GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

"Vista Antivirus 2012" virus

View previous topic View next topic Go down

"Vista Antivirus 2012" virus

Post by life4blood on Sat Dec 17, 2011 12:56 am

Hi.
My desktop got hit by a virus called "Vista Antivirus 2012". I downloaded Malwarebytes' Anti-Malware and ran a scan. It detected the virus and quarantined it. I then proceeded in removing the virus and restarted the computer. Afterwards however, there was a problem. While the virus seems to be gone, quiet a few files seem to be missing from system32. Everytime I try to run a program, the computer seems to have an error. It can not seem to locate the program and asks me to do so manually. Another instance the computer displays an error is when a message pops up and says a certain file from system32 can not be located, preventing me from opening a program/software. What do I do?

life4blood
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2010-01-03
OS : Windows Vista

View user profile

Back to top Go down

Re: "Vista Antivirus 2012" virus

Post by life4blood on Sat Dec 17, 2011 12:56 am

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-16 16:52:34
-----------------------------
16:52:34.596 OS Version: Windows x64 6.0.6002 Service Pack 2
16:52:34.596 Number of processors: 4 586 0x203
16:52:34.596 ComputerName: MEGHANA-PC UserName: Meghana
16:52:35.735 Initialize success
16:52:47.939 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000050
16:52:47.939 Disk 0 Vendor: ST350062 HP26 Size: 476940MB BusType: 8
16:52:49.967 Disk 0 MBR read successfully
16:52:49.983 Disk 0 MBR scan
16:52:49.983 Disk 0 unknown MBR code
16:52:49.998 Service scanning
16:52:51.277 Modules scanning
16:52:51.277 Disk 0 trace - called modules:
16:52:51.293 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor64.sys
16:52:51.309 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ecd790]
16:52:51.309 3 CLASSPNP.SYS[fffffa60007bdc33] -> nt!IofCallDriver -> [0xfffffa8003c59db0]
16:52:51.324 5 acpi.sys[fffffa6000901fde] -> nt!IofCallDriver -> \Device\00000050[0xfffffa8003d32060]
16:52:51.808 Scan finished successfully
16:55:15.905 Disk 0 MBR has been saved successfully to "C:\Users\Meghana\Desktop\MBR.dat"
16:55:15.921 The log file has been saved successfully to "C:\Users\Meghana\Desktop\aswMBR.txt"


This is a copied and pasted log from aswMBR (avast antiroot kit)

life4blood
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2010-01-03
OS : Windows Vista

View user profile

Back to top Go down

Re: "Vista Antivirus 2012" virus

Post by life4blood on Sat Dec 17, 2011 1:00 am

Results of screen317's Security Check version 0.99.28
Windows Vista x64 (UAC is enabled)
[You must be registered and logged in to see this link.]
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Avira Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Java(TM) 6 Update 7
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox ((3.5.19)) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Avira Antivir avguard.exe
``````````End of Log````````````
Log from SecurityCheck

life4blood
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2010-01-03
OS : Windows Vista

View user profile

Back to top Go down

Re: "Vista Antivirus 2012" virus

Post by life4blood on Sat Dec 17, 2011 1:44 am

OTL Extras logfile created on: 12/16/2011 5:06:03 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = K:\
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 62.38% Memory free
8.20 Gb Paging File | 6.63 Gb Available in Paging File | 80.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.60 Gb Total Space | 323.33 Gb Free Space | 71.44% Space Free | Partition Type: NTFS
Drive D: | 13.16 Gb Total Space | 1.80 Gb Free Space | 13.64% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive K: | 250.60 Mb Total Space | 235.70 Mb Free Space | 94.05% Space Free | Partition Type: FAT

Computer Name: MEGHANA-PC | User Name: Meghana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = 256] -- "C:\Users\Meghana\AppData\Local\suc.exe" -a "%1" %*
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 1E F5 EE 9B E3 3B CB 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03FE3175-25C6-440F-98C1-9CAAE4E79579}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher |
"{0B418F16-94BB-4867-BB28-A1630397B1F6}" = lport=445 | protocol=6 | dir=in | app=system |
"{1E7B5BF5-E3AE-42D6-A959-2EDBF30A952F}" = lport=19540 | protocol=17 | dir=in | name=sxuptp |
"{31C94F26-B680-44D8-B79F-E04529D49F6B}" = rport=137 | protocol=17 | dir=out | app=system |
"{46958662-3466-41D5-B260-2D3AB7816ED5}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher |
"{742866D8-A5A7-4FB4-8A62-27DFCB87705F}" = lport=138 | protocol=17 | dir=in | app=system |
"{81B13022-8388-4018-A8AA-D4C65A2BDAF1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9B1FCB7E-AF85-472D-BB1D-A3A652A5AA12}" = rport=445 | protocol=6 | dir=out | app=system |
"{9D0C65DD-3F24-4BDD-A661-D9C5ECA1E583}" = rport=138 | protocol=17 | dir=out | app=system |
"{A46BEF4D-3C07-4F5B-9853-6A0CDB5B90A7}" = lport=137 | protocol=17 | dir=in | app=system |
"{A683A652-8C30-4F75-B035-9C8B99D90B5C}" = lport=139 | protocol=6 | dir=in | app=system |
"{C114188E-0E34-4223-BB63-CB2A3256480E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{D79FAB4A-3392-4147-A88B-9AA94485D1B7}" = rport=139 | protocol=6 | dir=out | app=system |
"{E28F75BC-8F37-4CFE-8512-EEE0CF647C1B}" = lport=8379 | protocol=6 | dir=in | name=league of legends launcher |
"{E309C27A-78A8-430A-9497-680555BB6E58}" = lport=8380 | protocol=17 | dir=in | name=league of legends launcher |
"{E6B70BF8-76D6-4ECD-8C2A-745D354B5FA2}" = lport=8379 | protocol=17 | dir=in | name=league of legends launcher |
"{EA3C6C39-0C02-4CDB-B5E4-3BB1785469EB}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdater.exe |
"{EB0913E9-6FF1-4B19-9357-11FD6C0F987C}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe |
"{F4AD799C-3FBD-4C04-8556-6739386117AD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F683C732-CD14-448E-B2A6-1227D16A5C28}" = lport=8380 | protocol=6 | dir=in | name=league of legends launcher |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{037FE8D4-AD74-465E-A52E-4559049CD098}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{0623C81C-1062-40F8-B159-363DAE38A17F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{12DEE7D1-736C-4C3A-A117-BAD03C183FE4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{16FF3702-F546-426B-BA7A-A748C8AC0D53}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{1B3D3E8E-9DC0-4D92-94DB-07F86F2C56CB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{1B5ED7D8-8D15-4D91-8903-CBEB915B9E7D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1E58A0AD-FC2B-4B8A-89AD-6BD78658AD45}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{25BCB018-9791-435B-9FB3-3A1D3A5D1E1B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{2DAD2496-C464-4C77-9258-37DA747BD83A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{3062FF5B-C3C0-4266-B3FE-13FD06D58E14}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{370528D9-A70D-4D43-9B42-B2DE64A70B09}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{37BC9FBA-2C81-4BC5-A694-288DCCF94031}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{3B27F4AC-9F74-4C4E-8A16-E981922325FD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{3ED674D4-0B9F-4C41-9573-9187B041423E}" = protocol=6 | dir=in | app=c:\program files\d-link\shareport utility\connect.exe |
"{4985140E-023C-41A4-B072-53D2439D09E2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{4D669233-045E-46FD-B826-8AD5FC43A433}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4EE1E2A9-E135-426A-8390-7DEAD318CD2D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{51938A8E-01B9-4813-99DC-5FC6DEC94C52}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{63E7735D-DC80-4165-94A9-BD057AA98450}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{65EE447B-BA0A-48BE-B579-85FF28580A95}" = protocol=17 | dir=in | app=c:\program files\d-link\shareport utility\connect.exe |
"{69A044E0-3614-4A31-96FA-BDD71030CAB7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{715F66C2-CB2A-4AF4-A5C1-3C007601050A}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{75DA5820-A70A-43ED-B98D-493A591E54FC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{7C69236D-941D-444A-86BA-595D81D10A57}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{8495C465-8F41-4AA6-B907-E7E2B7463F35}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{8EDCEFA2-6C88-4EFC-9AF3-58072FAF38B9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{92F3304F-014C-4630-980D-B6A210EF4CD3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{94A235B8-4C76-416C-908A-70F60D61ED0D}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{9817117B-D523-488E-A7BF-CDFF5C7D5015}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9B94F522-30A0-462C-B8C3-373DF3EFA40F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{9C8E23A3-B71E-4D1A-9026-624377E794FC}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{9CD73492-A04C-4CBF-8B93-A6AFFBD20A99}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{A224FE54-BB5A-4CF5-A0E7-B5D42EBC7A35}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{A52D8E6C-9EB6-456F-B83B-289C4E3C1B3A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{B5F98885-1E1A-448D-A5A2-FD3D713C0C1B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BD577C5A-CD9E-4E83-925D-8B95271F9DAE}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{BDC716FC-E83F-4456-BA25-81C0F8978577}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{C31CDB93-4C0F-47D2-ADC5-E6F0F3FB31DA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{C74D027F-3E18-4E9F-AC4B-BF4AC54370C2}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{CCD6EEC4-FE97-428E-B3DF-918679F5728B}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{E1E7585F-4FA9-4926-A26B-898226594B34}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{E6A9E20C-E9E9-4D39-A573-3CA0E866E484}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{EB8DD4F5-408E-4696-8F5D-0D92407F7E73}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EBBDF619-DFA4-4AE8-866D-629910707BA2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{EF3C3F98-C50E-46A7-A3BE-EA47BE496372}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F5150AD5-5ECB-4817-B898-401EE650799A}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{F5900D47-B552-4B10-AAFC-42584A3429A1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{F83C93A8-3A85-4873-BF23-B71A16437926}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FFBA42BD-DC76-4453-BACD-3371161C8849}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"TCP Query User{09D7A8D9-B837-4488-BA61-DC82E705063A}C:\program files\d-link\shareport utility\connect.exe" = protocol=6 | dir=in | app=c:\program files\d-link\shareport utility\connect.exe |
"TCP Query User{45BF76E7-B111-447B-9641-5A3481F5084B}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe |
"TCP Query User{6BAEFC65-960E-40AB-B39D-41CF3B025789}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe |
"TCP Query User{98163DE8-F8D7-4CCE-BC9E-5F9E3882793C}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{D72AA2A7-F202-4A87-99FA-E66E1AC70EDF}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{5484872C-2B34-4939-8869-F82AACF8C0F7}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{8630104C-9055-45C0-BB10-42CC9871BE4D}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{BE52EC87-8A43-480E-9893-2566F22C73C7}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe |
"UDP Query User{BECF08FC-D877-46CE-8208-22EC9EC1393F}C:\program files\d-link\shareport utility\connect.exe" = protocol=17 | dir=in | app=c:\program files\d-link\shareport utility\connect.exe |
"UDP Query User{D7052FAD-7CF3-4014-B35A-E247564BDBDB}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver Software 11.0 Rel .3
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{A9513BBC-73B4-4856-BF83-0166523ABF09}" = 64 Bit HP CIO Components Installer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"SharePort Utility" = SharePort Utility
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19506BDB-4EA7-491F-E8AB-E97109FDB296}" = muvee Reveal
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 24
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CC59DA1-469B-49A5-9F6B-C4D26990294A}" = PS_AIO_03_C4400_ProductContext
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{4FAB5122-775E-4418-B8D9-E2873BC93570}" = Microsoft Live Search Toolbar
"{5BD0CB24-11AF-4BA8-A198-38D25257C656}" = LightScribe Template Labeler
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{64B9E2F5-558E-4C56-B419-A1679518F6E7}" = HP Customer Experience Enhancements
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACECB7C-5EB2-42B3-A2E1-B91878B6C5D7}" = PS_AIO_03_C4400_Software
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A0BB1E68-1DD0-4acd-AD82-EDA0E49F0615}" = PMB Updater
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D7447B32-518C-442F-A8E4-DCF12D8A6D75}" = Station LaunchPad
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E133E97F-5186-4503-BEC8-752EB9E8EBD7}" = Copy
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F751C062-87DA-4D33-8A12-6E7F1D4C051C}" = Netflix in Windows Media Center
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"Citrix ICA Web Client" = Citrix Presentation Server Web Client for Win32
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Freecorder4.02" = Freecorder 4.02 Application
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox (3.5.19)" = Mozilla Firefox (3.5.19)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Precision" = EVGA Precision 1.8.1
"Quick Screen Capture 3.0_is1" = Quick Screen Capture 3.0
"RealPlayer 12.0" = RealPlayer
"sp44626" = sp44626
"TurboTax 2010" = TurboTax 2010
"WildTangent hp Master Uninstall" = My HP Games

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/8/2011 11:05:36 PM | Computer Name = Meghana-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/8/2011 11:05:36 PM | Computer Name = Meghana-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/8/2011 11:05:36 PM | Computer Name = Meghana-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/8/2011 11:05:36 PM | Computer Name = Meghana-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/8/2011 11:05:36 PM | Computer Name = Meghana-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/8/2011 11:05:36 PM | Computer Name = Meghana-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/8/2011 11:05:36 PM | Computer Name = Meghana-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/8/2011 11:30:31 PM | Computer Name = Meghana-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/8/2011 11:30:31 PM | Computer Name = Meghana-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/9/2011 11:43:21 AM | Computer Name = Meghana-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 12/14/2011 6:02:02 PM | Computer Name = Meghana-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 12/14/2011 6:02:06 PM | Computer Name = Meghana-PC | Source = nvstor64 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 12/14/2011 6:02:06 PM | Computer Name = Meghana-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 12/14/2011 8:54:07 PM | Computer Name = Meghana-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 12/15/2011 8:00:54 PM | Computer Name = Meghana-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 12/16/2011 3:08:08 PM | Computer Name = Meghana-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 12/16/2011 4:43:10 PM | Computer Name = Meghana-PC | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR6.

Error - 12/16/2011 4:47:15 PM | Computer Name = Meghana-PC | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR7.

Error - 12/16/2011 7:01:35 PM | Computer Name = Meghana-PC | Source = Service Control Manager | ID = 7016
Description =

Error - 12/16/2011 7:04:31 PM | Computer Name = Meghana-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >

life4blood
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2010-01-03
OS : Windows Vista

View user profile

Back to top Go down

Re: "Vista Antivirus 2012" virus

Post by life4blood on Sat Dec 17, 2011 1:45 am

OTL logfile created on: 12/16/2011 5:06:03 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = K:\
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 62.38% Memory free
8.20 Gb Paging File | 6.63 Gb Available in Paging File | 80.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.60 Gb Total Space | 323.33 Gb Free Space | 71.44% Space Free | Partition Type: NTFS
Drive D: | 13.16 Gb Total Space | 1.80 Gb Free Space | 13.64% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive K: | 250.60 Mb Total Space | 235.70 Mb Free Space | 94.05% Space Free | Partition Type: FAT

Computer Name: MEGHANA-PC | User Name: Meghana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/16 17:03:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- K:\OTL.com
PRC - [2011/10/19 16:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/19 16:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/01 10:03:46 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/03/15 13:44:30 | 000,428,384 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/09/27 15:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/04/10 22:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe


========== Modules (No Company Name) ==========

MOD - [2010/08/19 21:29:56 | 000,052,224 | ---- | M] () -- C:\Users\Meghana\AppData\Roaming\Mozilla\Firefox\Profiles\0seb34tk.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
MOD - [2010/04/04 20:23:44 | 000,049,152 | ---- | M] () -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/12 17:01:54 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe -- (D-Link SharePort Helper)
SRV:64bit: - [2008/01/20 18:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/10/19 16:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/19 16:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/03/15 13:44:30 | 000,428,384 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/27 15:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/03/29 20:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/08 19:29:49 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/10/19 16:56:50 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/10/19 16:56:49 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/03/12 17:01:54 | 000,291,336 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sxuptp.sys -- (sxuptp)
DRV:64bit: - [2009/09/30 16:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/21 12:24:02 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008/02/26 09:18:00 | 000,615,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)
DRV - [2008/09/26 02:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Answers.com"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.7.2.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:4.60
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Meghana\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Meghana\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/04 20:23:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/14 10:13:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/01 10:03:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/11 11:24:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/14 10:13:08 | 000,000,000 | ---D | M]

[2010/01/17 16:36:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meghana\AppData\Roaming\Mozilla\Extensions
[2011/12/16 11:19:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meghana\AppData\Roaming\Mozilla\Firefox\Profiles\0seb34tk.default\extensions
[2010/11/21 13:33:35 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Users\Meghana\AppData\Roaming\Mozilla\Firefox\Profiles\0seb34tk.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/08/14 10:22:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Meghana\AppData\Roaming\Mozilla\Firefox\Profiles\0seb34tk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/14 10:23:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Meghana\AppData\Roaming\Mozilla\Firefox\Profiles\0seb34tk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/04/23 18:24:55 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Meghana\AppData\Roaming\Mozilla\Firefox\Profiles\0seb34tk.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2010/08/19 21:29:56 | 000,000,923 | ---- | M] () -- C:\Users\Meghana\AppData\Roaming\Mozilla\Firefox\Profiles\0seb34tk.default\searchplugins\conduit.xml
[2011/04/11 11:59:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/06 09:48:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/09 09:42:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/11 11:59:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/08/14 10:13:08 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2010/04/04 20:23:44 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Meghana\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Meghana\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Meghana\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Meghana\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Meghana\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_1\

O1 HOSTS File: ([2006/09/18 13:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files (x86)\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Meghana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SharePort Utility.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} [You must be registered and logged in to see this link.] (Citrix ICA Client)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A43F2B8-30E9-473F-A491-096CB0336207}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4226BEC-969C-4E62-A4A3-A0427B7AE12D}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Meghana\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Meghana\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = 256] -- "C:\Users\Meghana\AppData\Local\suc.exe" -a "%1" %*



SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/16 16:45:37 | 001,577,776 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Meghana\Desktop\tdsskiller.exe
[2011/12/16 16:45:34 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Meghana\Desktop\aswMBR.exe
[2011/12/16 16:42:09 | 000,910,296 | ---- | C] (Mozilla Corporation) -- C:\Users\Meghana\Desktop\firefox thing.exe
[2011/12/16 16:11:13 | 014,761,224 | ---- | C] (Mozilla) -- C:\Users\Meghana\Desktop\Firefox Setup 8.0.1.exe
[2011/12/16 12:49:31 | 000,000,000 | ---D | C] -- C:\Users\Meghana\AppData\Roaming\Malwarebytes
[2011/12/16 12:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/16 12:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/16 12:49:19 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/16 12:49:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/16 12:48:53 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Meghana\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/03 12:44:05 | 000,000,000 | ---D | C] -- C:\Users\Meghana\AppData\Roaming\Avira
[2011/12/03 12:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/12/03 12:38:21 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/12/03 12:38:21 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/12/03 12:38:21 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011/12/03 12:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/12/03 12:38:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/11/29 18:57:48 | 000,000,000 | ---D | C] -- C:\Users\Meghana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/11/29 18:54:49 | 000,606,544 | ---- | C] (Google Inc.) -- C:\Users\Meghana\Documents\ChromeSetup.exe
[2011/11/17 17:31:42 | 000,000,000 | ---D | C] -- C:\Users\Meghana\Documents\Meghana D. Sastry_files

========== Files - Modified Within 30 Days ==========

[2011/12/16 17:02:49 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/16 17:02:49 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/16 17:02:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4105501238-1116433485-1450885418-1000UA.job
[2011/12/16 16:55:15 | 000,000,512 | ---- | M] () -- C:\Users\Meghana\Desktop\MBR.dat
[2011/12/16 16:42:10 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Users\Meghana\Desktop\firefox thing.exe
[2011/12/16 16:15:14 | 014,761,224 | ---- | M] (Mozilla) -- C:\Users\Meghana\Desktop\Firefox Setup 8.0.1.exe
[2011/12/16 16:02:51 | 000,061,925 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/12/16 16:02:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/16 15:10:00 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/16 15:10:00 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/16 15:10:00 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/16 15:02:50 | 000,061,925 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/12/16 14:06:44 | 000,012,422 | -HS- | M] () -- C:\Users\Meghana\AppData\Local\657405y0j711t125n073v2rlu0r2
[2011/12/16 14:06:44 | 000,012,422 | -HS- | M] () -- C:\ProgramData\657405y0j711t125n073v2rlu0r2
[2011/12/16 12:49:25 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/15 19:02:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4105501238-1116433485-1450885418-1000Core.job
[2011/12/14 17:18:01 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMeghana.job
[2011/12/12 22:11:12 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Meghana\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/12 16:36:16 | 001,973,258 | ---- | M] () -- C:\Users\Meghana\Documents\Shimeji_Luffy.rar
[2011/12/11 17:10:00 | 001,577,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Meghana\Desktop\tdsskiller.exe
[2011/12/10 23:32:42 | 000,879,649 | ---- | M] () -- C:\Users\Meghana\Desktop\SecurityCheck.exe
[2011/12/09 22:44:46 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Meghana\Desktop\aswMBR.exe
[2011/12/09 19:53:08 | 000,030,208 | ---- | M] () -- C:\Users\Meghana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/08 19:29:49 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/12/03 12:38:42 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011/12/03 12:31:59 | 084,358,288 | ---- | M] () -- C:\Users\Meghana\Documents\avira_free_antivirus_en.exe
[2011/11/29 18:57:50 | 000,002,016 | ---- | M] () -- C:\Users\Meghana\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/29 18:54:50 | 000,606,544 | ---- | M] (Google Inc.) -- C:\Users\Meghana\Documents\ChromeSetup.exe
[2011/11/29 16:26:44 | 000,000,680 | ---- | M] () -- C:\Users\Meghana\AppData\Local\d3d9caps.dat
[2011/11/17 17:52:08 | 000,485,468 | ---- | M] () -- C:\Users\Meghana\Documents\LUFFY.jpg
[2011/11/17 17:31:50 | 000,695,718 | ---- | M] () -- C:\Users\Meghana\Documents\Meghana D. Sastry.htm

========== Files Created - No Company Name ==========

[2011/12/16 16:55:15 | 000,000,512 | ---- | C] () -- C:\Users\Meghana\Desktop\MBR.dat
[2011/12/16 16:45:35 | 000,879,649 | ---- | C] () -- C:\Users\Meghana\Desktop\SecurityCheck.exe
[2011/12/16 12:49:25 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/15 21:48:48 | 000,012,422 | -HS- | C] () -- C:\Users\Meghana\AppData\Local\657405y0j711t125n073v2rlu0r2
[2011/12/15 21:48:48 | 000,012,422 | -HS- | C] () -- C:\ProgramData\657405y0j711t125n073v2rlu0r2
[2011/12/12 16:36:15 | 001,973,258 | ---- | C] () -- C:\Users\Meghana\Documents\Shimeji_Luffy.rar
[2011/12/03 12:38:42 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011/12/03 12:30:09 | 084,358,288 | ---- | C] () -- C:\Users\Meghana\Documents\avira_free_antivirus_en.exe
[2011/11/29 18:57:50 | 000,002,016 | ---- | C] () -- C:\Users\Meghana\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/29 18:57:16 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4105501238-1116433485-1450885418-1000UA.job
[2011/11/29 18:57:15 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4105501238-1116433485-1450885418-1000Core.job
[2011/11/27 12:20:54 | 000,000,680 | ---- | C] () -- C:\Users\Meghana\AppData\Local\d3d9caps.dat
[2011/11/17 17:49:21 | 000,485,468 | ---- | C] () -- C:\Users\Meghana\Documents\LUFFY.jpg
[2011/11/17 17:31:42 | 000,695,718 | ---- | C] () -- C:\Users\Meghana\Documents\Meghana D. Sastry.htm
[2011/07/03 14:06:28 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/18 17:57:08 | 000,061,925 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/10/18 17:57:08 | 000,061,925 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/10/18 17:29:53 | 000,000,732 | ---- | C] () -- C:\Users\Meghana\AppData\Local\d3d9caps64.dat
[2010/08/14 10:11:50 | 000,023,144 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/08/14 09:59:07 | 000,077,408 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/08/11 19:43:47 | 000,019,552 | ---- | C] () -- C:\Windows\hpqins13.dat
[2010/06/29 23:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/02/28 21:15:24 | 000,030,208 | ---- | C] () -- C:\Users\Meghana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/10 20:55:16 | 000,166,069 | ---- | C] () -- C:\Windows\hpoins29.dat
[2010/01/20 19:52:21 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/01/20 13:34:51 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/01/20 13:34:26 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/01/20 13:34:02 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/11/06 17:52:44 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/11/06 17:52:44 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/11/06 17:33:31 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/05/04 16:13:43 | 000,000,799 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2008/01/20 18:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 07:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 04:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 04:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 01:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/12/09 22:44:46 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Meghana\Desktop\aswMBR.exe
[2010/01/21 15:29:26 | 030,909,992 | ---- | M] () -- C:\Users\Meghana\Desktop\avira_antivir_personal_en.exe
[2011/11/06 10:00:47 | 000,000,000 | ---- | M] () -- C:\Users\Meghana\Desktop\avira_free_antivirus_en.exe
[2010/11/21 13:34:00 | 008,763,664 | ---- | M] () -- C:\Users\Meghana\Desktop\FCTBSetup.exe
[2011/12/16 16:15:14 | 014,761,224 | ---- | M] (Mozilla) -- C:\Users\Meghana\Desktop\Firefox Setup 8.0.1.exe
[2011/12/16 16:42:10 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Users\Meghana\Desktop\firefox thing.exe
[2011/12/12 22:11:12 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Meghana\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/10 23:32:42 | 000,879,649 | ---- | M] () -- C:\Users\Meghana\Desktop\SecurityCheck.exe
[2011/12/11 17:10:00 | 001,577,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Meghana\Desktop\tdsskiller.exe
[2011/07/03 14:05:23 | 003,786,512 | ---- | M] () -- C:\Users\Meghana\Desktop\ventrilo-3.0.8-Windows-i386.exe
[2011/02/17 07:21:23 | 000,318,904 | ---- | M] (Microsoft Corporation) -- C:\Users\Meghana\Desktop\wmpfirefoxplugin.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2010/10/30 08:16:38 | 008,567,280 | ---- | M] (Mozilla) -- C:\Users\Meghana\Firefox Setup 3.6.12.exe

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/05/01 10:03:46 | 000,122,328 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
[2011/05/01 10:03:46 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
[2011/05/01 10:03:46 | 000,246,744 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2010/10/18 18:02:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010/09/11 13:06:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Audacity
[2011/12/03 12:38:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Avira
[2010/04/02 17:30:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVS4YOU
[2010/01/21 09:39:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Citrix
[2011/07/03 14:05:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2008/11/06 18:17:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cyberlink
[2010/10/18 17:46:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EVGA Precision
[2010/11/21 13:33:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Freecorder
[2010/01/20 19:52:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2010/08/14 10:17:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard
[2008/11/06 18:28:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard Company
[2010/02/10 21:04:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP
[2011/01/25 11:48:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Games
[2011/03/13 13:54:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ilivid
[2011/01/25 11:07:15 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/02/17 21:32:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2011/04/11 11:58:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2008/11/06 18:38:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\JunoPreloader
[2008/11/06 18:21:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LightScribe Template Labeler
[2011/12/16 12:49:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/01/17 16:43:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2011/02/22 16:11:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/01/17 16:42:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/01/17 16:39:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/02/17 08:03:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2010/01/17 16:41:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2011/11/04 15:53:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2010/01/17 16:43:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2008/11/06 18:38:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSN
[2011/06/26 05:27:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2008/11/06 18:22:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\muvee Technologies
[2008/11/06 18:37:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NetZeroPreloader
[2010/10/18 17:39:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation
[2010/01/17 16:24:34 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Online Services
[2010/08/22 17:17:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Pando Networks
[2008/11/06 18:23:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PictureMover
[2011/11/14 19:39:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Quick Screen Capture
[2010/04/04 20:23:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Real
[2008/11/06 18:04:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2006/11/02 07:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010/01/17 16:25:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SMINST
[2011/06/26 05:24:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sony
[2008/11/06 18:04:04 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2011/03/06 10:11:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TurboTax
[2006/11/02 07:36:07 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2011/07/03 14:06:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ventrilo
[2010/08/14 10:56:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Calendar
[2008/01/20 19:09:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Collaboration
[2008/01/20 19:09:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/02/17 21:32:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2011/02/17 21:32:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2006/11/02 07:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2010/08/14 10:56:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Gallery
[2011/02/17 21:32:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2010/08/14 10:56:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2011/04/02 11:50:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ハートの国のアリス~ Wonderful Wonder World ~


< MD5 for: AGP440.SYS >
[2008/01/20 18:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008/01/20 18:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 18:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 18:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/10 23:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009/04/10 23:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: DISK.SYS >
[2008/01/20 18:46:53 | 000,068,664 | ---- | M] (Microsoft Corporation) MD5=2DC415FC05FB8A079F896CBBACB19324 -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_55e51d682c89f490\disk.sys
[2009/04/10 23:15:25 | 000,067,032 | ---- | M] (Microsoft Corporation) MD5=B0107E40ECDB5FA692EBF832F295D905 -- C:\Windows\SysNative\drivers\disk.sys
[2009/04/10 23:15:25 | 000,067,032 | ---- | M] (Microsoft Corporation) MD5=B0107E40ECDB5FA692EBF832F295D905 -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_57d0967429abbfdc\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 18:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/10 23:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009/04/10 23:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 18:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 18:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008/01/20 18:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/01 10:03:46 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/01 10:03:46 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/01 10:03:46 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/05/01 10:03:46 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/05/01 10:03:46 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/01 10:03:46 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2010/12/17 20:48:23 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2010/12/17 20:48:23 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2010/12/17 20:48:23 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/12/17 22:28:35 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2010/12/17 22:28:35 | 000,638,232 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2010/12/17 21:16:41 | 000,070,656 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2010/12/17 21:16:41 | 000,070,656 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2010/12/17 21:16:41 | 000,070,656 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/12/17 22:28:35 | 000,638,232 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2010/12/17 22:28:35 | 000,638,232 | ---- | M] (Microsoft Corporation)

< End of report >

life4blood
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2010-01-03
OS : Windows Vista

View user profile

Back to top Go down

Re: "Vista Antivirus 2012" virus

Post by life4blood on Sat Dec 17, 2011 1:48 am

Not sure if I was clear in my first post, but everything I try to open (firefox, otl, aim, everything...) requires me to manually locate the file, select it, and add it to the list of recommended programs to use. It always happens even if I've done it 10 times for firefox.

life4blood
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2010-01-03
OS : Windows Vista

View user profile

Back to top Go down

Re: "Vista Antivirus 2012" virus

Post by Belahzur on Sat Dec 17, 2011 10:55 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:

    :OTL
    O37 - HKCU\...exe [@ = 256] -- "C:\Users\Meghana\AppData\Local\suc.exe" -a "%1" %*
    [2011/12/16 14:06:44 | 000,012,422 | -HS- | M] () -- C:\Users\Meghana\AppData\Local\657405y0j711t125n073v2rlu0r2
    [2011/12/16 14:06:44 | 000,012,422 | -HS- | M] () -- C:\ProgramData\657405y0j711t125n073v2rlu0r2

  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum