32\DRIVERS\zd1201u.sys [?]
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;c:\windows\SYSTEM32\zdbrgsys.sys [6/5/2005 6:18 PM 19200]
S3 ZDNDIS5;ZDNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\ZDNDIS5.SYS --> c:\windows\system32\ZDNDIS5.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-17 00:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-09-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2010-05-15 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\DEFRAG.EXE [2004-08-04 00:12]

2010-09-22 c:\windows\Tasks\NeroLiveEpgUpdate-DARSHMEET_Amit.job
- c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 18:51]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar =
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = ;*.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Yahoo! &SMS - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsms.htm
TCP: {6876C54C-08AF-4D30-8DB2-CA7CBADD2463} = 192.168.1.254,192.168.2.254
DPF: Garmin Communicator Plug-In - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)
HKLM-Run-Bing Bar - c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
MSConfigStartUp-Acrobat Assistant 7 - c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-09-22 20:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\Amit\LOCALS~1\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3018035710-715601661-13499995-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2010-09-22 20:05:30
ComboFix-quarantined-files.txt 2010-09-23 01:05

Pre-Run: 117,209,673,728 bytes free
Post-Run: 119,487,582,208 bytes free

- - End Of File - - A6C8298EE37EEF31B01ADF6E15EB74A0

3dsoundz
Intermediate
Intermediate

Posts Posts : 127
Joined Joined : 2009-10-26
OS OS : win xp sp3
Points Points : 27688
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus still there ???

Post by 3dsoundz on 23rd September 2010, 1:09 am

combofix had to restart the computer

got msg saying "combofix found rootkit needs to restart

3dsoundz
Intermediate
Intermediate

Posts Posts : 127
Joined Joined : 2009-10-26
OS OS : win xp sp3
Points Points : 27688
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus still there ???

Post by 3dsoundz on 23rd September 2010, 1:10 am

i have to go somewhere so i will have to do this later thanx for your help so far i will c u later

3dsoundz
Intermediate
Intermediate

Posts Posts : 127
Joined Joined : 2009-10-26
OS OS : win xp sp3
Points Points : 27688
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus still there ???

Post by 3dsoundz on 23rd September 2010, 1:10 am

u can leave me msg for next step

3dsoundz
Intermediate
Intermediate

Posts Posts : 127
Joined Joined : 2009-10-26
OS OS : win xp sp3
Points Points : 27688
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus still there ???

Post by Belahzur on 23rd September 2010, 10:52 am

Hello.

I see that you are running Vuze.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Ares 2.1.1
    Vuze

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: virus still there ???

Post by 3dsoundz on 24th September 2010, 12:32 am

here is the log for ESET

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=8f01307a220dc94997741fb9ae63aa29
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-24 12:29:01
# local_time=2010-09-23 07:29:01 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 20394103 20394103 0 0
# compatibility_mode=1024 16777215 100 0 14268486 14268486 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=335890
# found=0
# cleaned=0
# scan_time=6750


Last edited by 3dsoundz on 24th September 2010, 1:02 am; edited 1 time in total

3dsoundz
Intermediate
Intermediate

Posts Posts : 127
Joined Joined : 2009-10-26
OS OS : win xp sp3
Points Points : 27688
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus still there ???

Post by 3dsoundz on 24th September 2010, 12:34 am

for vuze & ares. I use them both only when i need them as i m a DJ n so when people ask for certain songs i have to use them

3dsoundz
Intermediate
Intermediate

Posts Posts : 127
Joined Joined : 2009-10-26
OS OS : win xp sp3
Points Points : 27688
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus still there ???

Post by Belahzur on 24th September 2010, 9:23 pm

Okay, how is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: virus still there ???

Post by 3dsoundz on 25th September 2010, 3:09 am

its is running good n everytime i open a website IE is asking for permission or i would say asking me if i want to visit the web site, forgot what exactly the msg says but ya thanks for the help n i would like to know how i can learn to be like u n b help to others coz i see only u n 2 other guys helping all the time, only thing is i can spend 2-3 hrs of late evening as i have 2 small kids n have to spend time with them kind of family time + other things to take care of so if thats still ok than i want to be part of the team

3dsoundz
Intermediate
Intermediate

Posts Posts : 127
Joined Joined : 2009-10-26
OS OS : win xp sp3
Points Points : 27688
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus still there ???

Post by Belahzur on 26th September 2010, 12:02 am

Hello.
None of the tech staff here will recommend IE to anyone, we always recommend Firefox or Chrome.

We have more than just me and Jay, there is 2 other helpers working the removal forum.

If you want to join, give this topic a read and follow the instructions there.

[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum