View Full Version : system infected with security suite
Hi,
My system is infected with some malware/virus. I am not able to launch any exe files once i log in. I have some weird exe files that appear in the processes in the task manager. When I launch task manager immediately after loggin in and if i kill those weird processes i am able to launch other exes. I have unchecked those files in the startup items.
Posting DDS log and attaching the attach.txt
---
DDS LOG
----
DDS (Ver_10-03-17.01) - NTFSX64
Run by Home at 1:20:29.62 on Wed 09/15/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4054.2498 [GMT 1:00]
AV: Trend Micro AntiVirus *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Home\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\Home\.COMMgr\complmgr.exe
C:\Users\Home\AppData\Local\Temp\rpm54cg.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Home\Desktop\malware removal\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://in.yahoo.com
mDefault_Page_URL = hxxp://in.yahoo.com
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~2\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files (x86)\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~2\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~2\yahoo!\companion\installs\cpn\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files (x86)\veoh networks\veoh video compass\SearchRecsPlugin.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\home\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SightSpeed] "c:\program files (x86)\dell video chat\DellVideoChat.exe" -bootmode
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [googletalk] c:\users\home\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Messenger (Yahoo!)] "c:\progra~2\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] c:\program files (x86)\yahoo!\search protection\SearchProtection.exe
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [COM+ Manager] "c:\users\home\.commgr\complmgr.exe"
uRun: [LvgciejlqMc] c:\users\home\appdata\local\temp\rpm54cg.exe
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [YSearchProtection] "c:\program files (x86)\yahoo!\search protection\SearchProtection.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.co.uk/s/v/63.16/uploader2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://inchnm03.tcs.com/dwa8W.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun-x64: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun-x64: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
============= SERVICES / DRIVERS ===============
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-5-28 53488]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_15f4e438\AESTSr64.exe [2009-5-28 89600]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 TeamViewer4;TeamViewer 4;c:\program files (x86)\teamviewer\version4\TeamViewer_Service.exe [2009-8-24 185640]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-11-1 42000]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-5-28 160704]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-5-28 126464]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2009-5-28 252928]
R3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\system32\drivers\OA008Ufd.sys [2009-5-28 158592]
R3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\system32\drivers\OA008Vid.sys [2009-5-28 310784]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-2-11 135664]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-8-17 900360]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-7-31 93184]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-7-11 61288]
S3 fsssvc;Windows Live Family Safety Service;c:\program files (x86)\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-21 19968]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x64\msvsmon.exe [2005-9-22 4476096]
============== File Associations ===============
JSEFile=c:\windows\syswow64\WScript.exe "%1" %*
=============== Created Last 30 ================
2010-09-15 00:00:55 0 d-----w- c:\windows\pss
2010-09-13 18:17:52 0 d-sh--w- c:\users\home\.COMMgr
2010-09-13 18:17:32 0 d-----w- c:\users\home\appdata\roaming\D3ADD88C79438E06E44D32E19B9A55BD
2010-09-03 21:43:10 0 d-----w- C:\My Collection for bristol festival
2010-09-03 21:42:48 0 d-----w- C:\Bristol Harbour Festival - Copy
2010-09-03 21:29:24 0 d-----w- C:\Swizzz
==================== Find3M ====================
2010-07-26 16:55:26 11581440 ----a-w- c:\windows\syswow64\shell32.dll
2010-06-26 06:30:12 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:25:54 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:25:54 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:05:49 916480 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-26 06:05:41 1210368 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-26 06:04:40 206848 ----a-w- c:\windows\syswow64\occache.dll
2010-06-26 06:03:22 611840 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-26 06:03:04 5951488 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-26 06:03:02 599040 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-06-26 06:03:02 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-26 06:02:31 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2010-06-26 06:02:15 1986560 ----a-w- c:\windows\syswow64\iertutil.dll
2010-06-26 06:02:15 164352 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2010-06-26 06:02:14 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2010-06-26 06:02:14 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-26 06:02:14 11077120 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-26 06:02:09 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-26 04:47:47 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-26 04:25:02 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2010-06-26 04:24:51 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2010-06-26 04:24:17 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-21 13:53:02 2749952 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:17:49 50688 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 16:43:54 36352 ----a-w- c:\windows\syswow64\rtutils.dll
2009-08-17 12:01:35 51200 ----a-w- c:\windows\inf\infpub.dat
2009-08-17 12:01:35 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-08-17 12:01:32 86016 ----a-w- c:\windows\inf\infstor.dat
2009-05-28 08:19:19 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-05-28 06:04:00 75 --sh--r- c:\windows\CT4CET.bin
2010-05-06 19:17:23 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-31 06:24:49 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-07-31 06:24:49 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-07-31 06:24:49 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-07-31 06:24:49 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-02-17 18:56:34 16384 --sha-w- c:\windows\temp\cookies\index.dat
2010-02-17 18:56:34 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2010-02-17 18:56:34 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2009-05-28 07:54:32 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
============= FINISH: 1:21:55.14 ===============
Hi ,
I have just disabled them from the startup but havent removed. So I still need help to remove them.Please help.
Hi
OTL
Download OTL Here (http://oldtimer.geekstogo.com/OTL.exe) & save it to your desktop.
Right click on OTL.exe then choose Run as Administrator to run it. Make sure all other windows are closed and to let it run uninterrupted
When the window appears, ensure Include 64bit Scans is ticked
Click on Minimal Output at the top
Download the following file scan.txt to your Desktop - Click here to download it (http://www.geekstogo.com/forum/files/download/395-otl-custom-scan-file-scantxt/). You may need to right click on it and select "Save"
Double click inside the Custom Scan box at the bottom
A window will appear saying Click Ok to load a custom scan from a file or Cancel to cancel
Click the OK button and navigate to the file scan.txt which we just saved to your desktop
Select scan.txt & click Open. Writing will now appear under the Custom Scan box
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long When the scan completes, it will open two notepad windows OTL.Txt & Extras.Txt. These are saved in the same location as OTL
Copy/paste the contents of these files, one at a time & post them in your next replyTo post in next reply:
Contents of OTL.txt
Contents of Extras.txt
These are large logs, so one log per post please
OTL logfile created on: 9/19/2010 6:03:03 PM - Run 1
OTL by OldTimer - Version 3.2.14.0 Folder = C:\Users\Home\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 153.78 Gb Free Space | 54.26% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.84 Gb Free Space | 53.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MANJULA-HOME
Current User Name: Home
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
========== Processes (SafeList) ==========
PRC - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Home\AppData\Local\Temp\nvsvc32.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\taskmgr.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\system.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\2314884205.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\user.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\hexdump.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\spoolsv.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\winamp.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\gdi32.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\csrss.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\440669226.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\debug.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\lsass.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\iexplarer.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\svchost.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\avp.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\win16.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\mdm.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\login.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\avp32.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\win.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\sysedit.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\Bwh.exe (Don HO don.h@free.fr)
PRC - C:\Users\Home\AppData\Local\Temp\Bwg.exe (Don HO don.h@free.fr)
PRC - C:\Users\Home\.COMMgr\complmgr.exe (EP-Service)
PRC - C:\Users\Home\AppData\Local\Temp\rpm54cg.exe ()
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Users\Home\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
========== Modules (SafeList) ==========
MOD - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msshsq.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Microsoft Office\Office12\GrooveUtil.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Microsoft Office\Office12\GrooveNew.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\ntshrui.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\duser.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\actxprxy.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\SLC.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\networkexplorer.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\thumbcache.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\linkinfo.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\normaliz.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe ()
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe ()
SRV:64bit: - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV:64bit: - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV:64bit: - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (TeamViewer4) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys ()
DRV:64bit: - (tmxpflt) -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys ()
DRV:64bit: - (tmpreflt) -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys ()
DRV:64bit: - (vsapint) -- C:\Windows\SysNative\DRIVERS\vsapint.sys ()
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys ()
DRV:64bit: - (OA008Ufd) -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys ()
DRV:64bit: - (OA008Vid) -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys ()
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\DRIVERS\tmtdi.sys ()
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys ()
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys ()
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys ()
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys ()
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys ()
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys ()
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys ()
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
O1 HOSTS File: ([2006/09/18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files (x86)\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [COM+ Manager] C:\Users\Home\.COMMgr\complmgr.exe (EP-Service)
O4 - HKCU..\Run: [googletalk] C:\Users\Home\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [Lvgciejl82xme\AppData\Local\Temp\2314884205.exe] C:\Users\Home\AppData\Local\Temp\2314884205.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejl91+me\AppData\Local\Temp\440669226.exe] C:\Users\Home\AppData\Local\Temp\440669226.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlhb] C:\Users\Home\AppData\Local\Temp\debug.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlk+] C:\Users\Home\AppData\Local\Temp\gdi32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlmc] C:\Users\Home\AppData\Local\Temp\mdm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlna] C:\Users\Home\AppData\Local\Temp\login.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlna.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXMiwocOHECMypCaxosWLGCkK1JiQosd/H0OCHCnSI7WSJ0dujMhxZUI/
A1tO7KiyJsabDFMdlInzYiqYCEWuLBmz6Ec/qYgK7bmQ50WnC3UWtWnRqcyPLv/5AUoQalaqUWGK
lNp0KtVUZJmq3cl2bcStFb0qREoz7sCkaauaXTu25lKIVtuO3CrX6N66AuFe7Qp4JF6JHCMLdisw
L+WG1H4+RMtYoUy4k/9Zjsr5ZmClJFMvXX13Z+HQX6du5Vp2oOLaiWkf3h0bLdmrryHjDS548WKc
ugnSjZgXafKDy1kqfOyZ+NPM2CVLZswzrfbUnf3G/8z783bQnaO1mieoOXbOgiepgzXs/jJ95pc1
wiwPGv5DuaXZZtpdSXlmUEqYUeUVVvdRhBdn22VlGYOQ5ZZUfwxixxtFYimY21be8RaUb12dZGJ8
B0aY33/ZTZcRdDqB2FB6BukEoHNxmZjUiScmWCGF/g31n1/YocXRb+E9NNs/UzRJ22kT2lRgbKBx
iCGPWA53ZHEH0TjkeT8GudGO6VmHo2gwNTmFXC15uRs1hJmEYn8jIpikQ24OGVJLKoq5EZYKGrnj
hrYhVWRmMaLQ5HzbeafjoyeCKJWKS8aEaGB51pSpdLFpZF2KILVZYosGnVnZk6moueOhg/IYqlPD
of/1HGlGOmTdpgYax5OdIhZ34pT+xXqbldzBOYWi8fVYGavMUlfegXXV2t5M87GHG2Jgqmfqfz9N
4Ye3utkoGpxGaqRZrHACGpOar3k6nGh/lndospklp6GAldLkB6Kj0cinYZH9JDC4f3oaqnPf8vdk
Qakoeqy3ReGlpqIo+Daoeg03GSDDDicU65RHAiXVaBw6afHH8UllqGi+IUVifeJG2N+g5b40hW/1
CnzyaCAivNy3FN+cUkrfTpzWg0w6rDG6tjV5JL+uwWvb0TupeXOX+/Gr9a9wSnqvy+BNHeVQ/FpM
jaIun2ziSi47J3DaKm9ltaIqoRU0CkA1CvTDyFr/mlSTij7mlbjwtmc4Yz8FPbLaXk4r62w3C13v
bJTTWa1n3wbcrNY7M16v1eAODLqWeY+kZtFOVjYc4LV21FKVU0v9IOhgV2agckaCC/m+ICk8m6BF
2tpV4FTRtTbDnXfG97G5P2xy5yc7nKrzxifWce+ksnyXyFh17tyx/xCvX31O+SwpZzZ+W3mH9c24
qEHeXm0a6FNoNXq+p1qsqrGnC+skq4IyEl2gBzyuUENjTFpTa5gELJDArWWlKY93ziRBtagvK3KT
X9igFRv67c1hC6vXvVKFNgcGjTD2KyHyCIgznK3NRH5A2wFvRqLp3cxtr7OctignMI7IzTo5i07T
/yZVGatlayFLmtvEnLYsnCGkaAa0mtv6V7bEWMZGEHqd9byFluc9Dm8tNJvHQuezST1rJt1pW9EI
N8NUla5goYJWvk4COOcdq23iqVHGKraSY6EAbUihmJXMJqdxkaWFZQMc71S4Rf2YKkPbM1TX5Haw
9bSPISb73A0hBj8MEWhlBYkh6v4HEec4jFVWu9D/OFSgZD3IbXCL1/R0ohMmDsRJMsITUm54kp5J
Kpc9ISHbIKY+mOCoaHwCDXlkZUcE9gZ6IKFelWL4MBteCIAPepCV1oe6B/VNIKe75JhW1kWJFTNG
N8zj5RAyvT+9L2EFOR0sWxnAKaEOb9Lbme04mP9C3u2pjvJUXXYG6qCtaWiGN8ygodYIJIYJMZqa
4aZWUiUwbPHmgpnp2wFRELH/nRGH6drRbO7GtzK55iR/XNM8u7U8FEDtOIYsktnY5c2rwQlZIiyV
Dk+VUF/uS32O9FND4JnASb1vI7isp9QEKiiledCiZUPdGFOpsIZ6zH40JInTuuitgZLJbVh7WwV/
h7+JXgSBqSsiV2z40IlaTCueAijoxDc0ci3nKtWEzi4VuMD1TQShDvKNxhD6k3kxq3KFlRvlHITY
BQFmq0cVDRd3169QRnF0CCUljxoInTvCBy9vXCpjKpfH6dUumpsMnazIRFBmTe53p+IhTswVuKX/
NQ9iZ8NtKAu1r1cusW13I2JBN9shlDKPZVhpbYjkNLRifitpZBxp/AKnMCFFxrD8AReiGuuhT7GU
r4lh4gEt2Z62iXWUW5WVUzc2lVaqhJo3BJ4rE+tej0Dwp8BSrHO2e0cvpu2/Zlvtaslq18aWTWe4
4p/QtDVDOj4XTWK1mG42OjHV2HE/O0sJuuLzsH258qcl6dnbQGTVlcRIutczjA631DSv9RJyu+pV
ZwmWtxmqJ74EOpny1ou45WXKlcYCI6A0JCvY+Oc55ZkY5dhJsqIgzE6T9DCu/DRe3hEIXMfikxvR
NFFYjhJv3Elg0CJkrhbCBW9AGu6v5kk+zRS0/0A7opiVd0jJxAgVTYrx1JKbGKBbGbAr2SVP2ubi
Ri6+dV1ShI8rp9Ynl7CPbPYddMGI6x12IZG0m7lPjXiVJGC6hGhGFBsRLSLBOPW2R66SrDr/xDZ4
LQhSHCqUe3vnwEcPNXIP3gun75STnYrHaj5kb0YQ1KIjBWjFmnbdr07ay/M02SE/q26SPsWeObdF
w+KdqGP5KRmaqasmZO2ZwY4zwqFdLmdC6oyX/iIlWy+ZPOZOt15sEtgp06TRk+pRWx2omh7R8y0m
NQu1X3K7i1HrS0utl1aMHGZ2ZyUzgF7VxbBb7RH3KdjFjZqojqgSg4Wn230GmIyFV5pZsaWQvP/u
UuzGhOpdn2WfLN8Ijhq9atEifDoQHzhMOxUvsUxL0akBmZGvIsDWKitexzPxYI485yByNswLvBMk
MTXQOH585DM65NWPfp1lnyc4yX3iz4N0skH/a51dkjAh9Yl2fvLc2L9Z1bjoJZ03cz3qrFZNbXIO
r12qZtZOvq9dI3zewrv4I/KJkL3vTBIIjWfRVSEontZCFkn+CsGx1B7j8f4q3sinOk/RtSTZ4/iU
I53upg+byd2u8jmOyuBQ7xXEAfNssAx8OkhSHZiMThmP+6hGqz+5y8WJ9aRzat4V7bidtQyp0FNr
8V/xfbaAtCqTEL8jTz94ME3q4VfdXi3Ql1B3flBNe6h8Xzi/OezvUx4Y1ssbjqhR+tW/HhVLGf9A
sGd42/E0suHbxz+owRrO13uA4X//x05/xnOpR38BaBfXgXUsAi3JlX09cX4HeIFMYYEVgSMXYnge
OE8gGGEHSHP20X494WXclIIqiFgoOHdiQmYCF4MYERAAOw==] C:\Users\Home\AppData\Local\Temp\login.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlne] C:\Users\Home\AppData\Local\Temp\lsass.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlo+] C:\Users\Home\AppData\Local\Temp\avp32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejloc] C:\Users\Home\AppData\Local\Temp\avp.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlora] C:\Users\Home\AppData\Local\Temp\iexplarer.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlotc] C:\Users\Home\AppData\Local\Temp\hexdump.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlpe] C:\Users\Home\AppData\Local\Temp\csrss.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlpsc] C:\Users\Home\AppData\Local\Temp\taskmgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlq+] C:\Users\Home\AppData\Local\Temp\win16.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlqb] C:\Users\Home\AppData\Local\Temp\winamp.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlqc] C:\Users\Home\AppData\Local\Temp\win.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlqcchonline.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXGgwFcOHECNKnLiQGjWKES8K1DiQI8aPHRP6+ecRpEmDJSGmrGjRYsiT
MGOeHCmz5st/fnLq1JnKT8+cP33uFLqzp1GgNjmuvFiSacGVIIFOGTo0KNWfU636mUq161avYHNO
CXqToNKyA1O1dHoWpU2FPIUeBRqXrl2ieB2SXEgzoUa9bwPjFBw151OBOs3u3YhW5sq+D/W2Pdj0
JFS/ey8rfsuR6MGihCcCjoxRc8aFahm3DP3QacGdh6ntdLk6KdoprfdCXkyZpOmKmYNvpNaTpFrX
vDdP/C0R9uejwdm+3V0x1WjllK/HpC3ZJHOKk1M6//883u1q6YwVa6QeWW1q4cn3Wk8vfD79p8ep
TVVNfK1L5Re9p5pj/eUHl1Fw0XWfQmdJxx5DkPVnWlP9ZeSfbBYiZ9xyvmnIYEcFWmQdcSNaxZeC
AMZH30jSoffZQCPl1CKJDv1V42EoSeiSWrt56JZA9vnIm3+NBdaZHxfWhtNPGGmHkIv3HWWUewcJ
6JeIBFn3IGYdOfnkfwRtaRaY9FWG3XDRoekUT5MpJmZvabXYoW5zRQiYUmD2VRxaxFFnY4rDKfna
j/FVmJtrtL3204SxhcTcUv/cuKB6MEpJ01oGsbgnQvbRR+WVZIqk1XUUWrngo4ANhVyLVjGVmpyw
Zv+WaIBgCrniXa8CKVuDS0oa0nFpYhoWVUPCx+B/3xGaqVAQodhaS4Bdl1WRDYJ5p6XurXqTRtzJ
5dNPCDZ7mnmpcCXgb9d1umZiRcb4FYtwvtSdbFNAG+KALsLak34ooJAVXsUCy9Sss8oK66Uqfkjc
FAw37K+XDZllmHWddlTVhUjWBjCnZZULcYf2cpvfewFO0e/JmVkqY42CThoRux+aVa7JNPtr81Sh
KtUdYzIC+W25X03FFcLwGmfvyH0CFbJ+K8v8z1gWzYbTULqWe/LVKCBJ6kbe7ltmsbxy1HCRVdbM
cGrW+bvfnBEntCdW78oWrVzNybbVq3aLtWiSq0H/zC3DN59cb5xr5SeijT/79NraP341LjU2nwuk
zTpme3iSvO00lpabFtRq5qMiKRZPQGaFqZLaXtQXv1j7i6RiluMYcspyjf3kVx/f/jBCNN9pcKiB
0ob7hSBHXbhQp8uK2N1RA61noXxN3q/JrkvWN3HA2boRw12nZTtDyG2VNULi/yulQ5bzbTFXz9WI
MM86zXhRwz5FjbPxxF9++q7iXx2poTQyj3BSoqGzpUcnQjMMRmzGKddV6XwiYlb9WmIXt1HsRLfj
nkNwliW6RaZANUOBQ4gCuJ0BB0JbIc/aPNgaP+wuUybTDsSo9B8S2kV/fcLW15Y3ksFF6l0KDNbU
/4oWJi0BBWs4K1+/3pQe4CWHaeIx4JlQwz2UfC8tXOrQpphEorvJjEg5ZJHcROSe+IlFik3BVtcM
JCLBZa11/pLId5gXJrFY5mQeKZ/vfHWgTzEtgQmE0WRudJ4BpmYr3KuL6ii2RqDtjTbUg+MSsfQk
EBFqLVVkTMNGk6wwnY1EavskFiOzmzLqDVg/HMyksNe1CnmwJ+aqSNGw17zaTc9m0/MVH+PFH4/o
x4dL4uBJrGY2wdEshYBK5W2C6KauqO518KJYrUDGPeGtzlgGeklOrnbMn4GLR99qJbcwpZ6tcOtd
vGxNw0wmI/uNzVuKYo9HPEbB7hlmYL55CvYiFf+kxXyFLXl7ndNwtBFiTu+aL9mnPmukxik9TWla
AqZKyuJChnHLe2q76Oh65Cj5pJBW7xnJyPIZp52FsTiqs+gaY8S+8/iSnwKJZL8CKtI4jlJCJL3M
ej4JS6hJM1u+q0gmYag2RSGGLKey2y49pC2XZYlE00INOJE3sBv1sGaaotfJSlS5rh4ufe5RKdNy
lxuBMDBixMQNTN1CtcXQi2QuEWk2M5azYm1meO7hKlBDtFegVnSrrOOmQmF60XSSxIBAm85QgdSR
dZK1jgqMH7KMUrijhUh/xwkSODdHsZ9WTGLOYpFM3Xi1UhbUqeTDmRQ5tCBiMkZSCythXoGqV2n/
IjCcQVOgV5ckMjJ2lp8/0+BvfeOkij1TgaNFIssGtr8ABbVsYxEmQbOno8jttXn6MdUJ0wLEoU3w
p5WbmKE8Z58Lkncln/UcTogTuGO+NFL4IRGRKik0xrGWMhUVqUcrmTq3koifgIwo6aq1Gma+9lx1
he9vtTum2sgUag/MkmZ9qT5EWhS1TWKngp00z87OlkbpyhiaYDSWdq6KgvL5bGGna5z0QgsxWVqi
iV5aIt5YjyWIzCZM/mJdD3OORzdB5bb+1zKA6kVVQ+oPEQeUrtEI2XArJiJd+zIb8574qJ315pTQ
p55Ega+vJbMv+FqWHZIqi3xKxeJ4lcXJO9Vm/7gwrmS0GLkvH3sYQlmyDfySWbUVK8dwU2zTZvLG
Qa2FKlqEIyeOEPQ+Sy44JM7BZzrVytiEmcRrYx7ssZDlxNzs8odBGa+rgkcRTMPOvMVdXnEeS53H
VnKHuWLymp+blhHpyCQxwgxezAlWuWnZzj4uWA6djNCcwghmOBIojCwNEicKuW2eG2dTJZLeZimV
ks1WZWcLVKJtgxfY4PImjcSDazWG88UDgjZJ6AqleM1TccZqjLAuOMHeyEnCKvZmpZHju07zjGPM
lqO0Jdw1onh2kdzdMkSMm2kymdJRSWtPtW3MaICTbdmTYnCTFA2p4MVOe6CuSsHxdkE8dbqfX/87
DmxcpSWMJ1l1KRuRuxO8bpcx8VnLsdaOaoLKnCm6zAJfJLIrvegHmteweUbNjpEuKJwGyK5X+jZt
mPtstHwq4BRX0kYf9HTlRLNzGMawqwVDZs2AmSXFK56XcUrtib/mbhFiyB7VNUzW+KXqp+Wrijs6
HIEN+dQ64tt/fgtyXemmZ5iBeUlY+Heod/3iofnq0QUOvdbkzpd+j1WmqhQRv8ntzG6zO57AWh+3
winwjXcZmXQaLj4TmYLA6yTXa+328Jiwk5ziq7/V6yVyFh4m0sQ95/U50ThDHd9ZJPppqtrtx/Iq
znoB9BQHTS34OJfW8Q6bbhq1Q7T0iICV8ptWy8NOXOGLi8x2b7H5SWMZ5ZOfn3h3vxw5g2L4Yv0j
Hda4TPQPHpMyqqDKxmLpl3zyt3RAMnmscXMTNVjrh4DgcX9lNYAyg33rJ3e/Vzdmtl35h30GERAA
Ow==] C:\Users\Home\AppData\Local\Temp\win.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlqf] C:\Users\Home\AppData\Local\Temp\user.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvgciejlqMc] C:\Users\Home\AppData\Local\Temp\rpm54cg.exe ()
O4 - HKCU..\Run: [LvgciejlqMcmd.com/dw/dw.php?id=%s&ver=d01] C:\Users\Home\AppData\Local\Temp\rpm54cg.exe ()
O4 - HKCU..\Run: [Lvgciejlqvc] C:\Users\Home\AppData\Local\Temp\svchost.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlrxc] C:\Users\Home\AppData\Local\Temp\spoolsv.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvgciejlsPc] C:\Users\Home\AppData\Local\Temp\nvsvc32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlud] C:\Users\Home\AppData\Local\Temp\system.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlupc] C:\Users\Home\AppData\Local\Temp\sysedit.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [SightSpeed] C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [YXE7DXCQ37] C:\Users\Home\AppData\Local\Temp\Bwh.exe (Don HO don.h@free.fr)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.co.uk/s/v/63.16/uploader2.cab (UploadListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://inchnm03.tcs.com/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1727ee65-a14d-11de-836d-002219ec09f3}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found
O33 - MountPoints2\{3c6b17f3-ae0c-11df-8aa0-002219ec09f3}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O33 - MountPoints2\{826839c6-809f-11df-a589-002219ec09f3}\Shell - "" = Autorun
O33 - MountPoints2\{826839c6-809f-11df-a589-002219ec09f3}\Shell\Open\command - "" = regsvr.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: VIDC.3iv2 - C:\Windows\SysWow64\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\SysWow64\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.wmv3 - C:\Windows\SysWow64\WMV9VCM.dll (Microsoft Corporation)
Drivers32: VIDC.X264 - C:\Windows\SysWow64\x264vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 90 Days ==========
[2010/09/19 17:58:01 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010/09/15 01:20:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/15 01:19:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/09/15 01:16:53 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\malware removal
[2010/09/15 01:00:55 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/09/13 19:17:52 | 000,000,000 | -HSD | C] -- C:\Users\Home\.COMMgr
[2010/09/13 19:17:50 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\vpwkxpvvr
[2010/09/13 19:17:37 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/09/13 19:17:32 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\D3ADD88C79438E06E44D32E19B9A55BD
[2010/09/03 22:43:10 | 000,000,000 | ---D | C] -- C:\My Collection for bristol festival
[2010/09/03 22:42:48 | 000,000,000 | ---D | C] -- C:\Bristol Harbour Festival - Copy
[2010/09/03 22:29:24 | 000,000,000 | ---D | C] -- C:\Swizzz
[2010/08/01 00:13:17 | 000,000,000 | ---D | C] -- C:\bgam upload
[2010/08/01 00:09:51 | 000,000,000 | ---D | C] -- C:\B'gham
[2010/07/13 20:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010/07/13 20:51:42 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\OpenCandy
[2010/07/13 20:51:40 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\OpenCandy
[2010/07/13 20:51:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veoh Networks
[2010/07/11 17:39:37 | 000,000,000 | ---D | C] -- C:\Users\Home\Tracing
[2010/07/11 17:38:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office Outlook Connector
[2010/07/11 17:38:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/07/11 17:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/07/11 17:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/07/11 16:56:16 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Yahoo
[2010/07/11 16:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/07/11 16:55:14 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Yahoo!
[2010/07/11 16:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/07/11 16:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/07/10 18:09:56 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\My Documents
[2010/06/28 21:20:14 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Photos
========== Files - Modified Within 90 Days ==========
[2010/09/19 18:06:06 | 002,097,152 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT
[2010/09/19 18:05:37 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A65F5209-7875-4623-BD41-CEFBD59CC1B4}.job
[2010/09/19 18:05:37 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7FBA0C7D-C412-4974-BE03-F7065C3D79FB}.job
[2010/09/19 17:58:05 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010/09/19 17:54:05 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/09/19 17:45:38 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/09/19 17:45:32 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/19 17:44:54 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/19 17:44:54 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/19 17:44:54 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/19 17:37:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/19 17:37:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/19 17:37:37 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/19 17:37:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/19 17:37:27 | 4251,828,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/19 01:04:33 | 000,524,288 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/09/19 01:04:33 | 000,065,536 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/09/19 00:36:59 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1000UA.job
[2010/09/19 00:23:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1001UA.job
[2010/09/19 00:13:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/18 15:23:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1001Core.job
[2010/09/18 11:45:09 | 004,007,562 | -H-- | M] () -- C:\Users\Home\AppData\Local\IconCache.db
[2010/09/17 19:20:41 | 000,002,039 | ---- | M] () -- C:\Users\Home\Desktop\Google Chrome.lnk
[2010/09/17 19:20:41 | 000,002,001 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/15 01:19:16 | 000,000,746 | ---- | M] () -- C:\Users\Home\Desktop\ERUNT.lnk
[2010/09/13 20:10:08 | 000,019,968 | ---- | M] () -- C:\Users\Home\Desktop\Swiss Expenses.xls
[2010/09/05 21:33:47 | 000,013,241 | ---- | M] () -- C:\Users\Home\Desktop\Jun9th to Jul 2.xlsx
[2010/09/05 21:33:40 | 000,012,509 | ---- | M] () -- C:\Users\Home\Documents\Aug Month Expenses.xlsx
[2010/09/05 21:33:40 | 000,012,509 | ---- | M] () -- C:\Users\Home\Desktop\Aug Month Expenses.xlsx
[2010/09/05 21:32:04 | 000,013,079 | ---- | M] () -- C:\Users\Home\Desktop\Jul 3rd-Aug 1st settlemnt.xlsx
[2010/09/04 00:43:35 | 000,029,184 | ---- | M] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/25 11:03:44 | 023,363,584 | ---- | M] () -- C:\Users\Home\Desktop\M2U00027.MPG
[2010/08/14 11:19:28 | 000,422,520 | ---- | M] () -- C:\Users\Home\Desktop\hdfctransfer.docx
[2010/08/14 10:34:28 | 000,385,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/03 19:46:07 | 000,184,332 | ---- | M] () -- C:\Users\Home\Desktop\ramya.docx
[2010/08/01 13:35:18 | 000,013,068 | ---- | M] () -- C:\Users\Home\Documents\Jul 3rd-Aug 1st settlemnt.xlsx
[2010/07/22 13:01:14 | 019,660,800 | ---- | M] () -- C:\Users\Home\Desktop\M2U00007.MPG
[2010/07/18 12:23:15 | 000,000,124 | ---- | M] () -- C:\Users\Home\JavaConnect.ini
[2010/07/15 21:39:36 | 000,000,969 | ---- | M] () -- C:\Users\Home\Desktop\Resume.doc
[2010/07/14 19:39:15 | 000,000,680 | ---- | M] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
[2010/07/13 20:52:12 | 000,000,945 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2010/07/13 20:52:12 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/07/11 16:54:49 | 000,000,998 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger India.lnk
[2010/07/11 16:54:49 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger India.lnk
[2010/07/10 14:09:33 | 000,038,309 | ---- | M] () -- C:\Users\Home\Desktop\SwissTripbookingForm.docx
[2010/07/10 10:37:43 | 000,198,395 | ---- | M] () -- C:\Users\Home\Documents\OnlineBookingForm_web_updated.pdf
[2010/07/04 02:37:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1000Core.job
[2010/06/26 07:28:41 | 000,243,712 | ---- | M] () -- C:\Windows\SysNative\occache.dll
[2010/06/26 07:26:43 | 000,706,048 | ---- | M] () -- C:\Windows\SysNative\msfeeds.dll
[2010/06/26 07:26:05 | 001,538,560 | ---- | M] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/06/26 07:25:54 | 002,335,744 | ---- | M] () -- C:\Windows\SysNative\iertutil.dll
[2010/06/26 07:25:54 | 000,219,136 | ---- | M] () -- C:\Windows\SysNative\ieui.dll
[2010/06/26 07:25:54 | 000,132,096 | ---- | M] () -- C:\Windows\SysNative\iesysprep.dll
[2010/06/26 07:25:54 | 000,077,312 | ---- | M] () -- C:\Windows\SysNative\iesetup.dll
[2010/06/26 07:25:53 | 000,252,416 | ---- | M] () -- C:\Windows\SysNative\iepeers.dll
[2010/06/26 07:25:53 | 000,072,192 | ---- | M] () -- C:\Windows\SysNative\iernonce.dll
[2010/06/26 05:47:47 | 000,162,816 | ---- | M] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/06/26 05:47:29 | 000,070,656 | ---- | M] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/06/26 05:46:54 | 000,012,288 | ---- | M] () -- C:\Windows\SysNative\msfeedssync.exe
========== Files Created - No Company Name ==========
[2010/09/16 01:02:36 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\spoolsv.exe
[2010/09/16 01:02:24 | 000,295,424 | ---- | C] () -- C:\Windows\SysNative\MP4SDECD.DLL
[2010/09/16 01:02:22 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2010/09/16 00:58:10 | 000,622,080 | ---- | C] () -- C:\Windows\SysNative\usp10.dll
[2010/09/15 01:19:16 | 000,000,746 | ---- | C] () -- C:\Users\Home\Desktop\ERUNT.lnk
[2010/09/13 20:10:08 | 000,019,968 | ---- | C] () -- C:\Users\Home\Desktop\Swiss Expenses.xls
[2010/09/13 19:18:22 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/09/13 19:18:12 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/09/05 21:34:16 | 000,012,509 | ---- | C] () -- C:\Users\Home\Desktop\Aug Month Expenses.xlsx
[2010/09/05 19:37:49 | 000,012,509 | ---- | C] () -- C:\Users\Home\Documents\Aug Month Expenses.xlsx
[2010/08/25 18:34:34 | 019,660,800 | ---- | C] () -- C:\Users\Home\Desktop\M2U00007.MPG
[2010/08/25 18:33:46 | 023,363,584 | ---- | C] () -- C:\Users\Home\Desktop\M2U00027.MPG
[2010/08/14 11:17:48 | 000,422,520 | ---- | C] () -- C:\Users\Home\Desktop\hdfctransfer.docx
[2010/08/12 19:24:33 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/08/12 19:24:28 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/08/12 19:24:28 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/08/12 19:24:24 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/08/12 19:24:22 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll
[2010/08/12 19:24:11 | 004,675,976 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/12 19:23:56 | 009,250,816 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/08/12 19:23:55 | 012,473,344 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/08/12 19:23:53 | 002,335,744 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/08/12 19:23:50 | 001,487,360 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/08/12 19:23:50 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/08/12 19:23:50 | 000,706,048 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/08/12 19:23:50 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/08/12 19:23:49 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/12 19:23:49 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/08/12 19:23:49 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/08/12 19:23:49 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/08/12 19:23:49 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/08/12 19:23:49 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/12 19:23:49 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/08/12 19:23:49 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/08/12 19:23:49 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/08/12 19:23:49 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/08/12 19:23:48 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/08/12 19:23:48 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/08/12 19:23:48 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/12 19:23:48 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/12 19:23:32 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/08/12 19:23:30 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/08/03 19:46:05 | 000,184,332 | ---- | C] () -- C:\Users\Home\Desktop\ramya.docx
[2010/08/02 21:15:27 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/08/01 13:36:03 | 000,013,079 | ---- | C] () -- C:\Users\Home\Desktop\Jul 3rd-Aug 1st settlemnt.xlsx
[2010/08/01 13:34:17 | 000,013,068 | ---- | C] () -- C:\Users\Home\Documents\Jul 3rd-Aug 1st settlemnt.xlsx
[2010/08/01 11:34:48 | 000,013,241 | ---- | C] () -- C:\Users\Home\Desktop\Jun9th to Jul 2.xlsx
[2010/07/15 21:40:52 | 000,000,969 | ---- | C] () -- C:\Users\Home\Desktop\Resume.doc
[2010/07/13 20:52:12 | 000,000,945 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2010/07/13 20:52:12 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/07/11 17:38:03 | 000,061,288 | ---- | C] () -- C:\Windows\SysNative\drivers\fssfltr.sys
[2010/07/11 16:54:49 | 000,000,998 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger India.lnk
[2010/07/11 16:54:49 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger India.lnk
[2010/07/10 11:05:54 | 000,038,309 | ---- | C] () -- C:\Users\Home\Desktop\SwissTripbookingForm.docx
[2010/07/10 10:37:43 | 000,198,395 | ---- | C] () -- C:\Users\Home\Documents\OnlineBookingForm_web_updated.pdf
[2010/06/23 19:09:20 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2010/06/23 19:09:20 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2010/06/23 19:09:20 | 000,100,352 | ---- | C] () -- C:\Windows\SysNative\Mpeg2Data.ax
[2010/06/23 19:09:20 | 000,073,216 | ---- | C] () -- C:\Windows\SysNative\MSDvbNP.ax
[2010/06/23 19:09:12 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2010/06/23 19:09:10 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2010/06/23 19:09:10 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2010/06/23 19:08:47 | 001,942,856 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll
[2010/06/23 19:08:47 | 000,444,752 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll
[2010/06/23 19:08:47 | 000,320,352 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe
[2010/06/23 19:08:47 | 000,109,912 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/06/23 19:08:47 | 000,048,960 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll
[2010/06/22 20:44:51 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/06/22 20:44:50 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2009/10/31 19:16:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/20 17:52:55 | 009,771,742 | ---- | C] () -- C:\Users\Home\AppData\Local\VSMsiLog2AA9.txt
[2009/09/20 17:51:25 | 000,037,039 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_MSDN_vs_90.txt
[2009/09/20 17:51:14 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_error_msdn_vs_90.txt
[2009/09/20 17:51:13 | 000,258,736 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_install_msdn_vs_90.txt
[2009/09/20 17:48:16 | 000,188,218 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SqlPubWiz.msi271A.txt
[2009/09/20 17:48:08 | 000,283,760 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_RefInt_x64_MSI2700.txt
[2009/09/20 17:47:51 | 000,549,116 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_NetFxTools_x64_MSI26C9.txt
[2009/09/20 17:47:36 | 000,440,290 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Win32Tools_x64_MSI2698.txt
[2009/09/20 17:46:24 | 005,358,798 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Build_x64_MSI25AD.txt
[2009/09/20 17:46:06 | 000,653,338 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Tools_x64_MSI2572.txt
[2009/09/20 17:45:06 | 002,501,282 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_CrystalReports2007_x64_MSI24AE.txt
[2009/09/20 17:40:43 | 004,652,682 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_CrystalReports2007_MSI2153.txt
[2009/09/20 17:40:20 | 001,222,686 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_RDBG_AMD64_MSI2108.txt
[2009/09/20 17:38:48 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/20 17:33:11 | 000,488,718 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_64bitEmulator_MSI1B8F.txt
[2009/09/20 17:32:10 | 005,155,436 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WMSP_5_0_MSI1AC8.txt
[2009/09/20 17:30:43 | 007,073,050 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WMPPC_5_0_MSI19AC.txt
[2009/09/20 17:30:24 | 000,739,886 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SSCEDeviceRuntime_MSI196E.txt
[2009/09/20 17:30:16 | 000,331,702 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SQLCEToolsForVS2007_MSI1953.txt
[2009/09/20 17:30:07 | 000,357,614 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SSCERuntime_MSI1936.txt
[2009/09/20 17:29:20 | 000,842,960 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_VSTOR_MSI189D.txt
[2009/09/20 17:28:45 | 001,049,088 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NETCFSetupv35_MSI182A.txt
[2009/09/20 17:28:09 | 001,293,660 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NETCFSetupv2_MSI17B5.txt
[2009/09/20 17:00:05 | 053,868,066 | ---- | C] () -- C:\Users\Home\AppData\Local\VSMsiLog0239.txt
[2009/09/20 16:55:45 | 002,870,540 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_Dexplorer90_retMSI7EE8.txt
[2009/09/20 16:55:35 | 000,347,944 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_PreReq_AMD64_MSI7EC8.txt
[2009/09/20 16:54:04 | 001,864,064 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NET_Framework35_x64_MSI7D9F.txt
[2009/09/20 16:53:05 | 000,175,713 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/09/20 16:53:01 | 000,131,474 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_dotnetfx35install.txt
[2009/09/20 16:53:01 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_dotnetfx35error.txt
[2009/09/20 16:52:41 | 000,837,792 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_VC_MinRed_MSI7C90.txt
[2009/09/20 16:50:28 | 000,191,477 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_VS_PRO_90.txt
[2009/09/20 16:50:18 | 000,621,994 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_install_vs_procore_90.txt
[2009/09/20 16:50:18 | 000,037,810 | ---- | C] () -- C:\Users\Home\AppData\Local\uxeventlog.txt
[2009/09/20 16:50:18 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_error_vs_procore_90.txt
[2009/09/17 18:19:54 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/29 08:11:44 | 000,568,850 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2009/08/29 08:11:43 | 000,856,064 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/08/29 08:11:43 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/08/29 08:11:42 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/08/29 08:11:35 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/08/29 08:11:35 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009/08/03 20:05:19 | 000,000,200 | ---- | C] () -- C:\Users\Home\AppData\Roaming\wklnhst.dat
[2009/07/31 19:27:59 | 000,029,184 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/31 02:45:20 | 000,000,680 | ---- | C] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
[2008/01/21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/21 03:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
========== LOP Check ==========
[2010/09/13 19:17:35 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\D3ADD88C79438E06E44D32E19B9A55BD
[2010/07/13 20:51:48 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\OpenCandy
[2009/09/25 03:49:42 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TeamViewer
[2010/09/13 19:19:37 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Template
[2010/09/19 01:04:36 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/09/19 18:05:37 | 000,000,390 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7FBA0C7D-C412-4974-BE03-F7065C3D79FB}.job
[2010/09/19 18:05:37 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A65F5209-7875-4623-BD41-CEFBD59CC1B4}.job
[2010/09/19 17:54:05 | 000,000,282 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/09/19 17:45:38 | 000,000,282 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2008/01/21 03:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/06/24 11:22:20 | 000,546,872 | ---- | M] (Microsoft Corporation) -- C:\bootmgr.efi
[2009/05/28 09:20:29 | 000,003,532 | RH-- | M] () -- C:\dell.sdr
[2010/09/19 17:37:27 | 4251,828,224 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 05:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/09/19 17:37:26 | 270,475,263 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\Fonts\*.com >
[2006/11/02 16:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 16:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 16:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 16:06:41 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006/09/18 22:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2008/01/21 04:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/07/31 04:52:58 | 000,000,286 | -HS- | M] () -- C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2010/09/19 17:58:05 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010/03/05 21:10:11 | 001,531,691 | ---- | M] () -- C:\Users\Home\Desktop\winrar-x64-392.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2009/07/30 04:01:35 | 000,000,402 | -HS- | M] () -- C:\Users\Home\Favorites\desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.exe >
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< %USERPROFILE%\Templates\*.tmp >
< %SYSTEMDRIVE%\explorexxx.exe\*.* >
< %Windir%\Installer\*.tmp >
< %systemroot%\System32\*.xco >
< %ProgramFiles%\system32\*.* >
< %systemroot%\System32\windos\*.* >
< %SystemRoot%\system32\sandbox\*.* >
< %SystemRoot%\system32\*.amo >
< %SystemRoot%\system32\Windows Live\*.* >
< %ProgramFiles%\logs\*.* >
< %ProgramFiles%\Bifrost\*.* >
< %SystemRoot%\system32\*.goo >
< %systemroot%\system32\IME\*.* >
< %systemroot%\BackUp\*.* >
< %systemroot%\system32\*.ico >
[2006/09/18 22:31:55 | 000,107,620 | ---- | M] () -- C:\Windows\SysWow64\acwizard.ico
< %systemroot%\system\*.dat >
< %systemroot%\system\*.exe >
< %AppData%\Macromedia\Common\*.* >
< %SYSTEMDRIVE%\dir\*.* /s >
< %systemroot%\system32\ras\*.exe >
< %SYSTEMDRIVE%\MFILES\*.* >
< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >
< %systemroot%\system32\services\*.* >
< %systemroot%\Spooler\*.* >
< %ProgramFiles%\system32\*.* >
< %systemroot%\system32\Setup\*.dll /x >
< %systemroot%\system32\*.mine >
< %SYSTEMDRIVE%\cleansweep.exe\*.* >
< %systemroot%\system32\ras\*.dll >
< %systemroot%\system32\ras\*.drv >
< %systemroot%\*.iq >
< %systemroot%\system32\XP\*.* >
< %SYSTEMDRIVE%\Extracted\*.* >
< %systemroot%\system32\windows\*.* >
< %systemroot%\logs\*.* >
< %SYSTEMDRIVE%\Win.Msi\*.* >
< %systemroot%\regedit\*.* >
< %systemroot%\system32\skype\*.* >
< %AppData%\Adobe\dlluplwin25\*.* >
< %UserProfile%\*.dat >
[2010/09/19 18:09:16 | 002,097,152 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT
< %UserProfile%\*.dll >
< %systemroot%\system32\*.sxo >
< %SYSTEMDRIVE%\Gazma\*.* /s >
< %systemroot%\system32\spynet\*.* >
< %systemroot%\system32\System\*.* >
< %appdata%\Microsoft\Windows\*.* >
< %systemroot%\system32\WinDir\*.* >
< %systemroot%\_\*.* >
< %systemroot%\system32\windows32\*.* >
< %ProgramFiles%\win\*.* >
< %AppData%\Microsoft\CD Burning\*.* >
< %systemroot%\*.cab >
< %systemroot%\K.Backup\*.* >
< %ProgramFiles%\Massenger\*.* >
< %systemroot%\System32\*.doc >
< %systemroot%\Office12\*.* >
< %systemroot%\System32\Rundl32.exe\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
OTL Extras logfile created on: 9/19/2010 6:03:03 PM - Run 1
OTL by OldTimer - Version 3.2.14.0 Folder = C:\Users\Home\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 153.78 Gb Free Space | 54.26% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.84 Gb Free Space | 53.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MANJULA-HOME
Current User Name: Home
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" [2010/01/22 04:19:14 | 000,000,000 | ---D | M]
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" [2010/01/22 04:19:14 | 000,000,000 | ---D | M]
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1221B8C6-41B2-40CB-9BB1-9087F0BE6F5A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{27B879F0-4B6A-45B1-B332-D458CB861ED3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{283D6456-502D-475C-8C7B-205098605E95}" = rport=445 | protocol=6 | dir=out | app=system |
"{29B0706C-E03A-4039-A596-6667EE4178CF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{47C0D9E7-D9BB-4804-BEBC-F100C5E7BE93}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4FE5F42C-1B5C-47EC-B5F7-6972D43548F7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{51F067D0-474D-46CE-9C8B-4D81A08F9C32}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59000FF6-1B92-4261-A48A-8834BDB6596D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{693FFD30-714C-46A5-AF2C-EFF68F16CB4A}" = lport=138 | protocol=17 | dir=in | app=system |
"{6F9F6435-2F73-47EA-9A8A-6988612EB0BF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{71ED9AAA-D770-411C-8FB8-DDA92E285178}" = rport=138 | protocol=17 | dir=out | app=system |
"{81187C37-06C5-4903-B7DA-700EDFC6A4DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9C6F2D35-F785-4864-B880-A9E7388351B5}" = lport=445 | protocol=6 | dir=in | app=system |
"{A2A48B99-39A6-499B-9297-BBB2EA799F83}" = rport=139 | protocol=6 | dir=out | app=system |
"{BC42EBF8-2B52-4434-8363-3B9CBCCE1A85}" = lport=137 | protocol=17 | dir=in | app=system |
"{C32F58CD-D35E-424A-88E0-9BD177C519DE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CB289CC9-B55B-4689-B9BA-22FDB3C68084}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F613C2EC-3A40-46C1-931C-6EC0FA3D9412}" = rport=137 | protocol=17 | dir=out | app=system |
"{F7B06A3E-2600-4961-AD3C-3047D5572AED}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{F7FBA7E6-CB18-465D-8E84-BDFB9038F4BE}" = lport=139 | protocol=6 | dir=in | app=system |
"{FDD7FE35-47ED-4AF5-9334-27C385084531}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C1B81E-BFA6-4D42-B736-05A6607DE369}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{015B3914-F512-4E3A-BD23-AE7AF2ECDDC7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{070A4A38-F836-491B-8253-FA8EE46BA21D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{08211BCE-AF3B-45C9-A155-13FB924C1B36}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{210C90C7-CF9D-41F9-B96D-8BCFAD08EC90}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{3BDD5F64-81BA-44A9-BC9D-2AB40FA3BDE2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version4\teamviewer.exe |
"{3EA897B1-53A2-4024-9FA7-903C7361E382}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{453BD231-DCAC-4DAB-B0CA-EEF4830420C2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{58254800-FD63-4EE6-88D6-36C648723DF4}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{6767C2C3-9E24-4786-AB22-F0F74E8BAAC2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{87ABE390-9905-45B3-84D6-8F9EEDB0472A}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{A86B229B-6DF6-4A57-8D5F-5B3E1E796D2A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{ADA1B757-DE1B-40B7-9682-F8FD5AA7F72A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{AF13393C-2CC6-47DB-A641-07635E144C5D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{AF5E1A16-B1F2-4FCA-A50B-01D21AD55CF2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B3DFFE27-D0F9-4165-81DB-CD3E1C86A39C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B68287A8-C167-4917-8A00-E1440529F1F0}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{BB390D00-4BA8-4D36-94A8-3C1C52739AC5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{CAC90E41-2FA5-41FF-A11C-67898E0DC5B8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D3B91A9B-6A86-45DB-8BF5-E1B8A90C908A}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{DC39E12E-AB05-4EB6-BF2A-B252B9E5948C}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{F455C704-6005-47E0-9CA3-9E63175EAC03}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version4\teamviewer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23EA8626-1A8A-453A-ACC4-77CED745849A}" = Microsoft .NET Framework 2.0 SDK (x64) - ENU
"{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{40E12A55-C504-4223-AFAC-7672DBF1ACDE}" = Trend Micro AntiVirus
"{5AC309D7-93D6-418F-8DCA-DD710724A5B4}" = Windows Live Family Safety
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"{6E740973-8E71-42F9-A910-C18452E60450}" = Microsoft SQL Server Native Client
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro AntiVirus
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"Creative OA008" = Integrated Webcam Driver (1.02.02.0106)
"Microsoft .NET Framework 2.0 SDK (x64) - ENU" = Microsoft .NET Framework 2.0 SDK (x64) - ENU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"SynTPDeinstKey" = Dell Touchpad
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.72 Full
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU
"TeamViewer 4" = TeamViewer 4
"Veoh Video Compass" = Veoh Video Compass
"Veoh Web Player Beta" = Veoh Web Player
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9/11/2010 4:45:01 AM | Computer Name = Manjula-Home | Source = Windows Search Service | ID = 3013
Description =
Error - 9/11/2010 6:59:22 AM | Computer Name = Manjula-Home | Source = EventSystem | ID = 4622
Description =
Error - 9/11/2010 2:54:50 PM | Computer Name = Manjula-Home | Source = WinMgmt | ID = 10
Description =
Error - 9/11/2010 2:55:36 PM | Computer Name = Manjula-Home | Source = Windows Search Service | ID = 3013
Description =
Error - 9/11/2010 2:55:38 PM | Computer Name = Manjula-Home | Source = Windows Search Service | ID = 3013
Description =
Error - 9/11/2010 2:55:42 PM | Computer Name = Manjula-Home | Source = Windows Search Service | ID = 3013
Description =
Error - 9/11/2010 2:56:01 PM | Computer Name = Manjula-Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 9/11/2010 3:46:07 PM | Computer Name = Manjula-Home | Source = Application Error | ID = 1000
Description = Faulting application 0.22439264564744543.exe, version 0.0.0.0, time
stamp 0x4682793c, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x002e0019, process id 0x1564, application
start time 0x01cb51e9f97c344a.
Error - 9/11/2010 6:47:54 PM | Computer Name = Manjula-Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 9/11/2010 6:47:54 PM | Computer Name = Manjula-Home | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 11/21/2009 10:43:08 AM | Computer Name = Manjula-Home | Source = Service Control Manager | ID = 7009
Description =
Error - 11/21/2009 10:43:08 AM | Computer Name = Manjula-Home | Source = Service Control Manager | ID = 7000
Description =
Error - 11/21/2009 1:04:19 PM | Computer Name = Manjula-Home | Source = bowser | ID = 8003
Description =
Error - 11/21/2009 1:06:22 PM | Computer Name = Manjula-Home | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.
Error - 11/22/2009 11:12:25 AM | Computer Name = Manjula-Home | Source = HTTP | ID = 15016
Description =
Error - 11/22/2009 11:38:27 AM | Computer Name = Manjula-Home | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:05:15 PM on 11/22/2009 was unexpected.
Error - 11/22/2009 11:38:31 AM | Computer Name = Manjula-Home | Source = HTTP | ID = 15016
Description =
Error - 11/22/2009 12:51:56 PM | Computer Name = Manjula-Home | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.
Error - 11/24/2009 12:36:10 PM | Computer Name = Manjula-Home | Source = HTTP | ID = 15016
Description =
Error - 11/28/2009 3:52:37 AM | Computer Name = Manjula-Home | Source = HTTP | ID = 15016
Description =
< End of report >
Hi
Create Restore Point
Click Start->Control Panel->System->System Protection->System Protection tab
Select Create, type a name like Pre Clean then press the Create button and once it's done press Close
Erunt
This will create a full backup of your registry... ERUNT can be used to restore the registry from this backup, if needed.
Click Start >> All Programs >> ERUNT, then double-click ERUNT from the menu
Vista/Windows 7 users: Right-click on ERUNT in the menu, then select Run As Administrator. If UAC prompts, please allow it.
Click on OK within the pop-up menu
In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
System registry.
Current user registry.
Next click on OK... at the prompt... reply Yes.
After a short duration the Registry backup is complete! pop-up message will appear
Now click on OK. A registry backup should now been createdTFC (Temp File Cleaner)
Download TFC (Temp File Cleaner) by Old Timer Here (http://oldtimer.geekstogo.com/TFC.exe) & save it to your desktop.
Save any unsaved work. TFC Cleaner will close all open application windows
Right-click TFC.exe then choose Run as Administrator to run the program, your desktop will temporarily disappear
If prompted, click Yes to rebootNote: Save your work.. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take any longer than a couple of minutes & may only take a few seconds. Only if needed will you be prompted to reboot.
Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here (http://www.malwarebytes.org/mbam-download.php) & save to your desktop.
Right-click mbam-setup.exe then choose Run as Administrator to run & follow the prompts to install the program
At the end, be sure a checkmark is placed next to:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish
If an update is found, it will download and install the latest version
Once the program has loaded, select Perform full scan, then click Scan
When the scan is complete, click OK, then Show Results to view the results
Check all items except items in the C:\System Volume Information folder... then click on Remove Selected
When completed, a log will open in Notepad. Please copy & paste the log back into your next reply
Note:
The log is automatically saved by Malwarebytes' Anti-Malware & can be viewed by clicking the Logs tabNote: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either & let Malwarebytes' Anti-Malware proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.
If you receive an (Error Loading) error on reboot please reboot a second time . It is normal for this error to occur once & does not need to be reported unless it returns on future reboots.
Once done, re-run OTL again following instructions posted previously here:
http://forums.spybot.info/showpost.php?p=383681&postcount=4
To post in next reply:
Malwarebytes log
New OTL logs
TL logfile created on: 9/20/2010 8:39:21 PM - Run 2
OTL by OldTimer - Version 3.2.14.0 Folder = C:\Users\Home\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 165.35 Gb Free Space | 58.34% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.84 Gb Free Space | 53.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MANJULA-HOME
Current User Name: Home
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
========== Processes (SafeList) ==========
PRC - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Users\Home\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
========== Modules (SafeList) ==========
MOD - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msshsq.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Microsoft Office\Office12\GrooveUtil.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Microsoft Office\Office12\GrooveNew.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\ntshrui.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\duser.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\actxprxy.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\SLC.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\networkexplorer.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\thumbcache.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\linkinfo.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\normaliz.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe ()
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe ()
SRV:64bit: - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV:64bit: - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV:64bit: - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (TeamViewer4) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys ()
DRV:64bit: - (tmxpflt) -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys ()
DRV:64bit: - (tmpreflt) -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys ()
DRV:64bit: - (vsapint) -- C:\Windows\SysNative\DRIVERS\vsapint.sys ()
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys ()
DRV:64bit: - (OA008Ufd) -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys ()
DRV:64bit: - (OA008Vid) -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys ()
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\DRIVERS\tmtdi.sys ()
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys ()
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys ()
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys ()
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys ()
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys ()
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys ()
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys ()
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
O1 HOSTS File: ([2006/09/18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files (x86)\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [googletalk] C:\Users\Home\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [Lvgciejl/z+me\AppData\Local\Temp\961095171.exe] C:\Users\Home\AppData\Local\Temp\961095171.exe File not found
O4 - HKCU..\Run: [Lvgciejl82xme\AppData\Local\Temp\2314884205.exe] C:\Users\Home\AppData\Local\Temp\2314884205.exe File not found
O4 - HKCU..\Run: [Lvgciejl91+me\AppData\Local\Temp\440669226.exe] C:\Users\Home\AppData\Local\Temp\440669226.exe File not found
O4 - HKCU..\Run: [Lvgciejl9yyme\AppData\Local\Temp\1535015731.exe] C:\Users\Home\AppData\Local\Temp\1535015731.exe File not found
O4 - HKCU..\Run: [Lvgciejlhb] C:\Users\Home\AppData\Local\Temp\debug.exe File not found
O4 - HKCU..\Run: [Lvgciejlk+] C:\Users\Home\AppData\Local\Temp\gdi32.exe File not found
O4 - HKCU..\Run: [Lvgciejlmc] C:\Users\Home\AppData\Local\Temp\mdm.exe File not found
O4 - HKCU..\Run: [Lvgciejlna] C:\Users\Home\AppData\Local\Temp\login.exe File not found
O4 - HKCU..\Run: [Lvgciejlna.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXMiwocOHECMypCaxosWLGCkK1JiQosd/H0OCHCnSI7WSJ0dujMhxZUI/
A1tO7KiyJsabDFMdlInzYiqYCEWuLBmz6Ec/qYgK7bmQ50WnC3UWtWnRqcyPLv/5AUoQalaqUWGK
lNp0KtVUZJmq3cl2bcStFb0qREoz7sCkaauaXTu25lKIVtuO3CrX6N66AuFe7Qp4JF6JHCMLdisw
L+WG1H4+RMtYoUy4k/9Zjsr5ZmClJFMvXX13Z+HQX6du5Vp2oOLaiWkf3h0bLdmrryHjDS548WKc
ugnSjZgXafKDy1kqfOyZ+NPM2CVLZswzrfbUnf3G/8z783bQnaO1mieoOXbOgiepgzXs/jJ95pc1
wiwPGv5DuaXZZtpdSXlmUEqYUeUVVvdRhBdn22VlGYOQ5ZZUfwxixxtFYimY21be8RaUb12dZGJ8
B0aY33/ZTZcRdDqB2FB6BukEoHNxmZjUiScmWCGF/g31n1/YocXRb+E9NNs/UzRJ22kT2lRgbKBx
iCGPWA53ZHEH0TjkeT8GudGO6VmHo2gwNTmFXC15uRs1hJmEYn8jIpikQ24OGVJLKoq5EZYKGrnj
hrYhVWRmMaLQ5HzbeafjoyeCKJWKS8aEaGB51pSpdLFpZF2KILVZYosGnVnZk6moueOhg/IYqlPD
of/1HGlGOmTdpgYax5OdIhZ34pT+xXqbldzBOYWi8fVYGavMUlfegXXV2t5M87GHG2Jgqmfqfz9N
4Ye3utkoGpxGaqRZrHACGpOar3k6nGh/lndospklp6GAldLkB6Kj0cinYZH9JDC4f3oaqnPf8vdk
Qakoeqy3ReGlpqIo+Daoeg03GSDDDicU65RHAiXVaBw6afHH8UllqGi+IUVifeJG2N+g5b40hW/1
CnzyaCAivNy3FN+cUkrfTpzWg0w6rDG6tjV5JL+uwWvb0TupeXOX+/Gr9a9wSnqvy+BNHeVQ/FpM
jaIun2ziSi47J3DaKm9ltaIqoRU0CkA1CvTDyFr/mlSTij7mlbjwtmc4Yz8FPbLaXk4r62w3C13v
bJTTWa1n3wbcrNY7M16v1eAODLqWeY+kZtFOVjYc4LV21FKVU0v9IOhgV2agckaCC/m+ICk8m6BF
2tpV4FTRtTbDnXfG97G5P2xy5yc7nKrzxifWce+ksnyXyFh17tyx/xCvX31O+SwpZzZ+W3mH9c24
qEHeXm0a6FNoNXq+p1qsqrGnC+skq4IyEl2gBzyuUENjTFpTa5gELJDArWWlKY93ziRBtagvK3KT
X9igFRv67c1hC6vXvVKFNgcGjTD2KyHyCIgznK3NRH5A2wFvRqLp3cxtr7OctignMI7IzTo5i07T
/yZVGatlayFLmtvEnLYsnCGkaAa0mtv6V7bEWMZGEHqd9byFluc9Dm8tNJvHQuezST1rJt1pW9EI
N8NUla5goYJWvk4COOcdq23iqVHGKraSY6EAbUihmJXMJqdxkaWFZQMc71S4Rf2YKkPbM1TX5Haw
9bSPISb73A0hBj8MEWhlBYkh6v4HEec4jFVWu9D/OFSgZD3IbXCL1/R0ohMmDsRJMsITUm54kp5J
Kpc9ISHbIKY+mOCoaHwCDXlkZUcE9gZ6IKFelWL4MBteCIAPepCV1oe6B/VNIKe75JhW1kWJFTNG
N8zj5RAyvT+9L2EFOR0sWxnAKaEOb9Lbme04mP9C3u2pjvJUXXYG6qCtaWiGN8ygodYIJIYJMZqa
4aZWUiUwbPHmgpnp2wFRELH/nRGH6drRbO7GtzK55iR/XNM8u7U8FEDtOIYsktnY5c2rwQlZIiyV
Dk+VUF/uS32O9FND4JnASb1vI7isp9QEKiiledCiZUPdGFOpsIZ6zH40JInTuuitgZLJbVh7WwV/
h7+JXgSBqSsiV2z40IlaTCueAijoxDc0ci3nKtWEzi4VuMD1TQShDvKNxhD6k3kxq3KFlRvlHITY
BQFmq0cVDRd3169QRnF0CCUljxoInTvCBy9vXCpjKpfH6dUumpsMnazIRFBmTe53p+IhTswVuKX/
NQ9iZ8NtKAu1r1cusW13I2JBN9shlDKPZVhpbYjkNLRifitpZBxp/AKnMCFFxrD8AReiGuuhT7GU
r4lh4gEt2Z62iXWUW5WVUzc2lVaqhJo3BJ4rE+tej0Dwp8BSrHO2e0cvpu2/Zlvtaslq18aWTWe4
4p/QtDVDOj4XTWK1mG42OjHV2HE/O0sJuuLzsH258qcl6dnbQGTVlcRIutczjA631DSv9RJyu+pV
ZwmWtxmqJ74EOpny1ou45WXKlcYCI6A0JCvY+Oc55ZkY5dhJsqIgzE6T9DCu/DRe3hEIXMfikxvR
NFFYjhJv3Elg0CJkrhbCBW9AGu6v5kk+zRS0/0A7opiVd0jJxAgVTYrx1JKbGKBbGbAr2SVP2ubi
Ri6+dV1ShI8rp9Ynl7CPbPYddMGI6x12IZG0m7lPjXiVJGC6hGhGFBsRLSLBOPW2R66SrDr/xDZ4
LQhSHCqUe3vnwEcPNXIP3gun75STnYrHaj5kb0YQ1KIjBWjFmnbdr07ay/M02SE/q26SPsWeObdF
w+KdqGP5KRmaqasmZO2ZwY4zwqFdLmdC6oyX/iIlWy+ZPOZOt15sEtgp06TRk+pRWx2omh7R8y0m
NQu1X3K7i1HrS0utl1aMHGZ2ZyUzgF7VxbBb7RH3KdjFjZqojqgSg4Wn230GmIyFV5pZsaWQvP/u
UuzGhOpdn2WfLN8Ijhq9atEifDoQHzhMOxUvsUxL0akBmZGvIsDWKitexzPxYI485yByNswLvBMk
MTXQOH585DM65NWPfp1lnyc4yX3iz4N0skH/a51dkjAh9Yl2fvLc2L9Z1bjoJZ03cz3qrFZNbXIO
r12qZtZOvq9dI3zewrv4I/KJkL3vTBIIjWfRVSEontZCFkn+CsGx1B7j8f4q3sinOk/RtSTZ4/iU
I53upg+byd2u8jmOyuBQ7xXEAfNssAx8OkhSHZiMThmP+6hGqz+5y8WJ9aRzat4V7bidtQyp0FNr
8V/xfbaAtCqTEL8jTz94ME3q4VfdXi3Ql1B3flBNe6h8Xzi/OezvUx4Y1ssbjqhR+tW/HhVLGf9A
sGd42/E0suHbxz+owRrO13uA4X//x05/xnOpR38BaBfXgXUsAi3JlX09cX4HeIFMYYEVgSMXYnge
OE8gGGEHSHP20X494WXclIIqiFgoOHdiQmYCF4MYERAAOw==] C:\Users\Home\AppData\Local\Temp\login.exe File not found
O4 - HKCU..\Run: [Lvgciejlo+] C:\Users\Home\AppData\Local\Temp\avp32.exe File not found
O4 - HKCU..\Run: [Lvgciejloc] C:\Users\Home\AppData\Local\Temp\avp.exe File not found
O4 - HKCU..\Run: [Lvgciejlora] C:\Users\Home\AppData\Local\Temp\iexplarer.exe File not found
O4 - HKCU..\Run: [Lvgciejlotc] C:\Users\Home\AppData\Local\Temp\hexdump.exe File not found
O4 - HKCU..\Run: [Lvgciejlpsc] C:\Users\Home\AppData\Local\Temp\taskmgr.exe File not found
O4 - HKCU..\Run: [Lvgciejlq+] C:\Users\Home\AppData\Local\Temp\win16.exe File not found
O4 - HKCU..\Run: [Lvgciejlqb] C:\Users\Home\AppData\Local\Temp\winamp.exe File not found
O4 - HKCU..\Run: [Lvgciejlqc] C:\Users\Home\AppData\Local\Temp\win.exe File not found
O4 - HKCU..\Run: [Lvgciejlqcchonline.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXGgwFcOHECNKnLiQGjWKES8K1DiQI8aPHRP6+ecRpEmDJSGmrGjRYsiT
MGOeHCmz5st/fnLq1JnKT8+cP33uFLqzp1GgNjmuvFiSacGVIIFOGTo0KNWfU636mUq161avYHNO
CXqToNKyA1O1dHoWpU2FPIUeBRqXrl2ieB2SXEgzoUa9bwPjFBw151OBOs3u3YhW5sq+D/W2Pdj0
JFS/ey8rfsuR6MGihCcCjoxRc8aFahm3DP3QacGdh6ntdLk6KdoprfdCXkyZpOmKmYNvpNaTpFrX
vDdP/C0R9uejwdm+3V0x1WjllK/HpC3ZJHOKk1M6//883u1q6YwVa6QeWW1q4cn3Wk8vfD79p8ep
TVVNfK1L5Re9p5pj/eUHl1Fw0XWfQmdJxx5DkPVnWlP9ZeSfbBYiZ9xyvmnIYEcFWmQdcSNaxZeC
AMZH30jSoffZQCPl1CKJDv1V42EoSeiSWrt56JZA9vnIm3+NBdaZHxfWhtNPGGmHkIv3HWWUewcJ
6JeIBFn3IGYdOfnkfwRtaRaY9FWG3XDRoekUT5MpJmZvabXYoW5zRQiYUmD2VRxaxFFnY4rDKfna
j/FVmJtrtL3204SxhcTcUv/cuKB6MEpJ01oGsbgnQvbRR+WVZIqk1XUUWrngo4ANhVyLVjGVmpyw
Zv+WaIBgCrniXa8CKVuDS0oa0nFpYhoWVUPCx+B/3xGaqVAQodhaS4Bdl1WRDYJ5p6XurXqTRtzJ
5dNPCDZ7mnmpcCXgb9d1umZiRcb4FYtwvtSdbFNAG+KALsLak34ooJAVXsUCy9Sss8oK66Uqfkjc
FAw37K+XDZllmHWddlTVhUjWBjCnZZULcYf2cpvfewFO0e/JmVkqY42CThoRux+aVa7JNPtr81Sh
KtUdYzIC+W25X03FFcLwGmfvyH0CFbJ+K8v8z1gWzYbTULqWe/LVKCBJ6kbe7ltmsbxy1HCRVdbM
cGrW+bvfnBEntCdW78oWrVzNybbVq3aLtWiSq0H/zC3DN59cb5xr5SeijT/79NraP341LjU2nwuk
zTpme3iSvO00lpabFtRq5qMiKRZPQGaFqZLaXtQXv1j7i6RiluMYcspyjf3kVx/f/jBCNN9pcKiB
0ob7hSBHXbhQp8uK2N1RA61noXxN3q/JrkvWN3HA2boRw12nZTtDyG2VNULi/yulQ5bzbTFXz9WI
MM86zXhRwz5FjbPxxF9++q7iXx2poTQyj3BSoqGzpUcnQjMMRmzGKddV6XwiYlb9WmIXt1HsRLfj
nkNwliW6RaZANUOBQ4gCuJ0BB0JbIc/aPNgaP+wuUybTDsSo9B8S2kV/fcLW15Y3ksFF6l0KDNbU
/4oWJi0BBWs4K1+/3pQe4CWHaeIx4JlQwz2UfC8tXOrQpphEorvJjEg5ZJHcROSe+IlFik3BVtcM
JCLBZa11/pLId5gXJrFY5mQeKZ/vfHWgTzEtgQmE0WRudJ4BpmYr3KuL6ii2RqDtjTbUg+MSsfQk
EBFqLVVkTMNGk6wwnY1EavskFiOzmzLqDVg/HMyksNe1CnmwJ+aqSNGw17zaTc9m0/MVH+PFH4/o
x4dL4uBJrGY2wdEshYBK5W2C6KauqO518KJYrUDGPeGtzlgGeklOrnbMn4GLR99qJbcwpZ6tcOtd
vGxNw0wmI/uNzVuKYo9HPEbB7hlmYL55CvYiFf+kxXyFLXl7ndNwtBFiTu+aL9mnPmukxik9TWla
AqZKyuJChnHLe2q76Oh65Cj5pJBW7xnJyPIZp52FsTiqs+gaY8S+8/iSnwKJZL8CKtI4jlJCJL3M
ej4JS6hJM1u+q0gmYag2RSGGLKey2y49pC2XZYlE00INOJE3sBv1sGaaotfJSlS5rh4ufe5RKdNy
lxuBMDBixMQNTN1CtcXQi2QuEWk2M5azYm1meO7hKlBDtFegVnSrrOOmQmF60XSSxIBAm85QgdSR
dZK1jgqMH7KMUrijhUh/xwkSODdHsZ9WTGLOYpFM3Xi1UhbUqeTDmRQ5tCBiMkZSCythXoGqV2n/
IjCcQVOgV5ckMjJ2lp8/0+BvfeOkij1TgaNFIssGtr8ABbVsYxEmQbOno8jttXn6MdUJ0wLEoU3w
p5WbmKE8Z58Lkncln/UcTogTuGO+NFL4IRGRKik0xrGWMhUVqUcrmTq3koifgIwo6aq1Gma+9lx1
he9vtTum2sgUag/MkmZ9qT5EWhS1TWKngp00z87OlkbpyhiaYDSWdq6KgvL5bGGna5z0QgsxWVqi
iV5aIt5YjyWIzCZM/mJdD3OORzdB5bb+1zKA6kVVQ+oPEQeUrtEI2XArJiJd+zIb8574qJ315pTQ
p55Ega+vJbMv+FqWHZIqi3xKxeJ4lcXJO9Vm/7gwrmS0GLkvH3sYQlmyDfySWbUVK8dwU2zTZvLG
Qa2FKlqEIyeOEPQ+Sy44JM7BZzrVytiEmcRrYx7ssZDlxNzs8odBGa+rgkcRTMPOvMVdXnEeS53H
VnKHuWLymp+blhHpyCQxwgxezAlWuWnZzj4uWA6djNCcwghmOBIojCwNEicKuW2eG2dTJZLeZimV
ks1WZWcLVKJtgxfY4PImjcSDazWG88UDgjZJ6AqleM1TccZqjLAuOMHeyEnCKvZmpZHju07zjGPM
lqO0Jdw1onh2kdzdMkSMm2kymdJRSWtPtW3MaICTbdmTYnCTFA2p4MVOe6CuSsHxdkE8dbqfX/87
DmxcpSWMJ1l1KRuRuxO8bpcx8VnLsdaOaoLKnCm6zAJfJLIrvegHmteweUbNjpEuKJwGyK5X+jZt
mPtstHwq4BRX0kYf9HTlRLNzGMawqwVDZs2AmSXFK56XcUrtib/mbhFiyB7VNUzW+KXqp+Wrijs6
HIEN+dQ64tt/fgtyXemmZ5iBeUlY+Heod/3iofnq0QUOvdbkzpd+j1WmqhQRv8ntzG6zO57AWh+3
winwjXcZmXQaLj4TmYLA6yTXa+328Jiwk5ziq7/V6yVyFh4m0sQ95/U50ThDHd9ZJPppqtrtx/Iq
znoB9BQHTS34OJfW8Q6bbhq1Q7T0iICV8ptWy8NOXOGLi8x2b7H5SWMZ5ZOfn3h3vxw5g2L4Yv0j
Hda4TPQPHpMyqqDKxmLpl3zyt3RAMnmscXMTNVjrh4DgcX9lNYAyg33rJ3e/Vzdmtl35h30GERAA
Ow==] C:\Users\Home\AppData\Local\Temp\win.exe File not found
O4 - HKCU..\Run: [Lvgciejlqf] C:\Users\Home\AppData\Local\Temp\user.exe File not found
O4 - HKCU..\Run: [LvgciejlqMc] C:\Users\Home\AppData\Local\Temp\rpm54cg.exe File not found
O4 - HKCU..\Run: [LvgciejlqMcmd.com/dw/dw.php?id=%s&ver=d01] C:\Users\Home\AppData\Local\Temp\rpm54cg.exe File not found
O4 - HKCU..\Run: [LvgciejlqW] C:\Users\Home\AppData\Local\Temp\drweb.exe File not found
O4 - HKCU..\Run: [Lvgciejlrxc] C:\Users\Home\AppData\Local\Temp\spoolsv.exe File not found
O4 - HKCU..\Run: [LvgciejlsPc] C:\Users\Home\AppData\Local\Temp\nvsvc32.exe File not found
O4 - HKCU..\Run: [Lvgciejlud] C:\Users\Home\AppData\Local\Temp\system.exe File not found
O4 - HKCU..\Run: [Lvgciejlupc] C:\Users\Home\AppData\Local\Temp\sysedit.exe File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [SightSpeed] C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.co.uk/s/v/63.16/uploader2.cab (UploadListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://inchnm03.tcs.com/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1727ee65-a14d-11de-836d-002219ec09f3}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found
O33 - MountPoints2\{3c6b17f3-ae0c-11df-8aa0-002219ec09f3}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O33 - MountPoints2\{826839c6-809f-11df-a589-002219ec09f3}\Shell - "" = Autorun
O33 - MountPoints2\{826839c6-809f-11df-a589-002219ec09f3}\Shell\Open\command - "" = regsvr.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: VIDC.3iv2 - C:\Windows\SysWow64\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\SysWow64\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.wmv3 - C:\Windows\SysWow64\WMV9VCM.dll (Microsoft Corporation)
Drivers32: VIDC.X264 - C:\Windows\SysWow64\x264vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 90 Days ==========
[2010/09/20 19:04:11 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Malwarebytes
[2010/09/20 19:04:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/20 19:04:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/20 19:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/20 19:01:27 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Home\Desktop\mbam-setup.exe
[2010/09/20 18:46:58 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\TFC.exe
[2010/09/19 17:58:01 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010/09/15 01:20:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/15 01:19:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/09/15 01:16:53 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\malware removal
[2010/09/15 01:00:55 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/09/13 19:17:52 | 000,000,000 | -HSD | C] -- C:\Users\Home\.COMMgr
[2010/09/13 19:17:50 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\vpwkxpvvr
[2010/09/13 19:17:37 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/09/13 19:17:32 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\D3ADD88C79438E06E44D32E19B9A55BD
[2010/09/03 22:43:10 | 000,000,000 | ---D | C] -- C:\My Collection for bristol festival
[2010/09/03 22:42:48 | 000,000,000 | ---D | C] -- C:\Bristol Harbour Festival - Copy
[2010/09/03 22:29:24 | 000,000,000 | ---D | C] -- C:\Swizzz
[2010/08/01 00:13:17 | 000,000,000 | ---D | C] -- C:\bgam upload
[2010/08/01 00:09:51 | 000,000,000 | ---D | C] -- C:\B'gham
[2010/07/13 20:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010/07/13 20:51:42 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\OpenCandy
[2010/07/13 20:51:40 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\OpenCandy
[2010/07/13 20:51:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veoh Networks
[2010/07/11 17:39:37 | 000,000,000 | ---D | C] -- C:\Users\Home\Tracing
[2010/07/11 17:38:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office Outlook Connector
[2010/07/11 17:38:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/07/11 17:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/07/11 17:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/07/11 16:56:16 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Yahoo
[2010/07/11 16:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/07/11 16:55:14 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Yahoo!
[2010/07/11 16:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/07/11 16:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/07/10 18:09:56 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\My Documents
[2010/06/28 21:20:14 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Photos
========== Files - Modified Within 90 Days ==========
[2010/09/20 20:40:19 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A65F5209-7875-4623-BD41-CEFBD59CC1B4}.job
[2010/09/20 20:40:19 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7FBA0C7D-C412-4974-BE03-F7065C3D79FB}.job
[2010/09/20 20:39:57 | 002,097,152 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT
[2010/09/20 20:36:59 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1000UA.job
[2010/09/20 20:36:55 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010/09/20 20:34:43 | 000,000,680 | ---- | M] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
[2010/09/20 20:34:22 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/20 20:33:45 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/20 20:33:45 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/20 20:33:45 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/20 20:27:39 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/20 20:27:39 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/20 20:27:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/20 20:27:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/20 20:27:21 | 4251,828,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/20 20:26:21 | 000,524,288 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/09/20 20:26:21 | 000,065,536 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/09/20 20:26:19 | 006,291,456 | -H-- | M] () -- C:\Users\Home\AppData\Local\IconCache.db
[2010/09/20 20:23:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1001UA.job
[2010/09/20 20:13:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/20 19:04:04 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/20 19:01:33 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Home\Desktop\mbam-setup.exe
[2010/09/20 18:47:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\TFC.exe
[2010/09/19 21:32:38 | 000,001,048 | ---- | M] () -- C:\Users\Home\Desktop\Google Talk.lnk
[2010/09/19 18:26:05 | 000,002,039 | ---- | M] () -- C:\Users\Home\Desktop\Google Chrome.lnk
[2010/09/19 18:26:05 | 000,002,001 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/18 15:23:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1001Core.job
[2010/09/15 01:19:16 | 000,000,746 | ---- | M] () -- C:\Users\Home\Desktop\ERUNT.lnk
[2010/09/13 20:10:08 | 000,019,968 | ---- | M] () -- C:\Users\Home\Desktop\Swiss Expenses.xls
[2010/09/05 21:33:47 | 000,013,241 | ---- | M] () -- C:\Users\Home\Desktop\Jun9th to Jul 2.xlsx
[2010/09/05 21:33:40 | 000,012,509 | ---- | M] () -- C:\Users\Home\Documents\Aug Month Expenses.xlsx
[2010/09/05 21:33:40 | 000,012,509 | ---- | M] () -- C:\Users\Home\Desktop\Aug Month Expenses.xlsx
[2010/09/05 21:32:04 | 000,013,079 | ---- | M] () -- C:\Users\Home\Desktop\Jul 3rd-Aug 1st settlemnt.xlsx
[2010/09/04 00:43:35 | 000,029,184 | ---- | M] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/25 11:03:44 | 023,363,584 | ---- | M] () -- C:\Users\Home\Desktop\M2U00027.MPG
[2010/08/14 11:19:28 | 000,422,520 | ---- | M] () -- C:\Users\Home\Desktop\hdfctransfer.docx
[2010/08/14 10:34:28 | 000,385,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/03 19:46:07 | 000,184,332 | ---- | M] () -- C:\Users\Home\Desktop\ramya.docx
[2010/08/01 13:35:18 | 000,013,068 | ---- | M] () -- C:\Users\Home\Documents\Jul 3rd-Aug 1st settlemnt.xlsx
[2010/07/22 13:01:14 | 019,660,800 | ---- | M] () -- C:\Users\Home\Desktop\M2U00007.MPG
[2010/07/18 12:23:15 | 000,000,124 | ---- | M] () -- C:\Users\Home\JavaConnect.ini
[2010/07/15 21:39:36 | 000,000,969 | ---- | M] () -- C:\Users\Home\Desktop\Resume.doc
[2010/07/13 20:52:12 | 000,000,945 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2010/07/13 20:52:12 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/07/11 16:54:49 | 000,000,998 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger India.lnk
[2010/07/11 16:54:49 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger India.lnk
[2010/07/10 14:09:33 | 000,038,309 | ---- | M] () -- C:\Users\Home\Desktop\SwissTripbookingForm.docx
[2010/07/10 10:37:43 | 000,198,395 | ---- | M] () -- C:\Users\Home\Documents\OnlineBookingForm_web_updated.pdf
[2010/07/04 02:37:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1000Core.job
[2010/06/26 07:28:41 | 000,243,712 | ---- | M] () -- C:\Windows\SysNative\occache.dll
[2010/06/26 07:26:43 | 000,706,048 | ---- | M] () -- C:\Windows\SysNative\msfeeds.dll
[2010/06/26 07:26:05 | 001,538,560 | ---- | M] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/06/26 07:25:54 | 002,335,744 | ---- | M] () -- C:\Windows\SysNative\iertutil.dll
[2010/06/26 07:25:54 | 000,219,136 | ---- | M] () -- C:\Windows\SysNative\ieui.dll
[2010/06/26 07:25:54 | 000,132,096 | ---- | M] () -- C:\Windows\SysNative\iesysprep.dll
[2010/06/26 07:25:54 | 000,077,312 | ---- | M] () -- C:\Windows\SysNative\iesetup.dll
[2010/06/26 07:25:53 | 000,252,416 | ---- | M] () -- C:\Windows\SysNative\iepeers.dll
[2010/06/26 07:25:53 | 000,072,192 | ---- | M] () -- C:\Windows\SysNative\iernonce.dll
[2010/06/26 05:47:47 | 000,162,816 | ---- | M] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/06/26 05:47:29 | 000,070,656 | ---- | M] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/06/26 05:46:54 | 000,012,288 | ---- | M] () -- C:\Windows\SysNative\msfeedssync.exe
========== Files Created - No Company Name ==========
[2010/09/20 19:04:04 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/20 19:04:00 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/19 21:32:38 | 000,001,048 | ---- | C] () -- C:\Users\Home\Desktop\Google Talk.lnk
[2010/09/16 01:02:36 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\spoolsv.exe
[2010/09/16 01:02:24 | 000,295,424 | ---- | C] () -- C:\Windows\SysNative\MP4SDECD.DLL
[2010/09/16 01:02:22 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2010/09/16 00:58:10 | 000,622,080 | ---- | C] () -- C:\Windows\SysNative\usp10.dll
[2010/09/15 01:19:16 | 000,000,746 | ---- | C] () -- C:\Users\Home\Desktop\ERUNT.lnk
[2010/09/13 20:10:08 | 000,019,968 | ---- | C] () -- C:\Users\Home\Desktop\Swiss Expenses.xls
[2010/09/05 21:34:16 | 000,012,509 | ---- | C] () -- C:\Users\Home\Desktop\Aug Month Expenses.xlsx
[2010/09/05 19:37:49 | 000,012,509 | ---- | C] () -- C:\Users\Home\Documents\Aug Month Expenses.xlsx
[2010/08/25 18:34:34 | 019,660,800 | ---- | C] () -- C:\Users\Home\Desktop\M2U00007.MPG
[2010/08/25 18:33:46 | 023,363,584 | ---- | C] () -- C:\Users\Home\Desktop\M2U00027.MPG
[2010/08/14 11:17:48 | 000,422,520 | ---- | C] () -- C:\Users\Home\Desktop\hdfctransfer.docx
[2010/08/12 19:24:33 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/08/12 19:24:28 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/08/12 19:24:28 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/08/12 19:24:24 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/08/12 19:24:22 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll
[2010/08/12 19:24:11 | 004,675,976 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/12 19:23:56 | 009,250,816 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/08/12 19:23:55 | 012,473,344 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/08/12 19:23:53 | 002,335,744 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/08/12 19:23:50 | 001,487,360 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/08/12 19:23:50 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/08/12 19:23:50 | 000,706,048 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/08/12 19:23:50 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/08/12 19:23:49 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/12 19:23:49 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/08/12 19:23:49 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/08/12 19:23:49 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/08/12 19:23:49 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/08/12 19:23:49 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/12 19:23:49 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/08/12 19:23:49 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/08/12 19:23:49 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/08/12 19:23:49 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/08/12 19:23:48 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/08/12 19:23:48 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/08/12 19:23:48 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/12 19:23:48 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/12 19:23:32 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/08/12 19:23:30 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/08/03 19:46:05 | 000,184,332 | ---- | C] () -- C:\Users\Home\Desktop\ramya.docx
[2010/08/02 21:15:27 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/08/01 13:36:03 | 000,013,079 | ---- | C] () -- C:\Users\Home\Desktop\Jul 3rd-Aug 1st settlemnt.xlsx
[2010/08/01 13:34:17 | 000,013,068 | ---- | C] () -- C:\Users\Home\Documents\Jul 3rd-Aug 1st settlemnt.xlsx
[2010/08/01 11:34:48 | 000,013,241 | ---- | C] () -- C:\Users\Home\Desktop\Jun9th to Jul 2.xlsx
[2010/07/15 21:40:52 | 000,000,969 | ---- | C] () -- C:\Users\Home\Desktop\Resume.doc
[2010/07/13 20:52:12 | 000,000,945 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2010/07/13 20:52:12 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/07/11 17:38:03 | 000,061,288 | ---- | C] () -- C:\Windows\SysNative\drivers\fssfltr.sys
[2010/07/11 16:54:49 | 000,000,998 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger India.lnk
[2010/07/11 16:54:49 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger India.lnk
[2010/07/10 11:05:54 | 000,038,309 | ---- | C] () -- C:\Users\Home\Desktop\SwissTripbookingForm.docx
[2010/07/10 10:37:43 | 000,198,395 | ---- | C] () -- C:\Users\Home\Documents\OnlineBookingForm_web_updated.pdf
[2010/06/23 19:09:20 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2010/06/23 19:09:20 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2010/06/23 19:09:20 | 000,100,352 | ---- | C] () -- C:\Windows\SysNative\Mpeg2Data.ax
[2010/06/23 19:09:20 | 000,073,216 | ---- | C] () -- C:\Windows\SysNative\MSDvbNP.ax
[2010/06/23 19:09:12 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2010/06/23 19:09:10 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2010/06/23 19:09:10 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2010/06/23 19:08:47 | 001,942,856 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll
[2010/06/23 19:08:47 | 000,444,752 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll
[2010/06/23 19:08:47 | 000,320,352 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe
[2010/06/23 19:08:47 | 000,109,912 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/06/23 19:08:47 | 000,048,960 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll
[2010/06/22 20:44:51 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/06/22 20:44:50 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2009/10/31 19:16:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/20 17:52:55 | 009,771,742 | ---- | C] () -- C:\Users\Home\AppData\Local\VSMsiLog2AA9.txt
[2009/09/20 17:51:25 | 000,037,039 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_MSDN_vs_90.txt
[2009/09/20 17:51:14 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_error_msdn_vs_90.txt
[2009/09/20 17:51:13 | 000,258,736 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_install_msdn_vs_90.txt
[2009/09/20 17:48:16 | 000,188,218 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SqlPubWiz.msi271A.txt
[2009/09/20 17:48:08 | 000,283,760 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_RefInt_x64_MSI2700.txt
[2009/09/20 17:47:51 | 000,549,116 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_NetFxTools_x64_MSI26C9.txt
[2009/09/20 17:47:36 | 000,440,290 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Win32Tools_x64_MSI2698.txt
[2009/09/20 17:46:24 | 005,358,798 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Build_x64_MSI25AD.txt
[2009/09/20 17:46:06 | 000,653,338 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Tools_x64_MSI2572.txt
[2009/09/20 17:45:06 | 002,501,282 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_CrystalReports2007_x64_MSI24AE.txt
[2009/09/20 17:40:43 | 004,652,682 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_CrystalReports2007_MSI2153.txt
[2009/09/20 17:40:20 | 001,222,686 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_RDBG_AMD64_MSI2108.txt
[2009/09/20 17:38:48 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/20 17:33:11 | 000,488,718 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_64bitEmulator_MSI1B8F.txt
[2009/09/20 17:32:10 | 005,155,436 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WMSP_5_0_MSI1AC8.txt
[2009/09/20 17:30:43 | 007,073,050 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WMPPC_5_0_MSI19AC.txt
[2009/09/20 17:30:24 | 000,739,886 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SSCEDeviceRuntime_MSI196E.txt
[2009/09/20 17:30:16 | 000,331,702 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SQLCEToolsForVS2007_MSI1953.txt
[2009/09/20 17:30:07 | 000,357,614 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SSCERuntime_MSI1936.txt
[2009/09/20 17:29:20 | 000,842,960 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_VSTOR_MSI189D.txt
[2009/09/20 17:28:45 | 001,049,088 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NETCFSetupv35_MSI182A.txt
[2009/09/20 17:28:09 | 001,293,660 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NETCFSetupv2_MSI17B5.txt
[2009/09/20 17:00:05 | 053,868,066 | ---- | C] () -- C:\Users\Home\AppData\Local\VSMsiLog0239.txt
[2009/09/20 16:55:45 | 002,870,540 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_Dexplorer90_retMSI7EE8.txt
[2009/09/20 16:55:35 | 000,347,944 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_PreReq_AMD64_MSI7EC8.txt
[2009/09/20 16:54:04 | 001,864,064 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NET_Framework35_x64_MSI7D9F.txt
[2009/09/20 16:53:05 | 000,175,713 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/09/20 16:53:01 | 000,131,474 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_dotnetfx35install.txt
[2009/09/20 16:53:01 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_dotnetfx35error.txt
[2009/09/20 16:52:41 | 000,837,792 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_VC_MinRed_MSI7C90.txt
[2009/09/20 16:50:28 | 000,191,477 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_VS_PRO_90.txt
[2009/09/20 16:50:18 | 000,621,994 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_install_vs_procore_90.txt
[2009/09/20 16:50:18 | 000,037,810 | ---- | C] () -- C:\Users\Home\AppData\Local\uxeventlog.txt
[2009/09/20 16:50:18 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_error_vs_procore_90.txt
[2009/09/17 18:19:54 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/29 08:11:44 | 000,568,850 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2009/08/29 08:11:43 | 000,856,064 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/08/29 08:11:43 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/08/29 08:11:42 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/08/29 08:11:35 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/08/29 08:11:35 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009/08/03 20:05:19 | 000,000,200 | ---- | C] () -- C:\Users\Home\AppData\Roaming\wklnhst.dat
[2009/07/31 19:27:59 | 000,029,184 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/31 02:45:20 | 000,000,680 | ---- | C] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
[2008/01/21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/21 03:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
========== LOP Check ==========
[2010/09/20 20:25:37 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\D3ADD88C79438E06E44D32E19B9A55BD
[2010/07/13 20:51:48 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\OpenCandy
[2009/09/25 03:49:42 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TeamViewer
[2010/09/13 19:19:37 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Template
[2010/09/20 20:26:24 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/09/20 20:40:19 | 000,000,390 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7FBA0C7D-C412-4974-BE03-F7065C3D79FB}.job
[2010/09/20 20:40:19 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A65F5209-7875-4623-BD41-CEFBD59CC1B4}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2008/01/21 03:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/06/24 11:22:20 | 000,546,872 | ---- | M] (Microsoft Corporation) -- C:\bootmgr.efi
[2009/05/28 09:20:29 | 000,003,532 | RH-- | M] () -- C:\dell.sdr
[2010/09/20 20:27:21 | 4251,828,224 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 05:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/09/20 20:27:20 | 270,475,263 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\Fonts\*.com >
[2006/11/02 16:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 16:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 16:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 16:06:41 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006/09/18 22:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2008/01/21 04:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/07/31 04:52:58 | 000,000,286 | -HS- | M] () -- C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2010/09/20 19:01:33 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Home\Desktop\mbam-setup.exe
[2010/09/20 20:36:55 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010/09/20 18:47:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\TFC.exe
[2010/03/05 21:10:11 | 001,531,691 | ---- | M] () -- C:\Users\Home\Desktop\winrar-x64-392.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2009/07/30 04:01:35 | 000,000,402 | -HS- | M] () -- C:\Users\Home\Favorites\desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.exe >
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< %USERPROFILE%\Templates\*.tmp >
< %SYSTEMDRIVE%\explorexxx.exe\*.* >
< %Windir%\Installer\*.tmp >
< %systemroot%\System32\*.xco >
< %ProgramFiles%\system32\*.* >
< %systemroot%\System32\windos\*.* >
< %SystemRoot%\system32\sandbox\*.* >
< %SystemRoot%\system32\*.amo >
< %SystemRoot%\system32\Windows Live\*.* >
< %ProgramFiles%\logs\*.* >
< %ProgramFiles%\Bifrost\*.* >
< %SystemRoot%\system32\*.goo >
< %systemroot%\system32\IME\*.* >
< %systemroot%\BackUp\*.* >
< %systemroot%\system32\*.ico >
[2006/09/18 22:31:55 | 000,107,620 | ---- | M] () -- C:\Windows\SysWOW64\acwizard.ico
< %systemroot%\system\*.dat >
< %systemroot%\system\*.exe >
< %AppData%\Macromedia\Common\*.* >
< %SYSTEMDRIVE%\dir\*.* /s >
< %systemroot%\system32\ras\*.exe >
< %SYSTEMDRIVE%\MFILES\*.* >
< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >
< %systemroot%\system32\services\*.* >
< %systemroot%\Spooler\*.* >
< %ProgramFiles%\system32\*.* >
< %systemroot%\system32\Setup\*.dll /x >
< %systemroot%\system32\*.mine >
< %SYSTEMDRIVE%\cleansweep.exe\*.* >
< %systemroot%\system32\ras\*.dll >
< %systemroot%\system32\ras\*.drv >
< %systemroot%\*.iq >
< %systemroot%\system32\XP\*.* >
< %SYSTEMDRIVE%\Extracted\*.* >
< %systemroot%\system32\windows\*.* >
< %systemroot%\logs\*.* >
< %SYSTEMDRIVE%\Win.Msi\*.* >
< %systemroot%\regedit\*.* >
< %systemroot%\system32\skype\*.* >
< %AppData%\Adobe\dlluplwin25\*.* >
< %UserProfile%\*.dat >
[2010/09/20 20:44:46 | 002,097,152 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT
< %UserProfile%\*.dll >
< %systemroot%\system32\*.sxo >
< %SYSTEMDRIVE%\Gazma\*.* /s >
< %systemroot%\system32\spynet\*.* >
< %systemroot%\system32\System\*.* >
< %appdata%\Microsoft\Windows\*.* >
< %systemroot%\system32\WinDir\*.* >
< %systemroot%\_\*.* >
< %systemroot%\system32\windows32\*.* >
< %ProgramFiles%\win\*.* >
< %AppData%\Microsoft\CD Burning\*.* >
< %systemroot%\*.cab >
< %systemroot%\K.Backup\*.* >
< %ProgramFiles%\Massenger\*.* >
< %systemroot%\System32\*.doc >
< %systemroot%\Office12\*.* >
< %systemroot%\System32\Rundl32.exe\*.* >
< %ProgramFiles%\yahoo.net\*.* >
< %systemroot%\system32\*.igo >
< %systemroot%\*.rew >
< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >
< %USERPROFILE%\.COMMgr\*.* >
< %USERPROFILE%\Desktop\*.bat >
< %PROGRAMFILES%\Common Files\Real\visualizations\*.* >
< %PROGRAMFILES%\Internet Explorer\*.Jmp >
< %PROGRAMFILES%\Windows NT\system\*.dll >
< %systemroot%\system32\*.ext >
< %systemroot%\system32\Com\*.cfg >
< %systemroot%\system32\btz\*.* >
< %systemroot%\system32\EMP\*.* >
< %systemroot%\system32\expo\*.* >
< %systemroot%\system32\inet2\*.* >
< %systemroot%\system32\xrem\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4657
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18943
9/20/2010 8:25:37 PM
mbam-log-2010-09-20 (20-25-37).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 317966
Time elapsed: 1 hour(s), 14 minute(s), 59 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 7
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9
Memory Processes Infected:
C:\Users\Home\.COMMgr\complmgr.exe (Trojan.Agent) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\MSoftware (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\YXE7DXCQ37 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\com+ manager (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvgciejlpe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvgciejlne (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvgciejlne.com&p=r0lgodlhyaa8apcaaaaaaiaaaacaaicaaaaagiaagacagicagmdawp8aaad/ap//aaaa//8a/wd/
/////waaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaamwaazgaamqaazaaa/wazaaazmwazzgazmqazzaaz/wbm
aabmmwbmzgbmmqbmzabm/wczaaczmwczzgczmqczzacz/wdmaadmmwdmzgdmmqdmzadm/wd/aad/
mwd/zgd/mqd/zad//zmaadmamzmazjmamtmazdma/zmzadmzmzmzzjmzmtmzzdmz/znmadnmmznm
zjnmmtnmzdnm/zozadozmzozzjozmtozzdoz/zpmadpmmzpmzjpmmtpmzdpm/zp/adp/mzp/zjp/
mtp/zdp//2yaagyam2yazmyamwyazgya/2yzagyzm2yzzmyzmwyzzgyz/2zmagzmm2zmzmzmmwzm
zgzm/2azagazm2azzmazmwazzgaz/2bmagbmm2bmzmbmmwbmzgbm/2b/agb/m2b/zmb/mwb/zgb/
/5kaajkam5kazpkamzkazjka/5kzajkzm5kzzpkzmzkzzjkz/5lmajlmm5lmzplmmzlmzjlm/5mz
ajmzm5mzzpmzmzmzzjmz/5nmajnmm5nmzpnmmznmzjnm/5n/ajn/m5n/zpn/mzn/zjn//8waamwa
m8wazswamcwazmwa/8wzamwzm8wzzswzmcwzzmwz/8xmamxmm8xmzsxmmcxmzmxm/8yzamyzm8yz
zsyzmcyzzmyz/8zmamzmm8zmzszmmczmzmzm/8z/amz/m8z/zsz/mcz/zmz///8aap8am/8azv8a
mf8azp8a//8zap8zm/8zzv8zmf8zzp8z//9map9mm/9mzv9mmf9mzp9m//+zap+zm/+zzv+zmf+z
zp+z///map/mm//mzv/mmf/mzp/m////ap//m///zv//mf//zp///yh5baeaabaalaaaaadiadwa
aaj/ap8jhdiqgsgdcbmqxmiwocohecnknejritwdff8zxjgxisenbtu2/nixjeksjk1expkvfcap
qvjjbjnsyuyzcjlarmmz58mcinw2polsonchlfegpaj0j0e/qad6cwmuktorbi8ufloxqteyu1ts
+xqz58axk5saxsnwplaif7gk9inwzlmidvpq3cvxrp+3gghztaqxyngubl0khcqy6thdn6h69sqv
mtnjyo9apcv0ytiqjc9ezcs4a2lnaimofrxtp96/mgoxpjnwk2fvaz9njgx4c93eq9nwpflwnump
z+fqpt14rnphgskqty3u6thli9m+ly6tommxbcss/8/qeytduailhuyofp3e2jcbci+8pbf58ecj
tp6t0ib4xvfrpr15prlxhuawhrswvoaplha1cwyvv2lhtbgdry79xv9/el1vgwhyeagdhqp9nrv4
hpg4oxw6ybewwlfr5tsdq0nlh3rqvrsyhg+lpsniad2oowsguwrkcd/kjttfgr02fecncodgezyt
ynr8mww23hdkmtezyj6ceasymkkhn4v6tavgvg62pggmdzo0xy3oacfwzwapv9yfpcjpzgsgtlxh
u5krbthgtk7ognscfwyxcihmurucqef0i51fzsdjneucydxhfujn1is1tyxmmusj6prudoe3xrsr
pv9jawebhtjojvmspegiiulzj6+ooydnhngkjtzxn1j2fypaefpidjlhbbokkbrlpu/xanspkv0q
5kuts/1kbjtovpssxfaphmrbakycqaszdmyjvztyduul0duz0mhbgtiqsji2z6i/tsp4lp7wsdsa
aqxrqrn4kakqbuaxvmxxgc0tdoel4kxykqxecroshiftofkkltiuilotlexaieej6c4kcmfr5hrg
+mjxzhbp6xbvfsd6ccsruoevsyb+q+6+s1hzsc/u0ervv9ffzttcsrukxmcevvp0t7mmoxep11ym
1dnb4/rxzkrvckn9s9mammdpzwl1futnh6ttddb/jzxleeuyan2hbw1tvqrf6vjqommiodasp1xx
wdxxpkdofmr0mevrx75ozgnj+yo1eb+axl3rjayrtqyl23s4euell4+nh1501i1f6rnuwgaonjqh
xrr2zh9hlblzptbnb9gkr4opnsy+/y/xmt4g042heu7jabzpxn1bzjfq4kkyy4ieejq/citn6in6
jphca0ut5arxvflxq777om4hylrtm4wtjnmi1abfsszpgwovwf7ks7ndau4mcxljnduzmurfelci
mqevwd7dzjbkdnni5qg3e2ktl2acyw2suvon7lgmvaukll2kt59jmq5cxcgcgia1nqyyh0t5utt8
/3afocrjrioiytl/viicfqnsvvnxi3acdusovc0+ullid9igm+dsxvmgedpcfgim1b0kkgsuysjs
y0t/yqujr5xy6bbfwnvgzgmexa9yzceq3wmpijstlog2v5pcrssxkijnxkrclv5fazkzhffgfeov
6rjpext5tnain6rtrcv0azqwyljgljrhxgnzulkgxiutev4onmvjpii+mcbwxcchm2sicadzr56c
yf2pzofd0igz43igmxzsioumxxwnqde7+zolv6ifnzaallykwsq1grm/khkfe6e5pvfwocrcbbjl
k0hm9matrbstjhe+g+yjw8kozvurvvou4xkbmv+/prwmq49bvjdlrliwrja2xcgj5xqvojehkyxo
fjpeh2ezeojrwjdqdqmkpb+kyljr73ly1djjxp0w6ddo5n3c+ljmw50ntcjrdbcpu7cgag9ma6em
ghotuerurx+yus0ts5qfnsjqq0l7yugycefkwczsxtne5o7er3qelyeh2ijihnyqboboitvkyams
lxk65ckno/wkk/ng0udkazlllclocna8s9iivqinjljlltsnekhoewsoucfhoisxat/je5z3gmm4
mmxitytxkf/tb68y7vr9arnd2wrctxbl0kudy0gglag0ha6hrpjp1b8oofg0ntvfa3kjbwwfu8v/
qst4ouvku7pkziafbz1msrwi4hnlrd52tj6jjbsl4qlfjowlhbrl9yb3fswmk5zknfzgosormbgk
tv/syz+ygybagdc6xjnxfvymm9pcr6am8gzp3klw0ipsk0bt2uggezqw+emmgtnaj+hfyh1rx17o
fjo16sq0e2wwec2r7oawd9gzsxhhyqwnct9apou0v44+pu++jdnsfryhz2ob4trnc8bffjv0p4qt
lld7txq/wiicpbljmbzef1lvbcglznk2bkhzyjvjsigjavdlypzxgkwr4t1fkdbkkrzomp0k5wzl
5jld1cxc9rrarh7yzfxtxg0io0lywdxzke9l/8rqznuuqfou8tmxkl0oznnym7nnxjkrg5qw9ybd
o7jgvf+h6c2bcmlkse15ayqg8bqpt51ysrjqwxeufakxker6+muz2kmmu6uvhkwpniansz30dbad
ywos9ysheqp1klhnbmqlk69kdu1j08lojor+zulstvduxcdgz3ai2fjgk7xsnfwaskvoaprp7gx5
vlf5m2h+iz3svnkg216x5iik5l8fcsyqmrq2o9le+tyirrsmdfu+t05rkyxy/y3tgoxhpq9v5hj8
a7qr6sxzav57jll0k8sqwo0if+q0ortqlzleuk1prkpjoqslmrpzmoewwej8l6culrt3rfvtx94z
g36+rcwjgxpkkbkutqa6r3xaecvj2z6scl7u3lyasga2we16ngij6pxyvms1mp+d6dljeylnzqpx
qmzxgwu2wkfqb861ll55ppixbz9yyuusshhduktt8tm5he5ngn/7k0jecsjnckhevjp2tpyji2/6
ajphfdeofyitjc2sonehs3dt41laldk9sz086tgsrx//up0n5c9+n5uh8u353zhis1ycrme7n+ki
uobe6lexd3djepu8hxstlyvnk3y1kim89h15kk3nc604ax4x9lp83v/6bqob5+q+cqgaow (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvgciejlqvc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yxe7dxcq37 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Home\AppData\Local\vpwkxpvvr\jhxpotxuqiw.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Home\AppData\Roaming\D3ADD88C79438E06E44D32E19B9A55BD\handlerfix70700en00.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp (Rootkit.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Home\AppData\Roaming\Template\vclupldrv12\msfteml.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Home\AppData\Roaming\Template\vclupldrv12\msftldr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Home\.COMMgr\complmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Home\Templates\memory.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
Hi many Thanks for your help......
Extract,txt didn't create when i ran OTL after removal.
Hope it should not have any problem ..Please let me know if there is an issue.
AGain Many Thanks for this...................................
Hi
Still a bit to do:
Erunt
This will create a full backup of your registry... ERUNT can be used to restore the registry from this backup, if needed.
Click Start >> All Programs >> ERUNT, then double-click ERUNT from the menu
Vista/Windows 7 users: Right-click on ERUNT in the menu, then select Run As Administrator. If UAC prompts, please allow it.
Click on OK within the pop-up menu
In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
System registry.
Current user registry.
Next click on OK... at the prompt... reply Yes.
After a short duration the Registry backup is complete! pop-up message will appear
Now click on OK. A registry backup should now been created
Run Fix With OTL
Highlight the following in the code box and press Ctrl+C on the keyboard
Make sure you include the first colon (:)
:Otl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4 - HKCU..\Run: [Lvgciejl/z+me\AppData\Local\Temp\961095171.exe] C:\Users\Home\AppData\Local\Temp\961095171.exe File not found
O4 - HKCU..\Run: [Lvgciejl82xme\AppData\Local\Temp\2314884205.exe] C:\Users\Home\AppData\Local\Temp\2314884205.exe File not found
O4 - HKCU..\Run: [Lvgciejl91+me\AppData\Local\Temp\440669226.exe] C:\Users\Home\AppData\Local\Temp\440669226.exe File not found
O4 - HKCU..\Run: [Lvgciejl9yyme\AppData\Local\Temp\1535015731.exe] C:\Users\Home\AppData\Local\Temp\1535015731.exe File not found
O4 - HKCU..\Run: [Lvgciejlhb] C:\Users\Home\AppData\Local\Temp\debug.exe File not found
O4 - HKCU..\Run: [Lvgciejlk+] C:\Users\Home\AppData\Local\Temp\gdi32.exe File not found
O4 - HKCU..\Run: [Lvgciejlmc] C:\Users\Home\AppData\Local\Temp\mdm.exe File not found
O4 - HKCU..\Run: [Lvgciejlna] C:\Users\Home\AppData\Local\Temp\login.exe File not found
O4 - HKCU..\Run: [Lvgciejlna.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXMiwocOHECMypCaxosWLGCkK1JiQosd/H0OCHCnSI7WSJ0dujMhxZUI/
A1tO7KiyJsabDFMdlInzYiqYCEWuLBmz6Ec/qYgK7bmQ50WnC3UWtWnRqcyPLv/5AUoQalaqUWGK
lNp0KtVUZJmq3cl2bcStFb0qREoz7sCkaauaXTu25lKIVtuO3CrX6N66AuFe7Qp4JF6JHCMLdisw
L+WG1H4+RMtYoUy4k/9Zjsr5ZmClJFMvXX13Z+HQX6du5Vp2oOLaiWkf3h0bLdmrryHjDS548WKc
ugnSjZgXafKDy1kqfOyZ+NPM2CVLZswzrfbUnf3G/8z783bQnaO1mieoOXbOgiepgzXs/jJ95pc1
wiwPGv5DuaXZZtpdSXlmUEqYUeUVVvdRhBdn22VlGYOQ5ZZUfwxixxtFYimY21be8RaUb12dZGJ8
B0aY33/ZTZcRdDqB2FB6BukEoHNxmZjUiScmWCGF/g31n1/YocXRb+E9NNs/UzRJ22kT2lRgbKBx
iCGPWA53ZHEH0TjkeT8GudGO6VmHo2gwNTmFXC15uRs1hJmEYn8jIpikQ24OGVJLKoq5EZYKGrnj
hrYhVWRmMaLQ5HzbeafjoyeCKJWKS8aEaGB51pSpdLFpZF2KILVZYosGnVnZk6moueOhg/IYqlPD
of/1HGlGOmTdpgYax5OdIhZ34pT+xXqbldzBOYWi8fVYGavMUlfegXXV2t5M87GHG2Jgqmfqfz9N
4Ye3utkoGpxGaqRZrHACGpOar3k6nGh/lndospklp6GAldLkB6Kj0cinYZH9JDC4f3oaqnPf8vdk
Qakoeqy3ReGlpqIo+Daoeg03GSDDDicU65RHAiXVaBw6afHH8UllqGi+IUVifeJG2N+g5b40hW/1
CnzyaCAivNy3FN+cUkrfTpzWg0w6rDG6tjV5JL+uwWvb0TupeXOX+/Gr9a9wSnqvy+BNHeVQ/FpM
jaIun2ziSi47J3DaKm9ltaIqoRU0CkA1CvTDyFr/mlSTij7mlbjwtmc4Yz8FPbLaXk4r62w3C13v
bJTTWa1n3wbcrNY7M16v1eAODLqWeY+kZtFOVjYc4LV21FKVU0v9IOhgV2agckaCC/m+ICk8m6BF
2tpV4FTRtTbDnXfG97G5P2xy5yc7nKrzxifWce+ksnyXyFh17tyx/xCvX31O+SwpZzZ+W3mH9c24
qEHeXm0a6FNoNXq+p1qsqrGnC+skq4IyEl2gBzyuUENjTFpTa5gELJDArWWlKY93ziRBtagvK3KT
X9igFRv67c1hC6vXvVKFNgcGjTD2KyHyCIgznK3NRH5A2wFvRqLp3cxtr7OctignMI7IzTo5i07T
/yZVGatlayFLmtvEnLYsnCGkaAa0mtv6V7bEWMZGEHqd9byFluc9Dm8tNJvHQuezST1rJt1pW9EI
N8NUla5goYJWvk4COOcdq23iqVHGKraSY6EAbUihmJXMJqdxkaWFZQMc71S4Rf2YKkPbM1TX5Haw
9bSPISb73A0hBj8MEWhlBYkh6v4HEec4jFVWu9D/OFSgZD3IbXCL1/R0ohMmDsRJMsITUm54kp5J
Kpc9ISHbIKY+mOCoaHwCDXlkZUcE9gZ6IKFelWL4MBteCIAPepCV1oe6B/VNIKe75JhW1kWJFTNG
N8zj5RAyvT+9L2EFOR0sWxnAKaEOb9Lbme04mP9C3u2pjvJUXXYG6qCtaWiGN8ygodYIJIYJMZqa
4aZWUiUwbPHmgpnp2wFRELH/nRGH6drRbO7GtzK55iR/XNM8u7U8FEDtOIYsktnY5c2rwQlZIiyV
Dk+VUF/uS32O9FND4JnASb1vI7isp9QEKiiledCiZUPdGFOpsIZ6zH40JInTuuitgZLJbVh7WwV/
h7+JXgSBqSsiV2z40IlaTCueAijoxDc0ci3nKtWEzi4VuMD1TQShDvKNxhD6k3kxq3KFlRvlHITY
BQFmq0cVDRd3169QRnF0CCUljxoInTvCBy9vXCpjKpfH6dUumpsMnazIRFBmTe53p+IhTswVuKX/
NQ9iZ8NtKAu1r1cusW13I2JBN9shlDKPZVhpbYjkNLRifitpZBxp/AKnMCFFxrD8AReiGuuhT7GU
r4lh4gEt2Z62iXWUW5WVUzc2lVaqhJo3BJ4rE+tej0Dwp8BSrHO2e0cvpu2/Zlvtaslq18aWTWe4
4p/QtDVDOj4XTWK1mG42OjHV2HE/O0sJuuLzsH258qcl6dnbQGTVlcRIutczjA631DSv9RJyu+pV
ZwmWtxmqJ74EOpny1ou45WXKlcYCI6A0JCvY+Oc55ZkY5dhJsqIgzE6T9DCu/DRe3hEIXMfikxvR
NFFYjhJv3Elg0CJkrhbCBW9AGu6v5kk+zRS0/0A7opiVd0jJxAgVTYrx1JKbGKBbGbAr2SVP2ubi
Ri6+dV1ShI8rp9Ynl7CPbPYddMGI6x12IZG0m7lPjXiVJGC6hGhGFBsRLSLBOPW2R66SrDr/xDZ4
LQhSHCqUe3vnwEcPNXIP3gun75STnYrHaj5kb0YQ1KIjBWjFmnbdr07ay/M02SE/q26SPsWeObdF
w+KdqGP5KRmaqasmZO2ZwY4zwqFdLmdC6oyX/iIlWy+ZPOZOt15sEtgp06TRk+pRWx2omh7R8y0m
NQu1X3K7i1HrS0utl1aMHGZ2ZyUzgF7VxbBb7RH3KdjFjZqojqgSg4Wn230GmIyFV5pZsaWQvP/u
UuzGhOpdn2WfLN8Ijhq9atEifDoQHzhMOxUvsUxL0akBmZGvIsDWKitexzPxYI485yByNswLvBMk
MTXQOH585DM65NWPfp1lnyc4yX3iz4N0skH/a51dkjAh9Yl2fvLc2L9Z1bjoJZ03cz3qrFZNbXIO
r12qZtZOvq9dI3zewrv4I/KJkL3vTBIIjWfRVSEontZCFkn+CsGx1B7j8f4q3sinOk/RtSTZ4/iU
I53upg+byd2u8jmOyuBQ7xXEAfNssAx8OkhSHZiMThmP+6hGqz+5y8WJ9aRzat4V7bidtQyp0FNr
8V/xfbaAtCqTEL8jTz94ME3q4VfdXi3Ql1B3flBNe6h8Xzi/OezvUx4Y1ssbjqhR+tW/HhVLGf9A
sGd42/E0suHbxz+owRrO13uA4X//x05/xnOpR38BaBfXgXUsAi3JlX09cX4HeIFMYYEVgSMXYnge
OE8gGGEHSHP20X494WXclIIqiFgoOHdiQmYCF4MYERAAOw==] C:\Users\Home\AppData\Local\Temp\login.exe File not found
O4 - HKCU..\Run: [Lvgciejlo+] C:\Users\Home\AppData\Local\Temp\avp32.exe File not found
O4 - HKCU..\Run: [Lvgciejloc] C:\Users\Home\AppData\Local\Temp\avp.exe File not found
O4 - HKCU..\Run: [Lvgciejlora] C:\Users\Home\AppData\Local\Temp\iexplarer.exe File not found
O4 - HKCU..\Run: [Lvgciejlotc] C:\Users\Home\AppData\Local\Temp\hexdump.exe File not found
O4 - HKCU..\Run: [Lvgciejlpsc] C:\Users\Home\AppData\Local\Temp\taskmgr.exe File not found
O4 - HKCU..\Run: [Lvgciejlq+] C:\Users\Home\AppData\Local\Temp\win16.exe File not found
O4 - HKCU..\Run: [Lvgciejlqb] C:\Users\Home\AppData\Local\Temp\winamp.exe File not found
O4 - HKCU..\Run: [Lvgciejlqc] C:\Users\Home\AppData\Local\Temp\win.exe File not found
O4 - HKCU..\Run: [Lvgciejlqcchonline.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXGgwFcOHECNKnLiQGjWKES8K1DiQI8aPHRP6+ecRpEmDJSGmrGjRYsiT
MGOeHCmz5st/fnLq1JnKT8+cP33uFLqzp1GgNjmuvFiSacGVIIFOGTo0KNWfU636mUq161avYHNO
CXqToNKyA1O1dHoWpU2FPIUeBRqXrl2ieB2SXEgzoUa9bwPjFBw151OBOs3u3YhW5sq+D/W2Pdj0
JFS/ey8rfsuR6MGihCcCjoxRc8aFahm3DP3QacGdh6ntdLk6KdoprfdCXkyZpOmKmYNvpNaTpFrX
vDdP/C0R9uejwdm+3V0x1WjllK/HpC3ZJHOKk1M6//883u1q6YwVa6QeWW1q4cn3Wk8vfD79p8ep
TVVNfK1L5Re9p5pj/eUHl1Fw0XWfQmdJxx5DkPVnWlP9ZeSfbBYiZ9xyvmnIYEcFWmQdcSNaxZeC
AMZH30jSoffZQCPl1CKJDv1V42EoSeiSWrt56JZA9vnIm3+NBdaZHxfWhtNPGGmHkIv3HWWUewcJ
6JeIBFn3IGYdOfnkfwRtaRaY9FWG3XDRoekUT5MpJmZvabXYoW5zRQiYUmD2VRxaxFFnY4rDKfna
j/FVmJtrtL3204SxhcTcUv/cuKB6MEpJ01oGsbgnQvbRR+WVZIqk1XUUWrngo4ANhVyLVjGVmpyw
Zv+WaIBgCrniXa8CKVuDS0oa0nFpYhoWVUPCx+B/3xGaqVAQodhaS4Bdl1WRDYJ5p6XurXqTRtzJ
5dNPCDZ7mnmpcCXgb9d1umZiRcb4FYtwvtSdbFNAG+KALsLak34ooJAVXsUCy9Sss8oK66Uqfkjc
FAw37K+XDZllmHWddlTVhUjWBjCnZZULcYf2cpvfewFO0e/JmVkqY42CThoRux+aVa7JNPtr81Sh
KtUdYzIC+W25X03FFcLwGmfvyH0CFbJ+K8v8z1gWzYbTULqWe/LVKCBJ6kbe7ltmsbxy1HCRVdbM
cGrW+bvfnBEntCdW78oWrVzNybbVq3aLtWiSq0H/zC3DN59cb5xr5SeijT/79NraP341LjU2nwuk
zTpme3iSvO00lpabFtRq5qMiKRZPQGaFqZLaXtQXv1j7i6RiluMYcspyjf3kVx/f/jBCNN9pcKiB
0ob7hSBHXbhQp8uK2N1RA61noXxN3q/JrkvWN3HA2boRw12nZTtDyG2VNULi/yulQ5bzbTFXz9WI
MM86zXhRwz5FjbPxxF9++q7iXx2poTQyj3BSoqGzpUcnQjMMRmzGKddV6XwiYlb9WmIXt1HsRLfj
nkNwliW6RaZANUOBQ4gCuJ0BB0JbIc/aPNgaP+wuUybTDsSo9B8S2kV/fcLW15Y3ksFF6l0KDNbU
/4oWJi0BBWs4K1+/3pQe4CWHaeIx4JlQwz2UfC8tXOrQpphEorvJjEg5ZJHcROSe+IlFik3BVtcM
JCLBZa11/pLId5gXJrFY5mQeKZ/vfHWgTzEtgQmE0WRudJ4BpmYr3KuL6ii2RqDtjTbUg+MSsfQk
EBFqLVVkTMNGk6wwnY1EavskFiOzmzLqDVg/HMyksNe1CnmwJ+aqSNGw17zaTc9m0/MVH+PFH4/o
x4dL4uBJrGY2wdEshYBK5W2C6KauqO518KJYrUDGPeGtzlgGeklOrnbMn4GLR99qJbcwpZ6tcOtd
vGxNw0wmI/uNzVuKYo9HPEbB7hlmYL55CvYiFf+kxXyFLXl7ndNwtBFiTu+aL9mnPmukxik9TWla
AqZKyuJChnHLe2q76Oh65Cj5pJBW7xnJyPIZp52FsTiqs+gaY8S+8/iSnwKJZL8CKtI4jlJCJL3M
ej4JS6hJM1u+q0gmYag2RSGGLKey2y49pC2XZYlE00INOJE3sBv1sGaaotfJSlS5rh4ufe5RKdNy
lxuBMDBixMQNTN1CtcXQi2QuEWk2M5azYm1meO7hKlBDtFegVnSrrOOmQmF60XSSxIBAm85QgdSR
dZK1jgqMH7KMUrijhUh/xwkSODdHsZ9WTGLOYpFM3Xi1UhbUqeTDmRQ5tCBiMkZSCythXoGqV2n/
IjCcQVOgV5ckMjJ2lp8/0+BvfeOkij1TgaNFIssGtr8ABbVsYxEmQbOno8jttXn6MdUJ0wLEoU3w
p5WbmKE8Z58Lkncln/UcTogTuGO+NFL4IRGRKik0xrGWMhUVqUcrmTq3koifgIwo6aq1Gma+9lx1
he9vtTum2sgUag/MkmZ9qT5EWhS1TWKngp00z87OlkbpyhiaYDSWdq6KgvL5bGGna5z0QgsxWVqi
iV5aIt5YjyWIzCZM/mJdD3OORzdB5bb+1zKA6kVVQ+oPEQeUrtEI2XArJiJd+zIb8574qJ315pTQ
p55Ega+vJbMv+FqWHZIqi3xKxeJ4lcXJO9Vm/7gwrmS0GLkvH3sYQlmyDfySWbUVK8dwU2zTZvLG
Qa2FKlqEIyeOEPQ+Sy44JM7BZzrVytiEmcRrYx7ssZDlxNzs8odBGa+rgkcRTMPOvMVdXnEeS53H
VnKHuWLymp+blhHpyCQxwgxezAlWuWnZzj4uWA6djNCcwghmOBIojCwNEicKuW2eG2dTJZLeZimV
ks1WZWcLVKJtgxfY4PImjcSDazWG88UDgjZJ6AqleM1TccZqjLAuOMHeyEnCKvZmpZHju07zjGPM
lqO0Jdw1onh2kdzdMkSMm2kymdJRSWtPtW3MaICTbdmTYnCTFA2p4MVOe6CuSsHxdkE8dbqfX/87
DmxcpSWMJ1l1KRuRuxO8bpcx8VnLsdaOaoLKnCm6zAJfJLIrvegHmteweUbNjpEuKJwGyK5X+jZt
mPtstHwq4BRX0kYf9HTlRLNzGMawqwVDZs2AmSXFK56XcUrtib/mbhFiyB7VNUzW+KXqp+Wrijs6
HIEN+dQ64tt/fgtyXemmZ5iBeUlY+Heod/3iofnq0QUOvdbkzpd+j1WmqhQRv8ntzG6zO57AWh+3
winwjXcZmXQaLj4TmYLA6yTXa+328Jiwk5ziq7/V6yVyFh4m0sQ95/U50ThDHd9ZJPppqtrtx/Iq
znoB9BQHTS34OJfW8Q6bbhq1Q7T0iICV8ptWy8NOXOGLi8x2b7H5SWMZ5ZOfn3h3vxw5g2L4Yv0j
Hda4TPQPHpMyqqDKxmLpl3zyt3RAMnmscXMTNVjrh4DgcX9lNYAyg33rJ3e/Vzdmtl35h30GERAA
Ow==] C:\Users\Home\AppData\Local\Temp\win.exe File not found
O4 - HKCU..\Run: [Lvgciejlqf] C:\Users\Home\AppData\Local\Temp\user.exe File not found
O4 - HKCU..\Run: [LvgciejlqMc] C:\Users\Home\AppData\Local\Temp\rpm54cg.exe File not found
O4 - HKCU..\Run: [LvgciejlqMcmd.com/dw/dw.php?id=%s&ver=d01] C:\Users\Home\AppData\Local\Temp\rpm54cg.exe File not found
O4 - HKCU..\Run: [LvgciejlqW] C:\Users\Home\AppData\Local\Temp\drweb.exe File not found
O4 - HKCU..\Run: [Lvgciejlrxc] C:\Users\Home\AppData\Local\Temp\spoolsv.exe File not found
O4 - HKCU..\Run: [LvgciejlsPc] C:\Users\Home\AppData\Local\Temp\nvsvc32.exe File not found
O4 - HKCU..\Run: [Lvgciejlud] C:\Users\Home\AppData\Local\Temp\system.exe File not found
O4 - HKCU..\Run: [Lvgciejlupc] C:\Users\Home\AppData\Local\Temp\sysedit.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O33 - MountPoints2\{1727ee65-a14d-11de-836d-002219ec09f3}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found
O33 - MountPoints2\{3c6b17f3-ae0c-11df-8aa0-002219ec09f3}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O33 - MountPoints2\{826839c6-809f-11df-a589-002219ec09f3}\Shell - "" = Autorun
O33 - MountPoints2\{826839c6-809f-11df-a589-002219ec09f3}\Shell\Open\command - "" = regsvr.exe
:Files
C:\Users\Home\AppData\Local\vpwkxpvvr
:Commands
[Purity]
[EmptyTemp]
[Reboot]
Right-click on the OTL.exe file & choose Run as Administrator to start OTL. OK any warning about running OTL.
Click in the Custom Scans/Fixes box at the bottom of the OTL window
Press Ctrl+V to paste the above code in the box (check that the code appears)
Click the Run Fix button
Please post the resulting log and close OTL.
Re-scan With OTL
Once done, re-run OTL again following instructions posted previously here:
http://forums.spybot.info/showpost.p...81&postcount=4
To post in next reply:
OTL Fix log
New OTL log
Update on how the computer is running
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejl/z+me\AppData\Local\Temp\961095171.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejl82xme\AppData\Local\Temp\2314884205.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejl91+me\AppData\Local\Temp\440669226.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejl9yyme\AppData\Local\Temp\1535015731.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlhb deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlk+ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlmc deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlna deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
File Lvgciejlna.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlo+ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejloc deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlora deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlotc deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlpsc deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlq+ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlqb deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlqc deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
File Lvgciejlqcchonline.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlqf deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvgciejlqMc deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvgciejlqMcmd.com/dw/dw.php?id=%s&ver=d01 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvgciejlqW deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlrxc deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvgciejlsPc deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlud deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlupc deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1727ee65-a14d-11de-836d-002219ec09f3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1727ee65-a14d-11de-836d-002219ec09f3}\ not found.
File F:\WDSetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c6b17f3-ae0c-11df-8aa0-002219ec09f3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c6b17f3-ae0c-11df-8aa0-002219ec09f3}\ not found.
File F:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{826839c6-809f-11df-a589-002219ec09f3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{826839c6-809f-11df-a589-002219ec09f3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{826839c6-809f-11df-a589-002219ec09f3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{826839c6-809f-11df-a589-002219ec09f3}\ not found.
File regsvr.exe not found.
========== FILES ==========
C:\Users\Home\AppData\Local\vpwkxpvvr folder moved successfully.
========== COMMANDS ==========
OTL by OldTimer - Version 3.2.14.0 log created on 09232010_190900
Hi ,
I have done the first step but i couldn't do Rescan OTL step as i am not able to access the below link.It is throwing an error http404 not found
http://forums.spybot.info/showpost.p...81&postcount=4
http://forums.spybot.info/showpost.php?p=383681&postcount=4
Try the link above... Alternatively, here's the instructions again:
OTL Right click on OTL.exe then choose Run as Administrator to run it. Make sure all other windows are closed and to let it run uninterrupted
When the window appears, ensure Include 64bit Scans is ticked
Click on Minimal Output at the top
Download the following file scan.txt to your Desktop - Click here to download it (http://www.geekstogo.com/forum/files/download/395-otl-custom-scan-file-scantxt/). You may need to right click on it and select "Save"
Double click inside the Custom Scan box at the bottom
A window will appear saying Click Ok to load a custom scan from a file or Cancel to cancel
Click the OK button and navigate to the file scan.txt which we just saved to your desktop
Select scan.txt & click Open. Writing will now appear under the Custom Scan box
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long When the scan completes, it will open a notepad window OTL.Txt. These are saved in the same location as OTL.
Copy/paste the contents of the log & post it in your next replyTo post in next reply:
Contents of OTL.txt
Hi ,
My system seems to be infected again by security suite :(. I am not able to connect to internet now. I am posting this from my friend's system. I think I need to disable the proxy setting to connect to internet. Not tried that yet. Will try it and try to run OTL log tomorrow. Please dont close this thread.
Hi , I ran MBAM today and removed some files. I am posting the MBAM log file. Please advice on the next step. I have not run OTL yet. Not sure if I have to use the custom scan fle provided in the previuos steps. So I am not running OTL until I hear from you.
----------------------------MABM-LOG-------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4657
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18943
9/30/2010 6:56:19 PM
mbam-log-2010-09-30 (18-56-19).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 318101
Time elapsed: 1 hour(s), 20 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\706588211 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Home\AppData\Local\706588211.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\Home\AppData\Local\Temp\PWwsduGWim.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\Home\AppData\Local\Temp\0.045902130943854536.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Home\AppData\Local\Temp\0.585349650371498.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
Not sure if I have to use the custom scan fle provided in the previuos steps.That Custom scan text file is constantly being updated so delete the copy you have & download it again. Then run OTL using the instructions previously provided & the new Custom scan text file.
Hi,
Every time I boot my system , a program called Registry Reviver runs automatically. It used to scan automatically and say that some files are infected. Last time I ran MBAM and removed some infected files. But Still this Registry Reviver runs when the desktop is loaded but it says that 'no scan is being done'. I feel that the actual infected file that was running behind the scene has been removed by MBAM but the triggering program is still not removed. Apologies if I am putting in a lot of information and if I am diverting you. But I felt it would be better to keep you informed.
I have given a short description of my system in the previous post. OTL log below.
Thanks.
--------------------------------------------------------
OTL LOG
--------------------------------------------------------
OTL logfile created on: 10/1/2010 1:34:41 AM - Run 3
OTL by OldTimer - Version 3.2.14.0 Folder = C:\Users\Home\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 164.60 Gb Free Space | 58.08% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.84 Gb Free Space | 53.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MANJULA-HOME
Current User Name: Home
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
========== Processes (SafeList) ==========
PRC - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
========== Modules (SafeList) ==========
MOD - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msshsq.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Microsoft Office\Office12\GrooveUtil.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Microsoft Office\Office12\GrooveNew.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\ntshrui.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\duser.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\actxprxy.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\SLC.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\networkexplorer.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\thumbcache.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\linkinfo.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\IconCodecService.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\normaliz.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe ()
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe ()
SRV:64bit: - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV:64bit: - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV:64bit: - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (TeamViewer4) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys ()
DRV:64bit: - (tmxpflt) -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys ()
DRV:64bit: - (tmpreflt) -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys ()
DRV:64bit: - (vsapint) -- C:\Windows\SysNative\DRIVERS\vsapint.sys ()
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys ()
DRV:64bit: - (OA008Ufd) -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys ()
DRV:64bit: - (OA008Vid) -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys ()
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\DRIVERS\tmtdi.sys ()
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys ()
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys ()
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys ()
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys ()
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys ()
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys ()
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys ()
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com
IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
O1 HOSTS File: ([2006/09/18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files (x86)\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlna.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXMiwocOHECMypCaxosWLGCkK1JiQosd/H0OCHCnSI7WSJ0dujMhxZUI/
A1tO7KiyJsabDFMdlInzYiqYCEWuLBmz6Ec/qYgK7bmQ50WnC3UWtWnRqcyPLv/5AUoQalaqUWGK
lNp0KtVUZJmq3cl2bcStFb0qREoz7sCkaauaXTu25lKIVtuO3CrX6N66AuFe7Qp4JF6JHCMLdisw
L+WG1H4+RMtYoUy4k/9Zjsr5ZmClJFMvXX13Z+HQX6du5Vp2oOLaiWkf3h0bLdmrryHjDS548WKc
ugnSjZgXafKDy1kqfOyZ+NPM2CVLZswzrfbUnf3G/8z783bQnaO1mieoOXbOgiepgzXs/jJ95pc1
wiwPGv5DuaXZZtpdSXlmUEqYUeUVVvdRhBdn22VlGYOQ5ZZUfwxixxtFYimY21be8RaUb12dZGJ8
B0aY33/ZTZcRdDqB2FB6BukEoHNxmZjUiScmWCGF/g31n1/YocXRb+E9NNs/UzRJ22kT2lRgbKBx
iCGPWA53ZHEH0TjkeT8GudGO6VmHo2gwNTmFXC15uRs1hJmEYn8jIpikQ24OGVJLKoq5EZYKGrnj
hrYhVWRmMaLQ5HzbeafjoyeCKJWKS8aEaGB51pSpdLFpZF2KILVZYosGnVnZk6moueOhg/IYqlPD
of/1HGlGOmTdpgYax5OdIhZ34pT+xXqbldzBOYWi8fVYGavMUlfegXXV2t5M87GHG2Jgqmfqfz9N
4Ye3utkoGpxGaqRZrHACGpOar3k6nGh/lndospklp6GAldLkB6Kj0cinYZH9JDC4f3oaqnPf8vdk
Qakoeqy3ReGlpqIo+Daoeg03GSDDDicU65RHAiXVaBw6afHH8UllqGi+IUVifeJG2N+g5b40hW/1
CnzyaCAivNy3FN+cUkrfTpzWg0w6rDG6tjV5JL+uwWvb0TupeXOX+/Gr9a9wSnqvy+BNHeVQ/FpM
jaIun2ziSi47J3DaKm9ltaIqoRU0CkA1CvTDyFr/mlSTij7mlbjwtmc4Yz8FPbLaXk4r62w3C13v
bJTTWa1n3wbcrNY7M16v1eAODLqWeY+kZtFOVjYc4LV21FKVU0v9IOhgV2agckaCC/m+ICk8m6BF
2tpV4FTRtTbDnXfG97G5P2xy5yc7nKrzxifWce+ksnyXyFh17tyx/xCvX31O+SwpZzZ+W3mH9c24
qEHeXm0a6FNoNXq+p1qsqrGnC+skq4IyEl2gBzyuUENjTFpTa5gELJDArWWlKY93ziRBtagvK3KT
X9igFRv67c1hC6vXvVKFNgcGjTD2KyHyCIgznK3NRH5A2wFvRqLp3cxtr7OctignMI7IzTo5i07T
/yZVGatlayFLmtvEnLYsnCGkaAa0mtv6V7bEWMZGEHqd9byFluc9Dm8tNJvHQuezST1rJt1pW9EI
N8NUla5goYJWvk4COOcdq23iqVHGKraSY6EAbUihmJXMJqdxkaWFZQMc71S4Rf2YKkPbM1TX5Haw
9bSPISb73A0hBj8MEWhlBYkh6v4HEec4jFVWu9D/OFSgZD3IbXCL1/R0ohMmDsRJMsITUm54kp5J
Kpc9ISHbIKY+mOCoaHwCDXlkZUcE9gZ6IKFelWL4MBteCIAPepCV1oe6B/VNIKe75JhW1kWJFTNG
N8zj5RAyvT+9L2EFOR0sWxnAKaEOb9Lbme04mP9C3u2pjvJUXXYG6qCtaWiGN8ygodYIJIYJMZqa
4aZWUiUwbPHmgpnp2wFRELH/nRGH6drRbO7GtzK55iR/XNM8u7U8FEDtOIYsktnY5c2rwQlZIiyV
Dk+VUF/uS32O9FND4JnASb1vI7isp9QEKiiledCiZUPdGFOpsIZ6zH40JInTuuitgZLJbVh7WwV/
h7+JXgSBqSsiV2z40IlaTCueAijoxDc0ci3nKtWEzi4VuMD1TQShDvKNxhD6k3kxq3KFlRvlHITY
BQFmq0cVDRd3169QRnF0CCUljxoInTvCBy9vXCpjKpfH6dUumpsMnazIRFBmTe53p+IhTswVuKX/
NQ9iZ8NtKAu1r1cusW13I2JBN9shlDKPZVhpbYjkNLRifitpZBxp/AKnMCFFxrD8AReiGuuhT7GU
r4lh4gEt2Z62iXWUW5WVUzc2lVaqhJo3BJ4rE+tej0Dwp8BSrHO2e0cvpu2/Zlvtaslq18aWTWe4
4p/QtDVDOj4XTWK1mG42OjHV2HE/O0sJuuLzsH258qcl6dnbQGTVlcRIutczjA631DSv9RJyu+pV
ZwmWtxmqJ74EOpny1ou45WXKlcYCI6A0JCvY+Oc55ZkY5dhJsqIgzE6T9DCu/DRe3hEIXMfikxvR
NFFYjhJv3Elg0CJkrhbCBW9AGu6v5kk+zRS0/0A7opiVd0jJxAgVTYrx1JKbGKBbGbAr2SVP2ubi
Ri6+dV1ShI8rp9Ynl7CPbPYddMGI6x12IZG0m7lPjXiVJGC6hGhGFBsRLSLBOPW2R66SrDr/xDZ4
LQhSHCqUe3vnwEcPNXIP3gun75STnYrHaj5kb0YQ1KIjBWjFmnbdr07ay/M02SE/q26SPsWeObdF
w+KdqGP5KRmaqasmZO2ZwY4zwqFdLmdC6oyX/iIlWy+ZPOZOt15sEtgp06TRk+pRWx2omh7R8y0m
NQu1X3K7i1HrS0utl1aMHGZ2ZyUzgF7VxbBb7RH3KdjFjZqojqgSg4Wn230GmIyFV5pZsaWQvP/u
UuzGhOpdn2WfLN8Ijhq9atEifDoQHzhMOxUvsUxL0akBmZGvIsDWKitexzPxYI485yByNswLvBMk
MTXQOH585DM65NWPfp1lnyc4yX3iz4N0skH/a51dkjAh9Yl2fvLc2L9Z1bjoJZ03cz3qrFZNbXIO
r12qZtZOvq9dI3zewrv4I/KJkL3vTBIIjWfRVSEontZCFkn+CsGx1B7j8f4q3sinOk/RtSTZ4/iU
I53upg+byd2u8jmOyuBQ7xXEAfNssAx8OkhSHZiMThmP+6hGqz+5y8WJ9aRzat4V7bidtQyp0FNr
8V/xfbaAtCqTEL8jTz94ME3q4VfdXi3Ql1B3flBNe6h8Xzi/OezvUx4Y1ssbjqhR+tW/HhVLGf9A
sGd42/E0suHbxz+owRrO13uA4X//x05/xnOpR38BaBfXgXUsAi3JlX09cX4HeIFMYYEVgSMXYnge
OE8gGGEHSHP20X494WXclIIqiFgoOHdiQmYCF4MYERAAOw==] C:\Users\Home\AppData\Local\Temp\login.exe File not found
O4 - HKCU..\Run: [Lvgciejlqcchonline.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXGgwFcOHECNKnLiQGjWKES8K1DiQI8aPHRP6+ecRpEmDJSGmrGjRYsiT
MGOeHCmz5st/fnLq1JnKT8+cP33uFLqzp1GgNjmuvFiSacGVIIFOGTo0KNWfU636mUq161avYHNO
CXqToNKyA1O1dHoWpU2FPIUeBRqXrl2ieB2SXEgzoUa9bwPjFBw151OBOs3u3YhW5sq+D/W2Pdj0
JFS/ey8rfsuR6MGihCcCjoxRc8aFahm3DP3QacGdh6ntdLk6KdoprfdCXkyZpOmKmYNvpNaTpFrX
vDdP/C0R9uejwdm+3V0x1WjllK/HpC3ZJHOKk1M6//883u1q6YwVa6QeWW1q4cn3Wk8vfD79p8ep
TVVNfK1L5Re9p5pj/eUHl1Fw0XWfQmdJxx5DkPVnWlP9ZeSfbBYiZ9xyvmnIYEcFWmQdcSNaxZeC
AMZH30jSoffZQCPl1CKJDv1V42EoSeiSWrt56JZA9vnIm3+NBdaZHxfWhtNPGGmHkIv3HWWUewcJ
6JeIBFn3IGYdOfnkfwRtaRaY9FWG3XDRoekUT5MpJmZvabXYoW5zRQiYUmD2VRxaxFFnY4rDKfna
j/FVmJtrtL3204SxhcTcUv/cuKB6MEpJ01oGsbgnQvbRR+WVZIqk1XUUWrngo4ANhVyLVjGVmpyw
Zv+WaIBgCrniXa8CKVuDS0oa0nFpYhoWVUPCx+B/3xGaqVAQodhaS4Bdl1WRDYJ5p6XurXqTRtzJ
5dNPCDZ7mnmpcCXgb9d1umZiRcb4FYtwvtSdbFNAG+KALsLak34ooJAVXsUCy9Sss8oK66Uqfkjc
FAw37K+XDZllmHWddlTVhUjWBjCnZZULcYf2cpvfewFO0e/JmVkqY42CThoRux+aVa7JNPtr81Sh
KtUdYzIC+W25X03FFcLwGmfvyH0CFbJ+K8v8z1gWzYbTULqWe/LVKCBJ6kbe7ltmsbxy1HCRVdbM
cGrW+bvfnBEntCdW78oWrVzNybbVq3aLtWiSq0H/zC3DN59cb5xr5SeijT/79NraP341LjU2nwuk
zTpme3iSvO00lpabFtRq5qMiKRZPQGaFqZLaXtQXv1j7i6RiluMYcspyjf3kVx/f/jBCNN9pcKiB
0ob7hSBHXbhQp8uK2N1RA61noXxN3q/JrkvWN3HA2boRw12nZTtDyG2VNULi/yulQ5bzbTFXz9WI
MM86zXhRwz5FjbPxxF9++q7iXx2poTQyj3BSoqGzpUcnQjMMRmzGKddV6XwiYlb9WmIXt1HsRLfj
nkNwliW6RaZANUOBQ4gCuJ0BB0JbIc/aPNgaP+wuUybTDsSo9B8S2kV/fcLW15Y3ksFF6l0KDNbU
/4oWJi0BBWs4K1+/3pQe4CWHaeIx4JlQwz2UfC8tXOrQpphEorvJjEg5ZJHcROSe+IlFik3BVtcM
JCLBZa11/pLId5gXJrFY5mQeKZ/vfHWgTzEtgQmE0WRudJ4BpmYr3KuL6ii2RqDtjTbUg+MSsfQk
EBFqLVVkTMNGk6wwnY1EavskFiOzmzLqDVg/HMyksNe1CnmwJ+aqSNGw17zaTc9m0/MVH+PFH4/o
x4dL4uBJrGY2wdEshYBK5W2C6KauqO518KJYrUDGPeGtzlgGeklOrnbMn4GLR99qJbcwpZ6tcOtd
vGxNw0wmI/uNzVuKYo9HPEbB7hlmYL55CvYiFf+kxXyFLXl7ndNwtBFiTu+aL9mnPmukxik9TWla
AqZKyuJChnHLe2q76Oh65Cj5pJBW7xnJyPIZp52FsTiqs+gaY8S+8/iSnwKJZL8CKtI4jlJCJL3M
ej4JS6hJM1u+q0gmYag2RSGGLKey2y49pC2XZYlE00INOJE3sBv1sGaaotfJSlS5rh4ufe5RKdNy
lxuBMDBixMQNTN1CtcXQi2QuEWk2M5azYm1meO7hKlBDtFegVnSrrOOmQmF60XSSxIBAm85QgdSR
dZK1jgqMH7KMUrijhUh/xwkSODdHsZ9WTGLOYpFM3Xi1UhbUqeTDmRQ5tCBiMkZSCythXoGqV2n/
IjCcQVOgV5ckMjJ2lp8/0+BvfeOkij1TgaNFIssGtr8ABbVsYxEmQbOno8jttXn6MdUJ0wLEoU3w
p5WbmKE8Z58Lkncln/UcTogTuGO+NFL4IRGRKik0xrGWMhUVqUcrmTq3koifgIwo6aq1Gma+9lx1
he9vtTum2sgUag/MkmZ9qT5EWhS1TWKngp00z87OlkbpyhiaYDSWdq6KgvL5bGGna5z0QgsxWVqi
iV5aIt5YjyWIzCZM/mJdD3OORzdB5bb+1zKA6kVVQ+oPEQeUrtEI2XArJiJd+zIb8574qJ315pTQ
p55Ega+vJbMv+FqWHZIqi3xKxeJ4lcXJO9Vm/7gwrmS0GLkvH3sYQlmyDfySWbUVK8dwU2zTZvLG
Qa2FKlqEIyeOEPQ+Sy44JM7BZzrVytiEmcRrYx7ssZDlxNzs8odBGa+rgkcRTMPOvMVdXnEeS53H
VnKHuWLymp+blhHpyCQxwgxezAlWuWnZzj4uWA6djNCcwghmOBIojCwNEicKuW2eG2dTJZLeZimV
ks1WZWcLVKJtgxfY4PImjcSDazWG88UDgjZJ6AqleM1TccZqjLAuOMHeyEnCKvZmpZHju07zjGPM
lqO0Jdw1onh2kdzdMkSMm2kymdJRSWtPtW3MaICTbdmTYnCTFA2p4MVOe6CuSsHxdkE8dbqfX/87
DmxcpSWMJ1l1KRuRuxO8bpcx8VnLsdaOaoLKnCm6zAJfJLIrvegHmteweUbNjpEuKJwGyK5X+jZt
mPtstHwq4BRX0kYf9HTlRLNzGMawqwVDZs2AmSXFK56XcUrtib/mbhFiyB7VNUzW+KXqp+Wrijs6
HIEN+dQ64tt/fgtyXemmZ5iBeUlY+Heod/3iofnq0QUOvdbkzpd+j1WmqhQRv8ntzG6zO57AWh+3
winwjXcZmXQaLj4TmYLA6yTXa+328Jiwk5ziq7/V6yVyFh4m0sQ95/U50ThDHd9ZJPppqtrtx/Iq
znoB9BQHTS34OJfW8Q6bbhq1Q7T0iICV8ptWy8NOXOGLi8x2b7H5SWMZ5ZOfn3h3vxw5g2L4Yv0j
Hda4TPQPHpMyqqDKxmLpl3zyt3RAMnmscXMTNVjrh4DgcX9lNYAyg33rJ3e/Vzdmtl35h30GERAA
Ow==] C:\Users\Home\AppData\Local\Temp\win.exe File not found
O4 - HKCU..\Run: [SightSpeed] C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.co.uk/s/v/63.16/uploader2.cab (UploadListView Class)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://inchnm03.tcs.com/dwa8W.cab (Domino Web Access 8 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: VIDC.3iv2 - C:\Windows\SysWow64\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\SysWow64\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.wmv3 - C:\Windows\SysWow64\WMV9VCM.dll (Microsoft Corporation)
Drivers32: VIDC.X264 - C:\Windows\SysWow64\x264vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 90 Days ==========
[2010/09/26 17:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\ReviverSoft
[2010/09/26 17:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\ReviverSoft
[2010/09/26 17:25:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/09/26 17:25:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veoh_Web_Player
[2010/09/23 19:09:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/20 19:04:11 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Malwarebytes
[2010/09/20 19:04:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/20 19:04:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/20 19:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/20 19:01:27 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Home\Desktop\mbam-setup.exe
[2010/09/20 18:46:58 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\TFC.exe
[2010/09/19 17:58:01 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010/09/15 01:20:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/15 01:19:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/09/15 01:16:53 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\malware removal
[2010/09/15 01:00:55 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/09/13 19:17:52 | 000,000,000 | -HSD | C] -- C:\Users\Home\.COMMgr
[2010/09/13 19:17:37 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/09/13 19:17:32 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\D3ADD88C79438E06E44D32E19B9A55BD
[2010/09/03 22:43:10 | 000,000,000 | ---D | C] -- C:\My Collection for bristol festival
[2010/09/03 22:42:48 | 000,000,000 | ---D | C] -- C:\Bristol Harbour Festival - Copy
[2010/09/03 22:29:24 | 000,000,000 | ---D | C] -- C:\Swizzz
[2010/08/01 00:13:17 | 000,000,000 | ---D | C] -- C:\bgam upload
[2010/08/01 00:09:51 | 000,000,000 | ---D | C] -- C:\B'gham
[2010/07/13 20:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010/07/13 20:51:42 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\OpenCandy
[2010/07/13 20:51:40 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\OpenCandy
[2010/07/13 20:51:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veoh Networks
[2010/07/11 17:39:37 | 000,000,000 | ---D | C] -- C:\Users\Home\Tracing
[2010/07/11 17:38:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office Outlook Connector
[2010/07/11 17:38:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/07/11 17:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/07/11 17:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/07/11 16:56:16 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Yahoo
[2010/07/11 16:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/07/11 16:55:14 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Yahoo!
[2010/07/11 16:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/07/11 16:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/07/10 18:09:56 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\My Documents
========== Files - Modified Within 90 Days ==========
[2010/10/01 01:36:59 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1000UA.job
[2010/10/01 01:35:24 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A65F5209-7875-4623-BD41-CEFBD59CC1B4}.job
[2010/10/01 01:35:24 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7FBA0C7D-C412-4974-BE03-F7065C3D79FB}.job
[2010/10/01 01:35:07 | 002,097,152 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT
[2010/10/01 01:33:04 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/01 01:33:04 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/01 01:33:04 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/01 01:29:43 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\Registry Reviver64-Home-Startup.job
[2010/10/01 01:29:21 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/01 01:27:25 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/01 01:27:25 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/01 01:27:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/01 01:27:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/01 01:27:09 | 4251,828,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/30 19:08:44 | 000,524,288 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/09/30 19:08:44 | 000,065,536 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/09/30 19:08:40 | 001,883,552 | -H-- | M] () -- C:\Users\Home\AppData\Local\IconCache.db
[2010/09/30 03:13:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/30 00:23:05 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1001UA.job
[2010/09/26 17:26:40 | 000,001,997 | ---- | M] () -- C:\Users\Public\Desktop\Registry Reviver.lnk
[2010/09/26 15:23:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1001Core.job
[2010/09/24 20:26:13 | 000,002,039 | ---- | M] () -- C:\Users\Home\Desktop\Google Chrome.lnk
[2010/09/24 20:26:13 | 000,002,001 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/20 20:36:55 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010/09/20 20:34:43 | 000,000,680 | ---- | M] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
[2010/09/20 19:04:04 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/20 19:01:33 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Home\Desktop\mbam-setup.exe
[2010/09/20 18:47:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\TFC.exe
[2010/09/19 21:32:38 | 000,001,048 | ---- | M] () -- C:\Users\Home\Desktop\Google Talk.lnk
[2010/09/15 01:19:16 | 000,000,746 | ---- | M] () -- C:\Users\Home\Desktop\ERUNT.lnk
[2010/09/13 20:10:08 | 000,019,968 | ---- | M] () -- C:\Users\Home\Desktop\Swiss Expenses.xls
[2010/09/05 21:33:47 | 000,013,241 | ---- | M] () -- C:\Users\Home\Desktop\Jun9th to Jul 2.xlsx
[2010/09/05 21:33:40 | 000,012,509 | ---- | M] () -- C:\Users\Home\Documents\Aug Month Expenses.xlsx
[2010/09/05 21:33:40 | 000,012,509 | ---- | M] () -- C:\Users\Home\Desktop\Aug Month Expenses.xlsx
[2010/09/05 21:32:04 | 000,013,079 | ---- | M] () -- C:\Users\Home\Desktop\Jul 3rd-Aug 1st settlemnt.xlsx
[2010/09/04 00:43:35 | 000,029,184 | ---- | M] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/25 11:03:44 | 023,363,584 | ---- | M] () -- C:\Users\Home\Desktop\M2U00027.MPG
[2010/08/14 11:19:28 | 000,422,520 | ---- | M] () -- C:\Users\Home\Desktop\hdfctransfer.docx
[2010/08/14 10:34:28 | 000,385,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/03 19:46:07 | 000,184,332 | ---- | M] () -- C:\Users\Home\Desktop\ramya.docx
[2010/08/01 13:35:18 | 000,013,068 | ---- | M] () -- C:\Users\Home\Documents\Jul 3rd-Aug 1st settlemnt.xlsx
[2010/07/22 13:01:14 | 019,660,800 | ---- | M] () -- C:\Users\Home\Desktop\M2U00007.MPG
[2010/07/18 12:23:15 | 000,000,124 | ---- | M] () -- C:\Users\Home\JavaConnect.ini
[2010/07/15 21:39:36 | 000,000,969 | ---- | M] () -- C:\Users\Home\Desktop\Resume.doc
[2010/07/13 20:52:12 | 000,000,945 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2010/07/13 20:52:12 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/07/11 16:54:49 | 000,000,998 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger India.lnk
[2010/07/11 16:54:49 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger India.lnk
[2010/07/10 14:09:33 | 000,038,309 | ---- | M] () -- C:\Users\Home\Desktop\SwissTripbookingForm.docx
[2010/07/10 10:37:43 | 000,198,395 | ---- | M] () -- C:\Users\Home\Documents\OnlineBookingForm_web_updated.pdf
[2010/07/04 02:37:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1000Core.job
========== Files Created - No Company Name ==========
[2010/09/26 17:26:59 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\Registry Reviver64-Home-Startup.job
[2010/09/26 17:26:40 | 000,001,997 | ---- | C] () -- C:\Users\Public\Desktop\Registry Reviver.lnk
[2010/09/20 19:04:04 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/20 19:04:00 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/19 21:32:38 | 000,001,048 | ---- | C] () -- C:\Users\Home\Desktop\Google Talk.lnk
[2010/09/16 01:02:36 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\spoolsv.exe
[2010/09/16 01:02:24 | 000,295,424 | ---- | C] () -- C:\Windows\SysNative\MP4SDECD.DLL
[2010/09/16 01:02:22 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2010/09/16 00:58:10 | 000,622,080 | ---- | C] () -- C:\Windows\SysNative\usp10.dll
[2010/09/15 01:19:16 | 000,000,746 | ---- | C] () -- C:\Users\Home\Desktop\ERUNT.lnk
[2010/09/13 20:10:08 | 000,019,968 | ---- | C] () -- C:\Users\Home\Desktop\Swiss Expenses.xls
[2010/09/05 21:34:16 | 000,012,509 | ---- | C] () -- C:\Users\Home\Desktop\Aug Month Expenses.xlsx
[2010/09/05 19:37:49 | 000,012,509 | ---- | C] () -- C:\Users\Home\Documents\Aug Month Expenses.xlsx
[2010/08/25 18:34:34 | 019,660,800 | ---- | C] () -- C:\Users\Home\Desktop\M2U00007.MPG
[2010/08/25 18:33:46 | 023,363,584 | ---- | C] () -- C:\Users\Home\Desktop\M2U00027.MPG
[2010/08/14 11:17:48 | 000,422,520 | ---- | C] () -- C:\Users\Home\Desktop\hdfctransfer.docx
[2010/08/12 19:24:33 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/08/12 19:24:28 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/08/12 19:24:28 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/08/12 19:24:24 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/08/12 19:24:22 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll
[2010/08/12 19:24:11 | 004,675,976 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/12 19:23:56 | 009,250,816 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/08/12 19:23:55 | 012,473,344 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/08/12 19:23:53 | 002,335,744 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/08/12 19:23:50 | 001,487,360 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/08/12 19:23:50 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/08/12 19:23:50 | 000,706,048 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/08/12 19:23:50 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/08/12 19:23:49 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/12 19:23:49 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/08/12 19:23:49 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/08/12 19:23:49 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/08/12 19:23:49 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/08/12 19:23:49 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/12 19:23:49 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/08/12 19:23:49 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/08/12 19:23:49 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/08/12 19:23:49 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/08/12 19:23:48 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/08/12 19:23:48 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/08/12 19:23:48 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/12 19:23:48 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/12 19:23:32 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/08/12 19:23:30 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/08/03 19:46:05 | 000,184,332 | ---- | C] () -- C:\Users\Home\Desktop\ramya.docx
[2010/08/02 21:15:27 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/08/01 13:36:03 | 000,013,079 | ---- | C] () -- C:\Users\Home\Desktop\Jul 3rd-Aug 1st settlemnt.xlsx
[2010/08/01 13:34:17 | 000,013,068 | ---- | C] () -- C:\Users\Home\Documents\Jul 3rd-Aug 1st settlemnt.xlsx
[2010/08/01 11:34:48 | 000,013,241 | ---- | C] () -- C:\Users\Home\Desktop\Jun9th to Jul 2.xlsx
[2010/07/15 21:40:52 | 000,000,969 | ---- | C] () -- C:\Users\Home\Desktop\Resume.doc
[2010/07/13 20:52:12 | 000,000,945 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2010/07/13 20:52:12 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/07/11 17:38:03 | 000,061,288 | ---- | C] () -- C:\Windows\SysNative\drivers\fssfltr.sys
[2010/07/11 16:54:49 | 000,000,998 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger India.lnk
[2010/07/11 16:54:49 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger India.lnk
[2010/07/10 11:05:54 | 000,038,309 | ---- | C] () -- C:\Users\Home\Desktop\SwissTripbookingForm.docx
[2010/07/10 10:37:43 | 000,198,395 | ---- | C] () -- C:\Users\Home\Documents\OnlineBookingForm_web_updated.pdf
[2009/10/31 19:16:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/20 17:52:55 | 009,771,742 | ---- | C] () -- C:\Users\Home\AppData\Local\VSMsiLog2AA9.txt
[2009/09/20 17:51:25 | 000,037,039 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_MSDN_vs_90.txt
[2009/09/20 17:51:14 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_error_msdn_vs_90.txt
[2009/09/20 17:51:13 | 000,258,736 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_install_msdn_vs_90.txt
[2009/09/20 17:48:16 | 000,188,218 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SqlPubWiz.msi271A.txt
[2009/09/20 17:48:08 | 000,283,760 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_RefInt_x64_MSI2700.txt
[2009/09/20 17:47:51 | 000,549,116 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_NetFxTools_x64_MSI26C9.txt
[2009/09/20 17:47:36 | 000,440,290 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Win32Tools_x64_MSI2698.txt
[2009/09/20 17:46:24 | 005,358,798 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Build_x64_MSI25AD.txt
[2009/09/20 17:46:06 | 000,653,338 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Tools_x64_MSI2572.txt
[2009/09/20 17:45:06 | 002,501,282 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_CrystalReports2007_x64_MSI24AE.txt
[2009/09/20 17:40:43 | 004,652,682 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_CrystalReports2007_MSI2153.txt
[2009/09/20 17:40:20 | 001,222,686 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_RDBG_AMD64_MSI2108.txt
[2009/09/20 17:38:48 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/20 17:33:11 | 000,488,718 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_64bitEmulator_MSI1B8F.txt
[2009/09/20 17:32:10 | 005,155,436 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WMSP_5_0_MSI1AC8.txt
[2009/09/20 17:30:43 | 007,073,050 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WMPPC_5_0_MSI19AC.txt
[2009/09/20 17:30:24 | 000,739,886 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SSCEDeviceRuntime_MSI196E.txt
[2009/09/20 17:30:16 | 000,331,702 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SQLCEToolsForVS2007_MSI1953.txt
[2009/09/20 17:30:07 | 000,357,614 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SSCERuntime_MSI1936.txt
[2009/09/20 17:29:20 | 000,842,960 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_VSTOR_MSI189D.txt
[2009/09/20 17:28:45 | 001,049,088 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NETCFSetupv35_MSI182A.txt
[2009/09/20 17:28:09 | 001,293,660 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NETCFSetupv2_MSI17B5.txt
[2009/09/20 17:00:05 | 053,868,066 | ---- | C] () -- C:\Users\Home\AppData\Local\VSMsiLog0239.txt
[2009/09/20 16:55:45 | 002,870,540 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_Dexplorer90_retMSI7EE8.txt
[2009/09/20 16:55:35 | 000,347,944 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_PreReq_AMD64_MSI7EC8.txt
[2009/09/20 16:54:04 | 001,864,064 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NET_Framework35_x64_MSI7D9F.txt
[2009/09/20 16:53:05 | 000,175,713 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/09/20 16:53:01 | 000,131,474 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_dotnetfx35install.txt
[2009/09/20 16:53:01 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_dotnetfx35error.txt
[2009/09/20 16:52:41 | 000,837,792 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_VC_MinRed_MSI7C90.txt
[2009/09/20 16:50:28 | 000,191,477 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_VS_PRO_90.txt
[2009/09/20 16:50:18 | 000,621,994 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_install_vs_procore_90.txt
[2009/09/20 16:50:18 | 000,037,810 | ---- | C] () -- C:\Users\Home\AppData\Local\uxeventlog.txt
[2009/09/20 16:50:18 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_error_vs_procore_90.txt
[2009/09/17 18:19:54 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/29 08:11:44 | 000,568,850 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2009/08/29 08:11:43 | 000,856,064 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/08/29 08:11:43 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/08/29 08:11:42 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/08/29 08:11:35 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/08/29 08:11:35 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009/08/03 20:05:19 | 000,000,200 | ---- | C] () -- C:\Users\Home\AppData\Roaming\wklnhst.dat
[2009/07/31 19:27:59 | 000,029,184 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/31 02:45:20 | 000,000,680 | ---- | C] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
[2008/01/21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/21 03:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
========== LOP Check ==========
[2010/09/20 20:25:37 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\D3ADD88C79438E06E44D32E19B9A55BD
[2010/09/26 17:25:17 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\OpenCandy
[2010/09/26 19:14:39 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Qyugs
[2010/03/30 11:43:48 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Soaxl
[2009/09/25 03:49:42 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TeamViewer
[2010/09/13 19:19:37 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Template
[2010/10/01 01:29:43 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\Registry Reviver64-Home-Startup.job
[2010/09/30 19:08:46 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/01 01:35:24 | 000,000,390 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7FBA0C7D-C412-4974-BE03-F7065C3D79FB}.job
[2010/10/01 01:35:24 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A65F5209-7875-4623-BD41-CEFBD59CC1B4}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2008/01/21 03:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/06/24 11:22:20 | 000,546,872 | ---- | M] (Microsoft Corporation) -- C:\bootmgr.efi
[2009/05/28 09:20:29 | 000,003,532 | RH-- | M] () -- C:\dell.sdr
[2010/10/01 01:27:09 | 4251,828,224 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 05:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/10/01 01:27:07 | 270,475,263 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\Fonts\*.com >
[2006/11/02 16:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 16:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 16:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 16:06:41 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006/09/18 22:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2008/01/21 04:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/07/31 04:52:58 | 000,000,286 | -HS- | M] () -- C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2010/09/20 19:01:33 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Home\Desktop\mbam-setup.exe
[2010/09/20 20:36:55 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010/09/20 18:47:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\TFC.exe
[2010/03/05 21:10:11 | 001,531,691 | ---- | M] () -- C:\Users\Home\Desktop\winrar-x64-392.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2009/07/30 04:01:35 | 000,000,402 | -HS- | M] () -- C:\Users\Home\Favorites\desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.exe >
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< %USERPROFILE%\Templates\*.tmp >
< %SYSTEMDRIVE%\explorexxx.exe\*.* >
< %Windir%\Installer\*.tmp >
< %systemroot%\System32\*.xco >
< %ProgramFiles%\system32\*.* >
< %systemroot%\System32\windos\*.* >
< %SystemRoot%\system32\sandbox\*.* >
< %SystemRoot%\system32\*.amo >
< %SystemRoot%\system32\Windows Live\*.* >
< %ProgramFiles%\logs\*.* >
< %ProgramFiles%\Bifrost\*.* >
< %SystemRoot%\system32\*.goo >
< %systemroot%\system32\IME\*.* >
< %systemroot%\BackUp\*.* >
< %systemroot%\system32\*.ico >
[2006/09/18 22:31:55 | 000,107,620 | ---- | M] () -- C:\Windows\SysWOW64\acwizard.ico
< %systemroot%\system\*.dat >
< %systemroot%\system\*.exe >
< %AppData%\Macromedia\Common\*.* >
< %SYSTEMDRIVE%\dir\*.* /s >
< %systemroot%\system32\ras\*.exe >
< %SYSTEMDRIVE%\MFILES\*.* >
< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >
< %systemroot%\system32\services\*.* >
< %systemroot%\Spooler\*.* >
< %ProgramFiles%\system32\*.* >
< %systemroot%\system32\Setup\*.dll /x >
< %systemroot%\system32\*.mine >
< %SYSTEMDRIVE%\cleansweep.exe\*.* >
< %systemroot%\system32\ras\*.dll >
< %systemroot%\system32\ras\*.drv >
< %systemroot%\*.iq >
< %systemroot%\system32\XP\*.* >
< %SYSTEMDRIVE%\Extracted\*.* >
< %systemroot%\system32\windows\*.* >
< %systemroot%\logs\*.* >
< %SYSTEMDRIVE%\Win.Msi\*.* >
< %systemroot%\regedit\*.* >
< %systemroot%\system32\skype\*.* >
< %AppData%\Adobe\dlluplwin25\*.* >
< %UserProfile%\*.dat >
[2010/10/01 01:35:07 | 002,097,152 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT
< %UserProfile%\*.dll >
< %systemroot%\system32\*.sxo >
< %SYSTEMDRIVE%\Gazma\*.* /s >
< %systemroot%\system32\spynet\*.* >
< %systemroot%\system32\System\*.* >
< %appdata%\Microsoft\Windows\*.* >
< %systemroot%\system32\WinDir\*.* >
< %systemroot%\_\*.* >
< %systemroot%\system32\windows32\*.* >
< %ProgramFiles%\win\*.* >
< %AppData%\Microsoft\CD Burning\*.* >
< %systemroot%\*.cab >
< %systemroot%\K.Backup\*.* >
< %ProgramFiles%\Massenger\*.* >
< %systemroot%\System32\*.doc >
< %systemroot%\Office12\*.* >
< %systemroot%\System32\Rundl32.exe\*.* >
< %ProgramFiles%\yahoo.net\*.* >
< %systemroot%\system32\*.igo >
< %systemroot%\*.rew >
< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >
< %USERPROFILE%\.COMMgr\*.* >
< %USERPROFILE%\Desktop\*.bat >
< %PROGRAMFILES%\Common Files\Real\visualizations\*.* >
< %PROGRAMFILES%\Internet Explorer\*.Jmp >
< %PROGRAMFILES%\Windows NT\system\*.dll >
< %systemroot%\system32\*.ext >
< %systemroot%\system32\Com\*.cfg >
< %systemroot%\system32\btz\*.* >
< %systemroot%\system32\EMP\*.* >
< %systemroot%\system32\expo\*.* >
< %systemroot%\system32\inet2\*.* >
< %systemroot%\system32\xrem\*.* >
< %ProgramFiles%\Microsoft\*.* >
< %systemroot%\usgwmt\*.* >
< %ProgramFiles%\B\*.* >
< %SYSTEMDRIVE%\lspp\*.* >
< %systemroot%\Kral\*.* >
< %SYSTEMDRIVE%\windowsdvd.exe\*.* >
< %systemroot%\system32\*.ipo >
< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >
< %systemroot%\system32\*.mof >
< %systemroot%\*.atm >
< %systemroot%\system32\svhost\*.* >
< %ProgramFiles%\system32\*.* >
< %ProgramFiles%\Docmentt\*.* >
< %systemroot%\Help\*.vbs >
< %ProgramFiles%\Windows WinSxs\*.* /s >
< %ProgramFiles%\Outlook Express\IDT\*.* /s >
< %ProgramFiles%\Microsoft Office\365\*.* /s >
< %ProgramFiles%\Windows Live\*.* >
< %systemroot%\system32\win32\*.* >
< %SYSTEMDRIVE%\RECYCLER\*.* >
< %systemroot%\Fresh1\*.* >
< %ProgramFiles%\Kekj\*.* /s >
< %systemroot%\GDU\*.* >
< %systemroot%\KA\*.* >
< %systemroot%\R\*.* >
< %systemroot%\system32\*.fyo >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
OK, let's try again:
Remove Programs
Click Start > Control Panel > Programs and Features
Remove these programs by clicking Uninstall
Uniblue RegistryBooster 2010
If some programs listed are not present, please do not panic
Run Fix With OTL
Highlight the following in the code box and press Ctrl+C on the keyboard
Make sure you include the first colon (:)
:Otl
IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
O4 - HKCU..\Run: [Lvgciejlna.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXMiwocOHECMypCaxosWLGCkK1JiQosd/H0OCHCnSI7WSJ0dujMhxZUI/
A1tO7KiyJsabDFMdlInzYiqYCEWuLBmz6Ec/qYgK7bmQ50WnC3UWtWnRqcyPLv/5AUoQalaqUWGK
lNp0KtVUZJmq3cl2bcStFb0qREoz7sCkaauaXTu25lKIVtuO3CrX6N66AuFe7Qp4JF6JHCMLdisw
L+WG1H4+RMtYoUy4k/9Zjsr5ZmClJFMvXX13Z+HQX6du5Vp2oOLaiWkf3h0bLdmrryHjDS548WKc
ugnSjZgXafKDy1kqfOyZ+NPM2CVLZswzrfbUnf3G/8z783bQnaO1mieoOXbOgiepgzXs/jJ95pc1
wiwPGv5DuaXZZtpdSXlmUEqYUeUVVvdRhBdn22VlGYOQ5ZZUfwxixxtFYimY21be8RaUb12dZGJ8
B0aY33/ZTZcRdDqB2FB6BukEoHNxmZjUiScmWCGF/g31n1/YocXRb+E9NNs/UzRJ22kT2lRgbKBx
iCGPWA53ZHEH0TjkeT8GudGO6VmHo2gwNTmFXC15uRs1hJmEYn8jIpikQ24OGVJLKoq5EZYKGrnj
hrYhVWRmMaLQ5HzbeafjoyeCKJWKS8aEaGB51pSpdLFpZF2KILVZYosGnVnZk6moueOhg/IYqlPD
of/1HGlGOmTdpgYax5OdIhZ34pT+xXqbldzBOYWi8fVYGavMUlfegXXV2t5M87GHG2Jgqmfqfz9N
4Ye3utkoGpxGaqRZrHACGpOar3k6nGh/lndospklp6GAldLkB6Kj0cinYZH9JDC4f3oaqnPf8vdk
Qakoeqy3ReGlpqIo+Daoeg03GSDDDicU65RHAiXVaBw6afHH8UllqGi+IUVifeJG2N+g5b40hW/1
CnzyaCAivNy3FN+cUkrfTpzWg0w6rDG6tjV5JL+uwWvb0TupeXOX+/Gr9a9wSnqvy+BNHeVQ/FpM
jaIun2ziSi47J3DaKm9ltaIqoRU0CkA1CvTDyFr/mlSTij7mlbjwtmc4Yz8FPbLaXk4r62w3C13v
bJTTWa1n3wbcrNY7M16v1eAODLqWeY+kZtFOVjYc4LV21FKVU0v9IOhgV2agckaCC/m+ICk8m6BF
2tpV4FTRtTbDnXfG97G5P2xy5yc7nKrzxifWce+ksnyXyFh17tyx/xCvX31O+SwpZzZ+W3mH9c24
qEHeXm0a6FNoNXq+p1qsqrGnC+skq4IyEl2gBzyuUENjTFpTa5gELJDArWWlKY93ziRBtagvK3KT
X9igFRv67c1hC6vXvVKFNgcGjTD2KyHyCIgznK3NRH5A2wFvRqLp3cxtr7OctignMI7IzTo5i07T
/yZVGatlayFLmtvEnLYsnCGkaAa0mtv6V7bEWMZGEHqd9byFluc9Dm8tNJvHQuezST1rJt1pW9EI
N8NUla5goYJWvk4COOcdq23iqVHGKraSY6EAbUihmJXMJqdxkaWFZQMc71S4Rf2YKkPbM1TX5Haw
9bSPISb73A0hBj8MEWhlBYkh6v4HEec4jFVWu9D/OFSgZD3IbXCL1/R0ohMmDsRJMsITUm54kp5J
Kpc9ISHbIKY+mOCoaHwCDXlkZUcE9gZ6IKFelWL4MBteCIAPepCV1oe6B/VNIKe75JhW1kWJFTNG
N8zj5RAyvT+9L2EFOR0sWxnAKaEOb9Lbme04mP9C3u2pjvJUXXYG6qCtaWiGN8ygodYIJIYJMZqa
4aZWUiUwbPHmgpnp2wFRELH/nRGH6drRbO7GtzK55iR/XNM8u7U8FEDtOIYsktnY5c2rwQlZIiyV
Dk+VUF/uS32O9FND4JnASb1vI7isp9QEKiiledCiZUPdGFOpsIZ6zH40JInTuuitgZLJbVh7WwV/
h7+JXgSBqSsiV2z40IlaTCueAijoxDc0ci3nKtWEzi4VuMD1TQShDvKNxhD6k3kxq3KFlRvlHITY
BQFmq0cVDRd3169QRnF0CCUljxoInTvCBy9vXCpjKpfH6dUumpsMnazIRFBmTe53p+IhTswVuKX/
NQ9iZ8NtKAu1r1cusW13I2JBN9shlDKPZVhpbYjkNLRifitpZBxp/AKnMCFFxrD8AReiGuuhT7GU
r4lh4gEt2Z62iXWUW5WVUzc2lVaqhJo3BJ4rE+tej0Dwp8BSrHO2e0cvpu2/Zlvtaslq18aWTWe4
4p/QtDVDOj4XTWK1mG42OjHV2HE/O0sJuuLzsH258qcl6dnbQGTVlcRIutczjA631DSv9RJyu+pV
ZwmWtxmqJ74EOpny1ou45WXKlcYCI6A0JCvY+Oc55ZkY5dhJsqIgzE6T9DCu/DRe3hEIXMfikxvR
NFFYjhJv3Elg0CJkrhbCBW9AGu6v5kk+zRS0/0A7opiVd0jJxAgVTYrx1JKbGKBbGbAr2SVP2ubi
Ri6+dV1ShI8rp9Ynl7CPbPYddMGI6x12IZG0m7lPjXiVJGC6hGhGFBsRLSLBOPW2R66SrDr/xDZ4
LQhSHCqUe3vnwEcPNXIP3gun75STnYrHaj5kb0YQ1KIjBWjFmnbdr07ay/M02SE/q26SPsWeObdF
w+KdqGP5KRmaqasmZO2ZwY4zwqFdLmdC6oyX/iIlWy+ZPOZOt15sEtgp06TRk+pRWx2omh7R8y0m
NQu1X3K7i1HrS0utl1aMHGZ2ZyUzgF7VxbBb7RH3KdjFjZqojqgSg4Wn230GmIyFV5pZsaWQvP/u
UuzGhOpdn2WfLN8Ijhq9atEifDoQHzhMOxUvsUxL0akBmZGvIsDWKitexzPxYI485yByNswLvBMk
MTXQOH585DM65NWPfp1lnyc4yX3iz4N0skH/a51dkjAh9Yl2fvLc2L9Z1bjoJZ03cz3qrFZNbXIO
r12qZtZOvq9dI3zewrv4I/KJkL3vTBIIjWfRVSEontZCFkn+CsGx1B7j8f4q3sinOk/RtSTZ4/iU
I53upg+byd2u8jmOyuBQ7xXEAfNssAx8OkhSHZiMThmP+6hGqz+5y8WJ9aRzat4V7bidtQyp0FNr
8V/xfbaAtCqTEL8jTz94ME3q4VfdXi3Ql1B3flBNe6h8Xzi/OezvUx4Y1ssbjqhR+tW/HhVLGf9A
sGd42/E0suHbxz+owRrO13uA4X//x05/xnOpR38BaBfXgXUsAi3JlX09cX4HeIFMYYEVgSMXYnge
OE8gGGEHSHP20X494WXclIIqiFgoOHdiQmYCF4MYERAAOw==] C:\Users\Home\AppData\Local\Temp\login.exe File not found
O4 - HKCU..\Run: [Lvgciejlqcchonline.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXGgwFcOHECNKnLiQGjWKES8K1DiQI8aPHRP6+ecRpEmDJSGmrGjRYsiT
MGOeHCmz5st/fnLq1JnKT8+cP33uFLqzp1GgNjmuvFiSacGVIIFOGTo0KNWfU636mUq161avYHNO
CXqToNKyA1O1dHoWpU2FPIUeBRqXrl2ieB2SXEgzoUa9bwPjFBw151OBOs3u3YhW5sq+D/W2Pdj0
JFS/ey8rfsuR6MGihCcCjoxRc8aFahm3DP3QacGdh6ntdLk6KdoprfdCXkyZpOmKmYNvpNaTpFrX
vDdP/C0R9uejwdm+3V0x1WjllK/HpC3ZJHOKk1M6//883u1q6YwVa6QeWW1q4cn3Wk8vfD79p8ep
TVVNfK1L5Re9p5pj/eUHl1Fw0XWfQmdJxx5DkPVnWlP9ZeSfbBYiZ9xyvmnIYEcFWmQdcSNaxZeC
AMZH30jSoffZQCPl1CKJDv1V42EoSeiSWrt56JZA9vnIm3+NBdaZHxfWhtNPGGmHkIv3HWWUewcJ
6JeIBFn3IGYdOfnkfwRtaRaY9FWG3XDRoekUT5MpJmZvabXYoW5zRQiYUmD2VRxaxFFnY4rDKfna
j/FVmJtrtL3204SxhcTcUv/cuKB6MEpJ01oGsbgnQvbRR+WVZIqk1XUUWrngo4ANhVyLVjGVmpyw
Zv+WaIBgCrniXa8CKVuDS0oa0nFpYhoWVUPCx+B/3xGaqVAQodhaS4Bdl1WRDYJ5p6XurXqTRtzJ
5dNPCDZ7mnmpcCXgb9d1umZiRcb4FYtwvtSdbFNAG+KALsLak34ooJAVXsUCy9Sss8oK66Uqfkjc
FAw37K+XDZllmHWddlTVhUjWBjCnZZULcYf2cpvfewFO0e/JmVkqY42CThoRux+aVa7JNPtr81Sh
KtUdYzIC+W25X03FFcLwGmfvyH0CFbJ+K8v8z1gWzYbTULqWe/LVKCBJ6kbe7ltmsbxy1HCRVdbM
cGrW+bvfnBEntCdW78oWrVzNybbVq3aLtWiSq0H/zC3DN59cb5xr5SeijT/79NraP341LjU2nwuk
zTpme3iSvO00lpabFtRq5qMiKRZPQGaFqZLaXtQXv1j7i6RiluMYcspyjf3kVx/f/jBCNN9pcKiB
0ob7hSBHXbhQp8uK2N1RA61noXxN3q/JrkvWN3HA2boRw12nZTtDyG2VNULi/yulQ5bzbTFXz9WI
MM86zXhRwz5FjbPxxF9++q7iXx2poTQyj3BSoqGzpUcnQjMMRmzGKddV6XwiYlb9WmIXt1HsRLfj
nkNwliW6RaZANUOBQ4gCuJ0BB0JbIc/aPNgaP+wuUybTDsSo9B8S2kV/fcLW15Y3ksFF6l0KDNbU
/4oWJi0BBWs4K1+/3pQe4CWHaeIx4JlQwz2UfC8tXOrQpphEorvJjEg5ZJHcROSe+IlFik3BVtcM
JCLBZa11/pLId5gXJrFY5mQeKZ/vfHWgTzEtgQmE0WRudJ4BpmYr3KuL6ii2RqDtjTbUg+MSsfQk
EBFqLVVkTMNGk6wwnY1EavskFiOzmzLqDVg/HMyksNe1CnmwJ+aqSNGw17zaTc9m0/MVH+PFH4/o
x4dL4uBJrGY2wdEshYBK5W2C6KauqO518KJYrUDGPeGtzlgGeklOrnbMn4GLR99qJbcwpZ6tcOtd
vGxNw0wmI/uNzVuKYo9HPEbB7hlmYL55CvYiFf+kxXyFLXl7ndNwtBFiTu+aL9mnPmukxik9TWla
AqZKyuJChnHLe2q76Oh65Cj5pJBW7xnJyPIZp52FsTiqs+gaY8S+8/iSnwKJZL8CKtI4jlJCJL3M
ej4JS6hJM1u+q0gmYag2RSGGLKey2y49pC2XZYlE00INOJE3sBv1sGaaotfJSlS5rh4ufe5RKdNy
lxuBMDBixMQNTN1CtcXQi2QuEWk2M5azYm1meO7hKlBDtFegVnSrrOOmQmF60XSSxIBAm85QgdSR
dZK1jgqMH7KMUrijhUh/xwkSODdHsZ9WTGLOYpFM3Xi1UhbUqeTDmRQ5tCBiMkZSCythXoGqV2n/
IjCcQVOgV5ckMjJ2lp8/0+BvfeOkij1TgaNFIssGtr8ABbVsYxEmQbOno8jttXn6MdUJ0wLEoU3w
p5WbmKE8Z58Lkncln/UcTogTuGO+NFL4IRGRKik0xrGWMhUVqUcrmTq3koifgIwo6aq1Gma+9lx1
he9vtTum2sgUag/MkmZ9qT5EWhS1TWKngp00z87OlkbpyhiaYDSWdq6KgvL5bGGna5z0QgsxWVqi
iV5aIt5YjyWIzCZM/mJdD3OORzdB5bb+1zKA6kVVQ+oPEQeUrtEI2XArJiJd+zIb8574qJ315pTQ
p55Ega+vJbMv+FqWHZIqi3xKxeJ4lcXJO9Vm/7gwrmS0GLkvH3sYQlmyDfySWbUVK8dwU2zTZvLG
Qa2FKlqEIyeOEPQ+Sy44JM7BZzrVytiEmcRrYx7ssZDlxNzs8odBGa+rgkcRTMPOvMVdXnEeS53H
VnKHuWLymp+blhHpyCQxwgxezAlWuWnZzj4uWA6djNCcwghmOBIojCwNEicKuW2eG2dTJZLeZimV
ks1WZWcLVKJtgxfY4PImjcSDazWG88UDgjZJ6AqleM1TccZqjLAuOMHeyEnCKvZmpZHju07zjGPM
lqO0Jdw1onh2kdzdMkSMm2kymdJRSWtPtW3MaICTbdmTYnCTFA2p4MVOe6CuSsHxdkE8dbqfX/87
DmxcpSWMJ1l1KRuRuxO8bpcx8VnLsdaOaoLKnCm6zAJfJLIrvegHmteweUbNjpEuKJwGyK5X+jZt
mPtstHwq4BRX0kYf9HTlRLNzGMawqwVDZs2AmSXFK56XcUrtib/mbhFiyB7VNUzW+KXqp+Wrijs6
HIEN+dQ64tt/fgtyXemmZ5iBeUlY+Heod/3iofnq0QUOvdbkzpd+j1WmqhQRv8ntzG6zO57AWh+3
winwjXcZmXQaLj4TmYLA6yTXa+328Jiwk5ziq7/V6yVyFh4m0sQ95/U50ThDHd9ZJPppqtrtx/Iq
znoB9BQHTS34OJfW8Q6bbhq1Q7T0iICV8ptWy8NOXOGLi8x2b7H5SWMZ5ZOfn3h3vxw5g2L4Yv0j
Hda4TPQPHpMyqqDKxmLpl3zyt3RAMnmscXMTNVjrh4DgcX9lNYAyg33rJ3e/Vzdmtl35h30GERAA
Ow==] C:\Users\Home\AppData\Local\Temp\win.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
[2010/09/26 17:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\ReviverSoft
[2010/09/26 17:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\ReviverSoft
[2010/09/26 17:25:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/09/26 17:25:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veoh_Web_Player
[2010/07/13 20:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010/07/13 20:51:42 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\OpenCandy
[2010/07/13 20:51:40 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\OpenCandy
[2010/07/13 20:51:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veoh Networks
[2010/10/01 01:29:43 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\Registry Reviver64-Home-Startup.job
[2010/09/26 17:26:40 | 000,001,997 | ---- | M] () -- C:\Users\Public\Desktop\Registry Reviver.lnk
[2010/09/04 00:43:35 | 000,029,184 | ---- | M] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/13 20:52:12 | 000,000,945 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2010/07/13 20:52:12 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/09/26 17:26:59 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\Registry Reviver64-Home-Startup.job
[2010/09/26 17:26:40 | 000,001,997 | ---- | C] () -- C:\Users\Public\Desktop\Registry Reviver.lnk
[2010/07/13 20:52:12 | 000,000,945 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2010/07/13 20:52:12 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/09/26 17:25:17 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\OpenCandy
[2010/09/26 19:14:39 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Qyugs
[2010/03/30 11:43:48 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Soaxl
:Commands
[Purity]
[EmptyTemp]
[Reboot]
Right-click on the OTL.exe file, choose Run as Administrator to start OTL. OK any warning about running OTL.
Click in the Custom Scans/Fixes box at the bottom of the OTL window
Press Ctrl+V to paste the above code in the box (check that the code appears)
Click the Run Fix button
Please post the resulting log and close OTL.
Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 22.
NOTE: Ensure you update both the 64-bit & 32-bit versions of Java
Download the latest version of Java Runtime Environment (JRE) 6 Here (http://java.sun.com/javase/downloads/index.jsp)
Scroll down to where it says "JDK 6 Update 22 (JDK or JRE)"
Click the orange Download JRE button to the right
Select the Windows platform from the dropdown menu
Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
Click on the link to download Windows Offline Installation & save the file to your desktop
Close any programs you may have running - especially your web browser
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) On the General tab, under Temporary Internet Files, click the Settings button
Next, click on the Delete Files button
There are two options in the window to clear the cache - Leave BOTH CheckedApplications and Applets
Trace and Log Files Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
Click OK to leave the Temporary Files Window
Click OK to leave the Java Control PanelKaspersky Online Scan
Right click on your favourite web browser (Internet Explorer, Firefox, etc) and select Run As Administrator to run it
Go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan
Read through the requirements and privacy statement and click on Accept button
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
When the downloads have finished, click on Settings
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan
Once the scan is complete, it will display the results. Click on View Scan Report
You will see a list of infected items there. Click on Save Report As...
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next replyPictured tutorial if required (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
This scan will take quite some time to update & scan, so be patient with it.
To post in next reply:
OTL Fix log
Kaspersky Online Scan log
Update on how the computer is running
Hi,
I am performing the steps you have asked me to do. I have uninstalled the UnUniblue RegistryBooster 2010. This was the only program that you have asked me to remove. In the custom scan code for OTL you have included some line which relate to Veohplayer. I saw that veoh web player, veoh video compass and veoh web player toolbar are installed in my system. It is listed in the Programs and Features in Control Panel. Should I unistall them ? I can unistall them if you want me to do so. Please confirm.
I will wait for your reply. Once I get a reply from you I will proceed with the rest of the steps(OTL fix,Updates,Kaspersky scan...).
Hi
I saw that veoh web player, veoh video compass and veoh web player toolbar are installed in my system. It is listed in the Programs and Features in Control Panel. Should I unistall them ?Yes..... I would uninstall them. It appears as if they may have been bundled with the Reviversoft junk.
Hi ,
I have uninstalled the veoh player. also there was an entry for reviver in control panel. I have uninstalled that alos. I have run fix in OTL and the post is below.
The java update website link provied in your post contains only Update 21 and there is no Update 22. Also the orange color link is not available. I dont consider that as a big issue as the website should have changed as a result of ORACLE-SUN merger. I have installed JRE 6 Update 21. But I am not able to see any java (cup) icon in my control panel. I can see that icon in my friends lapotop but not in mine. Should I install something else along with the jre?
The file I used for Installation is - jre-6u21-windows-i586.exe. Please advise if it is ok to porceed with the Kaspersky online scan. I have not yet performed the clear cache in the java installation (
'Note: This deletes ALL the Downloaded Applications and Applets from the \CACHE ')
Is it ok to proceed with the kaspersky online scan without that claering cache stuff of java? Please advice.
OTL run fix log below:
-------------------------------
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\ not found.
File C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cd90bf73-20f6-44ef-993d-bb920303bd2e} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\ not found.
File C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\ not found.
File C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cd90bf73-20f6-44ef-993d-bb920303bd2e} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\ not found.
File C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CD90BF73-20F6-44EF-993D-BB920303BD2E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD90BF73-20F6-44EF-993D-BB920303BD2E}\ not found.
File C:\Program Files (x86)\Veoh_Web_Player\tbVeoh.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
File Lvgciejlna.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
File Lvgciejlqcchonline.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Folder C:\Program Files\ReviverSoft\ not found.
Folder C:\ProgramData\ReviverSoft\ not found.
C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.
C:\Program Files (x86)\Conduit folder moved successfully.
Folder C:\Program Files (x86)\Veoh_Web_Player\ not found.
Folder C:\Program Files (x86)\Uniblue\ not found.
C:\Users\Home\AppData\Local\OpenCandy folder moved successfully.
C:\Users\Home\AppData\Roaming\OpenCandy\OpenCandy_BCBC9F43C5654F1CB2156983CD6BAA1F folder moved successfully.
C:\Users\Home\AppData\Roaming\OpenCandy\OpenCandy_0B0896EE98C94F209313EEF61862EAD4 folder moved successfully.
C:\Users\Home\AppData\Roaming\OpenCandy\BCBC9F43C5654F1CB2156983CD6BAA1F folder moved successfully.
C:\Users\Home\AppData\Roaming\OpenCandy folder moved successfully.
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library folder moved successfully.
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms folder moved successfully.
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\skins\black folder moved successfully.
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\skins folder moved successfully.
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer folder moved successfully.
C:\Program Files (x86)\Veoh Networks folder moved successfully.
C:\Windows\Tasks\Registry Reviver64-Home-Startup.job moved successfully.
File C:\Users\Public\Desktop\Registry Reviver.lnk not found.
C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
File C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk not found.
File C:\Users\Public\Desktop\RegistryBooster.lnk not found.
File C:\Windows\tasks\Registry Reviver64-Home-Startup.job not found.
File C:\Users\Public\Desktop\Registry Reviver.lnk not found.
File C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk not found.
File C:\Users\Public\Desktop\RegistryBooster.lnk not found.
Folder C:\Users\Home\AppData\Roaming\OpenCandy\ not found.
C:\Users\Home\AppData\Roaming\Qyugs folder moved successfully.
C:\Users\Home\AppData\Roaming\Soaxl folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Home
->Temp folder emptied: 12384428 bytes
->Temporary Internet Files folder emptied: 219988345 bytes
->Java cache emptied: 14751 bytes
->Google Chrome cache emptied: 110867424 bytes
->Flash cache emptied: 8541 bytes
User: Public
User: vijay
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1601266 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 329.00 mb
OTL by OldTimer - Version 3.2.14.0 log created on 10022010_003038
Files\Folders moved on Reboot...
File\Folder C:\Users\Home\AppData\Local\Temp\~DFEA91.tmp not found!
File\Folder C:\Users\Home\AppData\Local\Temp\~DFEA96.tmp not found!
File\Folder C:\Users\Home\AppData\Local\Temp\~DFEADC.tmp not found!
File\Folder C:\Users\Home\AppData\Local\Temp\~DFEAE1.tmp not found!
File\Folder C:\Users\Home\AppData\Local\Temp\~DFEB03.tmp not found!
File\Folder C:\Users\Home\AppData\Local\Temp\~DFEB08.tmp not found!
C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NV8HXCXQ\showthread[1].htm moved successfully.
C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZ9CPD6Y\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H5E1710X\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CP7ZNS2A\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8LXFTAGP\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Hmmm.... That was really strange with the Java update. I always check my links before posting & when i checked the link for the Java update it clearly showed Update 22.... But now it's back to 21. So my apologies for that.
Anyway... Yes, OK to proceed with the Kaspersky scan.
I have completed the kaspersky scan. I also removed the cache in java control panel. The kaspersky result showed that there was one infection. It didnt ask me to remove or heal the file. I havent taken any action against that file.
My system appears to be normal (though the infected file seems to be there!!! May be its hiding and waiting for a good time to come out :) )
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, October 3, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 64-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, October 03, 2010 05:10:15
Records in database: 4280953
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Objects scanned: 179706
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 04:23:41
File name / Threat / Threats count
C:\Users\Home\AppData\Roaming\Template\vclupldrv12\msfttcp.dll Infected: Trojan.Win32.Swizzor.xgb 1
Selected area has been scanned.
Hell Karman,
Sorry for the delay. jmw3 was called away unexpectedly. My name is Ken and I will be taking over for him.
Please download OTM by OldTimer (http://oldtimer.geekstogo.com/OTM.exe) and save it to your desktop.
Double click the http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/OTMdesktopicon.png icon on your desktop.
Paste the following code under the http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/pasteline.png area.
Do not include the word "Code".
:Processes
explorer.exe
:Services
:Reg
:Files
C:\Users\Home\AppData\Roaming\Template\vclupldrv12\msfttcp.dll
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
Push the large http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/btnmoveit.png button.
OTM may ask to reboot the machine. Please do so if asked.
Copy/Paste the contents under the http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/results.png line here in your next reply.
If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Rerun OTL ( no need for the extra script) and post a new log please
Hi Ken,
convey my thanks to jmw3 please. He was very helpful answering all my doubts and in cleaning the system.
I have posted the OTM and OTL logs below.
------------------
OTM
------------------
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
LoadLibrary failed for C:\Users\Home\AppData\Roaming\Template\vclupldrv12\msfttcp.dll
C:\Users\Home\AppData\Roaming\Template\vclupldrv12\msfttcp.dll moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Home
->Temp folder emptied: 110769480 bytes
->Temporary Internet Files folder emptied: 27638980 bytes
->Java cache emptied: 128094 bytes
->Google Chrome cache emptied: 50920577 bytes
->Flash cache emptied: 1651 bytes
User: Public
User: vijay
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 326 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 181.00 mb
OTM by OldTimer - Version 3.1.16.1 log created on 10072010_195106
Files moved on Reboot...
File C:\Users\Home\AppData\Local\Temp\~DF73A7.tmp not found!
File C:\Users\Home\AppData\Local\Temp\~DF73AC.tmp not found!
File C:\Users\Home\AppData\Local\Temp\~DF740A.tmp not found!
File C:\Users\Home\AppData\Local\Temp\~DF740F.tmp not found!
File C:\Users\Home\AppData\Local\Temp\~DF7432.tmp not found!
File C:\Users\Home\AppData\Local\Temp\~DF7437.tmp not found!
C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V0FD9NPJ\showthread[2].htm moved successfully.
C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZ9CPD6Y\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H5E1710X\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CP7ZNS2A\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8LXFTAGP\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.
Registry entries deleted on Reboot...
-------------------------------------------
OTL LOG
-------------------------------------------
OTL logfile created on: 10/7/2010 7:59:56 PM - Run 4
OTL by OldTimer - Version 3.2.14.0 Folder = C:\Users\Home\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 163.34 Gb Free Space | 57.63% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.84 Gb Free Space | 53.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MANJULA-HOME
Current User Name: Home
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
========== Modules (SafeList) ==========
MOD - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe ()
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe ()
SRV:64bit: - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV:64bit: - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV:64bit: - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys ()
DRV:64bit: - (tmxpflt) -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys ()
DRV:64bit: - (tmpreflt) -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys ()
DRV:64bit: - (vsapint) -- C:\Windows\SysNative\DRIVERS\vsapint.sys ()
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys ()
DRV:64bit: - (OA008Ufd) -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys ()
DRV:64bit: - (OA008Vid) -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys ()
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\DRIVERS\tmtdi.sys ()
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys ()
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys ()
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys ()
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys ()
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys ()
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys ()
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys ()
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2006/09/18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlna.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXMiwocOHECMypCaxosWLGCkK1JiQosd/H0OCHCnSI7WSJ0dujMhxZUI/
A1tO7KiyJsabDFMdlInzYiqYCEWuLBmz6Ec/qYgK7bmQ50WnC3UWtWnRqcyPLv/5AUoQalaqUWGK
lNp0KtVUZJmq3cl2bcStFb0qREoz7sCkaauaXTu25lKIVtuO3CrX6N66AuFe7Qp4JF6JHCMLdisw
L+WG1H4+RMtYoUy4k/9Zjsr5ZmClJFMvXX13Z+HQX6du5Vp2oOLaiWkf3h0bLdmrryHjDS548WKc
ugnSjZgXafKDy1kqfOyZ+NPM2CVLZswzrfbUnf3G/8z783bQnaO1mieoOXbOgiepgzXs/jJ95pc1
wiwPGv5DuaXZZtpdSXlmUEqYUeUVVvdRhBdn22VlGYOQ5ZZUfwxixxtFYimY21be8RaUb12dZGJ8
B0aY33/ZTZcRdDqB2FB6BukEoHNxmZjUiScmWCGF/g31n1/YocXRb+E9NNs/UzRJ22kT2lRgbKBx
iCGPWA53ZHEH0TjkeT8GudGO6VmHo2gwNTmFXC15uRs1hJmEYn8jIpikQ24OGVJLKoq5EZYKGrnj
hrYhVWRmMaLQ5HzbeafjoyeCKJWKS8aEaGB51pSpdLFpZF2KILVZYosGnVnZk6moueOhg/IYqlPD
of/1HGlGOmTdpgYax5OdIhZ34pT+xXqbldzBOYWi8fVYGavMUlfegXXV2t5M87GHG2Jgqmfqfz9N
4Ye3utkoGpxGaqRZrHACGpOar3k6nGh/lndospklp6GAldLkB6Kj0cinYZH9JDC4f3oaqnPf8vdk
Qakoeqy3ReGlpqIo+Daoeg03GSDDDicU65RHAiXVaBw6afHH8UllqGi+IUVifeJG2N+g5b40hW/1
CnzyaCAivNy3FN+cUkrfTpzWg0w6rDG6tjV5JL+uwWvb0TupeXOX+/Gr9a9wSnqvy+BNHeVQ/FpM
jaIun2ziSi47J3DaKm9ltaIqoRU0CkA1CvTDyFr/mlSTij7mlbjwtmc4Yz8FPbLaXk4r62w3C13v
bJTTWa1n3wbcrNY7M16v1eAODLqWeY+kZtFOVjYc4LV21FKVU0v9IOhgV2agckaCC/m+ICk8m6BF
2tpV4FTRtTbDnXfG97G5P2xy5yc7nKrzxifWce+ksnyXyFh17tyx/xCvX31O+SwpZzZ+W3mH9c24
qEHeXm0a6FNoNXq+p1qsqrGnC+skq4IyEl2gBzyuUENjTFpTa5gELJDArWWlKY93ziRBtagvK3KT
X9igFRv67c1hC6vXvVKFNgcGjTD2KyHyCIgznK3NRH5A2wFvRqLp3cxtr7OctignMI7IzTo5i07T
/yZVGatlayFLmtvEnLYsnCGkaAa0mtv6V7bEWMZGEHqd9byFluc9Dm8tNJvHQuezST1rJt1pW9EI
N8NUla5goYJWvk4COOcdq23iqVHGKraSY6EAbUihmJXMJqdxkaWFZQMc71S4Rf2YKkPbM1TX5Haw
9bSPISb73A0hBj8MEWhlBYkh6v4HEec4jFVWu9D/OFSgZD3IbXCL1/R0ohMmDsRJMsITUm54kp5J
Kpc9ISHbIKY+mOCoaHwCDXlkZUcE9gZ6IKFelWL4MBteCIAPepCV1oe6B/VNIKe75JhW1kWJFTNG
N8zj5RAyvT+9L2EFOR0sWxnAKaEOb9Lbme04mP9C3u2pjvJUXXYG6qCtaWiGN8ygodYIJIYJMZqa
4aZWUiUwbPHmgpnp2wFRELH/nRGH6drRbO7GtzK55iR/XNM8u7U8FEDtOIYsktnY5c2rwQlZIiyV
Dk+VUF/uS32O9FND4JnASb1vI7isp9QEKiiledCiZUPdGFOpsIZ6zH40JInTuuitgZLJbVh7WwV/
h7+JXgSBqSsiV2z40IlaTCueAijoxDc0ci3nKtWEzi4VuMD1TQShDvKNxhD6k3kxq3KFlRvlHITY
BQFmq0cVDRd3169QRnF0CCUljxoInTvCBy9vXCpjKpfH6dUumpsMnazIRFBmTe53p+IhTswVuKX/
NQ9iZ8NtKAu1r1cusW13I2JBN9shlDKPZVhpbYjkNLRifitpZBxp/AKnMCFFxrD8AReiGuuhT7GU
r4lh4gEt2Z62iXWUW5WVUzc2lVaqhJo3BJ4rE+tej0Dwp8BSrHO2e0cvpu2/Zlvtaslq18aWTWe4
4p/QtDVDOj4XTWK1mG42OjHV2HE/O0sJuuLzsH258qcl6dnbQGTVlcRIutczjA631DSv9RJyu+pV
ZwmWtxmqJ74EOpny1ou45WXKlcYCI6A0JCvY+Oc55ZkY5dhJsqIgzE6T9DCu/DRe3hEIXMfikxvR
NFFYjhJv3Elg0CJkrhbCBW9AGu6v5kk+zRS0/0A7opiVd0jJxAgVTYrx1JKbGKBbGbAr2SVP2ubi
Ri6+dV1ShI8rp9Ynl7CPbPYddMGI6x12IZG0m7lPjXiVJGC6hGhGFBsRLSLBOPW2R66SrDr/xDZ4
LQhSHCqUe3vnwEcPNXIP3gun75STnYrHaj5kb0YQ1KIjBWjFmnbdr07ay/M02SE/q26SPsWeObdF
w+KdqGP5KRmaqasmZO2ZwY4zwqFdLmdC6oyX/iIlWy+ZPOZOt15sEtgp06TRk+pRWx2omh7R8y0m
NQu1X3K7i1HrS0utl1aMHGZ2ZyUzgF7VxbBb7RH3KdjFjZqojqgSg4Wn230GmIyFV5pZsaWQvP/u
UuzGhOpdn2WfLN8Ijhq9atEifDoQHzhMOxUvsUxL0akBmZGvIsDWKitexzPxYI485yByNswLvBMk
MTXQOH585DM65NWPfp1lnyc4yX3iz4N0skH/a51dkjAh9Yl2fvLc2L9Z1bjoJZ03cz3qrFZNbXIO
r12qZtZOvq9dI3zewrv4I/KJkL3vTBIIjWfRVSEontZCFkn+CsGx1B7j8f4q3sinOk/RtSTZ4/iU
I53upg+byd2u8jmOyuBQ7xXEAfNssAx8OkhSHZiMThmP+6hGqz+5y8WJ9aRzat4V7bidtQyp0FNr
8V/xfbaAtCqTEL8jTz94ME3q4VfdXi3Ql1B3flBNe6h8Xzi/OezvUx4Y1ssbjqhR+tW/HhVLGf9A
sGd42/E0suHbxz+owRrO13uA4X//x05/xnOpR38BaBfXgXUsAi3JlX09cX4HeIFMYYEVgSMXYnge
OE8gGGEHSHP20X494WXclIIqiFgoOHdiQmYCF4MYERAAOw==] C:\Users\Home\AppData\Local\Temp\login.exe File not found
O4 - HKCU..\Run: [Lvgciejlqcchonline.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXGgwFcOHECNKnLiQGjWKES8K1DiQI8aPHRP6+ecRpEmDJSGmrGjRYsiT
MGOeHCmz5st/fnLq1JnKT8+cP33uFLqzp1GgNjmuvFiSacGVIIFOGTo0KNWfU636mUq161avYHNO
CXqToNKyA1O1dHoWpU2FPIUeBRqXrl2ieB2SXEgzoUa9bwPjFBw151OBOs3u3YhW5sq+D/W2Pdj0
JFS/ey8rfsuR6MGihCcCjoxRc8aFahm3DP3QacGdh6ntdLk6KdoprfdCXkyZpOmKmYNvpNaTpFrX
vDdP/C0R9uejwdm+3V0x1WjllK/HpC3ZJHOKk1M6//883u1q6YwVa6QeWW1q4cn3Wk8vfD79p8ep
TVVNfK1L5Re9p5pj/eUHl1Fw0XWfQmdJxx5DkPVnWlP9ZeSfbBYiZ9xyvmnIYEcFWmQdcSNaxZeC
AMZH30jSoffZQCPl1CKJDv1V42EoSeiSWrt56JZA9vnIm3+NBdaZHxfWhtNPGGmHkIv3HWWUewcJ
6JeIBFn3IGYdOfnkfwRtaRaY9FWG3XDRoekUT5MpJmZvabXYoW5zRQiYUmD2VRxaxFFnY4rDKfna
j/FVmJtrtL3204SxhcTcUv/cuKB6MEpJ01oGsbgnQvbRR+WVZIqk1XUUWrngo4ANhVyLVjGVmpyw
Zv+WaIBgCrniXa8CKVuDS0oa0nFpYhoWVUPCx+B/3xGaqVAQodhaS4Bdl1WRDYJ5p6XurXqTRtzJ
5dNPCDZ7mnmpcCXgb9d1umZiRcb4FYtwvtSdbFNAG+KALsLak34ooJAVXsUCy9Sss8oK66Uqfkjc
FAw37K+XDZllmHWddlTVhUjWBjCnZZULcYf2cpvfewFO0e/JmVkqY42CThoRux+aVa7JNPtr81Sh
KtUdYzIC+W25X03FFcLwGmfvyH0CFbJ+K8v8z1gWzYbTULqWe/LVKCBJ6kbe7ltmsbxy1HCRVdbM
cGrW+bvfnBEntCdW78oWrVzNybbVq3aLtWiSq0H/zC3DN59cb5xr5SeijT/79NraP341LjU2nwuk
zTpme3iSvO00lpabFtRq5qMiKRZPQGaFqZLaXtQXv1j7i6RiluMYcspyjf3kVx/f/jBCNN9pcKiB
0ob7hSBHXbhQp8uK2N1RA61noXxN3q/JrkvWN3HA2boRw12nZTtDyG2VNULi/yulQ5bzbTFXz9WI
MM86zXhRwz5FjbPxxF9++q7iXx2poTQyj3BSoqGzpUcnQjMMRmzGKddV6XwiYlb9WmIXt1HsRLfj
nkNwliW6RaZANUOBQ4gCuJ0BB0JbIc/aPNgaP+wuUybTDsSo9B8S2kV/fcLW15Y3ksFF6l0KDNbU
/4oWJi0BBWs4K1+/3pQe4CWHaeIx4JlQwz2UfC8tXOrQpphEorvJjEg5ZJHcROSe+IlFik3BVtcM
JCLBZa11/pLId5gXJrFY5mQeKZ/vfHWgTzEtgQmE0WRudJ4BpmYr3KuL6ii2RqDtjTbUg+MSsfQk
EBFqLVVkTMNGk6wwnY1EavskFiOzmzLqDVg/HMyksNe1CnmwJ+aqSNGw17zaTc9m0/MVH+PFH4/o
x4dL4uBJrGY2wdEshYBK5W2C6KauqO518KJYrUDGPeGtzlgGeklOrnbMn4GLR99qJbcwpZ6tcOtd
vGxNw0wmI/uNzVuKYo9HPEbB7hlmYL55CvYiFf+kxXyFLXl7ndNwtBFiTu+aL9mnPmukxik9TWla
AqZKyuJChnHLe2q76Oh65Cj5pJBW7xnJyPIZp52FsTiqs+gaY8S+8/iSnwKJZL8CKtI4jlJCJL3M
ej4JS6hJM1u+q0gmYag2RSGGLKey2y49pC2XZYlE00INOJE3sBv1sGaaotfJSlS5rh4ufe5RKdNy
lxuBMDBixMQNTN1CtcXQi2QuEWk2M5azYm1meO7hKlBDtFegVnSrrOOmQmF60XSSxIBAm85QgdSR
dZK1jgqMH7KMUrijhUh/xwkSODdHsZ9WTGLOYpFM3Xi1UhbUqeTDmRQ5tCBiMkZSCythXoGqV2n/
IjCcQVOgV5ckMjJ2lp8/0+BvfeOkij1TgaNFIssGtr8ABbVsYxEmQbOno8jttXn6MdUJ0wLEoU3w
p5WbmKE8Z58Lkncln/UcTogTuGO+NFL4IRGRKik0xrGWMhUVqUcrmTq3koifgIwo6aq1Gma+9lx1
he9vtTum2sgUag/MkmZ9qT5EWhS1TWKngp00z87OlkbpyhiaYDSWdq6KgvL5bGGna5z0QgsxWVqi
iV5aIt5YjyWIzCZM/mJdD3OORzdB5bb+1zKA6kVVQ+oPEQeUrtEI2XArJiJd+zIb8574qJ315pTQ
p55Ega+vJbMv+FqWHZIqi3xKxeJ4lcXJO9Vm/7gwrmS0GLkvH3sYQlmyDfySWbUVK8dwU2zTZvLG
Qa2FKlqEIyeOEPQ+Sy44JM7BZzrVytiEmcRrYx7ssZDlxNzs8odBGa+rgkcRTMPOvMVdXnEeS53H
VnKHuWLymp+blhHpyCQxwgxezAlWuWnZzj4uWA6djNCcwghmOBIojCwNEicKuW2eG2dTJZLeZimV
ks1WZWcLVKJtgxfY4PImjcSDazWG88UDgjZJ6AqleM1TccZqjLAuOMHeyEnCKvZmpZHju07zjGPM
lqO0Jdw1onh2kdzdMkSMm2kymdJRSWtPtW3MaICTbdmTYnCTFA2p4MVOe6CuSsHxdkE8dbqfX/87
DmxcpSWMJ1l1KRuRuxO8bpcx8VnLsdaOaoLKnCm6zAJfJLIrvegHmteweUbNjpEuKJwGyK5X+jZt
mPtstHwq4BRX0kYf9HTlRLNzGMawqwVDZs2AmSXFK56XcUrtib/mbhFiyB7VNUzW+KXqp+Wrijs6
HIEN+dQ64tt/fgtyXemmZ5iBeUlY+Heod/3iofnq0QUOvdbkzpd+j1WmqhQRv8ntzG6zO57AWh+3
winwjXcZmXQaLj4TmYLA6yTXa+328Jiwk5ziq7/V6yVyFh4m0sQ95/U50ThDHd9ZJPppqtrtx/Iq
znoB9BQHTS34OJfW8Q6bbhq1Q7T0iICV8ptWy8NOXOGLi8x2b7H5SWMZ5ZOfn3h3vxw5g2L4Yv0j
Hda4TPQPHpMyqqDKxmLpl3zyt3RAMnmscXMTNVjrh4DgcX9lNYAyg33rJ3e/Vzdmtl35h30GERAA
Ow==] C:\Users\Home\AppData\Local\Temp\win.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.co.uk/s/v/63.16/uploader2.cab (UploadListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://inchnm03.tcs.com/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/10/07 19:51:06 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/10/07 19:49:25 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTM.exe
[2010/10/02 23:14:03 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/10/02 16:31:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/10/02 16:31:03 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/02 16:31:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/02 16:31:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/10/02 16:30:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/10/02 00:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/02 00:51:24 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/09/23 19:09:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/20 19:04:11 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Malwarebytes
[2010/09/20 19:04:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/20 19:04:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/20 19:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/20 19:01:27 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Home\Desktop\mbam-setup.exe
[2010/09/20 18:46:58 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\TFC.exe
[2010/09/19 17:58:01 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010/09/16 01:02:24 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2010/09/15 01:20:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/15 01:19:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/09/15 01:16:53 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\malware removal
[2010/09/15 01:00:55 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/09/13 19:17:52 | 000,000,000 | -HSD | C] -- C:\Users\Home\.COMMgr
[2010/09/13 19:17:37 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/09/13 19:17:32 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\D3ADD88C79438E06E44D32E19B9A55BD
========== Files - Modified Within 30 Days ==========
[2010/10/07 20:00:14 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A65F5209-7875-4623-BD41-CEFBD59CC1B4}.job
[2010/10/07 20:00:14 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7FBA0C7D-C412-4974-BE03-F7065C3D79FB}.job
[2010/10/07 19:59:30 | 002,097,152 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT
[2010/10/07 19:56:23 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/07 19:56:21 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/07 19:56:21 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/07 19:56:13 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/07 19:56:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/07 19:56:03 | 4251,828,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/07 19:55:05 | 000,524,288 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/10/07 19:55:05 | 000,065,536 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/10/07 19:55:03 | 002,567,721 | -H-- | M] () -- C:\Users\Home\AppData\Local\IconCache.db
[2010/10/07 19:53:36 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/07 19:53:36 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/07 19:53:36 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/07 19:49:31 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTM.exe
[2010/10/07 00:13:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/04 20:23:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1001UA.job
[2010/10/03 22:37:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1000UA.job
[2010/10/03 15:23:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1001Core.job
[2010/10/02 16:30:45 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/02 16:30:45 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/02 16:30:45 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/10/02 16:30:44 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/09/24 20:26:13 | 000,002,039 | ---- | M] () -- C:\Users\Home\Desktop\Google Chrome.lnk
[2010/09/24 20:26:13 | 000,002,001 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/20 20:36:55 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010/09/20 20:34:43 | 000,000,680 | ---- | M] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
[2010/09/20 19:04:04 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/20 19:01:33 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Home\Desktop\mbam-setup.exe
[2010/09/20 18:47:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\TFC.exe
[2010/09/19 21:32:38 | 000,001,048 | ---- | M] () -- C:\Users\Home\Desktop\Google Talk.lnk
[2010/09/15 01:19:16 | 000,000,746 | ---- | M] () -- C:\Users\Home\Desktop\ERUNT.lnk
[2010/09/13 20:10:08 | 000,019,968 | ---- | M] () -- C:\Users\Home\Desktop\Swiss Expenses.xls
========== Files Created - No Company Name ==========
[2010/09/30 00:33:31 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/09/20 19:04:04 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/20 19:04:00 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/19 21:32:38 | 000,001,048 | ---- | C] () -- C:\Users\Home\Desktop\Google Talk.lnk
[2010/09/16 01:02:36 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\spoolsv.exe
[2010/09/16 01:02:24 | 000,295,424 | ---- | C] () -- C:\Windows\SysNative\MP4SDECD.DLL
[2010/09/16 01:02:22 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2010/09/16 00:58:10 | 000,622,080 | ---- | C] () -- C:\Windows\SysNative\usp10.dll
[2010/09/15 01:19:16 | 000,000,746 | ---- | C] () -- C:\Users\Home\Desktop\ERUNT.lnk
[2010/09/13 20:10:08 | 000,019,968 | ---- | C] () -- C:\Users\Home\Desktop\Swiss Expenses.xls
[2009/10/31 19:16:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/20 17:52:55 | 009,771,742 | ---- | C] () -- C:\Users\Home\AppData\Local\VSMsiLog2AA9.txt
[2009/09/20 17:51:25 | 000,037,039 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_MSDN_vs_90.txt
[2009/09/20 17:51:14 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_error_msdn_vs_90.txt
[2009/09/20 17:51:13 | 000,258,736 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_install_msdn_vs_90.txt
[2009/09/20 17:48:16 | 000,188,218 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SqlPubWiz.msi271A.txt
[2009/09/20 17:48:08 | 000,283,760 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_RefInt_x64_MSI2700.txt
[2009/09/20 17:47:51 | 000,549,116 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_NetFxTools_x64_MSI26C9.txt
[2009/09/20 17:47:36 | 000,440,290 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Win32Tools_x64_MSI2698.txt
[2009/09/20 17:46:24 | 005,358,798 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Build_x64_MSI25AD.txt
[2009/09/20 17:46:06 | 000,653,338 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Tools_x64_MSI2572.txt
[2009/09/20 17:45:06 | 002,501,282 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_CrystalReports2007_x64_MSI24AE.txt
[2009/09/20 17:40:43 | 004,652,682 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_CrystalReports2007_MSI2153.txt
[2009/09/20 17:40:20 | 001,222,686 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_RDBG_AMD64_MSI2108.txt
[2009/09/20 17:38:48 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/20 17:33:11 | 000,488,718 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_64bitEmulator_MSI1B8F.txt
[2009/09/20 17:32:10 | 005,155,436 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WMSP_5_0_MSI1AC8.txt
[2009/09/20 17:30:43 | 007,073,050 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WMPPC_5_0_MSI19AC.txt
[2009/09/20 17:30:24 | 000,739,886 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SSCEDeviceRuntime_MSI196E.txt
[2009/09/20 17:30:16 | 000,331,702 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SQLCEToolsForVS2007_MSI1953.txt
[2009/09/20 17:30:07 | 000,357,614 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SSCERuntime_MSI1936.txt
[2009/09/20 17:29:20 | 000,842,960 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_VSTOR_MSI189D.txt
[2009/09/20 17:28:45 | 001,049,088 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NETCFSetupv35_MSI182A.txt
[2009/09/20 17:28:09 | 001,293,660 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NETCFSetupv2_MSI17B5.txt
[2009/09/20 17:00:05 | 053,868,066 | ---- | C] () -- C:\Users\Home\AppData\Local\VSMsiLog0239.txt
[2009/09/20 16:55:45 | 002,870,540 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_Dexplorer90_retMSI7EE8.txt
[2009/09/20 16:55:35 | 000,347,944 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_PreReq_AMD64_MSI7EC8.txt
[2009/09/20 16:54:04 | 001,864,064 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NET_Framework35_x64_MSI7D9F.txt
[2009/09/20 16:53:05 | 000,175,713 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/09/20 16:53:01 | 000,131,474 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_dotnetfx35install.txt
[2009/09/20 16:53:01 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_dotnetfx35error.txt
[2009/09/20 16:52:41 | 000,837,792 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_VC_MinRed_MSI7C90.txt
[2009/09/20 16:50:28 | 000,191,477 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_VS_PRO_90.txt
[2009/09/20 16:50:18 | 000,621,994 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_install_vs_procore_90.txt
[2009/09/20 16:50:18 | 000,037,810 | ---- | C] () -- C:\Users\Home\AppData\Local\uxeventlog.txt
[2009/09/20 16:50:18 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_error_vs_procore_90.txt
[2009/09/17 18:19:54 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/29 08:11:44 | 000,568,850 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2009/08/29 08:11:43 | 000,856,064 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/08/29 08:11:43 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/08/29 08:11:42 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/08/29 08:11:35 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/08/29 08:11:35 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009/08/03 20:05:19 | 000,000,200 | ---- | C] () -- C:\Users\Home\AppData\Roaming\wklnhst.dat
[2009/07/31 02:45:20 | 000,000,680 | ---- | C] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
[2008/01/21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/21 03:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >
Hi,
jmw3, he will be offline for a week or so but will let him know you said thanks.
You have some strange entries on your log, one that was not removed with OTL, not sure what thats all about, I need to look into it and will be back soon
Hi,
I know you are busy helping all here. I am replying just to say that I am waiting for your advise and I am not yet completely cured. I thought you may feel my system was alrigt if I didnt reply to this thread. I will wait till you give any further advice. Please dont consider this message as a chaser. Thanks.
Hi,
My bad :red:, lost your link to this thread. Lets do this
Download OTS.exe (http://oldtimer.geekstogo.com/OTS.exe) by OldTimer to your Desktop.
Close any open browsers.
Double-click on OTS.exe to start the program.
Leave all settings as they appear as default, except for the following:
Under Drivers, select "All".
Under Additional Scans, click on the "Extra" button.
Now click the Run Scan button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file
Use the Reply button and attach the notepad file here (Do not copy and paste in a reply, Attach the file ).
Hi ,
I am attaching the OTS.txt. The scan didnt take long. It compelted in a few minutes.
HI,
Start OTS.
Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
[Unregister Dlls]
[Registry - Safe List]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "Lvgciejlna.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ ->
YN -> /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ->
YN -> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm ->
YN -> AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/ ->
YN -> MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm ->
YN -> ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/ ->
YN -> mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm ->
YN -> zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/ ->
YN -> /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ ->
YN -> AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA ->
YN -> M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ ->
YN -> ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A ->
YN -> mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z ->
YN -> zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA ->
YN -> AAj/AP8JHEiwoMGDCBMqXMiwocOHECMypCaxosWLGCkK1JiQosd/H0OCHCnSI7WSJ0dujMhxZUI/ ->
YN -> A1tO7KiyJsabDFMdlInzYiqYCEWuLBmz6Ec/qYgK7bmQ50WnC3UWtWnRqcyPLv/5AUoQalaqUWGK ->
YN -> lNp0KtVUZJmq3cl2bcStFb0qREoz7sCkaauaXTu25lKIVtuO3CrX6N66AuFe7Qp4JF6JHCMLdisw ->
YN -> L+WG1H4+RMtYoUy4k/9Zjsr5ZmClJFMvXX13Z+HQX6du5Vp2oOLaiWkf3h0bLdmrryHjDS548WKc ->
YN -> ugnSjZgXafKDy1kqfOyZ+NPM2CVLZswzrfbUnf3G/8z783bQnaO1mieoOXbOgiepgzXs/jJ95pc1 ->
YN -> wiwPGv5DuaXZZtpdSXlmUEqYUeUVVvdRhBdn22VlGYOQ5ZZUfwxixxtFYimY21be8RaUb12dZGJ8 ->
YN -> B0aY33/ZTZcRdDqB2FB6BukEoHNxmZjUiScmWCGF/g31n1/YocXRb+E9NNs/UzRJ22kT2lRgbKBx ->
YN -> iCGPWA53ZHEH0TjkeT8GudGO6VmHo2gwNTmFXC15uRs1hJmEYn8jIpikQ24OGVJLKoq5EZYKGrnj ->
YN -> hrYhVWRmMaLQ5HzbeafjoyeCKJWKS8aEaGB51pSpdLFpZF2KILVZYosGnVnZk6moueOhg/IYqlPD ->
YN -> of/1HGlGOmTdpgYax5OdIhZ34pT+xXqbldzBOYWi8fVYGavMUlfegXXV2t5M87GHG2Jgqmfqfz9N ->
YN -> 4Ye3utkoGpxGaqRZrHACGpOar3k6nGh/lndospklp6GAldLkB6Kj0cinYZH9JDC4f3oaqnPf8vdk ->
YN -> Qakoeqy3ReGlpqIo+Daoeg03GSDDDicU65RHAiXVaBw6afHH8UllqGi+IUVifeJG2N+g5b40hW/1 ->
YN -> CnzyaCAivNy3FN+cUkrfTpzWg0w6rDG6tjV5JL+uwWvb0TupeXOX+/Gr9a9wSnqvy+BNHeVQ/FpM ->
YN -> jaIun2ziSi47J3DaKm9ltaIqoRU0CkA1CvTDyFr/mlSTij7mlbjwtmc4Yz8FPbLaXk4r62w3C13v ->
YN -> bJTTWa1n3wbcrNY7M16v1eAODLqWeY+kZtFOVjYc4LV21FKVU0v9IOhgV2agckaCC/m+ICk8m6BF ->
YN -> 2tpV4FTRtTbDnXfG97G5P2xy5yc7nKrzxifWce+ksnyXyFh17tyx/xCvX31O+SwpZzZ+W3mH9c24 ->
YN -> qEHeXm0a6FNoNXq+p1qsqrGnC+skq4IyEl2gBzyuUENjTFpTa5gELJDArWWlKY93ziRBtagvK3KT ->
YN -> X9igFRv67c1hC6vXvVKFNgcGjTD2KyHyCIgznK3NRH5A2wFvRqLp3cxtr7OctignMI7IzTo5i07T ->
YN -> /yZVGatlayFLmtvEnLYsnCGkaAa0mtv6V7bEWMZGEHqd9byFluc9Dm8tNJvHQuezST1rJt1pW9EI ->
YN -> N8NUla5goYJWvk4COOcdq23iqVHGKraSY6EAbUihmJXMJqdxkaWFZQMc71S4Rf2YKkPbM1TX5Haw ->
YN -> 9bSPISb73A0hBj8MEWhlBYkh6v4HEec4jFVWu9D/OFSgZD3IbXCL1/R0ohMmDsRJMsITUm54kp5J ->
YN -> Kpc9ISHbIKY+mOCoaHwCDXlkZUcE9gZ6IKFelWL4MBteCIAPepCV1oe6B/VNIKe75JhW1kWJFTNG ->
YN -> N8zj5RAyvT+9L2EFOR0sWxnAKaEOb9Lbme04mP9C3u2pjvJUXXYG6qCtaWiGN8ygodYIJIYJMZqa ->
YN -> 4aZWUiUwbPHmgpnp2wFRELH/nRGH6drRbO7GtzK55iR/XNM8u7U8FEDtOIYsktnY5c2rwQlZIiyV ->
YN -> Dk+VUF/uS32O9FND4JnASb1vI7isp9QEKiiledCiZUPdGFOpsIZ6zH40JInTuuitgZLJbVh7WwV/ ->
YN -> h7+JXgSBqSsiV2z40IlaTCueAijoxDc0ci3nKtWEzi4VuMD1TQShDvKNxhD6k3kxq3KFlRvlHITY ->
YN -> BQFmq0cVDRd3169QRnF0CCUljxoInTvCBy9vXCpjKpfH6dUumpsMnazIRFBmTe53p+IhTswVuKX/ ->
YN -> NQ9iZ8NtKAu1r1cusW13I2JBN9shlDKPZVhpbYjkNLRifitpZBxp/AKnMCFFxrD8AReiGuuhT7GU ->
YN -> r4lh4gEt2Z62iXWUW5WVUzc2lVaqhJo3BJ4rE+tej0Dwp8BSrHO2e0cvpu2/Zlvtaslq18aWTWe4 ->
YN -> 4p/QtDVDOj4XTWK1mG42OjHV2HE/O0sJuuLzsH258qcl6dnbQGTVlcRIutczjA631DSv9RJyu+pV ->
YN -> ZwmWtxmqJ74EOpny1ou45WXKlcYCI6A0JCvY+Oc55ZkY5dhJsqIgzE6T9DCu/DRe3hEIXMfikxvR ->
YN -> NFFYjhJv3Elg0CJkrhbCBW9AGu6v5kk+zRS0/0A7opiVd0jJxAgVTYrx1JKbGKBbGbAr2SVP2ubi ->
YN -> Ri6+dV1ShI8rp9Ynl7CPbPYddMGI6x12IZG0m7lPjXiVJGC6hGhGFBsRLSLBOPW2R66SrDr/xDZ4 ->
YN -> LQhSHCqUe3vnwEcPNXIP3gun75STnYrHaj5kb0YQ1KIjBWjFmnbdr07ay/M02SE/q26SPsWeObdF ->
YN -> w+KdqGP5KRmaqasmZO2ZwY4zwqFdLmdC6oyX/iIlWy+ZPOZOt15sEtgp06TRk+pRWx2omh7R8y0m ->
YN -> NQu1X3K7i1HrS0utl1aMHGZ2ZyUzgF7VxbBb7RH3KdjFjZqojqgSg4Wn230GmIyFV5pZsaWQvP/u ->
YN -> UuzGhOpdn2WfLN8Ijhq9atEifDoQHzhMOxUvsUxL0akBmZGvIsDWKitexzPxYI485yByNswLvBMk ->
YN -> MTXQOH585DM65NWPfp1lnyc4yX3iz4N0skH/a51dkjAh9Yl2fvLc2L9Z1bjoJZ03cz3qrFZNbXIO ->
YN -> r12qZtZOvq9dI3zewrv4I/KJkL3vTBIIjWfRVSEontZCFkn+CsGx1B7j8f4q3sinOk/RtSTZ4/iU ->
YN -> I53upg+byd2u8jmOyuBQ7xXEAfNssAx8OkhSHZiMThmP+6hGqz+5y8WJ9aRzat4V7bidtQyp0FNr ->
YN -> 8V/xfbaAtCqTEL8jTz94ME3q4VfdXi3Ql1B3flBNe6h8Xzi/OezvUx4Y1ssbjqhR+tW/HhVLGf9A ->
YN -> sGd42/E0suHbxz+owRrO13uA4X//x05/xnOpR38BaBfXgXUsAi3JlX09cX4HeIFMYYEVgSMXYnge ->
YN -> OE8gGGEHSHP20X494WXclIIqiFgoOHdiQmYCF4MYERAAOw==" -> C:\Users\Home\AppData\Local\Temp\login.exe [C:\Users\Home\AppData\Local\Temp\login.exe]
YN -> "Lvgciejlqcchonline.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ ->
YN -> /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ->
YN -> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm ->
YN -> AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/ ->
YN -> MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm ->
YN -> ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/ ->
YN -> mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm ->
YN -> zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/ ->
YN -> /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ ->
YN -> AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA ->
YN -> M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ ->
YN -> ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A ->
YN -> mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z ->
YN -> zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA ->
YN -> AAj/AP8JHEiwoMGDCBMqXGgwFcOHECNKnLiQGjWKES8K1DiQI8aPHRP6+ecRpEmDJSGmrGjRYsiT ->
YN -> MGOeHCmz5st/fnLq1JnKT8+cP33uFLqzp1GgNjmuvFiSacGVIIFOGTo0KNWfU636mUq161avYHNO ->
YN -> CXqToNKyA1O1dHoWpU2FPIUeBRqXrl2ieB2SXEgzoUa9bwPjFBw151OBOs3u3YhW5sq+D/W2Pdj0 ->
YN -> JFS/ey8rfsuR6MGihCcCjoxRc8aFahm3DP3QacGdh6ntdLk6KdoprfdCXkyZpOmKmYNvpNaTpFrX ->
YN -> vDdP/C0R9uejwdm+3V0x1WjllK/HpC3ZJHOKk1M6//883u1q6YwVa6QeWW1q4cn3Wk8vfD79p8ep ->
YN -> TVVNfK1L5Re9p5pj/eUHl1Fw0XWfQmdJxx5DkPVnWlP9ZeSfbBYiZ9xyvmnIYEcFWmQdcSNaxZeC ->
YN -> AMZH30jSoffZQCPl1CKJDv1V42EoSeiSWrt56JZA9vnIm3+NBdaZHxfWhtNPGGmHkIv3HWWUewcJ ->
YN -> 6JeIBFn3IGYdOfnkfwRtaRaY9FWG3XDRoekUT5MpJmZvabXYoW5zRQiYUmD2VRxaxFFnY4rDKfna ->
YN -> j/FVmJtrtL3204SxhcTcUv/cuKB6MEpJ01oGsbgnQvbRR+WVZIqk1XUUWrngo4ANhVyLVjGVmpyw ->
YN -> Zv+WaIBgCrniXa8CKVuDS0oa0nFpYhoWVUPCx+B/3xGaqVAQodhaS4Bdl1WRDYJ5p6XurXqTRtzJ ->
YN -> 5dNPCDZ7mnmpcCXgb9d1umZiRcb4FYtwvtSdbFNAG+KALsLak34ooJAVXsUCy9Sss8oK66Uqfkjc ->
YN -> FAw37K+XDZllmHWddlTVhUjWBjCnZZULcYf2cpvfewFO0e/JmVkqY42CThoRux+aVa7JNPtr81Sh ->
YN -> KtUdYzIC+W25X03FFcLwGmfvyH0CFbJ+K8v8z1gWzYbTULqWe/LVKCBJ6kbe7ltmsbxy1HCRVdbM ->
YN -> cGrW+bvfnBEntCdW78oWrVzNybbVq3aLtWiSq0H/zC3DN59cb5xr5SeijT/79NraP341LjU2nwuk ->
YN -> zTpme3iSvO00lpabFtRq5qMiKRZPQGaFqZLaXtQXv1j7i6RiluMYcspyjf3kVx/f/jBCNN9pcKiB ->
YN -> 0ob7hSBHXbhQp8uK2N1RA61noXxN3q/JrkvWN3HA2boRw12nZTtDyG2VNULi/yulQ5bzbTFXz9WI ->
YN -> MM86zXhRwz5FjbPxxF9++q7iXx2poTQyj3BSoqGzpUcnQjMMRmzGKddV6XwiYlb9WmIXt1HsRLfj ->
YN -> nkNwliW6RaZANUOBQ4gCuJ0BB0JbIc/aPNgaP+wuUybTDsSo9B8S2kV/fcLW15Y3ksFF6l0KDNbU ->
YN -> /4oWJi0BBWs4K1+/3pQe4CWHaeIx4JlQwz2UfC8tXOrQpphEorvJjEg5ZJHcROSe+IlFik3BVtcM ->
YN -> JCLBZa11/pLId5gXJrFY5mQeKZ/vfHWgTzEtgQmE0WRudJ4BpmYr3KuL6ii2RqDtjTbUg+MSsfQk ->
YN -> EBFqLVVkTMNGk6wwnY1EavskFiOzmzLqDVg/HMyksNe1CnmwJ+aqSNGw17zaTc9m0/MVH+PFH4/o ->
YN -> x4dL4uBJrGY2wdEshYBK5W2C6KauqO518KJYrUDGPeGtzlgGeklOrnbMn4GLR99qJbcwpZ6tcOtd ->
YN -> vGxNw0wmI/uNzVuKYo9HPEbB7hlmYL55CvYiFf+kxXyFLXl7ndNwtBFiTu+aL9mnPmukxik9TWla ->
YN -> AqZKyuJChnHLe2q76Oh65Cj5pJBW7xnJyPIZp52FsTiqs+gaY8S+8/iSnwKJZL8CKtI4jlJCJL3M ->
YN -> ej4JS6hJM1u+q0gmYag2RSGGLKey2y49pC2XZYlE00INOJE3sBv1sGaaotfJSlS5rh4ufe5RKdNy ->
YN -> lxuBMDBixMQNTN1CtcXQi2QuEWk2M5azYm1meO7hKlBDtFegVnSrrOOmQmF60XSSxIBAm85QgdSR ->
YN -> dZK1jgqMH7KMUrijhUh/xwkSODdHsZ9WTGLOYpFM3Xi1UhbUqeTDmRQ5tCBiMkZSCythXoGqV2n/ ->
YN -> IjCcQVOgV5ckMjJ2lp8/0+BvfeOkij1TgaNFIssGtr8ABbVsYxEmQbOno8jttXn6MdUJ0wLEoU3w ->
YN -> p5WbmKE8Z58Lkncln/UcTogTuGO+NFL4IRGRKik0xrGWMhUVqUcrmTq3koifgIwo6aq1Gma+9lx1 ->
YN -> he9vtTum2sgUag/MkmZ9qT5EWhS1TWKngp00z87OlkbpyhiaYDSWdq6KgvL5bGGna5z0QgsxWVqi ->
YN -> iV5aIt5YjyWIzCZM/mJdD3OORzdB5bb+1zKA6kVVQ+oPEQeUrtEI2XArJiJd+zIb8574qJ315pTQ ->
YN -> p55Ega+vJbMv+FqWHZIqi3xKxeJ4lcXJO9Vm/7gwrmS0GLkvH3sYQlmyDfySWbUVK8dwU2zTZvLG ->
YN -> Qa2FKlqEIyeOEPQ+Sy44JM7BZzrVytiEmcRrYx7ssZDlxNzs8odBGa+rgkcRTMPOvMVdXnEeS53H ->
YN -> VnKHuWLymp+blhHpyCQxwgxezAlWuWnZzj4uWA6djNCcwghmOBIojCwNEicKuW2eG2dTJZLeZimV ->
YN -> ks1WZWcLVKJtgxfY4PImjcSDazWG88UDgjZJ6AqleM1TccZqjLAuOMHeyEnCKvZmpZHju07zjGPM ->
YN -> lqO0Jdw1onh2kdzdMkSMm2kymdJRSWtPtW3MaICTbdmTYnCTFA2p4MVOe6CuSsHxdkE8dbqfX/87 ->
YN -> DmxcpSWMJ1l1KRuRuxO8bpcx8VnLsdaOaoLKnCm6zAJfJLIrvegHmteweUbNjpEuKJwGyK5X+jZt ->
YN -> mPtstHwq4BRX0kYf9HTlRLNzGMawqwVDZs2AmSXFK56XcUrtib/mbhFiyB7VNUzW+KXqp+Wrijs6 ->
YN -> HIEN+dQ64tt/fgtyXemmZ5iBeUlY+Heod/3iofnq0QUOvdbkzpd+j1WmqhQRv8ntzG6zO57AWh+3 ->
YN -> winwjXcZmXQaLj4TmYLA6yTXa+328Jiwk5ziq7/V6yVyFh4m0sQ95/U50ThDHd9ZJPppqtrtx/Iq ->
YN -> znoB9BQHTS34OJfW8Q6bbhq1Q7T0iICV8ptWy8NOXOGLi8x2b7H5SWMZ5ZOfn3h3vxw5g2L4Yv0j ->
YN -> Hda4TPQPHpMyqqDKxmLpl3zyt3RAMnmscXMTNVjrh4DgcX9lNYAyg33rJ3e/Vzdmtl35h30GERAA ->
YY -> Ow==" -> C:\Users\Home\AppData\Local\Temp\win.exe [C:\Users\Home\AppData\Local\Temp\win.exe]
[Purity]
[Empty Temp Folders]
[Start Explorer]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTS log.
All Processes Killed
[Registry - Safe List]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlna.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AAj/AP8JHEiwoMGDCBMqXMiwocOHECMypCaxosWLGCkK1JiQosd/H0OCHCnSI7WSJ0dujMhxZUI/ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\A1tO7KiyJsabDFMdlInzYiqYCEWuLBmz6Ec/qYgK7bmQ50WnC3UWtWnRqcyPLv/5AUoQalaqUWGK not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\lNp0KtVUZJmq3cl2bcStFb0qREoz7sCkaauaXTu25lKIVtuO3CrX6N66AuFe7Qp4JF6JHCMLdisw not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\L+WG1H4+RMtYoUy4k/9Zjsr5ZmClJFMvXX13Z+HQX6du5Vp2oOLaiWkf3h0bLdmrryHjDS548WKc not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ugnSjZgXafKDy1kqfOyZ+NPM2CVLZswzrfbUnf3G/8z783bQnaO1mieoOXbOgiepgzXs/jJ95pc1 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\wiwPGv5DuaXZZtpdSXlmUEqYUeUVVvdRhBdn22VlGYOQ5ZZUfwxixxtFYimY21be8RaUb12dZGJ8 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\B0aY33/ZTZcRdDqB2FB6BukEoHNxmZjUiScmWCGF/g31n1/YocXRb+E9NNs/UzRJ22kT2lRgbKBx not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\iCGPWA53ZHEH0TjkeT8GudGO6VmHo2gwNTmFXC15uRs1hJmEYn8jIpikQ24OGVJLKoq5EZYKGrnj not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\hrYhVWRmMaLQ5HzbeafjoyeCKJWKS8aEaGB51pSpdLFpZF2KILVZYosGnVnZk6moueOhg/IYqlPD not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\of/1HGlGOmTdpgYax5OdIhZ34pT+xXqbldzBOYWi8fVYGavMUlfegXXV2t5M87GHG2Jgqmfqfz9N not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\4Ye3utkoGpxGaqRZrHACGpOar3k6nGh/lndospklp6GAldLkB6Kj0cinYZH9JDC4f3oaqnPf8vdk not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Qakoeqy3ReGlpqIo+Daoeg03GSDDDicU65RHAiXVaBw6afHH8UllqGi+IUVifeJG2N+g5b40hW/1 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CnzyaCAivNy3FN+cUkrfTpzWg0w6rDG6tjV5JL+uwWvb0TupeXOX+/Gr9a9wSnqvy+BNHeVQ/FpM not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\jaIun2ziSi47J3DaKm9ltaIqoRU0CkA1CvTDyFr/mlSTij7mlbjwtmc4Yz8FPbLaXk4r62w3C13v not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\bJTTWa1n3wbcrNY7M16v1eAODLqWeY+kZtFOVjYc4LV21FKVU0v9IOhgV2agckaCC/m+ICk8m6BF not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\2tpV4FTRtTbDnXfG97G5P2xy5yc7nKrzxifWce+ksnyXyFh17tyx/xCvX31O+SwpZzZ+W3mH9c24 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\qEHeXm0a6FNoNXq+p1qsqrGnC+skq4IyEl2gBzyuUENjTFpTa5gELJDArWWlKY93ziRBtagvK3KT not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\X9igFRv67c1hC6vXvVKFNgcGjTD2KyHyCIgznK3NRH5A2wFvRqLp3cxtr7OctignMI7IzTo5i07T not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\/yZVGatlayFLmtvEnLYsnCGkaAa0mtv6V7bEWMZGEHqd9byFluc9Dm8tNJvHQuezST1rJt1pW9EI not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\N8NUla5goYJWvk4COOcdq23iqVHGKraSY6EAbUihmJXMJqdxkaWFZQMc71S4Rf2YKkPbM1TX5Haw not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\9bSPISb73A0hBj8MEWhlBYkh6v4HEec4jFVWu9D/OFSgZD3IbXCL1/R0ohMmDsRJMsITUm54kp5J not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Kpc9ISHbIKY+mOCoaHwCDXlkZUcE9gZ6IKFelWL4MBteCIAPepCV1oe6B/VNIKe75JhW1kWJFTNG not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\N8zj5RAyvT+9L2EFOR0sWxnAKaEOb9Lbme04mP9C3u2pjvJUXXYG6qCtaWiGN8ygodYIJIYJMZqa not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\4aZWUiUwbPHmgpnp2wFRELH/nRGH6drRbO7GtzK55iR/XNM8u7U8FEDtOIYsktnY5c2rwQlZIiyV not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Dk+VUF/uS32O9FND4JnASb1vI7isp9QEKiiledCiZUPdGFOpsIZ6zH40JInTuuitgZLJbVh7WwV/ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\h7+JXgSBqSsiV2z40IlaTCueAijoxDc0ci3nKtWEzi4VuMD1TQShDvKNxhD6k3kxq3KFlRvlHITY not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BQFmq0cVDRd3169QRnF0CCUljxoInTvCBy9vXCpjKpfH6dUumpsMnazIRFBmTe53p+IhTswVuKX/ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NQ9iZ8NtKAu1r1cusW13I2JBN9shlDKPZVhpbYjkNLRifitpZBxp/AKnMCFFxrD8AReiGuuhT7GU not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\r4lh4gEt2Z62iXWUW5WVUzc2lVaqhJo3BJ4rE+tej0Dwp8BSrHO2e0cvpu2/Zlvtaslq18aWTWe4 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\4p/QtDVDOj4XTWK1mG42OjHV2HE/O0sJuuLzsH258qcl6dnbQGTVlcRIutczjA631DSv9RJyu+pV not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ZwmWtxmqJ74EOpny1ou45WXKlcYCI6A0JCvY+Oc55ZkY5dhJsqIgzE6T9DCu/DRe3hEIXMfikxvR not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NFFYjhJv3Elg0CJkrhbCBW9AGu6v5kk+zRS0/0A7opiVd0jJxAgVTYrx1JKbGKBbGbAr2SVP2ubi not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Ri6+dV1ShI8rp9Ynl7CPbPYddMGI6x12IZG0m7lPjXiVJGC6hGhGFBsRLSLBOPW2R66SrDr/xDZ4 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\LQhSHCqUe3vnwEcPNXIP3gun75STnYrHaj5kb0YQ1KIjBWjFmnbdr07ay/M02SE/q26SPsWeObdF not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\w+KdqGP5KRmaqasmZO2ZwY4zwqFdLmdC6oyX/iIlWy+ZPOZOt15sEtgp06TRk+pRWx2omh7R8y0m not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NQu1X3K7i1HrS0utl1aMHGZ2ZyUzgF7VxbBb7RH3KdjFjZqojqgSg4Wn230GmIyFV5pZsaWQvP/u not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\UuzGhOpdn2WfLN8Ijhq9atEifDoQHzhMOxUvsUxL0akBmZGvIsDWKitexzPxYI485yByNswLvBMk not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MTXQOH585DM65NWPfp1lnyc4yX3iz4N0skH/a51dkjAh9Yl2fvLc2L9Z1bjoJZ03cz3qrFZNbXIO not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\r12qZtZOvq9dI3zewrv4I/KJkL3vTBIIjWfRVSEontZCFkn+CsGx1B7j8f4q3sinOk/RtSTZ4/iU not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\I53upg+byd2u8jmOyuBQ7xXEAfNssAx8OkhSHZiMThmP+6hGqz+5y8WJ9aRzat4V7bidtQyp0FNr not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\8V/xfbaAtCqTEL8jTz94ME3q4VfdXi3Ql1B3flBNe6h8Xzi/OezvUx4Y1ssbjqhR+tW/HhVLGf9A not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\sGd42/E0suHbxz+owRrO13uA4X//x05/xnOpR38BaBfXgXUsAi3JlX09cX4HeIFMYYEVgSMXYnge not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\OE8gGGEHSHP20X494WXclIIqiFgoOHdiQmYCF4MYERAAOw==" not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Lvgciejlqcchonline.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AAj/AP8JHEiwoMGDCBMqXGgwFcOHECNKnLiQGjWKES8K1DiQI8aPHRP6+ecRpEmDJSGmrGjRYsiT not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MGOeHCmz5st/fnLq1JnKT8+cP33uFLqzp1GgNjmuvFiSacGVIIFOGTo0KNWfU636mUq161avYHNO not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CXqToNKyA1O1dHoWpU2FPIUeBRqXrl2ieB2SXEgzoUa9bwPjFBw151OBOs3u3YhW5sq+D/W2Pdj0 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\JFS/ey8rfsuR6MGihCcCjoxRc8aFahm3DP3QacGdh6ntdLk6KdoprfdCXkyZpOmKmYNvpNaTpFrX not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vDdP/C0R9uejwdm+3V0x1WjllK/HpC3ZJHOKk1M6//883u1q6YwVa6QeWW1q4cn3Wk8vfD79p8ep not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\TVVNfK1L5Re9p5pj/eUHl1Fw0XWfQmdJxx5DkPVnWlP9ZeSfbBYiZ9xyvmnIYEcFWmQdcSNaxZeC not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AMZH30jSoffZQCPl1CKJDv1V42EoSeiSWrt56JZA9vnIm3+NBdaZHxfWhtNPGGmHkIv3HWWUewcJ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\6JeIBFn3IGYdOfnkfwRtaRaY9FWG3XDRoekUT5MpJmZvabXYoW5zRQiYUmD2VRxaxFFnY4rDKfna not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\j/FVmJtrtL3204SxhcTcUv/cuKB6MEpJ01oGsbgnQvbRR+WVZIqk1XUUWrngo4ANhVyLVjGVmpyw not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Zv+WaIBgCrniXa8CKVuDS0oa0nFpYhoWVUPCx+B/3xGaqVAQodhaS4Bdl1WRDYJ5p6XurXqTRtzJ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\5dNPCDZ7mnmpcCXgb9d1umZiRcb4FYtwvtSdbFNAG+KALsLak34ooJAVXsUCy9Sss8oK66Uqfkjc not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\FAw37K+XDZllmHWddlTVhUjWBjCnZZULcYf2cpvfewFO0e/JmVkqY42CThoRux+aVa7JNPtr81Sh not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\KtUdYzIC+W25X03FFcLwGmfvyH0CFbJ+K8v8z1gWzYbTULqWe/LVKCBJ6kbe7ltmsbxy1HCRVdbM not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\cGrW+bvfnBEntCdW78oWrVzNybbVq3aLtWiSq0H/zC3DN59cb5xr5SeijT/79NraP341LjU2nwuk not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\zTpme3iSvO00lpabFtRq5qMiKRZPQGaFqZLaXtQXv1j7i6RiluMYcspyjf3kVx/f/jBCNN9pcKiB not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\0ob7hSBHXbhQp8uK2N1RA61noXxN3q/JrkvWN3HA2boRw12nZTtDyG2VNULi/yulQ5bzbTFXz9WI not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MM86zXhRwz5FjbPxxF9++q7iXx2poTQyj3BSoqGzpUcnQjMMRmzGKddV6XwiYlb9WmIXt1HsRLfj not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\nkNwliW6RaZANUOBQ4gCuJ0BB0JbIc/aPNgaP+wuUybTDsSo9B8S2kV/fcLW15Y3ksFF6l0KDNbU not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\/4oWJi0BBWs4K1+/3pQe4CWHaeIx4JlQwz2UfC8tXOrQpphEorvJjEg5ZJHcROSe+IlFik3BVtcM not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\JCLBZa11/pLId5gXJrFY5mQeKZ/vfHWgTzEtgQmE0WRudJ4BpmYr3KuL6ii2RqDtjTbUg+MSsfQk not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\EBFqLVVkTMNGk6wwnY1EavskFiOzmzLqDVg/HMyksNe1CnmwJ+aqSNGw17zaTc9m0/MVH+PFH4/o not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\x4dL4uBJrGY2wdEshYBK5W2C6KauqO518KJYrUDGPeGtzlgGeklOrnbMn4GLR99qJbcwpZ6tcOtd not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vGxNw0wmI/uNzVuKYo9HPEbB7hlmYL55CvYiFf+kxXyFLXl7ndNwtBFiTu+aL9mnPmukxik9TWla not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AqZKyuJChnHLe2q76Oh65Cj5pJBW7xnJyPIZp52FsTiqs+gaY8S+8/iSnwKJZL8CKtI4jlJCJL3M not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ej4JS6hJM1u+q0gmYag2RSGGLKey2y49pC2XZYlE00INOJE3sBv1sGaaotfJSlS5rh4ufe5RKdNy not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\lxuBMDBixMQNTN1CtcXQi2QuEWk2M5azYm1meO7hKlBDtFegVnSrrOOmQmF60XSSxIBAm85QgdSR not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dZK1jgqMH7KMUrijhUh/xwkSODdHsZ9WTGLOYpFM3Xi1UhbUqeTDmRQ5tCBiMkZSCythXoGqV2n/ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IjCcQVOgV5ckMjJ2lp8/0+BvfeOkij1TgaNFIssGtr8ABbVsYxEmQbOno8jttXn6MdUJ0wLEoU3w not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\p5WbmKE8Z58Lkncln/UcTogTuGO+NFL4IRGRKik0xrGWMhUVqUcrmTq3koifgIwo6aq1Gma+9lx1 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\he9vtTum2sgUag/MkmZ9qT5EWhS1TWKngp00z87OlkbpyhiaYDSWdq6KgvL5bGGna5z0QgsxWVqi not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\iV5aIt5YjyWIzCZM/mJdD3OORzdB5bb+1zKA6kVVQ+oPEQeUrtEI2XArJiJd+zIb8574qJ315pTQ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\p55Ega+vJbMv+FqWHZIqi3xKxeJ4lcXJO9Vm/7gwrmS0GLkvH3sYQlmyDfySWbUVK8dwU2zTZvLG not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Qa2FKlqEIyeOEPQ+Sy44JM7BZzrVytiEmcRrYx7ssZDlxNzs8odBGa+rgkcRTMPOvMVdXnEeS53H not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VnKHuWLymp+blhHpyCQxwgxezAlWuWnZzj4uWA6djNCcwghmOBIojCwNEicKuW2eG2dTJZLeZimV not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ks1WZWcLVKJtgxfY4PImjcSDazWG88UDgjZJ6AqleM1TccZqjLAuOMHeyEnCKvZmpZHju07zjGPM not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\lqO0Jdw1onh2kdzdMkSMm2kymdJRSWtPtW3MaICTbdmTYnCTFA2p4MVOe6CuSsHxdkE8dbqfX/87 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DmxcpSWMJ1l1KRuRuxO8bpcx8VnLsdaOaoLKnCm6zAJfJLIrvegHmteweUbNjpEuKJwGyK5X+jZt not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\mPtstHwq4BRX0kYf9HTlRLNzGMawqwVDZs2AmSXFK56XcUrtib/mbhFiyB7VNUzW+KXqp+Wrijs6 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\HIEN+dQ64tt/fgtyXemmZ5iBeUlY+Heod/3iofnq0QUOvdbkzpd+j1WmqhQRv8ntzG6zO57AWh+3 not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winwjXcZmXQaLj4TmYLA6yTXa+328Jiwk5ziq7/V6yVyFh4m0sQ95/U50ThDHd9ZJPppqtrtx/Iq not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\znoB9BQHTS34OJfW8Q6bbhq1Q7T0iICV8ptWy8NOXOGLi8x2b7H5SWMZ5ZOfn3h3vxw5g2L4Yv0j not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Hda4TPQPHpMyqqDKxmLpl3zyt3RAMnmscXMTNVjrh4DgcX9lNYAyg33rJ3e/Vzdmtl35h30GERAA not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Ow==" not found.
File C:\Users\Home\AppData\Local\Temp\win.exe not found.
[Purity]
Purity scan complete.
[Empty Temp Folders]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Home
->Temp folder emptied: 9733146 bytes
->Temporary Internet Files folder emptied: 192697400 bytes
->Java cache emptied: 32618 bytes
->FireFox cache emptied: 43313694 bytes
->Google Chrome cache emptied: 10541780 bytes
->Flash cache emptied: 17193 bytes
User: Public
User: vijay
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5975034 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49554 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3887650 bytes
Total Files Cleaned = 254.00 mb
< End of fix log >
OTS by OldTimer - Version 3.1.40.0 fix logfile created on 10272010_201333
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Hi
I have attached the OTS log after running the OTS fix. The fix results are posted in the above post.
All that garbage is still there, not sure what it is, never saw entries like that before. Let me check further, be back soon, don't worry I am linked this time so I wont lose you
Lets try a different approach, run OTL and post a new log.
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your Desktop
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click on Minimal Output at the top
Download the following file scan.txt to your Desktop. Click here to download it (http://www.geekstogo.com/forum/files/download/395-otl-custom-scan-file-scantxt/). You may need to right click on it and select "Save"
Double click inside the Custom Scan box at the bottom
A window will appear saying "Click OK to load a custom scan from a file or Cancel to cancel"
Click the OK button and navigate to the file scan.txt which we just saved to your desktop
Select scan.txt and click Open. Writing will now appear under the Custom Scan box
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
Those lines of gibberish are not be recognized by the tools properly that we are using , hard to explain, but we have the author going to look them over , you posted a new OTS log , just need a new OTL so we can compare and he can see whats going on.
Hi,
Seems we fighting against a more powerful enemy :devil:
Lets destroy it :bigthumb:
I got only OTL.log . Didnt get the Extras.txt log. Dont know why...
I am not able to post it here. Tooo many characters. So attaching it. Hope you dont mind.
Thats fine, just waiting to hear back from the author of those tools. Be back when I find out more info
In the meantime lets do this
Download and Run SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:reg
HKCU
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Hi,
The systemlook log below. It didnt even take 5 seconds....the notepad opened almost immediately.
----------------------------------------------------------------------
SystemLook 04.09.10 by jpshortstuff
Log created at 00:36 on 29/10/2010 by Home
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.
========== reg ==========
[HKEY_CURRENT_USER]
(No values found)
[HKEY_CURRENT_USER\AppEvents]
[HKEY_CURRENT_USER\Console]
[HKEY_CURRENT_USER\Control Panel]
[HKEY_CURRENT_USER\Environment]
[HKEY_CURRENT_USER\EUDC]
[HKEY_CURRENT_USER\HKEY_CURRENT_USER]
[HKEY_CURRENT_USER\Identities]
[HKEY_CURRENT_USER\Keyboard Layout]
[HKEY_CURRENT_USER\Network]
[HKEY_CURRENT_USER\Printers]
[HKEY_CURRENT_USER\Software]
[HKEY_CURRENT_USER\System]
[HKEY_CURRENT_USER\SessionInformation]
[HKEY_CURRENT_USER\Volatile Environment]
-= EOF =-
Not showing what i hoped , lets do it this way
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
This appears to be an easy fix but I need the export of that run key from SystemLook
Hi,
System look log below:
------------------------------------------------
SystemLook 04.09.10 by jpshortstuff
Log created at 13:14 on 29/10/2010 by Home
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.
========== reg ==========
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"Google Update"=""C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe" /c"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"swg"=""C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe""
"Lvgciejlqcchonline.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP="C:\Users\Home\AppData\Local\Temp\win.exe"
"Lvgciejlna.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv="C:\Users\Home\AppData\Local\Temp\login.exe"
-= EOF =-
Got it, thanks , looking into a fix now
Lets see if this gives us a bit more info, that gibberish is related to a buffer overrun
Double click on OTL.exe
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
hkcu\software\microsoft\windows\currentversion\run
Near the top click the None button (it may appear greyed out)
Then click the Run Scan button at the top
Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Please post the OTL log.
Good Morning,
We are ready for a fix but SystemLook may not have showed all that was supposed to be on your run keys, so as soon as you post back with the OTL report as stated in my previous post I will be able to compare the two and we can get this thing fixed
OTL logfile created on: 10/31/2010 6:25:15 PM - Run 6
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Home\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 181.10 Gb Free Space | 63.90% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.84 Gb Free Space | 53.51% Space Free | Partition Type: NTFS
Computer Name: MANJULA-HOME | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Custom Scans ==========
< hkcu\software\microsoft\windows\currentversion\run >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009/04/11 07:10:53 | 001,555,968 | ---- | M] (Microsoft Corporation)
"Google Update" = "C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2009/07/31 01:52:33 | 000,133,104 | ---- | M] (Google Inc.)
"ehTray.exe" = C:\Windows\ehome\ehTray.exe -- [2008/01/21 02:51:33 | 000,138,240 | ---- | M] (Microsoft Corporation)
"swg" = "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -- [2009/10/31 18:17:09 | 000,039,408 | ---- | M] (Google Inc.)
"Lvgciejlqcchonline.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXGgwFcOHECNKnLiQGjWKES8K1DiQI8aPHRP6+ecRpEmDJSGmrGjRYsiT
MGOeHCmz5st/fnLq1JnKT8+cP33uFLqzp1GgNjmuvFiSacGVIIFOGTo0KNWfU636mUq161avYHNO
CXqToNKyA1O1dHoWpU2FPIUeBRqXrl2ieB2SXEgzoUa9bwPjFBw151OBOs3u3YhW5sq+D/W2Pdj0
JFS/ey8rfsuR6MGihCcCjoxRc8aFahm3DP3QacGdh6ntdLk6KdoprfdCXkyZpOmKmYNvpNaTpFrX
vDdP/C0R9uejwdm+3V0x1WjllK/HpC3ZJHOKk1M6//883u1q6YwVa6QeWW1q4cn3Wk8vfD79p8ep
TVVNfK1L5Re9p5pj/eUHl1Fw0XWfQmdJxx5DkPVnWlP9ZeSfbBYiZ9xyvmnIYEcFWmQdcSNaxZeC
AMZH30jSoffZQCPl1CKJDv1V42EoSeiSWrt56JZA9vnIm3+NBdaZHxfWhtNPGGmHkIv3HWWUewcJ
6JeIBFn3IGYdOfnkfwRtaRaY9FWG3XDRoekUT5MpJmZvabXYoW5zRQiYUmD2VRxaxFFnY4rDKfna
j/FVmJtrtL3204SxhcTcUv/cuKB6MEpJ01oGsbgnQvbRR+WVZIqk1XUUWrngo4ANhVyLVjGVmpyw
Zv+WaIBgCrniXa8CKVuDS0oa0nFpYhoWVUPCx+B/3xGaqVAQodhaS4Bdl1WRDYJ5p6XurXqTRtzJ
5dNPCDZ7mnmpcCXgb9d1umZiRcb4FYtwvtSdbFNAG+KALsLak34ooJAVXsUCy9Sss8oK66Uqfkjc
FAw37K+XDZllmHWddlTVhUjWBjCnZZULcYf2cpvfewFO0e/JmVkqY42CThoRux+aVa7JNPtr81Sh
KtUdYzIC+W25X03FFcLwGmfvyH0CFbJ+K8v8z1gWzYbTULqWe/LVKCBJ6kbe7ltmsbxy1HCRVdbM
cGrW+bvfnBEntCdW78oWrVzNybbVq3aLtWiSq0H/zC3DN59cb5xr5SeijT/79NraP341LjU2nwuk
zTpme3iSvO00lpabFtRq5qMiKRZPQGaFqZLaXtQXv1j7i6RiluMYcspyjf3kVx/f/jBCNN9pcKiB
0ob7hSBHXbhQp8uK2N1RA61noXxN3q/JrkvWN3HA2boRw12nZTtDyG2VNULi/yulQ5bzbTFXz9WI
MM86zXhRwz5FjbPxxF9++q7iXx2poTQyj3BSoqGzpUcnQjMMRmzGKddV6XwiYlb9WmIXt1HsRLfj
nkNwliW6RaZANUOBQ4gCuJ0BB0JbIc/aPNgaP+wuUybTDsSo9B8S2kV/fcLW15Y3ksFF6l0KDNbU
/4oWJi0BBWs4K1+/3pQe4CWHaeIx4JlQwz2UfC8tXOrQpphEorvJjEg5ZJHcROSe+IlFik3BVtcM
JCLBZa11/pLId5gXJrFY5mQeKZ/vfHWgTzEtgQmE0WRudJ4BpmYr3KuL6ii2RqDtjTbUg+MSsfQk
EBFqLVVkTMNGk6wwnY1EavskFiOzmzLqDVg/HMyksNe1CnmwJ+aqSNGw17zaTc9m0/MVH+PFH4/o
x4dL4uBJrGY2wdEshYBK5W2C6KauqO518KJYrUDGPeGtzlgGeklOrnbMn4GLR99qJbcwpZ6tcOtd
vGxNw0wmI/uNzVuKYo9HPEbB7hlmYL55CvYiFf+kxXyFLXl7ndNwtBFiTu+aL9mnPmukxik9TWla
AqZKyuJChnHLe2q76Oh65Cj5pJBW7xnJyPIZp52FsTiqs+gaY8S+8/iSnwKJZL8CKtI4jlJCJL3M
ej4JS6hJM1u+q0gmYag2RSGGLKey2y49pC2XZYlE00INOJE3sBv1sGaaotfJSlS5rh4ufe5RKdNy
lxuBMDBixMQNTN1CtcXQi2QuEWk2M5azYm1meO7hKlBDtFegVnSrrOOmQmF60XSSxIBAm85QgdSR
dZK1jgqMH7KMUrijhUh/xwkSODdHsZ9WTGLOYpFM3Xi1UhbUqeTDmRQ5tCBiMkZSCythXoGqV2n/
IjCcQVOgV5ckMjJ2lp8/0+BvfeOkij1TgaNFIssGtr8ABbVsYxEmQbOno8jttXn6MdUJ0wLEoU3w
p5WbmKE8Z58Lkncln/UcTogTuGO+NFL4IRGRKik0xrGWMhUVqUcrmTq3koifgIwo6aq1Gma+9lx1
he9vtTum2sgUag/MkmZ9qT5EWhS1TWKngp00z87OlkbpyhiaYDSWdq6KgvL5bGGna5z0QgsxWVqi
iV5aIt5YjyWIzCZM/mJdD3OORzdB5bb+1zKA6kVVQ+oPEQeUrtEI2XArJiJd+zIb8574qJ315pTQ
p55Ega+vJbMv+FqWHZIqi3xKxeJ4lcXJO9Vm/7gwrmS0GLkvH3sYQlmyDfySWbUVK8dwU2zTZvLG
Qa2FKlqEIyeOEPQ+Sy44JM7BZzrVytiEmcRrYx7ssZDlxNzs8odBGa+rgkcRTMPOvMVdXnEeS53H
VnKHuWLymp+blhHpyCQxwgxezAlWuWnZzj4uWA6djNCcwghmOBIojCwNEicKuW2eG2dTJZLeZimV
ks1WZWcLVKJtgxfY4PImjcSDazWG88UDgjZJ6AqleM1TccZqjLAuOMHeyEnCKvZmpZHju07zjGPM
lqO0Jdw1onh2kdzdMkSMm2kymdJRSWtPtW3MaICTbdmTYnCTFA2p4MVOe6CuSsHxdkE8dbqfX/87
DmxcpSWMJ1l1KRuRuxO8bpcx8VnLsdaOaoLKnCm6zAJfJLIrvegHmteweUbNjpEuKJwGyK5X+jZt
mPtstHwq4BRX0kYf9HTlRLNzGMawqwVDZs2AmSXFK56XcUrtib/mbhFiyB7VNUzW+KXqp+Wrijs6
HIEN+dQ64tt/fgtyXemmZ5iBeUlY+Heod/3iofnq0QUOvdbkzpd+j1WmqhQRv8ntzG6zO57AWh+3
winwjXcZmXQaLj4TmYLA6yTXa+328Jiwk5ziq7/V6yVyFh4m0sQ95/U50ThDHd9ZJPppqtrtx/Iq
znoB9BQHTS34OJfW8Q6bbhq1Q7T0iICV8ptWy8NOXOGLi8x2b7H5SWMZ5ZOfn3h3vxw5g2L4Yv0j
Hda4TPQPHpMyqqDKxmLpl3zyt3RAMnmscXMTNVjrh4DgcX9lNYAyg33rJ3e/Vzdmtl35h30GERAA
Ow==" = C:\Users\Home\AppData\Local\Temp\win.exe -- File not found
"Lvgciejlna.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXMiwocOHECMypCaxosWLGCkK1JiQosd/H0OCHCnSI7WSJ0dujMhxZUI/
A1tO7KiyJsabDFMdlInzYiqYCEWuLBmz6Ec/qYgK7bmQ50WnC3UWtWnRqcyPLv/5AUoQalaqUWGK
lNp0KtVUZJmq3cl2bcStFb0qREoz7sCkaauaXTu25lKIVtuO3CrX6N66AuFe7Qp4JF6JHCMLdisw
L+WG1H4+RMtYoUy4k/9Zjsr5ZmClJFMvXX13Z+HQX6du5Vp2oOLaiWkf3h0bLdmrryHjDS548WKc
ugnSjZgXafKDy1kqfOyZ+NPM2CVLZswzrfbUnf3G/8z783bQnaO1mieoOXbOgiepgzXs/jJ95pc1
wiwPGv5DuaXZZtpdSXlmUEqYUeUVVvdRhBdn22VlGYOQ5ZZUfwxixxtFYimY21be8RaUb12dZGJ8
B0aY33/ZTZcRdDqB2FB6BukEoHNxmZjUiScmWCGF/g31n1/YocXRb+E9NNs/UzRJ22kT2lRgbKBx
iCGPWA53ZHEH0TjkeT8GudGO6VmHo2gwNTmFXC15uRs1hJmEYn8jIpikQ24OGVJLKoq5EZYKGrnj
hrYhVWRmMaLQ5HzbeafjoyeCKJWKS8aEaGB51pSpdLFpZF2KILVZYosGnVnZk6moueOhg/IYqlPD
of/1HGlGOmTdpgYax5OdIhZ34pT+xXqbldzBOYWi8fVYGavMUlfegXXV2t5M87GHG2Jgqmfqfz9N
4Ye3utkoGpxGaqRZrHACGpOar3k6nGh/lndospklp6GAldLkB6Kj0cinYZH9JDC4f3oaqnPf8vdk
Qakoeqy3ReGlpqIo+Daoeg03GSDDDicU65RHAiXVaBw6afHH8UllqGi+IUVifeJG2N+g5b40hW/1
CnzyaCAivNy3FN+cUkrfTpzWg0w6rDG6tjV5JL+uwWvb0TupeXOX+/Gr9a9wSnqvy+BNHeVQ/FpM
jaIun2ziSi47J3DaKm9ltaIqoRU0CkA1CvTDyFr/mlSTij7mlbjwtmc4Yz8FPbLaXk4r62w3C13v
bJTTWa1n3wbcrNY7M16v1eAODLqWeY+kZtFOVjYc4LV21FKVU0v9IOhgV2agckaCC/m+ICk8m6BF
2tpV4FTRtTbDnXfG97G5P2xy5yc7nKrzxifWce+ksnyXyFh17tyx/xCvX31O+SwpZzZ+W3mH9c24
qEHeXm0a6FNoNXq+p1qsqrGnC+skq4IyEl2gBzyuUENjTFpTa5gELJDArWWlKY93ziRBtagvK3KT
X9igFRv67c1hC6vXvVKFNgcGjTD2KyHyCIgznK3NRH5A2wFvRqLp3cxtr7OctignMI7IzTo5i07T
/yZVGatlayFLmtvEnLYsnCGkaAa0mtv6V7bEWMZGEHqd9byFluc9Dm8tNJvHQuezST1rJt1pW9EI
N8NUla5goYJWvk4COOcdq23iqVHGKraSY6EAbUihmJXMJqdxkaWFZQMc71S4Rf2YKkPbM1TX5Haw
9bSPISb73A0hBj8MEWhlBYkh6v4HEec4jFVWu9D/OFSgZD3IbXCL1/R0ohMmDsRJMsITUm54kp5J
Kpc9ISHbIKY+mOCoaHwCDXlkZUcE9gZ6IKFelWL4MBteCIAPepCV1oe6B/VNIKe75JhW1kWJFTNG
N8zj5RAyvT+9L2EFOR0sWxnAKaEOb9Lbme04mP9C3u2pjvJUXXYG6qCtaWiGN8ygodYIJIYJMZqa
4aZWUiUwbPHmgpnp2wFRELH/nRGH6drRbO7GtzK55iR/XNM8u7U8FEDtOIYsktnY5c2rwQlZIiyV
Dk+VUF/uS32O9FND4JnASb1vI7isp9QEKiiledCiZUPdGFOpsIZ6zH40JInTuuitgZLJbVh7WwV/
h7+JXgSBqSsiV2z40IlaTCueAijoxDc0ci3nKtWEzi4VuMD1TQShDvKNxhD6k3kxq3KFlRvlHITY
BQFmq0cVDRd3169QRnF0CCUljxoInTvCBy9vXCpjKpfH6dUumpsMnazIRFBmTe53p+IhTswVuKX/
NQ9iZ8NtKAu1r1cusW13I2JBN9shlDKPZVhpbYjkNLRifitpZBxp/AKnMCFFxrD8AReiGuuhT7GU
r4lh4gEt2Z62iXWUW5WVUzc2lVaqhJo3BJ4rE+tej0Dwp8BSrHO2e0cvpu2/Zlvtaslq18aWTWe4
4p/QtDVDOj4XTWK1mG42OjHV2HE/O0sJuuLzsH258qcl6dnbQGTVlcRIutczjA631DSv9RJyu+pV
ZwmWtxmqJ74EOpny1ou45WXKlcYCI6A0JCvY+Oc55ZkY5dhJsqIgzE6T9DCu/DRe3hEIXMfikxvR
NFFYjhJv3Elg0CJkrhbCBW9AGu6v5kk+zRS0/0A7opiVd0jJxAgVTYrx1JKbGKBbGbAr2SVP2ubi
Ri6+dV1ShI8rp9Ynl7CPbPYddMGI6x12IZG0m7lPjXiVJGC6hGhGFBsRLSLBOPW2R66SrDr/xDZ4
LQhSHCqUe3vnwEcPNXIP3gun75STnYrHaj5kb0YQ1KIjBWjFmnbdr07ay/M02SE/q26SPsWeObdF
w+KdqGP5KRmaqasmZO2ZwY4zwqFdLmdC6oyX/iIlWy+ZPOZOt15sEtgp06TRk+pRWx2omh7R8y0m
NQu1X3K7i1HrS0utl1aMHGZ2ZyUzgF7VxbBb7RH3KdjFjZqojqgSg4Wn230GmIyFV5pZsaWQvP/u
UuzGhOpdn2WfLN8Ijhq9atEifDoQHzhMOxUvsUxL0akBmZGvIsDWKitexzPxYI485yByNswLvBMk
MTXQOH585DM65NWPfp1lnyc4yX3iz4N0skH/a51dkjAh9Yl2fvLc2L9Z1bjoJZ03cz3qrFZNbXIO
r12qZtZOvq9dI3zewrv4I/KJkL3vTBIIjWfRVSEontZCFkn+CsGx1B7j8f4q3sinOk/RtSTZ4/iU
I53upg+byd2u8jmOyuBQ7xXEAfNssAx8OkhSHZiMThmP+6hGqz+5y8WJ9aRzat4V7bidtQyp0FNr
8V/xfbaAtCqTEL8jTz94ME3q4VfdXi3Ql1B3flBNe6h8Xzi/OezvUx4Y1ssbjqhR+tW/HhVLGf9A
sGd42/E0suHbxz+owRrO13uA4X//x05/xnOpR38BaBfXgXUsAi3JlX09cX4HeIFMYYEVgSMXYnge
OE8gGGEHSHP20X494WXclIIqiFgoOHdiQmYCF4MYERAAOw==" = C:\Users\Home\AppData\Local\Temp\login.exe -- File not found
< End of report >
Here ya go, post the results of the fix and then a new OTL log without any added script
Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"Google Update"=""C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe" /c"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"swg"=""C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe""
:Files
:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the results of the log and a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"Sidebar"|"C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"Google Update"|""C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe" /c" /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"ehTray.exe"|"C:\Windows\ehome\ehTray.exe" /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"swg"|""C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"" /E : value set successfully!
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Home
->Temp folder emptied: 2161301 bytes
->Temporary Internet Files folder emptied: 272167528 bytes
->Java cache emptied: 4329 bytes
->FireFox cache emptied: 94961365 bytes
->Google Chrome cache emptied: 6687307 bytes
->Flash cache emptied: 6036 bytes
User: Public
User: vijay
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14259 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 23972593 bytes
Total Files Cleaned = 381.00 mb
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.17.1 log created on 11012010_222900
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Registry entries deleted on Reboot...
OTL logfile created on: 11/1/2010 10:33:46 PM - Run 7
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Home\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 69.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 181.31 Gb Free Space | 63.98% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.84 Gb Free Space | 53.51% Space Free | Partition Type: NTFS
Computer Name: MANJULA-HOME | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
========== Modules (SafeList) ==========
MOD - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV:64bit: - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV:64bit: - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (tmxpflt) -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys (Trend Micro Inc.)
DRV:64bit: - (tmpreflt) -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys (Trend Micro Inc.)
DRV:64bit: - (vsapint) -- C:\Windows\SysNative\DRIVERS\vsapint.sys (Trend Micro Inc.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (OA008Ufd) -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys (Creative Technology Ltd.)
DRV:64bit: - (OA008Vid) -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\DRIVERS\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys (REDC)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys (REDC)
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/31 18:27:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/31 18:27:59 | 000,000,000 | ---D | M]
[2010/10/19 20:49:13 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\mozilla\Extensions
[2010/11/01 22:21:14 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\Profiles\zsd7rz7f.default\extensions
[2010/10/22 06:48:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\Profiles\zsd7rz7f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/19 20:23:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/14 21:09:10 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/14 21:09:10 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/14 21:09:10 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/14 21:09:10 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2010/11/01 22:29:21 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.co.uk/s/v/63.16/uploader2.cab (UploadListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://inchnm03.tcs.com/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/11/01 22:24:23 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\erunt
[2010/10/31 13:47:52 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\London Trip
[2010/10/28 21:03:37 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010/10/28 21:01:53 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Uk Expenses
[2010/10/28 20:59:55 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Java runtime error logs
[2010/10/27 19:13:33 | 000,000,000 | ---D | C] -- C:\_OTS
[2010/10/26 19:15:21 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010/10/26 19:15:21 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010/10/26 19:15:20 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/10/26 19:15:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/10/26 19:15:19 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/10/26 19:15:19 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/10/20 02:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2010/10/20 02:20:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2010/10/20 02:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/10/20 02:03:41 | 000,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2010/10/20 02:03:41 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2010/10/20 02:03:41 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2010/10/20 02:03:40 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010/10/20 02:03:39 | 001,548,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2010/10/20 02:03:39 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2010/10/20 02:03:39 | 000,981,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2010/10/20 02:03:39 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2010/10/20 02:03:39 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2010/10/20 02:03:39 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2010/10/20 02:03:39 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoMetadataHandler.dll
[2010/10/20 02:03:39 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiag.exe
[2010/10/20 02:03:39 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoMetadataHandler.dll
[2010/10/20 02:03:39 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2010/10/20 02:03:39 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiagn.dll
[2010/10/20 02:03:39 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiag.exe
[2010/10/20 02:03:39 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2010/10/20 02:03:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2010/10/20 02:03:39 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiagn.dll
[2010/10/20 02:03:39 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecsExt.dll
[2010/10/20 02:03:39 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2010/10/20 02:03:39 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2010/10/20 02:03:38 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2010/10/20 02:03:38 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2010/10/20 02:03:38 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2010/10/20 02:03:38 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2010/10/20 02:03:38 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2010/10/20 02:03:38 | 000,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2010/10/20 02:03:38 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2010/10/20 02:03:38 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10level9.dll
[2010/10/20 02:03:38 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxgi.dll
[2010/10/20 02:03:38 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2010/10/20 02:03:38 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2010/10/20 02:03:38 | 000,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2010/10/20 02:03:38 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2010/10/20 02:03:38 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10core.dll
[2010/10/20 02:03:37 | 003,068,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2010/10/20 02:03:37 | 001,548,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2010/10/20 02:03:37 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2010/10/20 02:03:37 | 001,269,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2010/10/20 02:03:37 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2010/10/20 02:03:37 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10.dll
[2010/10/20 02:03:37 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2010/10/20 02:03:37 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2010/10/20 02:03:37 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2010/10/20 02:02:48 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShextAutoplay.exe
[2010/10/20 02:02:48 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDShextAutoplay.exe
[2010/10/20 02:02:47 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BthMtpContextHandler.dll
[2010/10/20 02:02:36 | 002,727,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll
[2010/10/20 02:02:36 | 002,537,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpdshext.dll
[2010/10/20 02:02:36 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2010/10/20 02:02:36 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceConnectApi.dll
[2010/10/20 02:02:36 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdMtpUS.dll
[2010/10/20 02:02:36 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WpdUsb.sys
[2010/10/20 02:02:36 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdConns.dll
[2010/10/20 02:02:35 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceApi.dll
[2010/10/20 02:02:35 | 000,433,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDSp.dll
[2010/10/20 02:02:35 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDSp.dll
[2010/10/20 02:02:35 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceApi.dll
[2010/10/20 02:02:35 | 000,295,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdMtp.dll
[2010/10/20 02:02:35 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceWMDRM.dll
[2010/10/20 02:02:35 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceTypes.dll
[2010/10/20 02:02:35 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceWMDRM.dll
[2010/10/20 02:02:35 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceTypes.dll
[2010/10/20 02:02:35 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceClassExtension.dll
[2010/10/20 02:02:35 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShServiceObj.dll
[2010/10/20 02:02:35 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceClassExtension.dll
[2010/10/20 02:02:35 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceConnectApi.dll
[2010/10/20 02:00:30 | 000,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2010/10/20 02:00:30 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2010/10/20 02:00:30 | 000,315,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2010/10/20 02:00:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll
[2010/10/20 02:00:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll
[2010/10/19 20:49:08 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Mozilla
[2010/10/19 20:49:08 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Mozilla
[2010/10/19 20:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/10/14 23:42:08 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2010/10/14 23:42:08 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2010/10/14 23:42:07 | 003,815,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll
[2010/10/14 23:42:07 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll
[2010/10/14 23:42:07 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll
[2010/10/14 23:42:07 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll
[2010/10/14 22:14:33 | 001,090,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/14 22:14:33 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/14 22:13:40 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2010/10/14 22:13:40 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2010/10/14 22:13:40 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sscore.dll
[2010/10/14 22:13:40 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/14 22:13:33 | 001,915,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/14 22:13:30 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/14 22:13:30 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/14 22:13:27 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/14 22:13:27 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/14 22:13:25 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/14 22:13:14 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshsq.dll
[2010/10/14 22:13:14 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshsq.dll
[2010/10/14 22:12:59 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/14 22:12:58 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/14 22:12:58 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/14 22:12:58 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/14 22:12:58 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/14 22:12:58 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/14 22:12:58 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/14 22:12:58 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/14 22:12:57 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/10/14 22:12:57 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/10/14 22:12:57 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/14 22:12:57 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/10/14 22:12:57 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/14 22:12:57 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/10/14 22:12:57 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/10/14 22:12:56 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/10/14 22:12:56 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/14 22:12:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/10/14 22:12:56 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/14 22:12:56 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/10/14 22:12:56 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/10/14 22:12:56 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/10/14 22:12:56 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/10/14 22:12:56 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/10/14 22:12:56 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/10/14 22:12:56 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/10/14 22:12:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/14 22:12:56 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/14 22:12:38 | 013,426,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/14 22:12:34 | 010,627,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/14 22:12:31 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/14 22:12:31 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/14 22:09:36 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/10/10 22:57:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2010/10/10 22:57:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2010/10/10 22:57:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2010/10/10 22:57:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2010/10/10 22:57:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2010/10/10 22:57:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2010/10/10 15:55:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2010/10/09 13:53:42 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Ogzy
[2010/10/07 18:51:06 | 000,000,000 | ---D | C] -- C:\_OTM
========== Files - Modified Within 30 Days ==========
[2010/11/01 22:38:12 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/01 22:38:12 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/01 22:38:12 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/01 22:37:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1000UA.job
[2010/11/01 22:36:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A65F5209-7875-4623-BD41-CEFBD59CC1B4}.job
[2010/11/01 22:36:00 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7FBA0C7D-C412-4974-BE03-F7065C3D79FB}.job
[2010/11/01 22:31:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1001UA.job
[2010/11/01 22:30:52 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/01 22:30:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/01 22:30:43 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/01 22:30:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/01 22:30:26 | 4251,828,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/01 22:21:24 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/31 21:31:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1001Core.job
[2010/10/28 23:34:57 | 000,075,264 | ---- | M] () -- C:\Users\Home\Desktop\SystemLook.exe
[2010/10/28 21:39:13 | 000,004,608 | ---- | M] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/28 21:34:18 | 000,183,641 | ---- | M] () -- C:\Users\Home\Desktop\OTL.zip
[2010/10/28 20:57:23 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010/10/22 12:32:04 | 000,002,039 | ---- | M] () -- C:\Users\Home\Desktop\Google Chrome.lnk
[2010/10/22 12:32:04 | 000,002,001 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/21 12:26:34 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1000Core.job
[2010/10/20 02:20:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/10/20 02:19:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/10/19 20:23:47 | 000,001,804 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/19 20:23:47 | 000,001,780 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/15 20:12:13 | 000,385,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/14 22:34:33 | 000,446,499 | ---- | M] () -- C:\Users\Home\Desktop\large-print-tube-map.pdf
[2010/10/09 13:35:10 | 000,056,320 | ---- | M] () -- C:\Users\Home\Desktop\AXA - Seperation.xls
========== Files Created - No Company Name ==========
[2010/10/28 23:35:14 | 000,075,264 | ---- | C] () -- C:\Users\Home\Desktop\SystemLook.exe
[2010/10/28 21:34:18 | 000,183,641 | ---- | C] () -- C:\Users\Home\Desktop\OTL.zip
[2010/10/23 20:41:43 | 000,004,608 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/20 02:20:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/10/20 02:19:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/10/19 20:23:47 | 000,001,804 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/19 20:23:47 | 000,001,780 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/14 22:34:33 | 000,446,499 | ---- | C] () -- C:\Users\Home\Desktop\large-print-tube-map.pdf
[2010/10/09 13:35:07 | 000,056,320 | ---- | C] () -- C:\Users\Home\Desktop\AXA - Seperation.xls
[2010/01/10 13:49:04 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/01/10 13:45:51 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/31 18:16:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/20 16:52:55 | 009,771,742 | ---- | C] () -- C:\Users\Home\AppData\Local\VSMsiLog2AA9.txt
[2009/09/20 16:51:25 | 000,037,039 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_MSDN_vs_90.txt
[2009/09/20 16:51:14 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_error_msdn_vs_90.txt
[2009/09/20 16:51:13 | 000,258,736 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_install_msdn_vs_90.txt
[2009/09/20 16:48:16 | 000,188,218 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SqlPubWiz.msi271A.txt
[2009/09/20 16:48:08 | 000,283,760 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_RefInt_x64_MSI2700.txt
[2009/09/20 16:47:51 | 000,549,116 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_NetFxTools_x64_MSI26C9.txt
[2009/09/20 16:47:36 | 000,440,290 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Win32Tools_x64_MSI2698.txt
[2009/09/20 16:46:24 | 005,358,798 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Build_x64_MSI25AD.txt
[2009/09/20 16:46:06 | 000,653,338 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Tools_x64_MSI2572.txt
[2009/09/20 16:45:06 | 002,501,282 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_CrystalReports2007_x64_MSI24AE.txt
[2009/09/20 16:40:43 | 004,652,682 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_CrystalReports2007_MSI2153.txt
[2009/09/20 16:40:20 | 001,222,686 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_RDBG_AMD64_MSI2108.txt
[2009/09/20 16:38:48 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/20 16:33:11 | 000,488,718 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_64bitEmulator_MSI1B8F.txt
[2009/09/20 16:32:10 | 005,155,436 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WMSP_5_0_MSI1AC8.txt
[2009/09/20 16:30:43 | 007,073,050 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WMPPC_5_0_MSI19AC.txt
[2009/09/20 16:30:24 | 000,739,886 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SSCEDeviceRuntime_MSI196E.txt
[2009/09/20 16:30:16 | 000,331,702 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SQLCEToolsForVS2007_MSI1953.txt
[2009/09/20 16:30:07 | 000,357,614 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SSCERuntime_MSI1936.txt
[2009/09/20 16:29:20 | 000,842,960 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_VSTOR_MSI189D.txt
[2009/09/20 16:28:45 | 001,049,088 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NETCFSetupv35_MSI182A.txt
[2009/09/20 16:28:09 | 001,293,660 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NETCFSetupv2_MSI17B5.txt
[2009/09/20 16:00:05 | 053,868,066 | ---- | C] () -- C:\Users\Home\AppData\Local\VSMsiLog0239.txt
[2009/09/20 15:55:45 | 002,870,540 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_Dexplorer90_retMSI7EE8.txt
[2009/09/20 15:55:35 | 000,347,944 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_PreReq_AMD64_MSI7EC8.txt
[2009/09/20 15:54:04 | 001,864,064 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NET_Framework35_x64_MSI7D9F.txt
[2009/09/20 15:53:05 | 000,175,713 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/09/20 15:53:01 | 000,131,474 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_dotnetfx35install.txt
[2009/09/20 15:53:01 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_dotnetfx35error.txt
[2009/09/20 15:52:41 | 000,837,792 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_VC_MinRed_MSI7C90.txt
[2009/09/20 15:50:28 | 000,191,477 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_VS_PRO_90.txt
[2009/09/20 15:50:18 | 000,621,994 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_install_vs_procore_90.txt
[2009/09/20 15:50:18 | 000,037,810 | ---- | C] () -- C:\Users\Home\AppData\Local\uxeventlog.txt
[2009/09/20 15:50:18 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_error_vs_procore_90.txt
[2009/09/17 17:19:54 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/29 07:11:44 | 000,568,850 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2009/08/29 07:11:43 | 000,856,064 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/08/29 07:11:43 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/08/29 07:11:42 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/08/29 07:11:35 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/08/03 19:05:19 | 000,000,200 | ---- | C] () -- C:\Users\Home\AppData\Roaming\wklnhst.dat
[2009/07/31 01:45:20 | 000,000,680 | ---- | C] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
[2008/01/21 02:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
< End of report >
Hi ,
I checked the startup item through MSCONFIG. There are still some items showing in it. I am attaching a screenshot of it. Thought it might be helpful.
Do this, Open MSCONFIG and disable all LVGCIE and OHJXNXXW.
Then lets remove those bad files
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
:Reg
:Files
C:\Users\home\AppData\Local\temp\cmd.exe
C:\Users\home\AppData\Local\temp\csrss.exe
C:\Users\home\AppData\Local\temp\taskmgr.exe
C:\Users\home\AppData\Local\temp\rpm54cg.exe
C:\Users\home\AppData\Local\temp\system.exe
C:\Users\home\AppData\Local\vpwkxpvvr
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the results of the log.
Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
Extract the file and run it.
Once completed it will create a log in your C:\ drive called TDSSKiller_* (* denotes version & date)
Please post the content of the TDSSKiller log
Post both logs please
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Users\home\AppData\Local\temp\cmd.exe not found.
File\Folder C:\Users\home\AppData\Local\temp\csrss.exe not found.
File\Folder C:\Users\home\AppData\Local\temp\taskmgr.exe not found.
File\Folder C:\Users\home\AppData\Local\temp\rpm54cg.exe not found.
File\Folder C:\Users\home\AppData\Local\temp\system.exe not found.
File\Folder C:\Users\home\AppData\Local\vpwkxpvvr not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Home
->Temp folder emptied: 74417523 bytes
->Temporary Internet Files folder emptied: 6384043 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 24810972 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 560 bytes
User: Public
User: vijay
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 102.00 mb
OTL by OldTimer - Version 3.2.17.1 log created on 11022010_131805
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
2010/11/02 13:25:22.0003 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/11/02 13:25:22.0003 ================================================================================
2010/11/02 13:25:22.0003 SystemInfo:
2010/11/02 13:25:22.0003
2010/11/02 13:25:22.0003 OS Version: 6.0.6002 ServicePack: 2.0
2010/11/02 13:25:22.0003 Product type: Workstation
2010/11/02 13:25:22.0003 ComputerName: MANJULA-HOME
2010/11/02 13:25:22.0003 UserName: Home
2010/11/02 13:25:22.0003 Windows directory: C:\Windows
2010/11/02 13:25:22.0003 System windows directory: C:\Windows
2010/11/02 13:25:22.0003 Running under WOW64
2010/11/02 13:25:22.0003 Processor architecture: Intel x64
2010/11/02 13:25:22.0003 Number of processors: 2
2010/11/02 13:25:22.0003 Page size: 0x1000
2010/11/02 13:25:22.0003 Boot type: Normal boot
2010/11/02 13:25:22.0003 ================================================================================
2010/11/02 13:25:22.0019 Utility is running under WOW64
2010/11/02 13:25:22.0331 Initialize success
2010/11/02 13:25:29.0850 ================================================================================
2010/11/02 13:25:29.0850 Scan started
2010/11/02 13:25:29.0850 Mode: Manual;
2010/11/02 13:25:29.0850 ================================================================================
2010/11/02 13:25:31.0301 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2010/11/02 13:25:31.0847 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2010/11/02 13:25:31.0956 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2010/11/02 13:25:32.0050 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2010/11/02 13:25:32.0143 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2010/11/02 13:25:32.0284 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2010/11/02 13:25:32.0393 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2010/11/02 13:25:32.0487 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2010/11/02 13:25:32.0596 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
2010/11/02 13:25:32.0627 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2010/11/02 13:25:32.0689 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2010/11/02 13:25:32.0799 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2010/11/02 13:25:32.0861 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2010/11/02 13:25:32.0970 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/02 13:25:33.0017 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2010/11/02 13:25:33.0189 BCM42RLY (a7c9995ba861fce78b2ceaae61d39fd7) C:\Windows\system32\drivers\BCM42RLY.sys
2010/11/02 13:25:33.0282 BCM43XX (d32f962b71fee6bdaaee630bb2c17280) C:\Windows\system32\DRIVERS\bcmwl664.sys
2010/11/02 13:25:33.0469 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2010/11/02 13:25:33.0501 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/02 13:25:33.0532 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2010/11/02 13:25:33.0641 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2010/11/02 13:25:33.0688 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2010/11/02 13:25:33.0797 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2010/11/02 13:25:33.0828 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2010/11/02 13:25:33.0875 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2010/11/02 13:25:33.0984 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2010/11/02 13:25:34.0047 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/02 13:25:34.0171 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/02 13:25:34.0234 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2010/11/02 13:25:34.0296 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2010/11/02 13:25:34.0452 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/11/02 13:25:34.0515 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2010/11/02 13:25:34.0546 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2010/11/02 13:25:34.0624 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2010/11/02 13:25:34.0733 CtClsFlt (11f13042577705093612c6a123caf12f) C:\Windows\system32\DRIVERS\CtClsFlt.sys
2010/11/02 13:25:34.0905 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2010/11/02 13:25:34.0967 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2010/11/02 13:25:35.0154 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2010/11/02 13:25:35.0217 DXGKrnl (1d96e28ebcd96ad1b44a3fd02ca6433d) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/02 13:25:35.0373 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
2010/11/02 13:25:35.0497 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2010/11/02 13:25:35.0591 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2010/11/02 13:25:35.0638 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2010/11/02 13:25:35.0794 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
2010/11/02 13:25:35.0872 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2010/11/02 13:25:35.0934 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2010/11/02 13:25:36.0075 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/02 13:25:36.0121 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2010/11/02 13:25:36.0153 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2010/11/02 13:25:36.0184 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/02 13:25:36.0324 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2010/11/02 13:25:36.0480 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2010/11/02 13:25:36.0543 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/02 13:25:36.0574 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2010/11/02 13:25:36.0745 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/02 13:25:36.0886 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2010/11/02 13:25:36.0917 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2010/11/02 13:25:36.0964 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/02 13:25:37.0104 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2010/11/02 13:25:37.0182 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2010/11/02 13:25:37.0323 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2010/11/02 13:25:37.0385 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/02 13:25:37.0416 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2010/11/02 13:25:37.0759 igfx (d4a887f145e96fa9f08c1d1d67ea6546) C:\Windows\system32\DRIVERS\igdkmd64.sys
2010/11/02 13:25:38.0071 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2010/11/02 13:25:38.0181 IntcHdmiAddService (dea2ab452b4fa773187369c4b6517320) C:\Windows\system32\drivers\IntcHdmi.sys
2010/11/02 13:25:38.0352 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2010/11/02 13:25:38.0399 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/02 13:25:38.0493 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/02 13:25:38.0695 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2010/11/02 13:25:38.0758 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2010/11/02 13:25:38.0820 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2010/11/02 13:25:38.0992 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2010/11/02 13:25:39.0054 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/02 13:25:39.0101 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2010/11/02 13:25:39.0273 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2010/11/02 13:25:39.0319 k57nd60a (eb5c7891b9e6e4a1a4428f2160b12b53) C:\Windows\system32\DRIVERS\k57nd60a.sys
2010/11/02 13:25:39.0444 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/02 13:25:39.0491 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/11/02 13:25:39.0569 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/02 13:25:39.0725 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2010/11/02 13:25:39.0803 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/02 13:25:39.0897 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2010/11/02 13:25:40.0006 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2010/11/02 13:25:40.0084 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2010/11/02 13:25:40.0115 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2010/11/02 13:25:40.0255 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2010/11/02 13:25:40.0333 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2010/11/02 13:25:40.0474 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2010/11/02 13:25:40.0536 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/02 13:25:40.0583 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/02 13:25:40.0645 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/02 13:25:40.0801 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2010/11/02 13:25:40.0879 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2010/11/02 13:25:40.0926 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/02 13:25:41.0067 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2010/11/02 13:25:41.0160 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2010/11/02 13:25:41.0238 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/02 13:25:41.0379 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/02 13:25:41.0457 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/02 13:25:41.0550 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
2010/11/02 13:25:41.0644 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2010/11/02 13:25:41.0784 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2010/11/02 13:25:41.0878 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2010/11/02 13:25:41.0940 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/02 13:25:42.0003 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/02 13:25:42.0065 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2010/11/02 13:25:42.0174 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2010/11/02 13:25:42.0299 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/02 13:25:42.0393 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2010/11/02 13:25:42.0549 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2010/11/02 13:25:42.0814 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/02 13:25:42.0970 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2010/11/02 13:25:43.0110 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/02 13:25:43.0173 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/02 13:25:43.0235 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/02 13:25:43.0375 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2010/11/02 13:25:43.0438 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/02 13:25:43.0516 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/02 13:25:43.0672 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2010/11/02 13:25:43.0750 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2010/11/02 13:25:43.0797 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/02 13:25:43.0921 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2010/11/02 13:25:44.0109 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2010/11/02 13:25:44.0171 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2010/11/02 13:25:44.0218 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2010/11/02 13:25:44.0249 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2010/11/02 13:25:44.0452 OA008Ufd (d09cc91e92fd1ff81af3a14be2cbb20d) C:\Windows\system32\DRIVERS\OA008Ufd.sys
2010/11/02 13:25:44.0499 OA008Vid (60fd277cfd34f680a1668ac123b324ae) C:\Windows\system32\DRIVERS\OA008Vid.sys
2010/11/02 13:25:44.0655 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/11/02 13:25:44.0779 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2010/11/02 13:25:44.0951 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2010/11/02 13:25:45.0013 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2010/11/02 13:25:45.0123 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2010/11/02 13:25:45.0247 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2010/11/02 13:25:45.0325 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2010/11/02 13:25:45.0591 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/02 13:25:45.0653 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2010/11/02 13:25:45.0762 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/02 13:25:45.0949 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
2010/11/02 13:25:46.0043 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2010/11/02 13:25:46.0199 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2010/11/02 13:25:46.0261 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/02 13:25:46.0417 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/11/02 13:25:46.0605 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/02 13:25:46.0729 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/02 13:25:46.0807 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/02 13:25:46.0963 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/02 13:25:47.0057 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/02 13:25:47.0197 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/02 13:25:47.0275 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2010/11/02 13:25:47.0400 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/02 13:25:47.0494 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2010/11/02 13:25:47.0681 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
2010/11/02 13:25:47.0728 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
2010/11/02 13:25:47.0759 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
2010/11/02 13:25:47.0837 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/02 13:25:47.0962 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2010/11/02 13:25:48.0040 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
2010/11/02 13:25:48.0118 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/11/02 13:25:48.0258 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2010/11/02 13:25:48.0321 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2010/11/02 13:25:48.0367 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2010/11/02 13:25:48.0586 sffdisk (3a19c899bcf0ea24cfec2038e6a489db) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/11/02 13:25:48.0648 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2010/11/02 13:25:48.0711 sffp_sd (fdca63a2eee528585eb66ceac183ec22) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/11/02 13:25:48.0835 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2010/11/02 13:25:48.0898 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2010/11/02 13:25:48.0960 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2010/11/02 13:25:49.0023 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2010/11/02 13:25:49.0163 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2010/11/02 13:25:49.0257 srv (8cd33a47ca02c79038b669f31f95bdac) C:\Windows\system32\DRIVERS\srv.sys
2010/11/02 13:25:49.0319 srv2 (1bedf533096c56e70f87e3e3ee02caf5) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/02 13:25:49.0459 srvnet (2b8c340f830c465f514d966f7e6a822f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/02 13:25:49.0553 STHDA (ba16447226abfd342e130d2f24f73d32) C:\Windows\system32\DRIVERS\stwrt64.sys
2010/11/02 13:25:49.0709 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/02 13:25:49.0771 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2010/11/02 13:25:49.0834 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2010/11/02 13:25:49.0881 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2010/11/02 13:25:50.0130 SynTP (79a93ec9d224b1f43c0e2f023d61dca3) C:\Windows\system32\DRIVERS\SynTP.sys
2010/11/02 13:25:50.0333 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2010/11/02 13:25:50.0520 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/02 13:25:50.0661 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/02 13:25:50.0739 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2010/11/02 13:25:50.0770 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2010/11/02 13:25:50.0910 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/02 13:25:50.0957 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/02 13:25:51.0160 tmpreflt (9394fd63beaea93d82d261b5f3080209) C:\Windows\system32\DRIVERS\tmpreflt.sys
2010/11/02 13:25:51.0238 tmtdi (59e0649a8fbfb978a753dc03136b4f00) C:\Windows\system32\DRIVERS\tmtdi.sys
2010/11/02 13:25:51.0331 tmxpflt (01b58eecc23d54f25a936ebb43a0f1ee) C:\Windows\system32\DRIVERS\tmxpflt.sys
2010/11/02 13:25:51.0487 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/02 13:25:51.0534 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2010/11/02 13:25:51.0628 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/02 13:25:51.0753 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2010/11/02 13:25:51.0831 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/02 13:25:51.0987 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2010/11/02 13:25:52.0018 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2010/11/02 13:25:52.0065 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2010/11/02 13:25:52.0096 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2010/11/02 13:25:52.0221 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/02 13:25:52.0314 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/02 13:25:52.0455 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2010/11/02 13:25:52.0533 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/02 13:25:52.0657 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/02 13:25:52.0798 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2010/11/02 13:25:52.0845 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
2010/11/02 13:25:52.0891 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/02 13:25:53.0001 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/02 13:25:53.0079 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/02 13:25:53.0125 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2010/11/02 13:25:53.0172 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2010/11/02 13:25:53.0297 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2010/11/02 13:25:53.0391 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2010/11/02 13:25:53.0531 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2010/11/02 13:25:53.0703 vsapint (69650cbf9d56f3f439989d79727ce4af) C:\Windows\system32\DRIVERS\vsapint.sys
2010/11/02 13:25:53.0859 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2010/11/02 13:25:53.0937 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2010/11/02 13:25:53.0999 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/02 13:25:54.0015 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/02 13:25:54.0186 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2010/11/02 13:25:54.0249 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/02 13:25:54.0545 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/11/02 13:25:54.0639 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/11/02 13:25:54.0701 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/02 13:25:54.0873 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/02 13:25:54.0997 ================================================================================
2010/11/02 13:25:54.0997 Scan finished
2010/11/02 13:25:54.0997 ================================================================================
Looks good, are those items still showing in Task Manager on your Start Up Tab ?
Hi,
The startup entris still seem to be there..i checked the registry and there are no such entries in the registry..it only shows in the MSCONFIG->Startup list....
Open up Notepad and copy and paste this in
del C:\Users\home\AppData\Local\temp\*.*
Save it to your desktop and name it Temp.bat
Save it as all files
Double click it to run,
Reboot and check and see if there gone in msconfig
Hi,
I ran the bat file. but still the entries are not removed from the msconfig. There are no EXE files in the folder. But still msconfig shows those entries.:sad:
Boot to safemode
Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode
Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)
Go to Start > All Programs > Startup and delete anything starting with LVG...OHI. ok your way out....reboot, take another peak and see if there gone
Hi,
I booted in safe mode. There are no entries inside the Startup items so I couldnt delete anything from there.
Hi,
I am attaching the exported registy entries containing the item that we are looking for. Has the removal tools missed this one or do we have some other tool to remove these entries?
Good Morning,
Nope, those did not show up on any of the scans, this junk is getting harder to remove all the time. I was about to ask you for that export but you beat me to it.
I need you to back up your registry one more time with ERUNT, make sure you do this before proceeding.
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ewmxnrosca.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lvgciejlkc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lvgciejlpe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lvgciejlpsc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LvgciejlqMc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lvgciejlud]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ohjxnxxw]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\sppobv]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YXE7DXCQ37]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{890DE1E0-19A6-7968-FF53-7863AEE79968}]
:Files
C:\Users\Home\AppData\Local\vpwkxpvvr
C:\Users\Home\AppData\Local\Temp\mskpwvmx.dll
C:\Users\Home\AppData\Local\Temp\Bwh.exe
C:\Users\Home\AppData\Roaming\Soaxl
C:\Users\Home\AppData\Local\Temp\ewmxnrosca.exe
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the results of the log and a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
Then reboot your system and post a new start up reg import like you did, or you can plug this into SystemLook
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
OTL logfile created on: 11/8/2010 9:06:24 PM - Run 8
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Home\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 65.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 175.82 Gb Free Space | 62.04% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.84 Gb Free Space | 53.51% Space Free | Partition Type: NTFS
Computer Name: MANJULA-HOME | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
========== Modules (SafeList) ==========
MOD - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV:64bit: - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV:64bit: - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (tmxpflt) -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys (Trend Micro Inc.)
DRV:64bit: - (tmpreflt) -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys (Trend Micro Inc.)
DRV:64bit: - (vsapint) -- C:\Windows\SysNative\DRIVERS\vsapint.sys (Trend Micro Inc.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (OA008Ufd) -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys (Creative Technology Ltd.)
DRV:64bit: - (OA008Vid) -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\DRIVERS\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys (REDC)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys (REDC)
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/31 18:27:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/31 18:27:59 | 000,000,000 | ---D | M]
[2010/10/19 20:49:13 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\mozilla\Extensions
[2010/11/07 16:50:47 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\Profiles\zsd7rz7f.default\extensions
[2010/10/22 06:48:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\Profiles\zsd7rz7f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/19 20:23:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/14 21:09:10 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/14 21:09:10 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/14 21:09:10 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/14 21:09:10 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2010/11/01 22:29:21 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.co.uk/s/v/63.16/uploader2.cab (UploadListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://inchnm03.tcs.com/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/11/02 13:25:10 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\tdsskiller
[2010/11/01 23:17:14 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/11/01 23:12:46 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2010/11/01 23:11:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2010/11/01 23:10:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2010/11/01 23:10:28 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010/11/01 23:10:28 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/11/01 23:10:27 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010/11/01 23:10:27 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/11/01 23:08:54 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Windows Live
[2010/11/01 23:07:40 | 001,103,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webservices.dll
[2010/11/01 23:07:40 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webservices.dll
[2010/11/01 22:24:23 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\erunt
[2010/10/31 13:47:52 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\London Trip
[2010/10/28 21:03:37 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010/10/28 21:01:53 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Uk Expenses
[2010/10/28 20:59:55 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Java runtime error logs
[2010/10/27 19:13:33 | 000,000,000 | ---D | C] -- C:\_OTS
[2010/10/26 19:15:21 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010/10/26 19:15:21 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010/10/26 19:15:20 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/10/26 19:15:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/10/26 19:15:19 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/10/26 19:15:19 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/10/20 02:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2010/10/20 02:20:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2010/10/20 02:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/10/20 02:03:41 | 000,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2010/10/20 02:03:41 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2010/10/20 02:03:41 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2010/10/20 02:03:40 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010/10/20 02:03:39 | 001,548,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2010/10/20 02:03:39 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2010/10/20 02:03:39 | 000,981,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2010/10/20 02:03:39 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2010/10/20 02:03:39 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2010/10/20 02:03:39 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2010/10/20 02:03:39 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoMetadataHandler.dll
[2010/10/20 02:03:39 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiag.exe
[2010/10/20 02:03:39 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoMetadataHandler.dll
[2010/10/20 02:03:39 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2010/10/20 02:03:39 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiagn.dll
[2010/10/20 02:03:39 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiag.exe
[2010/10/20 02:03:39 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2010/10/20 02:03:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2010/10/20 02:03:39 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiagn.dll
[2010/10/20 02:03:39 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecsExt.dll
[2010/10/20 02:03:39 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2010/10/20 02:03:39 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2010/10/20 02:03:38 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2010/10/20 02:03:38 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2010/10/20 02:03:38 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2010/10/20 02:03:38 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2010/10/20 02:03:38 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2010/10/20 02:03:38 | 000,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2010/10/20 02:03:38 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2010/10/20 02:03:38 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10level9.dll
[2010/10/20 02:03:38 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxgi.dll
[2010/10/20 02:03:38 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2010/10/20 02:03:38 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2010/10/20 02:03:38 | 000,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2010/10/20 02:03:38 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2010/10/20 02:03:38 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10core.dll
[2010/10/20 02:03:37 | 003,068,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2010/10/20 02:03:37 | 001,548,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2010/10/20 02:03:37 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2010/10/20 02:03:37 | 001,269,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2010/10/20 02:03:37 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2010/10/20 02:03:37 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10.dll
[2010/10/20 02:03:37 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2010/10/20 02:03:37 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2010/10/20 02:03:37 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2010/10/20 02:02:48 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShextAutoplay.exe
[2010/10/20 02:02:48 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDShextAutoplay.exe
[2010/10/20 02:02:47 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BthMtpContextHandler.dll
[2010/10/20 02:02:36 | 002,727,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll
[2010/10/20 02:02:36 | 002,537,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpdshext.dll
[2010/10/20 02:02:36 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2010/10/20 02:02:36 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceConnectApi.dll
[2010/10/20 02:02:36 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdMtpUS.dll
[2010/10/20 02:02:36 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WpdUsb.sys
[2010/10/20 02:02:36 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdConns.dll
[2010/10/20 02:02:35 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceApi.dll
[2010/10/20 02:02:35 | 000,433,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDSp.dll
[2010/10/20 02:02:35 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDSp.dll
[2010/10/20 02:02:35 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceApi.dll
[2010/10/20 02:02:35 | 000,295,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdMtp.dll
[2010/10/20 02:02:35 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceWMDRM.dll
[2010/10/20 02:02:35 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceTypes.dll
[2010/10/20 02:02:35 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceWMDRM.dll
[2010/10/20 02:02:35 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceTypes.dll
[2010/10/20 02:02:35 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceClassExtension.dll
[2010/10/20 02:02:35 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShServiceObj.dll
[2010/10/20 02:02:35 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceClassExtension.dll
[2010/10/20 02:02:35 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceConnectApi.dll
[2010/10/20 02:00:30 | 000,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2010/10/20 02:00:30 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2010/10/20 02:00:30 | 000,315,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2010/10/20 02:00:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll
[2010/10/20 02:00:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll
[2010/10/19 20:49:08 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Mozilla
[2010/10/19 20:49:08 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Mozilla
[2010/10/19 20:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/10/14 23:42:08 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2010/10/14 23:42:08 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2010/10/14 23:42:07 | 003,815,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll
[2010/10/14 23:42:07 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll
[2010/10/14 23:42:07 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll
[2010/10/14 23:42:07 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll
[2010/10/14 22:14:33 | 001,090,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/14 22:14:33 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/14 22:13:40 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2010/10/14 22:13:40 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2010/10/14 22:13:40 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sscore.dll
[2010/10/14 22:13:40 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/14 22:13:33 | 001,915,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/14 22:13:30 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/14 22:13:30 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/14 22:13:27 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/14 22:13:27 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/14 22:13:25 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/14 22:13:14 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshsq.dll
[2010/10/14 22:13:14 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshsq.dll
[2010/10/14 22:12:59 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/14 22:12:58 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/14 22:12:58 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/14 22:12:58 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/14 22:12:58 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/14 22:12:58 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/14 22:12:58 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/14 22:12:58 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/14 22:12:57 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/10/14 22:12:57 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/10/14 22:12:57 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/14 22:12:57 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/10/14 22:12:57 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/14 22:12:57 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/10/14 22:12:57 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/10/14 22:12:56 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/10/14 22:12:56 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/14 22:12:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/10/14 22:12:56 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/14 22:12:56 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/10/14 22:12:56 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/10/14 22:12:56 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/10/14 22:12:56 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/10/14 22:12:56 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/10/14 22:12:56 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/10/14 22:12:56 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/10/14 22:12:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/14 22:12:56 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/14 22:12:38 | 013,426,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/14 22:12:34 | 010,627,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/14 22:12:31 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/14 22:12:31 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/14 22:09:36 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/10/10 22:57:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2010/10/10 22:57:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2010/10/10 22:57:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2010/10/10 22:57:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2010/10/10 22:57:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2010/10/10 22:57:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2010/10/10 15:55:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
========== Files - Modified Within 30 Days ==========
[2010/11/08 21:08:20 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/08 21:08:20 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/08 21:08:20 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/08 21:05:42 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A65F5209-7875-4623-BD41-CEFBD59CC1B4}.job
[2010/11/08 21:05:42 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7FBA0C7D-C412-4974-BE03-F7065C3D79FB}.job
[2010/11/08 21:01:44 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/08 21:01:05 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/08 21:01:05 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/08 21:00:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/08 21:00:50 | 4251,828,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/07 20:18:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/07 19:36:59 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1000UA.job
[2010/11/07 19:31:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1001UA.job
[2010/11/07 02:36:59 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1000Core.job
[2010/11/06 15:53:37 | 000,000,040 | ---- | M] () -- C:\Users\Home\Desktop\temp.bat
[2010/11/06 11:35:17 | 000,002,039 | ---- | M] () -- C:\Users\Home\Desktop\Google Chrome.lnk
[2010/11/06 11:35:17 | 000,002,001 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/04 21:31:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1001Core.job
[2010/11/02 13:24:55 | 001,207,026 | ---- | M] () -- C:\Users\Home\Desktop\tdsskiller.zip
[2010/11/02 13:06:25 | 000,385,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/28 23:34:57 | 000,075,264 | ---- | M] () -- C:\Users\Home\Desktop\SystemLook.exe
[2010/10/28 21:39:13 | 000,004,608 | ---- | M] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/28 21:34:18 | 000,183,641 | ---- | M] () -- C:\Users\Home\Desktop\OTL.zip
[2010/10/28 20:57:23 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010/10/20 02:20:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/10/20 02:19:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/10/19 20:23:47 | 000,001,804 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/19 20:23:47 | 000,001,780 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/14 22:34:33 | 000,446,499 | ---- | M] () -- C:\Users\Home\Desktop\large-print-tube-map.pdf
========== Files Created - No Company Name ==========
[2010/11/07 01:13:31 | 4251,828,224 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/06 15:53:37 | 000,000,040 | ---- | C] () -- C:\Users\Home\Desktop\temp.bat
[2010/11/02 13:25:05 | 001,207,026 | ---- | C] () -- C:\Users\Home\Desktop\tdsskiller.zip
[2010/10/28 23:35:14 | 000,075,264 | ---- | C] () -- C:\Users\Home\Desktop\SystemLook.exe
[2010/10/28 21:34:18 | 000,183,641 | ---- | C] () -- C:\Users\Home\Desktop\OTL.zip
[2010/10/23 20:41:43 | 000,004,608 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/20 02:20:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/10/20 02:19:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/10/19 20:23:47 | 000,001,804 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/19 20:23:47 | 000,001,780 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/14 22:34:33 | 000,446,499 | ---- | C] () -- C:\Users\Home\Desktop\large-print-tube-map.pdf
[2010/01/10 13:49:04 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/01/10 13:45:51 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/31 18:16:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/20 16:52:55 | 009,771,742 | ---- | C] () -- C:\Users\Home\AppData\Local\VSMsiLog2AA9.txt
[2009/09/20 16:51:25 | 000,037,039 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_MSDN_vs_90.txt
[2009/09/20 16:51:14 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_error_msdn_vs_90.txt
[2009/09/20 16:51:13 | 000,258,736 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_install_msdn_vs_90.txt
[2009/09/20 16:48:16 | 000,188,218 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SqlPubWiz.msi271A.txt
[2009/09/20 16:48:08 | 000,283,760 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_RefInt_x64_MSI2700.txt
[2009/09/20 16:47:51 | 000,549,116 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_NetFxTools_x64_MSI26C9.txt
[2009/09/20 16:47:36 | 000,440,290 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Win32Tools_x64_MSI2698.txt
[2009/09/20 16:46:24 | 005,358,798 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Build_x64_MSI25AD.txt
[2009/09/20 16:46:06 | 000,653,338 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Tools_x64_MSI2572.txt
[2009/09/20 16:45:06 | 002,501,282 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_CrystalReports2007_x64_MSI24AE.txt
[2009/09/20 16:40:43 | 004,652,682 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_CrystalReports2007_MSI2153.txt
[2009/09/20 16:40:20 | 001,222,686 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_RDBG_AMD64_MSI2108.txt
[2009/09/20 16:38:48 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/20 16:33:11 | 000,488,718 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_64bitEmulator_MSI1B8F.txt
[2009/09/20 16:32:10 | 005,155,436 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WMSP_5_0_MSI1AC8.txt
[2009/09/20 16:30:43 | 007,073,050 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WMPPC_5_0_MSI19AC.txt
[2009/09/20 16:30:24 | 000,739,886 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SSCEDeviceRuntime_MSI196E.txt
[2009/09/20 16:30:16 | 000,331,702 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SQLCEToolsForVS2007_MSI1953.txt
[2009/09/20 16:30:07 | 000,357,614 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SSCERuntime_MSI1936.txt
[2009/09/20 16:29:20 | 000,842,960 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_VSTOR_MSI189D.txt
[2009/09/20 16:28:45 | 001,049,088 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NETCFSetupv35_MSI182A.txt
[2009/09/20 16:28:09 | 001,293,660 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NETCFSetupv2_MSI17B5.txt
[2009/09/20 16:00:05 | 053,868,066 | ---- | C] () -- C:\Users\Home\AppData\Local\VSMsiLog0239.txt
[2009/09/20 15:55:45 | 002,870,540 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_Dexplorer90_retMSI7EE8.txt
[2009/09/20 15:55:35 | 000,347,944 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_PreReq_AMD64_MSI7EC8.txt
[2009/09/20 15:54:04 | 001,864,064 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NET_Framework35_x64_MSI7D9F.txt
[2009/09/20 15:53:05 | 000,175,713 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/09/20 15:53:01 | 000,131,474 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_dotnetfx35install.txt
[2009/09/20 15:53:01 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_dotnetfx35error.txt
[2009/09/20 15:52:41 | 000,837,792 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_VC_MinRed_MSI7C90.txt
[2009/09/20 15:50:28 | 000,191,477 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_VS_PRO_90.txt
[2009/09/20 15:50:18 | 000,621,994 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_install_vs_procore_90.txt
[2009/09/20 15:50:18 | 000,037,810 | ---- | C] () -- C:\Users\Home\AppData\Local\uxeventlog.txt
[2009/09/20 15:50:18 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_error_vs_procore_90.txt
[2009/09/17 17:19:54 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/29 07:11:44 | 000,568,850 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2009/08/29 07:11:43 | 000,856,064 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/08/29 07:11:43 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/08/29 07:11:42 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/08/29 07:11:35 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/08/03 19:05:19 | 000,000,200 | ---- | C] () -- C:\Users\Home\AppData\Roaming\wklnhst.dat
[2009/07/31 01:45:20 | 000,000,680 | ---- | C] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
[2008/01/21 02:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
< End of report >
Hi
Sorry, the previous post was the OTL log after runing the RUN FIX.
The below post is the RUN FIX log: It seems that OTL is not able to find the entries. It says they are not found. But the entries are still there!!!:confused:
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ewmxnrosca.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lvgciejlkc\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lvgciejlpe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lvgciejlpsc\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LvgciejlqMc\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lvgciejlud\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ohjxnxxw\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\sppobv\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YXE7DXCQ37\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{890DE1E0-19A6-7968-FF53-7863AEE79968}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{890DE1E0-19A6-7968-FF53-7863AEE79968}\ not found.
========== FILES ==========
File\Folder C:\Users\Home\AppData\Local\vpwkxpvvr not found.
File\Folder C:\Users\Home\AppData\Local\Temp\mskpwvmx.dll not found.
File\Folder C:\Users\Home\AppData\Local\Temp\Bwh.exe not found.
File\Folder C:\Users\Home\AppData\Roaming\Soaxl not found.
File\Folder C:\Users\Home\AppData\Local\Temp\ewmxnrosca.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Home
->Temp folder emptied: 37106 bytes
->Temporary Internet Files folder emptied: 316981 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44691760 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 3652 bytes
User: Public
User: vijay
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 44.00 mb
OTL by OldTimer - Version 3.2.17.1 log created on 11082010_205923
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
The entries are still there.
System Lookup seems to search the entries in the WOW6432Node and hence it doenst produce the registry export as we thought. So I am manually exporting as I did in the earlier post.
Note: I didnt tick the Purity and LOP checkboxes in any of the OTL scans/fixes I did in this last post. I thought the code which I copied and pasted had the option to enable/disable them. So I left them unticked and just copy-pasted the code which you gave into the box. Is that causing the problem? Should I tick the LOP and purity while running the Run Fix in OTL.
attached the registry export
Hi,
Got it thank you. I am going to have someone else look at this because this appears to be a simple fix and not sure why there not being removed
Have you rebooted your computer after the fix and prior to posting ?
Its showing in the fix that the reg entries and files are not found
Take a peek and see if these are present
C:\Users\Home\AppData\Local\vpwkxpvvr
C:\Users\Home\AppData\Local\Temp\mskpwvmx.dll
C:\Users\Home\AppData\Local\Temp\Bwh.exe
Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean
Hi ,
Yes, the system rebooted itself when the Run fix was completed. so the OTL log was after the system reboot. I again restarted it manually and then exported the regitry entries.
I couldnt find any of that those files in the folders. There were no such files in the temp directory. I ran the TFC and rebooted the system.
The registry entries are still there....I want to keep you informed that I dont face any other open issues in my system. Other than these entries there are nothing unusual. So are we ok if we remove this thing somehow?
Will they be left out in anyother such places in the system??:fear:
Dont know why there showing in the reg import as OTL is showing that there not found.
Looking into another method.
We may be looking in the wrong place since this is 64bit
Open OTL,
Mark all the modules to NONE
Then copy and paste this into Custom Scans/Fixes
msconfig
Then click the Run Fix Button.
Post the results please
Open OTL,
Mark all the modules to NONE
Then copy and paste this into Custom Scans/Fixes
msconfig
Should I mark all the radio buttons to NONE or is this only the Radio
under the "Modules',
Hi,
I just pasted the line 'msconfig' in the custom scan box and ran Run fx. I got the following log immediately.
-----------------------------------------------------------------------------
Error: Unable to interpret <msconfig> in the current context!
OTL by OldTimer - Version 3.2.17.1 log created on 11102010_202548
Lets try this in Safemode, make sure you run ERUNT once again to back up the current registry settings
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ewmxnrosca.exe]
[-key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lvgciejlkc]
[-key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lvgciejlpe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lvgciejlpsc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LvgciejlqMc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lvgciejlud]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ohjxnxxw]
[-key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\sppobv]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YXE7DXCQ37]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{890DE1E0-19A6-7968-FF53-7863AEE79968}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{890DE1E0-19A6-7968-FF53-7863AEE79968}]
Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.
If you saved the file correctly it should look like this http://i24.photobucket.com/albums/c30/ken545/reg.jpg
Run the above fix that I posted, reboot and then run OTL this way. Sorry for the confusion but things are a bit different with 64Bit and some tools act differently.
Open OTL, check each and every radio button to NONE. Then copy and paste msconfig into the Custom Scans/ Fixes box but this time click on Run Scan...Not Run Fix and post the log.
Hi ,
I am sorry that I cudnt reply immediately. I have problems in connecting to Internet.
right now I am replying from my friends laptop :) Will bring my laptop to my friends home and post the logs if I cudnt post it from my home.
I will post the logs tomorrow. Please do not close this thread.
Not to worry, I will keep this thread open for you.
Hi ,
At last the entries are gone :)
I have discovered some hidden secrets in your fix.:crowned:
You havent deleted 3 entries and they are still there....am i right?
I think you are trying to check if this solution is going to work..and now i think it has worked. I am posting the OTL scan log (run in safe mode with all radios NONE - including the FileAge radios)
***OTL Run Scan Log***
OTL logfile created on: 11/15/2010 7:52:37 PM - Run 9
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Home\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
8.00 Gb Paging File | 8.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 171.68 Gb Free Space | 60.58% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.84 Gb Free Space | 53.51% Space Free | Partition Type: NTFS
Computer Name: MANJULA-HOME | User Name: Home | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
MsConfig:64bit - StartUpFolder: C:^Users^Home^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe - (Stardock Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^Home^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WinUpdate.lnk - C:\Users\Home\AppData\Roaming\Template\VCLUPL~1\msftstp.exe - ()
MsConfig:64bit - StartUpReg: [b]Dell Webcam Central - hkey= - key= - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
MsConfig:64bit - StartUpReg: googletalk - hkey= - key= - C:\Users\Home\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Lvgciejlkc - hkey= - key= - C:\Users\Home\AppData\Local\Temp\cmd.exe File not found
MsConfig:64bit - StartUpReg: Lvgciejlpe - hkey= - key= - C:\Users\Home\AppData\Local\Temp\csrss.exe File not found
MsConfig:64bit - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: Search Protection - hkey= - key= - C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
MsConfig:64bit - StartUpReg: SightSpeed - hkey= - key= - C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
MsConfig:64bit - StartUpReg: sppobv - hkey= - key= - C:\Users\Home\AppData\Local\Temp\mskpwvmx.DLL File not found
MsConfig:64bit - StartUpReg: VeohPlugin - hkey= - key= - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe File not found
MsConfig:64bit - StartUpReg: YSearchProtection - hkey= - key= - C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
< End of report >
Hi,
I put this in incorrectly
Run this fix again and then run msconfig like you did with OTL and lets see if there gone
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\sppobv]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lvgciejlkc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lvgciejlpe]
Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.
If you saved the file correctly it should look like this http://i24.photobucket.com/albums/c30/ken545/reg.jpg
hi,
i ran the fix and the entries are gone now...:)
otl log below...
OTL logfile created on: 11/15/2010 8:54:30 PM - Run 10
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Home\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
8.00 Gb Paging File | 8.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 171.56 Gb Free Space | 60.54% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.84 Gb Free Space | 53.51% Space Free | Partition Type: NTFS
Computer Name: MANJULA-HOME | User Name: Home | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
MsConfig:64bit - StartUpFolder: C:^Users^Home^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe - (Stardock Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^Home^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WinUpdate.lnk - C:\Users\Home\AppData\Roaming\Template\VCLUPL~1\msftstp.exe - ()
MsConfig:64bit - StartUpReg: [b]Dell Webcam Central - hkey= - key= - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
MsConfig:64bit - StartUpReg: googletalk - hkey= - key= - C:\Users\Home\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: Search Protection - hkey= - key= - C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
MsConfig:64bit - StartUpReg: SightSpeed - hkey= - key= - C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
MsConfig:64bit - StartUpReg: VeohPlugin - hkey= - key= - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe File not found
MsConfig:64bit - StartUpReg: YSearchProtection - hkey= - key= - C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
< End of report >
http://i24.photobucket.com/albums/c30/ken545/cool.gif
Been at this to close to seven years and 64bit windows is another animal, lots to learn myself with this new operating system
How is everything running now, did you get your internet problem fixed ?
yes...system is working fine...the internet problem is fixed...that is with the network connection and not related to our system...
thanks a million for cleaning all the traces.:thanks:..i am happy to close this thread if you are....
Advanced Merry Christmas and Happy New year...:present:
Great, glad things are back to normal for you. Its been my pleasure helping you. Happy Holidays to you and your family as well
Open OTL and click on the Cleanup feature and it will remove most of or all the programs we used to clean your system.
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.