-
system infected with security suite
Hi,
My system is infected with some malware/virus. I am not able to launch any exe files once i log in. I have some weird exe files that appear in the processes in the task manager. When I launch task manager immediately after loggin in and if i kill those weird processes i am able to launch other exes. I have unchecked those files in the startup items.
Posting DDS log and attaching the attach.txt
---
DDS LOG
----
DDS (Ver_10-03-17.01) - NTFSX64
Run by Home at 1:20:29.62 on Wed 09/15/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4054.2498 [GMT 1:00]
AV: Trend Micro AntiVirus *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Home\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\Home\.COMMgr\complmgr.exe
C:\Users\Home\AppData\Local\Temp\rpm54cg.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Home\Desktop\malware removal\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://in.yahoo.com
mDefault_Page_URL = hxxp://in.yahoo.com
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~2\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files (x86)\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~2\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~2\yahoo!\companion\installs\cpn\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files (x86)\veoh networks\veoh video compass\SearchRecsPlugin.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\home\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SightSpeed] "c:\program files (x86)\dell video chat\DellVideoChat.exe" -bootmode
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [googletalk] c:\users\home\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Messenger (Yahoo!)] "c:\progra~2\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] c:\program files (x86)\yahoo!\search protection\SearchProtection.exe
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [COM+ Manager] "c:\users\home\.commgr\complmgr.exe"
uRun: [LvgciejlqMc] c:\users\home\appdata\local\temp\rpm54cg.exe
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [YSearchProtection] "c:\program files (x86)\yahoo!\search protection\SearchProtection.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.co.uk/s/v/63.16/uploader2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://inchnm03.tcs.com/dwa8W.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun-x64: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun-x64: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
============= SERVICES / DRIVERS ===============
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-5-28 53488]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_15f4e438\AESTSr64.exe [2009-5-28 89600]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 TeamViewer4;TeamViewer 4;c:\program files (x86)\teamviewer\version4\TeamViewer_Service.exe [2009-8-24 185640]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-11-1 42000]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-5-28 160704]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-5-28 126464]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2009-5-28 252928]
R3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\system32\drivers\OA008Ufd.sys [2009-5-28 158592]
R3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\system32\drivers\OA008Vid.sys [2009-5-28 310784]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-2-11 135664]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-8-17 900360]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-7-31 93184]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-7-11 61288]
S3 fsssvc;Windows Live Family Safety Service;c:\program files (x86)\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-21 19968]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x64\msvsmon.exe [2005-9-22 4476096]
============== File Associations ===============
JSEFile=c:\windows\syswow64\WScript.exe "%1" %*
=============== Created Last 30 ================
2010-09-15 00:00:55 0 d-----w- c:\windows\pss
2010-09-13 18:17:52 0 d-sh--w- c:\users\home\.COMMgr
2010-09-13 18:17:32 0 d-----w- c:\users\home\appdata\roaming\D3ADD88C79438E06E44D32E19B9A55BD
2010-09-03 21:43:10 0 d-----w- C:\My Collection for bristol festival
2010-09-03 21:42:48 0 d-----w- C:\Bristol Harbour Festival - Copy
2010-09-03 21:29:24 0 d-----w- C:\Swizzz
==================== Find3M ====================
2010-07-26 16:55:26 11581440 ----a-w- c:\windows\syswow64\shell32.dll
2010-06-26 06:30:12 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:25:54 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:25:54 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:05:49 916480 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-26 06:05:41 1210368 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-26 06:04:40 206848 ----a-w- c:\windows\syswow64\occache.dll
2010-06-26 06:03:22 611840 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-26 06:03:04 5951488 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-26 06:03:02 599040 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-06-26 06:03:02 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-26 06:02:31 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2010-06-26 06:02:15 1986560 ----a-w- c:\windows\syswow64\iertutil.dll
2010-06-26 06:02:15 164352 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2010-06-26 06:02:14 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2010-06-26 06:02:14 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-26 06:02:14 11077120 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-26 06:02:09 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-26 04:47:47 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-26 04:25:02 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2010-06-26 04:24:51 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2010-06-26 04:24:17 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-21 13:53:02 2749952 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:17:49 50688 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 16:43:54 36352 ----a-w- c:\windows\syswow64\rtutils.dll
2009-08-17 12:01:35 51200 ----a-w- c:\windows\inf\infpub.dat
2009-08-17 12:01:35 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-08-17 12:01:32 86016 ----a-w- c:\windows\inf\infstor.dat
2009-05-28 08:19:19 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-05-28 06:04:00 75 --sh--r- c:\windows\CT4CET.bin
2010-05-06 19:17:23 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-31 06:24:49 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-07-31 06:24:49 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-07-31 06:24:49 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-07-31 06:24:49 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-02-17 18:56:34 16384 --sha-w- c:\windows\temp\cookies\index.dat
2010-02-17 18:56:34 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2010-02-17 18:56:34 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2009-05-28 07:54:32 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
============= FINISH: 1:21:55.14 ===============
-
-
the exe`s are still there
Hi ,
I have just disabled them from the startup but havent removed. So I still need help to remove them.Please help.
-
Hi
OTL
Download OTL Here & save it to your desktop.
- Right click on OTL.exe then choose Run as Administrator to run it. Make sure all other windows are closed and to let it run uninterrupted
- When the window appears, ensure Include 64bit Scans is ticked
- Click on Minimal Output at the top
- Download the following file scan.txt to your Desktop - Click here to download it. You may need to right click on it and select "Save"
- Double click inside the Custom Scan box at the bottom
- A window will appear saying Click Ok to load a custom scan from a file or Cancel to cancel
- Click the OK button and navigate to the file scan.txt which we just saved to your desktop
- Select scan.txt & click Open. Writing will now appear under the Custom Scan box
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long
- When the scan completes, it will open two notepad windows OTL.Txt & Extras.Txt. These are saved in the same location as OTL
- Copy/paste the contents of these files, one at a time & post them in your next reply
To post in next reply:
Contents of OTL.txt
Contents of Extras.txt
These are large logs, so one log per post please
-
OTL log
OTL logfile created on: 9/19/2010 6:03:03 PM - Run 1
OTL by OldTimer - Version 3.2.14.0 Folder = C:\Users\Home\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 153.78 Gb Free Space | 54.26% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.84 Gb Free Space | 53.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MANJULA-HOME
Current User Name: Home
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
========== Processes (SafeList) ==========
PRC - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Home\AppData\Local\Temp\nvsvc32.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\taskmgr.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\system.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\2314884205.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\user.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\hexdump.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\spoolsv.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\winamp.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\gdi32.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\csrss.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\440669226.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\debug.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\lsass.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\iexplarer.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\svchost.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\avp.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\win16.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\mdm.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\login.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\avp32.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\win.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\sysedit.exe (Microsoft Corporation)
PRC - C:\Users\Home\AppData\Local\Temp\Bwh.exe (Don HO don.h@free.fr)
PRC - C:\Users\Home\AppData\Local\Temp\Bwg.exe (Don HO don.h@free.fr)
PRC - C:\Users\Home\.COMMgr\complmgr.exe (EP-Service)
PRC - C:\Users\Home\AppData\Local\Temp\rpm54cg.exe ()
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Users\Home\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
========== Modules (SafeList) ==========
MOD - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msshsq.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Microsoft Office\Office12\GrooveUtil.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Microsoft Office\Office12\GrooveNew.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\ntshrui.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\duser.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\actxprxy.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\SLC.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\networkexplorer.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\thumbcache.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\linkinfo.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\normaliz.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe ()
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe ()
SRV:64bit: - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV:64bit: - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV:64bit: - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (TeamViewer4) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys ()
DRV:64bit: - (tmxpflt) -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys ()
DRV:64bit: - (tmpreflt) -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys ()
DRV:64bit: - (vsapint) -- C:\Windows\SysNative\DRIVERS\vsapint.sys ()
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys ()
DRV:64bit: - (OA008Ufd) -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys ()
DRV:64bit: - (OA008Vid) -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys ()
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\DRIVERS\tmtdi.sys ()
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys ()
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys ()
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys ()
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys ()
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys ()
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys ()
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys ()
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
O1 HOSTS File: ([2006/09/18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files (x86)\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [COM+ Manager] C:\Users\Home\.COMMgr\complmgr.exe (EP-Service)
O4 - HKCU..\Run: [googletalk] C:\Users\Home\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [Lvgciejl82xme\AppData\Local\Temp\2314884205.exe] C:\Users\Home\AppData\Local\Temp\2314884205.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejl91+me\AppData\Local\Temp\440669226.exe] C:\Users\Home\AppData\Local\Temp\440669226.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlhb] C:\Users\Home\AppData\Local\Temp\debug.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlk+] C:\Users\Home\AppData\Local\Temp\gdi32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlmc] C:\Users\Home\AppData\Local\Temp\mdm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlna] C:\Users\Home\AppData\Local\Temp\login.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlna.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXMiwocOHECMypCaxosWLGCkK1JiQosd/H0OCHCnSI7WSJ0dujMhxZUI/
A1tO7KiyJsabDFMdlInzYiqYCEWuLBmz6Ec/qYgK7bmQ50WnC3UWtWnRqcyPLv/5AUoQalaqUWGK
lNp0KtVUZJmq3cl2bcStFb0qREoz7sCkaauaXTu25lKIVtuO3CrX6N66AuFe7Qp4JF6JHCMLdisw
L+WG1H4+RMtYoUy4k/9Zjsr5ZmClJFMvXX13Z+HQX6du5Vp2oOLaiWkf3h0bLdmrryHjDS548WKc
ugnSjZgXafKDy1kqfOyZ+NPM2CVLZswzrfbUnf3G/8z783bQnaO1mieoOXbOgiepgzXs/jJ95pc1
wiwPGv5DuaXZZtpdSXlmUEqYUeUVVvdRhBdn22VlGYOQ5ZZUfwxixxtFYimY21be8RaUb12dZGJ8
B0aY33/ZTZcRdDqB2FB6BukEoHNxmZjUiScmWCGF/g31n1/YocXRb+E9NNs/UzRJ22kT2lRgbKBx
iCGPWA53ZHEH0TjkeT8GudGO6VmHo2gwNTmFXC15uRs1hJmEYn8jIpikQ24OGVJLKoq5EZYKGrnj
hrYhVWRmMaLQ5HzbeafjoyeCKJWKS8aEaGB51pSpdLFpZF2KILVZYosGnVnZk6moueOhg/IYqlPD
of/1HGlGOmTdpgYax5OdIhZ34pT+xXqbldzBOYWi8fVYGavMUlfegXXV2t5M87GHG2Jgqmfqfz9N
4Ye3utkoGpxGaqRZrHACGpOar3k6nGh/lndospklp6GAldLkB6Kj0cinYZH9JDC4f3oaqnPf8vdk
Qakoeqy3ReGlpqIo+Daoeg03GSDDDicU65RHAiXVaBw6afHH8UllqGi+IUVifeJG2N+g5b40hW/1
CnzyaCAivNy3FN+cUkrfTpzWg0w6rDG6tjV5JL+uwWvb0TupeXOX+/Gr9a9wSnqvy+BNHeVQ/FpM
jaIun2ziSi47J3DaKm9ltaIqoRU0CkA1CvTDyFr/mlSTij7mlbjwtmc4Yz8FPbLaXk4r62w3C13v
bJTTWa1n3wbcrNY7M16v1eAODLqWeY+kZtFOVjYc4LV21FKVU0v9IOhgV2agckaCC/m+ICk8m6BF
2tpV4FTRtTbDnXfG97G5P2xy5yc7nKrzxifWce+ksnyXyFh17tyx/xCvX31O+SwpZzZ+W3mH9c24
qEHeXm0a6FNoNXq+p1qsqrGnC+skq4IyEl2gBzyuUENjTFpTa5gELJDArWWlKY93ziRBtagvK3KT
X9igFRv67c1hC6vXvVKFNgcGjTD2KyHyCIgznK3NRH5A2wFvRqLp3cxtr7OctignMI7IzTo5i07T
/yZVGatlayFLmtvEnLYsnCGkaAa0mtv6V7bEWMZGEHqd9byFluc9Dm8tNJvHQuezST1rJt1pW9EI
N8NUla5goYJWvk4COOcdq23iqVHGKraSY6EAbUihmJXMJqdxkaWFZQMc71S4Rf2YKkPbM1TX5Haw
9bSPISb73A0hBj8MEWhlBYkh6v4HEec4jFVWu9D/OFSgZD3IbXCL1/R0ohMmDsRJMsITUm54kp5J
Kpc9ISHbIKY+mOCoaHwCDXlkZUcE9gZ6IKFelWL4MBteCIAPepCV1oe6B/VNIKe75JhW1kWJFTNG
N8zj5RAyvT+9L2EFOR0sWxnAKaEOb9Lbme04mP9C3u2pjvJUXXYG6qCtaWiGN8ygodYIJIYJMZqa
4aZWUiUwbPHmgpnp2wFRELH/nRGH6drRbO7GtzK55iR/XNM8u7U8FEDtOIYsktnY5c2rwQlZIiyV
Dk+VUF/uS32O9FND4JnASb1vI7isp9QEKiiledCiZUPdGFOpsIZ6zH40JInTuuitgZLJbVh7WwV/
h7+JXgSBqSsiV2z40IlaTCueAijoxDc0ci3nKtWEzi4VuMD1TQShDvKNxhD6k3kxq3KFlRvlHITY
BQFmq0cVDRd3169QRnF0CCUljxoInTvCBy9vXCpjKpfH6dUumpsMnazIRFBmTe53p+IhTswVuKX/
NQ9iZ8NtKAu1r1cusW13I2JBN9shlDKPZVhpbYjkNLRifitpZBxp/AKnMCFFxrD8AReiGuuhT7GU
r4lh4gEt2Z62iXWUW5WVUzc2lVaqhJo3BJ4rE+tej0Dwp8BSrHO2e0cvpu2/Zlvtaslq18aWTWe4
4p/QtDVDOj4XTWK1mG42OjHV2HE/O0sJuuLzsH258qcl6dnbQGTVlcRIutczjA631DSv9RJyu+pV
ZwmWtxmqJ74EOpny1ou45WXKlcYCI6A0JCvY+Oc55ZkY5dhJsqIgzE6T9DCu/DRe3hEIXMfikxvR
NFFYjhJv3Elg0CJkrhbCBW9AGu6v5kk+zRS0/0A7opiVd0jJxAgVTYrx1JKbGKBbGbAr2SVP2ubi
Ri6+dV1ShI8rp9Ynl7CPbPYddMGI6x12IZG0m7lPjXiVJGC6hGhGFBsRLSLBOPW2R66SrDr/xDZ4
LQhSHCqUe3vnwEcPNXIP3gun75STnYrHaj5kb0YQ1KIjBWjFmnbdr07ay/M02SE/q26SPsWeObdF
w+KdqGP5KRmaqasmZO2ZwY4zwqFdLmdC6oyX/iIlWy+ZPOZOt15sEtgp06TRk+pRWx2omh7R8y0m
NQu1X3K7i1HrS0utl1aMHGZ2ZyUzgF7VxbBb7RH3KdjFjZqojqgSg4Wn230GmIyFV5pZsaWQvP/u
UuzGhOpdn2WfLN8Ijhq9atEifDoQHzhMOxUvsUxL0akBmZGvIsDWKitexzPxYI485yByNswLvBMk
MTXQOH585DM65NWPfp1lnyc4yX3iz4N0skH/a51dkjAh9Yl2fvLc2L9Z1bjoJZ03cz3qrFZNbXIO
r12qZtZOvq9dI3zewrv4I/KJkL3vTBIIjWfRVSEontZCFkn+CsGx1B7j8f4q3sinOk/RtSTZ4/iU
I53upg+byd2u8jmOyuBQ7xXEAfNssAx8OkhSHZiMThmP+6hGqz+5y8WJ9aRzat4V7bidtQyp0FNr
8V/xfbaAtCqTEL8jTz94ME3q4VfdXi3Ql1B3flBNe6h8Xzi/OezvUx4Y1ssbjqhR+tW/HhVLGf9A
sGd42/E0suHbxz+owRrO13uA4X//x05/xnOpR38BaBfXgXUsAi3JlX09cX4HeIFMYYEVgSMXYnge
OE8gGGEHSHP20X494WXclIIqiFgoOHdiQmYCF4MYERAAOw==] C:\Users\Home\AppData\Local\Temp\login.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlne] C:\Users\Home\AppData\Local\Temp\lsass.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlo+] C:\Users\Home\AppData\Local\Temp\avp32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejloc] C:\Users\Home\AppData\Local\Temp\avp.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlora] C:\Users\Home\AppData\Local\Temp\iexplarer.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlotc] C:\Users\Home\AppData\Local\Temp\hexdump.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlpe] C:\Users\Home\AppData\Local\Temp\csrss.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlpsc] C:\Users\Home\AppData\Local\Temp\taskmgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlq+] C:\Users\Home\AppData\Local\Temp\win16.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlqb] C:\Users\Home\AppData\Local\Temp\winamp.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlqc] C:\Users\Home\AppData\Local\Temp\win.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlqcchonline.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXGgwFcOHECNKnLiQGjWKES8K1DiQI8aPHRP6+ecRpEmDJSGmrGjRYsiT
MGOeHCmz5st/fnLq1JnKT8+cP33uFLqzp1GgNjmuvFiSacGVIIFOGTo0KNWfU636mUq161avYHNO
CXqToNKyA1O1dHoWpU2FPIUeBRqXrl2ieB2SXEgzoUa9bwPjFBw151OBOs3u3YhW5sq+D/W2Pdj0
JFS/ey8rfsuR6MGihCcCjoxRc8aFahm3DP3QacGdh6ntdLk6KdoprfdCXkyZpOmKmYNvpNaTpFrX
vDdP/C0R9uejwdm+3V0x1WjllK/HpC3ZJHOKk1M6//883u1q6YwVa6QeWW1q4cn3Wk8vfD79p8ep
TVVNfK1L5Re9p5pj/eUHl1Fw0XWfQmdJxx5DkPVnWlP9ZeSfbBYiZ9xyvmnIYEcFWmQdcSNaxZeC
AMZH30jSoffZQCPl1CKJDv1V42EoSeiSWrt56JZA9vnIm3+NBdaZHxfWhtNPGGmHkIv3HWWUewcJ
6JeIBFn3IGYdOfnkfwRtaRaY9FWG3XDRoekUT5MpJmZvabXYoW5zRQiYUmD2VRxaxFFnY4rDKfna
j/FVmJtrtL3204SxhcTcUv/cuKB6MEpJ01oGsbgnQvbRR+WVZIqk1XUUWrngo4ANhVyLVjGVmpyw
Zv+WaIBgCrniXa8CKVuDS0oa0nFpYhoWVUPCx+B/3xGaqVAQodhaS4Bdl1WRDYJ5p6XurXqTRtzJ
5dNPCDZ7mnmpcCXgb9d1umZiRcb4FYtwvtSdbFNAG+KALsLak34ooJAVXsUCy9Sss8oK66Uqfkjc
FAw37K+XDZllmHWddlTVhUjWBjCnZZULcYf2cpvfewFO0e/JmVkqY42CThoRux+aVa7JNPtr81Sh
KtUdYzIC+W25X03FFcLwGmfvyH0CFbJ+K8v8z1gWzYbTULqWe/LVKCBJ6kbe7ltmsbxy1HCRVdbM
cGrW+bvfnBEntCdW78oWrVzNybbVq3aLtWiSq0H/zC3DN59cb5xr5SeijT/79NraP341LjU2nwuk
zTpme3iSvO00lpabFtRq5qMiKRZPQGaFqZLaXtQXv1j7i6RiluMYcspyjf3kVx/f/jBCNN9pcKiB
0ob7hSBHXbhQp8uK2N1RA61noXxN3q/JrkvWN3HA2boRw12nZTtDyG2VNULi/yulQ5bzbTFXz9WI
MM86zXhRwz5FjbPxxF9++q7iXx2poTQyj3BSoqGzpUcnQjMMRmzGKddV6XwiYlb9WmIXt1HsRLfj
nkNwliW6RaZANUOBQ4gCuJ0BB0JbIc/aPNgaP+wuUybTDsSo9B8S2kV/fcLW15Y3ksFF6l0KDNbU
/4oWJi0BBWs4K1+/3pQe4CWHaeIx4JlQwz2UfC8tXOrQpphEorvJjEg5ZJHcROSe+IlFik3BVtcM
JCLBZa11/pLId5gXJrFY5mQeKZ/vfHWgTzEtgQmE0WRudJ4BpmYr3KuL6ii2RqDtjTbUg+MSsfQk
EBFqLVVkTMNGk6wwnY1EavskFiOzmzLqDVg/HMyksNe1CnmwJ+aqSNGw17zaTc9m0/MVH+PFH4/o
x4dL4uBJrGY2wdEshYBK5W2C6KauqO518KJYrUDGPeGtzlgGeklOrnbMn4GLR99qJbcwpZ6tcOtd
vGxNw0wmI/uNzVuKYo9HPEbB7hlmYL55CvYiFf+kxXyFLXl7ndNwtBFiTu+aL9mnPmukxik9TWla
AqZKyuJChnHLe2q76Oh65Cj5pJBW7xnJyPIZp52FsTiqs+gaY8S+8/iSnwKJZL8CKtI4jlJCJL3M
ej4JS6hJM1u+q0gmYag2RSGGLKey2y49pC2XZYlE00INOJE3sBv1sGaaotfJSlS5rh4ufe5RKdNy
lxuBMDBixMQNTN1CtcXQi2QuEWk2M5azYm1meO7hKlBDtFegVnSrrOOmQmF60XSSxIBAm85QgdSR
dZK1jgqMH7KMUrijhUh/xwkSODdHsZ9WTGLOYpFM3Xi1UhbUqeTDmRQ5tCBiMkZSCythXoGqV2n/
IjCcQVOgV5ckMjJ2lp8/0+BvfeOkij1TgaNFIssGtr8ABbVsYxEmQbOno8jttXn6MdUJ0wLEoU3w
p5WbmKE8Z58Lkncln/UcTogTuGO+NFL4IRGRKik0xrGWMhUVqUcrmTq3koifgIwo6aq1Gma+9lx1
he9vtTum2sgUag/MkmZ9qT5EWhS1TWKngp00z87OlkbpyhiaYDSWdq6KgvL5bGGna5z0QgsxWVqi
iV5aIt5YjyWIzCZM/mJdD3OORzdB5bb+1zKA6kVVQ+oPEQeUrtEI2XArJiJd+zIb8574qJ315pTQ
p55Ega+vJbMv+FqWHZIqi3xKxeJ4lcXJO9Vm/7gwrmS0GLkvH3sYQlmyDfySWbUVK8dwU2zTZvLG
Qa2FKlqEIyeOEPQ+Sy44JM7BZzrVytiEmcRrYx7ssZDlxNzs8odBGa+rgkcRTMPOvMVdXnEeS53H
VnKHuWLymp+blhHpyCQxwgxezAlWuWnZzj4uWA6djNCcwghmOBIojCwNEicKuW2eG2dTJZLeZimV
ks1WZWcLVKJtgxfY4PImjcSDazWG88UDgjZJ6AqleM1TccZqjLAuOMHeyEnCKvZmpZHju07zjGPM
lqO0Jdw1onh2kdzdMkSMm2kymdJRSWtPtW3MaICTbdmTYnCTFA2p4MVOe6CuSsHxdkE8dbqfX/87
DmxcpSWMJ1l1KRuRuxO8bpcx8VnLsdaOaoLKnCm6zAJfJLIrvegHmteweUbNjpEuKJwGyK5X+jZt
mPtstHwq4BRX0kYf9HTlRLNzGMawqwVDZs2AmSXFK56XcUrtib/mbhFiyB7VNUzW+KXqp+Wrijs6
HIEN+dQ64tt/fgtyXemmZ5iBeUlY+Heod/3iofnq0QUOvdbkzpd+j1WmqhQRv8ntzG6zO57AWh+3
winwjXcZmXQaLj4TmYLA6yTXa+328Jiwk5ziq7/V6yVyFh4m0sQ95/U50ThDHd9ZJPppqtrtx/Iq
znoB9BQHTS34OJfW8Q6bbhq1Q7T0iICV8ptWy8NOXOGLi8x2b7H5SWMZ5ZOfn3h3vxw5g2L4Yv0j
Hda4TPQPHpMyqqDKxmLpl3zyt3RAMnmscXMTNVjrh4DgcX9lNYAyg33rJ3e/Vzdmtl35h30GERAA
Ow==] C:\Users\Home\AppData\Local\Temp\win.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlqf] C:\Users\Home\AppData\Local\Temp\user.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvgciejlqMc] C:\Users\Home\AppData\Local\Temp\rpm54cg.exe ()
O4 - HKCU..\Run: [LvgciejlqMcmd.com/dw/dw.php?id=%s&ver=d01] C:\Users\Home\AppData\Local\Temp\rpm54cg.exe ()
O4 - HKCU..\Run: [Lvgciejlqvc] C:\Users\Home\AppData\Local\Temp\svchost.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlrxc] C:\Users\Home\AppData\Local\Temp\spoolsv.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LvgciejlsPc] C:\Users\Home\AppData\Local\Temp\nvsvc32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlud] C:\Users\Home\AppData\Local\Temp\system.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lvgciejlupc] C:\Users\Home\AppData\Local\Temp\sysedit.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [SightSpeed] C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [YXE7DXCQ37] C:\Users\Home\AppData\Local\Temp\Bwh.exe (Don HO don.h@free.fr)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.co.uk/s/v/63.16/uploader2.cab (UploadListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://inchnm03.tcs.com/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1727ee65-a14d-11de-836d-002219ec09f3}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found
O33 - MountPoints2\{3c6b17f3-ae0c-11df-8aa0-002219ec09f3}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O33 - MountPoints2\{826839c6-809f-11df-a589-002219ec09f3}\Shell - "" = Autorun
O33 - MountPoints2\{826839c6-809f-11df-a589-002219ec09f3}\Shell\Open\command - "" = regsvr.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: VIDC.3iv2 - C:\Windows\SysWow64\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\SysWow64\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.wmv3 - C:\Windows\SysWow64\WMV9VCM.dll (Microsoft Corporation)
Drivers32: VIDC.X264 - C:\Windows\SysWow64\x264vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
-
OTL log-continuation
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 90 Days ==========
[2010/09/19 17:58:01 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010/09/15 01:20:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/15 01:19:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/09/15 01:16:53 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\malware removal
[2010/09/15 01:00:55 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/09/13 19:17:52 | 000,000,000 | -HSD | C] -- C:\Users\Home\.COMMgr
[2010/09/13 19:17:50 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\vpwkxpvvr
[2010/09/13 19:17:37 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/09/13 19:17:32 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\D3ADD88C79438E06E44D32E19B9A55BD
[2010/09/03 22:43:10 | 000,000,000 | ---D | C] -- C:\My Collection for bristol festival
[2010/09/03 22:42:48 | 000,000,000 | ---D | C] -- C:\Bristol Harbour Festival - Copy
[2010/09/03 22:29:24 | 000,000,000 | ---D | C] -- C:\Swizzz
[2010/08/01 00:13:17 | 000,000,000 | ---D | C] -- C:\bgam upload
[2010/08/01 00:09:51 | 000,000,000 | ---D | C] -- C:\B'gham
[2010/07/13 20:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010/07/13 20:51:42 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\OpenCandy
[2010/07/13 20:51:40 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\OpenCandy
[2010/07/13 20:51:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veoh Networks
[2010/07/11 17:39:37 | 000,000,000 | ---D | C] -- C:\Users\Home\Tracing
[2010/07/11 17:38:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office Outlook Connector
[2010/07/11 17:38:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/07/11 17:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/07/11 17:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/07/11 16:56:16 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Yahoo
[2010/07/11 16:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/07/11 16:55:14 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Yahoo!
[2010/07/11 16:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/07/11 16:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/07/10 18:09:56 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\My Documents
[2010/06/28 21:20:14 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Photos
========== Files - Modified Within 90 Days ==========
[2010/09/19 18:06:06 | 002,097,152 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT
[2010/09/19 18:05:37 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A65F5209-7875-4623-BD41-CEFBD59CC1B4}.job
[2010/09/19 18:05:37 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7FBA0C7D-C412-4974-BE03-F7065C3D79FB}.job
[2010/09/19 17:58:05 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010/09/19 17:54:05 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/09/19 17:45:38 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/09/19 17:45:32 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/19 17:44:54 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/19 17:44:54 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/19 17:44:54 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/19 17:37:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/19 17:37:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/19 17:37:37 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/19 17:37:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/19 17:37:27 | 4251,828,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/19 01:04:33 | 000,524,288 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/09/19 01:04:33 | 000,065,536 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/09/19 00:36:59 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1000UA.job
[2010/09/19 00:23:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1001UA.job
[2010/09/19 00:13:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/18 15:23:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1001Core.job
[2010/09/18 11:45:09 | 004,007,562 | -H-- | M] () -- C:\Users\Home\AppData\Local\IconCache.db
[2010/09/17 19:20:41 | 000,002,039 | ---- | M] () -- C:\Users\Home\Desktop\Google Chrome.lnk
[2010/09/17 19:20:41 | 000,002,001 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/15 01:19:16 | 000,000,746 | ---- | M] () -- C:\Users\Home\Desktop\ERUNT.lnk
[2010/09/13 20:10:08 | 000,019,968 | ---- | M] () -- C:\Users\Home\Desktop\Swiss Expenses.xls
[2010/09/05 21:33:47 | 000,013,241 | ---- | M] () -- C:\Users\Home\Desktop\Jun9th to Jul 2.xlsx
[2010/09/05 21:33:40 | 000,012,509 | ---- | M] () -- C:\Users\Home\Documents\Aug Month Expenses.xlsx
[2010/09/05 21:33:40 | 000,012,509 | ---- | M] () -- C:\Users\Home\Desktop\Aug Month Expenses.xlsx
[2010/09/05 21:32:04 | 000,013,079 | ---- | M] () -- C:\Users\Home\Desktop\Jul 3rd-Aug 1st settlemnt.xlsx
[2010/09/04 00:43:35 | 000,029,184 | ---- | M] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/25 11:03:44 | 023,363,584 | ---- | M] () -- C:\Users\Home\Desktop\M2U00027.MPG
[2010/08/14 11:19:28 | 000,422,520 | ---- | M] () -- C:\Users\Home\Desktop\hdfctransfer.docx
[2010/08/14 10:34:28 | 000,385,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/03 19:46:07 | 000,184,332 | ---- | M] () -- C:\Users\Home\Desktop\ramya.docx
[2010/08/01 13:35:18 | 000,013,068 | ---- | M] () -- C:\Users\Home\Documents\Jul 3rd-Aug 1st settlemnt.xlsx
[2010/07/22 13:01:14 | 019,660,800 | ---- | M] () -- C:\Users\Home\Desktop\M2U00007.MPG
[2010/07/18 12:23:15 | 000,000,124 | ---- | M] () -- C:\Users\Home\JavaConnect.ini
[2010/07/15 21:39:36 | 000,000,969 | ---- | M] () -- C:\Users\Home\Desktop\Resume.doc
[2010/07/14 19:39:15 | 000,000,680 | ---- | M] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
[2010/07/13 20:52:12 | 000,000,945 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2010/07/13 20:52:12 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/07/11 16:54:49 | 000,000,998 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger India.lnk
[2010/07/11 16:54:49 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger India.lnk
[2010/07/10 14:09:33 | 000,038,309 | ---- | M] () -- C:\Users\Home\Desktop\SwissTripbookingForm.docx
[2010/07/10 10:37:43 | 000,198,395 | ---- | M] () -- C:\Users\Home\Documents\OnlineBookingForm_web_updated.pdf
[2010/07/04 02:37:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1000Core.job
[2010/06/26 07:28:41 | 000,243,712 | ---- | M] () -- C:\Windows\SysNative\occache.dll
[2010/06/26 07:26:43 | 000,706,048 | ---- | M] () -- C:\Windows\SysNative\msfeeds.dll
[2010/06/26 07:26:05 | 001,538,560 | ---- | M] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/06/26 07:25:54 | 002,335,744 | ---- | M] () -- C:\Windows\SysNative\iertutil.dll
[2010/06/26 07:25:54 | 000,219,136 | ---- | M] () -- C:\Windows\SysNative\ieui.dll
[2010/06/26 07:25:54 | 000,132,096 | ---- | M] () -- C:\Windows\SysNative\iesysprep.dll
[2010/06/26 07:25:54 | 000,077,312 | ---- | M] () -- C:\Windows\SysNative\iesetup.dll
[2010/06/26 07:25:53 | 000,252,416 | ---- | M] () -- C:\Windows\SysNative\iepeers.dll
[2010/06/26 07:25:53 | 000,072,192 | ---- | M] () -- C:\Windows\SysNative\iernonce.dll
[2010/06/26 05:47:47 | 000,162,816 | ---- | M] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/06/26 05:47:29 | 000,070,656 | ---- | M] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/06/26 05:46:54 | 000,012,288 | ---- | M] () -- C:\Windows\SysNative\msfeedssync.exe
========== Files Created - No Company Name ==========
[2010/09/16 01:02:36 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\spoolsv.exe
[2010/09/16 01:02:24 | 000,295,424 | ---- | C] () -- C:\Windows\SysNative\MP4SDECD.DLL
[2010/09/16 01:02:22 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2010/09/16 00:58:10 | 000,622,080 | ---- | C] () -- C:\Windows\SysNative\usp10.dll
[2010/09/15 01:19:16 | 000,000,746 | ---- | C] () -- C:\Users\Home\Desktop\ERUNT.lnk
[2010/09/13 20:10:08 | 000,019,968 | ---- | C] () -- C:\Users\Home\Desktop\Swiss Expenses.xls
[2010/09/13 19:18:22 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/09/13 19:18:12 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/09/05 21:34:16 | 000,012,509 | ---- | C] () -- C:\Users\Home\Desktop\Aug Month Expenses.xlsx
[2010/09/05 19:37:49 | 000,012,509 | ---- | C] () -- C:\Users\Home\Documents\Aug Month Expenses.xlsx
[2010/08/25 18:34:34 | 019,660,800 | ---- | C] () -- C:\Users\Home\Desktop\M2U00007.MPG
[2010/08/25 18:33:46 | 023,363,584 | ---- | C] () -- C:\Users\Home\Desktop\M2U00027.MPG
[2010/08/14 11:17:48 | 000,422,520 | ---- | C] () -- C:\Users\Home\Desktop\hdfctransfer.docx
[2010/08/12 19:24:33 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/08/12 19:24:28 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/08/12 19:24:28 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/08/12 19:24:24 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/08/12 19:24:22 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll
[2010/08/12 19:24:11 | 004,675,976 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/12 19:23:56 | 009,250,816 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/08/12 19:23:55 | 012,473,344 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/08/12 19:23:53 | 002,335,744 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/08/12 19:23:50 | 001,487,360 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/08/12 19:23:50 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/08/12 19:23:50 | 000,706,048 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/08/12 19:23:50 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/08/12 19:23:49 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/12 19:23:49 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/08/12 19:23:49 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/08/12 19:23:49 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/08/12 19:23:49 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/08/12 19:23:49 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/12 19:23:49 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/08/12 19:23:49 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/08/12 19:23:49 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/08/12 19:23:49 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/08/12 19:23:48 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/08/12 19:23:48 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/08/12 19:23:48 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/12 19:23:48 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/12 19:23:32 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/08/12 19:23:30 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/08/03 19:46:05 | 000,184,332 | ---- | C] () -- C:\Users\Home\Desktop\ramya.docx
[2010/08/02 21:15:27 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/08/01 13:36:03 | 000,013,079 | ---- | C] () -- C:\Users\Home\Desktop\Jul 3rd-Aug 1st settlemnt.xlsx
[2010/08/01 13:34:17 | 000,013,068 | ---- | C] () -- C:\Users\Home\Documents\Jul 3rd-Aug 1st settlemnt.xlsx
[2010/08/01 11:34:48 | 000,013,241 | ---- | C] () -- C:\Users\Home\Desktop\Jun9th to Jul 2.xlsx
[2010/07/15 21:40:52 | 000,000,969 | ---- | C] () -- C:\Users\Home\Desktop\Resume.doc
[2010/07/13 20:52:12 | 000,000,945 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2010/07/13 20:52:12 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/07/11 17:38:03 | 000,061,288 | ---- | C] () -- C:\Windows\SysNative\drivers\fssfltr.sys
[2010/07/11 16:54:49 | 000,000,998 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger India.lnk
[2010/07/11 16:54:49 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger India.lnk
[2010/07/10 11:05:54 | 000,038,309 | ---- | C] () -- C:\Users\Home\Desktop\SwissTripbookingForm.docx
[2010/07/10 10:37:43 | 000,198,395 | ---- | C] () -- C:\Users\Home\Documents\OnlineBookingForm_web_updated.pdf
[2010/06/23 19:09:20 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2010/06/23 19:09:20 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2010/06/23 19:09:20 | 000,100,352 | ---- | C] () -- C:\Windows\SysNative\Mpeg2Data.ax
[2010/06/23 19:09:20 | 000,073,216 | ---- | C] () -- C:\Windows\SysNative\MSDvbNP.ax
[2010/06/23 19:09:12 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2010/06/23 19:09:10 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2010/06/23 19:09:10 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2010/06/23 19:08:47 | 001,942,856 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll
[2010/06/23 19:08:47 | 000,444,752 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll
[2010/06/23 19:08:47 | 000,320,352 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe
[2010/06/23 19:08:47 | 000,109,912 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/06/23 19:08:47 | 000,048,960 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll
[2010/06/22 20:44:51 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/06/22 20:44:50 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2009/10/31 19:16:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/20 17:52:55 | 009,771,742 | ---- | C] () -- C:\Users\Home\AppData\Local\VSMsiLog2AA9.txt
[2009/09/20 17:51:25 | 000,037,039 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_MSDN_vs_90.txt
[2009/09/20 17:51:14 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_error_msdn_vs_90.txt
[2009/09/20 17:51:13 | 000,258,736 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_install_msdn_vs_90.txt
[2009/09/20 17:48:16 | 000,188,218 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SqlPubWiz.msi271A.txt
[2009/09/20 17:48:08 | 000,283,760 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_RefInt_x64_MSI2700.txt
[2009/09/20 17:47:51 | 000,549,116 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_NetFxTools_x64_MSI26C9.txt
[2009/09/20 17:47:36 | 000,440,290 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Win32Tools_x64_MSI2698.txt
[2009/09/20 17:46:24 | 005,358,798 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Build_x64_MSI25AD.txt
[2009/09/20 17:46:06 | 000,653,338 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Tools_x64_MSI2572.txt
[2009/09/20 17:45:06 | 002,501,282 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_CrystalReports2007_x64_MSI24AE.txt
[2009/09/20 17:40:43 | 004,652,682 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_CrystalReports2007_MSI2153.txt
[2009/09/20 17:40:20 | 001,222,686 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_RDBG_AMD64_MSI2108.txt
[2009/09/20 17:38:48 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/20 17:33:11 | 000,488,718 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_64bitEmulator_MSI1B8F.txt
[2009/09/20 17:32:10 | 005,155,436 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WMSP_5_0_MSI1AC8.txt
[2009/09/20 17:30:43 | 007,073,050 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WMPPC_5_0_MSI19AC.txt
[2009/09/20 17:30:24 | 000,739,886 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SSCEDeviceRuntime_MSI196E.txt
[2009/09/20 17:30:16 | 000,331,702 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SQLCEToolsForVS2007_MSI1953.txt
[2009/09/20 17:30:07 | 000,357,614 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SSCERuntime_MSI1936.txt
[2009/09/20 17:29:20 | 000,842,960 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_VSTOR_MSI189D.txt
[2009/09/20 17:28:45 | 001,049,088 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NETCFSetupv35_MSI182A.txt
[2009/09/20 17:28:09 | 001,293,660 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NETCFSetupv2_MSI17B5.txt
[2009/09/20 17:00:05 | 053,868,066 | ---- | C] () -- C:\Users\Home\AppData\Local\VSMsiLog0239.txt
[2009/09/20 16:55:45 | 002,870,540 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_Dexplorer90_retMSI7EE8.txt
[2009/09/20 16:55:35 | 000,347,944 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_PreReq_AMD64_MSI7EC8.txt
[2009/09/20 16:54:04 | 001,864,064 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NET_Framework35_x64_MSI7D9F.txt
[2009/09/20 16:53:05 | 000,175,713 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/09/20 16:53:01 | 000,131,474 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_dotnetfx35install.txt
[2009/09/20 16:53:01 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_dotnetfx35error.txt
[2009/09/20 16:52:41 | 000,837,792 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_VC_MinRed_MSI7C90.txt
[2009/09/20 16:50:28 | 000,191,477 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_VS_PRO_90.txt
[2009/09/20 16:50:18 | 000,621,994 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_install_vs_procore_90.txt
[2009/09/20 16:50:18 | 000,037,810 | ---- | C] () -- C:\Users\Home\AppData\Local\uxeventlog.txt
[2009/09/20 16:50:18 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_error_vs_procore_90.txt
[2009/09/17 18:19:54 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/29 08:11:44 | 000,568,850 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2009/08/29 08:11:43 | 000,856,064 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/08/29 08:11:43 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/08/29 08:11:42 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/08/29 08:11:35 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/08/29 08:11:35 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009/08/03 20:05:19 | 000,000,200 | ---- | C] () -- C:\Users\Home\AppData\Roaming\wklnhst.dat
[2009/07/31 19:27:59 | 000,029,184 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/31 02:45:20 | 000,000,680 | ---- | C] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
[2008/01/21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/21 03:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
========== LOP Check ==========
[2010/09/13 19:17:35 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\D3ADD88C79438E06E44D32E19B9A55BD
[2010/07/13 20:51:48 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\OpenCandy
[2009/09/25 03:49:42 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TeamViewer
[2010/09/13 19:19:37 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Template
[2010/09/19 01:04:36 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/09/19 18:05:37 | 000,000,390 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7FBA0C7D-C412-4974-BE03-F7065C3D79FB}.job
[2010/09/19 18:05:37 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A65F5209-7875-4623-BD41-CEFBD59CC1B4}.job
[2010/09/19 17:54:05 | 000,000,282 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/09/19 17:45:38 | 000,000,282 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2008/01/21 03:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/06/24 11:22:20 | 000,546,872 | ---- | M] (Microsoft Corporation) -- C:\bootmgr.efi
[2009/05/28 09:20:29 | 000,003,532 | RH-- | M] () -- C:\dell.sdr
[2010/09/19 17:37:27 | 4251,828,224 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 05:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/09/19 17:37:26 | 270,475,263 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\Fonts\*.com >
[2006/11/02 16:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 16:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 16:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 16:06:41 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006/09/18 22:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2008/01/21 04:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/07/31 04:52:58 | 000,000,286 | -HS- | M] () -- C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2010/09/19 17:58:05 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010/03/05 21:10:11 | 001,531,691 | ---- | M] () -- C:\Users\Home\Desktop\winrar-x64-392.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2009/07/30 04:01:35 | 000,000,402 | -HS- | M] () -- C:\Users\Home\Favorites\desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.exe >
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< %USERPROFILE%\Templates\*.tmp >
< %SYSTEMDRIVE%\explorexxx.exe\*.* >
< %Windir%\Installer\*.tmp >
< %systemroot%\System32\*.xco >
< %ProgramFiles%\system32\*.* >
< %systemroot%\System32\windos\*.* >
< %SystemRoot%\system32\sandbox\*.* >
< %SystemRoot%\system32\*.amo >
< %SystemRoot%\system32\Windows Live\*.* >
< %ProgramFiles%\logs\*.* >
< %ProgramFiles%\Bifrost\*.* >
< %SystemRoot%\system32\*.goo >
< %systemroot%\system32\IME\*.* >
< %systemroot%\BackUp\*.* >
< %systemroot%\system32\*.ico >
[2006/09/18 22:31:55 | 000,107,620 | ---- | M] () -- C:\Windows\SysWow64\acwizard.ico
< %systemroot%\system\*.dat >
< %systemroot%\system\*.exe >
< %AppData%\Macromedia\Common\*.* >
< %SYSTEMDRIVE%\dir\*.* /s >
< %systemroot%\system32\ras\*.exe >
< %SYSTEMDRIVE%\MFILES\*.* >
< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >
< %systemroot%\system32\services\*.* >
< %systemroot%\Spooler\*.* >
< %ProgramFiles%\system32\*.* >
< %systemroot%\system32\Setup\*.dll /x >
< %systemroot%\system32\*.mine >
< %SYSTEMDRIVE%\cleansweep.exe\*.* >
< %systemroot%\system32\ras\*.dll >
< %systemroot%\system32\ras\*.drv >
< %systemroot%\*.iq >
< %systemroot%\system32\XP\*.* >
< %SYSTEMDRIVE%\Extracted\*.* >
< %systemroot%\system32\windows\*.* >
< %systemroot%\logs\*.* >
< %SYSTEMDRIVE%\Win.Msi\*.* >
< %systemroot%\regedit\*.* >
< %systemroot%\system32\skype\*.* >
< %AppData%\Adobe\dlluplwin25\*.* >
< %UserProfile%\*.dat >
[2010/09/19 18:09:16 | 002,097,152 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT
< %UserProfile%\*.dll >
< %systemroot%\system32\*.sxo >
< %SYSTEMDRIVE%\Gazma\*.* /s >
< %systemroot%\system32\spynet\*.* >
< %systemroot%\system32\System\*.* >
< %appdata%\Microsoft\Windows\*.* >
< %systemroot%\system32\WinDir\*.* >
< %systemroot%\_\*.* >
< %systemroot%\system32\windows32\*.* >
< %ProgramFiles%\win\*.* >
< %AppData%\Microsoft\CD Burning\*.* >
< %systemroot%\*.cab >
< %systemroot%\K.Backup\*.* >
< %ProgramFiles%\Massenger\*.* >
< %systemroot%\System32\*.doc >
< %systemroot%\Office12\*.* >
< %systemroot%\System32\Rundl32.exe\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
-
Extras log
OTL Extras logfile created on: 9/19/2010 6:03:03 PM - Run 1
OTL by OldTimer - Version 3.2.14.0 Folder = C:\Users\Home\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 153.78 Gb Free Space | 54.26% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.84 Gb Free Space | 53.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MANJULA-HOME
Current User Name: Home
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" [2010/01/22 04:19:14 | 000,000,000 | ---D | M]
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" [2010/01/22 04:19:14 | 000,000,000 | ---D | M]
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1221B8C6-41B2-40CB-9BB1-9087F0BE6F5A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{27B879F0-4B6A-45B1-B332-D458CB861ED3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{283D6456-502D-475C-8C7B-205098605E95}" = rport=445 | protocol=6 | dir=out | app=system |
"{29B0706C-E03A-4039-A596-6667EE4178CF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{47C0D9E7-D9BB-4804-BEBC-F100C5E7BE93}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4FE5F42C-1B5C-47EC-B5F7-6972D43548F7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{51F067D0-474D-46CE-9C8B-4D81A08F9C32}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59000FF6-1B92-4261-A48A-8834BDB6596D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{693FFD30-714C-46A5-AF2C-EFF68F16CB4A}" = lport=138 | protocol=17 | dir=in | app=system |
"{6F9F6435-2F73-47EA-9A8A-6988612EB0BF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{71ED9AAA-D770-411C-8FB8-DDA92E285178}" = rport=138 | protocol=17 | dir=out | app=system |
"{81187C37-06C5-4903-B7DA-700EDFC6A4DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9C6F2D35-F785-4864-B880-A9E7388351B5}" = lport=445 | protocol=6 | dir=in | app=system |
"{A2A48B99-39A6-499B-9297-BBB2EA799F83}" = rport=139 | protocol=6 | dir=out | app=system |
"{BC42EBF8-2B52-4434-8363-3B9CBCCE1A85}" = lport=137 | protocol=17 | dir=in | app=system |
"{C32F58CD-D35E-424A-88E0-9BD177C519DE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CB289CC9-B55B-4689-B9BA-22FDB3C68084}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F613C2EC-3A40-46C1-931C-6EC0FA3D9412}" = rport=137 | protocol=17 | dir=out | app=system |
"{F7B06A3E-2600-4961-AD3C-3047D5572AED}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{F7FBA7E6-CB18-465D-8E84-BDFB9038F4BE}" = lport=139 | protocol=6 | dir=in | app=system |
"{FDD7FE35-47ED-4AF5-9334-27C385084531}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C1B81E-BFA6-4D42-B736-05A6607DE369}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{015B3914-F512-4E3A-BD23-AE7AF2ECDDC7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{070A4A38-F836-491B-8253-FA8EE46BA21D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{08211BCE-AF3B-45C9-A155-13FB924C1B36}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{210C90C7-CF9D-41F9-B96D-8BCFAD08EC90}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{3BDD5F64-81BA-44A9-BC9D-2AB40FA3BDE2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version4\teamviewer.exe |
"{3EA897B1-53A2-4024-9FA7-903C7361E382}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{453BD231-DCAC-4DAB-B0CA-EEF4830420C2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{58254800-FD63-4EE6-88D6-36C648723DF4}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{6767C2C3-9E24-4786-AB22-F0F74E8BAAC2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{87ABE390-9905-45B3-84D6-8F9EEDB0472A}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{A86B229B-6DF6-4A57-8D5F-5B3E1E796D2A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{ADA1B757-DE1B-40B7-9682-F8FD5AA7F72A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{AF13393C-2CC6-47DB-A641-07635E144C5D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{AF5E1A16-B1F2-4FCA-A50B-01D21AD55CF2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B3DFFE27-D0F9-4165-81DB-CD3E1C86A39C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B68287A8-C167-4917-8A00-E1440529F1F0}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{BB390D00-4BA8-4D36-94A8-3C1C52739AC5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{CAC90E41-2FA5-41FF-A11C-67898E0DC5B8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D3B91A9B-6A86-45DB-8BF5-E1B8A90C908A}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{DC39E12E-AB05-4EB6-BF2A-B252B9E5948C}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{F455C704-6005-47E0-9CA3-9E63175EAC03}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version4\teamviewer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23EA8626-1A8A-453A-ACC4-77CED745849A}" = Microsoft .NET Framework 2.0 SDK (x64) - ENU
"{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{40E12A55-C504-4223-AFAC-7672DBF1ACDE}" = Trend Micro AntiVirus
"{5AC309D7-93D6-418F-8DCA-DD710724A5B4}" = Windows Live Family Safety
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"{6E740973-8E71-42F9-A910-C18452E60450}" = Microsoft SQL Server Native Client
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro AntiVirus
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"Creative OA008" = Integrated Webcam Driver (1.02.02.0106)
"Microsoft .NET Framework 2.0 SDK (x64) - ENU" = Microsoft .NET Framework 2.0 SDK (x64) - ENU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"SynTPDeinstKey" = Dell Touchpad
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.72 Full
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU
"TeamViewer 4" = TeamViewer 4
"Veoh Video Compass" = Veoh Video Compass
"Veoh Web Player Beta" = Veoh Web Player
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9/11/2010 4:45:01 AM | Computer Name = Manjula-Home | Source = Windows Search Service | ID = 3013
Description =
Error - 9/11/2010 6:59:22 AM | Computer Name = Manjula-Home | Source = EventSystem | ID = 4622
Description =
Error - 9/11/2010 2:54:50 PM | Computer Name = Manjula-Home | Source = WinMgmt | ID = 10
Description =
Error - 9/11/2010 2:55:36 PM | Computer Name = Manjula-Home | Source = Windows Search Service | ID = 3013
Description =
Error - 9/11/2010 2:55:38 PM | Computer Name = Manjula-Home | Source = Windows Search Service | ID = 3013
Description =
Error - 9/11/2010 2:55:42 PM | Computer Name = Manjula-Home | Source = Windows Search Service | ID = 3013
Description =
Error - 9/11/2010 2:56:01 PM | Computer Name = Manjula-Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 9/11/2010 3:46:07 PM | Computer Name = Manjula-Home | Source = Application Error | ID = 1000
Description = Faulting application 0.22439264564744543.exe, version 0.0.0.0, time
stamp 0x4682793c, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x002e0019, process id 0x1564, application
start time 0x01cb51e9f97c344a.
Error - 9/11/2010 6:47:54 PM | Computer Name = Manjula-Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 9/11/2010 6:47:54 PM | Computer Name = Manjula-Home | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 11/21/2009 10:43:08 AM | Computer Name = Manjula-Home | Source = Service Control Manager | ID = 7009
Description =
Error - 11/21/2009 10:43:08 AM | Computer Name = Manjula-Home | Source = Service Control Manager | ID = 7000
Description =
Error - 11/21/2009 1:04:19 PM | Computer Name = Manjula-Home | Source = bowser | ID = 8003
Description =
Error - 11/21/2009 1:06:22 PM | Computer Name = Manjula-Home | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.
Error - 11/22/2009 11:12:25 AM | Computer Name = Manjula-Home | Source = HTTP | ID = 15016
Description =
Error - 11/22/2009 11:38:27 AM | Computer Name = Manjula-Home | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:05:15 PM on 11/22/2009 was unexpected.
Error - 11/22/2009 11:38:31 AM | Computer Name = Manjula-Home | Source = HTTP | ID = 15016
Description =
Error - 11/22/2009 12:51:56 PM | Computer Name = Manjula-Home | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.
Error - 11/24/2009 12:36:10 PM | Computer Name = Manjula-Home | Source = HTTP | ID = 15016
Description =
Error - 11/28/2009 3:52:37 AM | Computer Name = Manjula-Home | Source = HTTP | ID = 15016
Description =
< End of report >
-
Hi
Create Restore Point
Click Start->Control Panel->System->System Protection->System Protection tab
Select Create, type a name like Pre Clean then press the Create button and once it's done press Close
Erunt
This will create a full backup of your registry... ERUNT can be used to restore the registry from this backup, if needed.
- Click Start >> All Programs >> ERUNT, then double-click ERUNT from the menu
Vista/Windows 7 users: Right-click on ERUNT in the menu, then select Run As Administrator. If UAC prompts, please allow it. - Click on OK within the pop-up menu
- In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
- System registry.
- Current user registry.
- Next click on OK... at the prompt... reply Yes.
After a short duration the Registry backup is complete! pop-up message will appear - Now click on OK. A registry backup should now been created
TFC (Temp File Cleaner)
Download TFC (Temp File Cleaner) by Old Timer Here & save it to your desktop.
- Save any unsaved work. TFC Cleaner will close all open application windows
- Right-click TFC.exe then choose Run as Administrator to run the program, your desktop will temporarily disappear
- If prompted, click Yes to reboot
Note: Save your work.. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take any longer than a couple of minutes & may only take a few seconds. Only if needed will you be prompted to reboot.
Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here & save to your desktop.
- Right-click mbam-setup.exe then choose Run as Administrator to run & follow the prompts to install the program
- At the end, be sure a checkmark is placed next to:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware - Then click Finish
- If an update is found, it will download and install the latest version
- Once the program has loaded, select Perform full scan, then click Scan
- When the scan is complete, click OK, then Show Results to view the results
- Check all items except items in the C:\System Volume Information folder... then click on Remove Selected
- When completed, a log will open in Notepad. Please copy & paste the log back into your next reply
Note: - The log is automatically saved by Malwarebytes' Anti-Malware & can be viewed by clicking the Logs tab
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either & let Malwarebytes' Anti-Malware proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.
If you receive an (Error Loading) error on reboot please reboot a second time . It is normal for this error to occur once & does not need to be reported unless it returns on future reboots.
Once done, re-run OTL again following instructions posted previously here:
http://forums.spybot.info/showpost.p...81&postcount=4
To post in next reply:
Malwarebytes log
New OTL logs
-
OTL_afterremoval
TL logfile created on: 9/20/2010 8:39:21 PM - Run 2
OTL by OldTimer - Version 3.2.14.0 Folder = C:\Users\Home\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 165.35 Gb Free Space | 58.34% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.84 Gb Free Space | 53.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MANJULA-HOME
Current User Name: Home
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
========== Processes (SafeList) ==========
PRC - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Users\Home\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
========== Modules (SafeList) ==========
MOD - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msshsq.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Microsoft Office\Office12\GrooveUtil.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Microsoft Office\Office12\GrooveNew.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\ntshrui.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\duser.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\actxprxy.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\SLC.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\networkexplorer.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\thumbcache.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\linkinfo.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\normaliz.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe ()
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe ()
SRV:64bit: - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV:64bit: - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV:64bit: - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (TeamViewer4) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys ()
DRV:64bit: - (tmxpflt) -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys ()
DRV:64bit: - (tmpreflt) -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys ()
DRV:64bit: - (vsapint) -- C:\Windows\SysNative\DRIVERS\vsapint.sys ()
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys ()
DRV:64bit: - (OA008Ufd) -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys ()
DRV:64bit: - (OA008Vid) -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys ()
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\DRIVERS\tmtdi.sys ()
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys ()
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys ()
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys ()
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys ()
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys ()
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys ()
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys ()
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
O1 HOSTS File: ([2006/09/18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files (x86)\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [googletalk] C:\Users\Home\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [Lvgciejl/z+me\AppData\Local\Temp\961095171.exe] C:\Users\Home\AppData\Local\Temp\961095171.exe File not found
O4 - HKCU..\Run: [Lvgciejl82xme\AppData\Local\Temp\2314884205.exe] C:\Users\Home\AppData\Local\Temp\2314884205.exe File not found
O4 - HKCU..\Run: [Lvgciejl91+me\AppData\Local\Temp\440669226.exe] C:\Users\Home\AppData\Local\Temp\440669226.exe File not found
O4 - HKCU..\Run: [Lvgciejl9yyme\AppData\Local\Temp\1535015731.exe] C:\Users\Home\AppData\Local\Temp\1535015731.exe File not found
O4 - HKCU..\Run: [Lvgciejlhb] C:\Users\Home\AppData\Local\Temp\debug.exe File not found
O4 - HKCU..\Run: [Lvgciejlk+] C:\Users\Home\AppData\Local\Temp\gdi32.exe File not found
O4 - HKCU..\Run: [Lvgciejlmc] C:\Users\Home\AppData\Local\Temp\mdm.exe File not found
O4 - HKCU..\Run: [Lvgciejlna] C:\Users\Home\AppData\Local\Temp\login.exe File not found
O4 - HKCU..\Run: [Lvgciejlna.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXMiwocOHECMypCaxosWLGCkK1JiQosd/H0OCHCnSI7WSJ0dujMhxZUI/
A1tO7KiyJsabDFMdlInzYiqYCEWuLBmz6Ec/qYgK7bmQ50WnC3UWtWnRqcyPLv/5AUoQalaqUWGK
lNp0KtVUZJmq3cl2bcStFb0qREoz7sCkaauaXTu25lKIVtuO3CrX6N66AuFe7Qp4JF6JHCMLdisw
L+WG1H4+RMtYoUy4k/9Zjsr5ZmClJFMvXX13Z+HQX6du5Vp2oOLaiWkf3h0bLdmrryHjDS548WKc
ugnSjZgXafKDy1kqfOyZ+NPM2CVLZswzrfbUnf3G/8z783bQnaO1mieoOXbOgiepgzXs/jJ95pc1
wiwPGv5DuaXZZtpdSXlmUEqYUeUVVvdRhBdn22VlGYOQ5ZZUfwxixxtFYimY21be8RaUb12dZGJ8
B0aY33/ZTZcRdDqB2FB6BukEoHNxmZjUiScmWCGF/g31n1/YocXRb+E9NNs/UzRJ22kT2lRgbKBx
iCGPWA53ZHEH0TjkeT8GudGO6VmHo2gwNTmFXC15uRs1hJmEYn8jIpikQ24OGVJLKoq5EZYKGrnj
hrYhVWRmMaLQ5HzbeafjoyeCKJWKS8aEaGB51pSpdLFpZF2KILVZYosGnVnZk6moueOhg/IYqlPD
of/1HGlGOmTdpgYax5OdIhZ34pT+xXqbldzBOYWi8fVYGavMUlfegXXV2t5M87GHG2Jgqmfqfz9N
4Ye3utkoGpxGaqRZrHACGpOar3k6nGh/lndospklp6GAldLkB6Kj0cinYZH9JDC4f3oaqnPf8vdk
Qakoeqy3ReGlpqIo+Daoeg03GSDDDicU65RHAiXVaBw6afHH8UllqGi+IUVifeJG2N+g5b40hW/1
CnzyaCAivNy3FN+cUkrfTpzWg0w6rDG6tjV5JL+uwWvb0TupeXOX+/Gr9a9wSnqvy+BNHeVQ/FpM
jaIun2ziSi47J3DaKm9ltaIqoRU0CkA1CvTDyFr/mlSTij7mlbjwtmc4Yz8FPbLaXk4r62w3C13v
bJTTWa1n3wbcrNY7M16v1eAODLqWeY+kZtFOVjYc4LV21FKVU0v9IOhgV2agckaCC/m+ICk8m6BF
2tpV4FTRtTbDnXfG97G5P2xy5yc7nKrzxifWce+ksnyXyFh17tyx/xCvX31O+SwpZzZ+W3mH9c24
qEHeXm0a6FNoNXq+p1qsqrGnC+skq4IyEl2gBzyuUENjTFpTa5gELJDArWWlKY93ziRBtagvK3KT
X9igFRv67c1hC6vXvVKFNgcGjTD2KyHyCIgznK3NRH5A2wFvRqLp3cxtr7OctignMI7IzTo5i07T
/yZVGatlayFLmtvEnLYsnCGkaAa0mtv6V7bEWMZGEHqd9byFluc9Dm8tNJvHQuezST1rJt1pW9EI
N8NUla5goYJWvk4COOcdq23iqVHGKraSY6EAbUihmJXMJqdxkaWFZQMc71S4Rf2YKkPbM1TX5Haw
9bSPISb73A0hBj8MEWhlBYkh6v4HEec4jFVWu9D/OFSgZD3IbXCL1/R0ohMmDsRJMsITUm54kp5J
Kpc9ISHbIKY+mOCoaHwCDXlkZUcE9gZ6IKFelWL4MBteCIAPepCV1oe6B/VNIKe75JhW1kWJFTNG
N8zj5RAyvT+9L2EFOR0sWxnAKaEOb9Lbme04mP9C3u2pjvJUXXYG6qCtaWiGN8ygodYIJIYJMZqa
4aZWUiUwbPHmgpnp2wFRELH/nRGH6drRbO7GtzK55iR/XNM8u7U8FEDtOIYsktnY5c2rwQlZIiyV
Dk+VUF/uS32O9FND4JnASb1vI7isp9QEKiiledCiZUPdGFOpsIZ6zH40JInTuuitgZLJbVh7WwV/
h7+JXgSBqSsiV2z40IlaTCueAijoxDc0ci3nKtWEzi4VuMD1TQShDvKNxhD6k3kxq3KFlRvlHITY
BQFmq0cVDRd3169QRnF0CCUljxoInTvCBy9vXCpjKpfH6dUumpsMnazIRFBmTe53p+IhTswVuKX/
NQ9iZ8NtKAu1r1cusW13I2JBN9shlDKPZVhpbYjkNLRifitpZBxp/AKnMCFFxrD8AReiGuuhT7GU
r4lh4gEt2Z62iXWUW5WVUzc2lVaqhJo3BJ4rE+tej0Dwp8BSrHO2e0cvpu2/Zlvtaslq18aWTWe4
4p/QtDVDOj4XTWK1mG42OjHV2HE/O0sJuuLzsH258qcl6dnbQGTVlcRIutczjA631DSv9RJyu+pV
ZwmWtxmqJ74EOpny1ou45WXKlcYCI6A0JCvY+Oc55ZkY5dhJsqIgzE6T9DCu/DRe3hEIXMfikxvR
NFFYjhJv3Elg0CJkrhbCBW9AGu6v5kk+zRS0/0A7opiVd0jJxAgVTYrx1JKbGKBbGbAr2SVP2ubi
Ri6+dV1ShI8rp9Ynl7CPbPYddMGI6x12IZG0m7lPjXiVJGC6hGhGFBsRLSLBOPW2R66SrDr/xDZ4
LQhSHCqUe3vnwEcPNXIP3gun75STnYrHaj5kb0YQ1KIjBWjFmnbdr07ay/M02SE/q26SPsWeObdF
w+KdqGP5KRmaqasmZO2ZwY4zwqFdLmdC6oyX/iIlWy+ZPOZOt15sEtgp06TRk+pRWx2omh7R8y0m
NQu1X3K7i1HrS0utl1aMHGZ2ZyUzgF7VxbBb7RH3KdjFjZqojqgSg4Wn230GmIyFV5pZsaWQvP/u
UuzGhOpdn2WfLN8Ijhq9atEifDoQHzhMOxUvsUxL0akBmZGvIsDWKitexzPxYI485yByNswLvBMk
MTXQOH585DM65NWPfp1lnyc4yX3iz4N0skH/a51dkjAh9Yl2fvLc2L9Z1bjoJZ03cz3qrFZNbXIO
r12qZtZOvq9dI3zewrv4I/KJkL3vTBIIjWfRVSEontZCFkn+CsGx1B7j8f4q3sinOk/RtSTZ4/iU
I53upg+byd2u8jmOyuBQ7xXEAfNssAx8OkhSHZiMThmP+6hGqz+5y8WJ9aRzat4V7bidtQyp0FNr
8V/xfbaAtCqTEL8jTz94ME3q4VfdXi3Ql1B3flBNe6h8Xzi/OezvUx4Y1ssbjqhR+tW/HhVLGf9A
sGd42/E0suHbxz+owRrO13uA4X//x05/xnOpR38BaBfXgXUsAi3JlX09cX4HeIFMYYEVgSMXYnge
OE8gGGEHSHP20X494WXclIIqiFgoOHdiQmYCF4MYERAAOw==] C:\Users\Home\AppData\Local\Temp\login.exe File not found
O4 - HKCU..\Run: [Lvgciejlo+] C:\Users\Home\AppData\Local\Temp\avp32.exe File not found
O4 - HKCU..\Run: [Lvgciejloc] C:\Users\Home\AppData\Local\Temp\avp.exe File not found
O4 - HKCU..\Run: [Lvgciejlora] C:\Users\Home\AppData\Local\Temp\iexplarer.exe File not found
O4 - HKCU..\Run: [Lvgciejlotc] C:\Users\Home\AppData\Local\Temp\hexdump.exe File not found
O4 - HKCU..\Run: [Lvgciejlpsc] C:\Users\Home\AppData\Local\Temp\taskmgr.exe File not found
O4 - HKCU..\Run: [Lvgciejlq+] C:\Users\Home\AppData\Local\Temp\win16.exe File not found
O4 - HKCU..\Run: [Lvgciejlqb] C:\Users\Home\AppData\Local\Temp\winamp.exe File not found
O4 - HKCU..\Run: [Lvgciejlqc] C:\Users\Home\AppData\Local\Temp\win.exe File not found
O4 - HKCU..\Run: [Lvgciejlqcchonline.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXGgwFcOHECNKnLiQGjWKES8K1DiQI8aPHRP6+ecRpEmDJSGmrGjRYsiT
MGOeHCmz5st/fnLq1JnKT8+cP33uFLqzp1GgNjmuvFiSacGVIIFOGTo0KNWfU636mUq161avYHNO
CXqToNKyA1O1dHoWpU2FPIUeBRqXrl2ieB2SXEgzoUa9bwPjFBw151OBOs3u3YhW5sq+D/W2Pdj0
JFS/ey8rfsuR6MGihCcCjoxRc8aFahm3DP3QacGdh6ntdLk6KdoprfdCXkyZpOmKmYNvpNaTpFrX
vDdP/C0R9uejwdm+3V0x1WjllK/HpC3ZJHOKk1M6//883u1q6YwVa6QeWW1q4cn3Wk8vfD79p8ep
TVVNfK1L5Re9p5pj/eUHl1Fw0XWfQmdJxx5DkPVnWlP9ZeSfbBYiZ9xyvmnIYEcFWmQdcSNaxZeC
AMZH30jSoffZQCPl1CKJDv1V42EoSeiSWrt56JZA9vnIm3+NBdaZHxfWhtNPGGmHkIv3HWWUewcJ
6JeIBFn3IGYdOfnkfwRtaRaY9FWG3XDRoekUT5MpJmZvabXYoW5zRQiYUmD2VRxaxFFnY4rDKfna
j/FVmJtrtL3204SxhcTcUv/cuKB6MEpJ01oGsbgnQvbRR+WVZIqk1XUUWrngo4ANhVyLVjGVmpyw
Zv+WaIBgCrniXa8CKVuDS0oa0nFpYhoWVUPCx+B/3xGaqVAQodhaS4Bdl1WRDYJ5p6XurXqTRtzJ
5dNPCDZ7mnmpcCXgb9d1umZiRcb4FYtwvtSdbFNAG+KALsLak34ooJAVXsUCy9Sss8oK66Uqfkjc
FAw37K+XDZllmHWddlTVhUjWBjCnZZULcYf2cpvfewFO0e/JmVkqY42CThoRux+aVa7JNPtr81Sh
KtUdYzIC+W25X03FFcLwGmfvyH0CFbJ+K8v8z1gWzYbTULqWe/LVKCBJ6kbe7ltmsbxy1HCRVdbM
cGrW+bvfnBEntCdW78oWrVzNybbVq3aLtWiSq0H/zC3DN59cb5xr5SeijT/79NraP341LjU2nwuk
zTpme3iSvO00lpabFtRq5qMiKRZPQGaFqZLaXtQXv1j7i6RiluMYcspyjf3kVx/f/jBCNN9pcKiB
0ob7hSBHXbhQp8uK2N1RA61noXxN3q/JrkvWN3HA2boRw12nZTtDyG2VNULi/yulQ5bzbTFXz9WI
MM86zXhRwz5FjbPxxF9++q7iXx2poTQyj3BSoqGzpUcnQjMMRmzGKddV6XwiYlb9WmIXt1HsRLfj
nkNwliW6RaZANUOBQ4gCuJ0BB0JbIc/aPNgaP+wuUybTDsSo9B8S2kV/fcLW15Y3ksFF6l0KDNbU
/4oWJi0BBWs4K1+/3pQe4CWHaeIx4JlQwz2UfC8tXOrQpphEorvJjEg5ZJHcROSe+IlFik3BVtcM
JCLBZa11/pLId5gXJrFY5mQeKZ/vfHWgTzEtgQmE0WRudJ4BpmYr3KuL6ii2RqDtjTbUg+MSsfQk
EBFqLVVkTMNGk6wwnY1EavskFiOzmzLqDVg/HMyksNe1CnmwJ+aqSNGw17zaTc9m0/MVH+PFH4/o
x4dL4uBJrGY2wdEshYBK5W2C6KauqO518KJYrUDGPeGtzlgGeklOrnbMn4GLR99qJbcwpZ6tcOtd
vGxNw0wmI/uNzVuKYo9HPEbB7hlmYL55CvYiFf+kxXyFLXl7ndNwtBFiTu+aL9mnPmukxik9TWla
AqZKyuJChnHLe2q76Oh65Cj5pJBW7xnJyPIZp52FsTiqs+gaY8S+8/iSnwKJZL8CKtI4jlJCJL3M
ej4JS6hJM1u+q0gmYag2RSGGLKey2y49pC2XZYlE00INOJE3sBv1sGaaotfJSlS5rh4ufe5RKdNy
lxuBMDBixMQNTN1CtcXQi2QuEWk2M5azYm1meO7hKlBDtFegVnSrrOOmQmF60XSSxIBAm85QgdSR
dZK1jgqMH7KMUrijhUh/xwkSODdHsZ9WTGLOYpFM3Xi1UhbUqeTDmRQ5tCBiMkZSCythXoGqV2n/
IjCcQVOgV5ckMjJ2lp8/0+BvfeOkij1TgaNFIssGtr8ABbVsYxEmQbOno8jttXn6MdUJ0wLEoU3w
p5WbmKE8Z58Lkncln/UcTogTuGO+NFL4IRGRKik0xrGWMhUVqUcrmTq3koifgIwo6aq1Gma+9lx1
he9vtTum2sgUag/MkmZ9qT5EWhS1TWKngp00z87OlkbpyhiaYDSWdq6KgvL5bGGna5z0QgsxWVqi
iV5aIt5YjyWIzCZM/mJdD3OORzdB5bb+1zKA6kVVQ+oPEQeUrtEI2XArJiJd+zIb8574qJ315pTQ
p55Ega+vJbMv+FqWHZIqi3xKxeJ4lcXJO9Vm/7gwrmS0GLkvH3sYQlmyDfySWbUVK8dwU2zTZvLG
Qa2FKlqEIyeOEPQ+Sy44JM7BZzrVytiEmcRrYx7ssZDlxNzs8odBGa+rgkcRTMPOvMVdXnEeS53H
VnKHuWLymp+blhHpyCQxwgxezAlWuWnZzj4uWA6djNCcwghmOBIojCwNEicKuW2eG2dTJZLeZimV
ks1WZWcLVKJtgxfY4PImjcSDazWG88UDgjZJ6AqleM1TccZqjLAuOMHeyEnCKvZmpZHju07zjGPM
lqO0Jdw1onh2kdzdMkSMm2kymdJRSWtPtW3MaICTbdmTYnCTFA2p4MVOe6CuSsHxdkE8dbqfX/87
DmxcpSWMJ1l1KRuRuxO8bpcx8VnLsdaOaoLKnCm6zAJfJLIrvegHmteweUbNjpEuKJwGyK5X+jZt
mPtstHwq4BRX0kYf9HTlRLNzGMawqwVDZs2AmSXFK56XcUrtib/mbhFiyB7VNUzW+KXqp+Wrijs6
HIEN+dQ64tt/fgtyXemmZ5iBeUlY+Heod/3iofnq0QUOvdbkzpd+j1WmqhQRv8ntzG6zO57AWh+3
winwjXcZmXQaLj4TmYLA6yTXa+328Jiwk5ziq7/V6yVyFh4m0sQ95/U50ThDHd9ZJPppqtrtx/Iq
znoB9BQHTS34OJfW8Q6bbhq1Q7T0iICV8ptWy8NOXOGLi8x2b7H5SWMZ5ZOfn3h3vxw5g2L4Yv0j
Hda4TPQPHpMyqqDKxmLpl3zyt3RAMnmscXMTNVjrh4DgcX9lNYAyg33rJ3e/Vzdmtl35h30GERAA
Ow==] C:\Users\Home\AppData\Local\Temp\win.exe File not found
O4 - HKCU..\Run: [Lvgciejlqf] C:\Users\Home\AppData\Local\Temp\user.exe File not found
O4 - HKCU..\Run: [LvgciejlqMc] C:\Users\Home\AppData\Local\Temp\rpm54cg.exe File not found
O4 - HKCU..\Run: [LvgciejlqMcmd.com/dw/dw.php?id=%s&ver=d01] C:\Users\Home\AppData\Local\Temp\rpm54cg.exe File not found
O4 - HKCU..\Run: [LvgciejlqW] C:\Users\Home\AppData\Local\Temp\drweb.exe File not found
O4 - HKCU..\Run: [Lvgciejlrxc] C:\Users\Home\AppData\Local\Temp\spoolsv.exe File not found
O4 - HKCU..\Run: [LvgciejlsPc] C:\Users\Home\AppData\Local\Temp\nvsvc32.exe File not found
O4 - HKCU..\Run: [Lvgciejlud] C:\Users\Home\AppData\Local\Temp\system.exe File not found
O4 - HKCU..\Run: [Lvgciejlupc] C:\Users\Home\AppData\Local\Temp\sysedit.exe File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [SightSpeed] C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.co.uk/s/v/63.16/uploader2.cab (UploadListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://inchnm03.tcs.com/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1727ee65-a14d-11de-836d-002219ec09f3}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found
O33 - MountPoints2\{3c6b17f3-ae0c-11df-8aa0-002219ec09f3}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O33 - MountPoints2\{826839c6-809f-11df-a589-002219ec09f3}\Shell - "" = Autorun
O33 - MountPoints2\{826839c6-809f-11df-a589-002219ec09f3}\Shell\Open\command - "" = regsvr.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: VIDC.3iv2 - C:\Windows\SysWow64\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\SysWow64\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.wmv3 - C:\Windows\SysWow64\WMV9VCM.dll (Microsoft Corporation)
Drivers32: VIDC.X264 - C:\Windows\SysWow64\x264vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
-
OTk_afterremoval_continuation
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 90 Days ==========
[2010/09/20 19:04:11 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Malwarebytes
[2010/09/20 19:04:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/20 19:04:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/20 19:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/20 19:01:27 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Home\Desktop\mbam-setup.exe
[2010/09/20 18:46:58 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\TFC.exe
[2010/09/19 17:58:01 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010/09/15 01:20:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/15 01:19:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/09/15 01:16:53 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\malware removal
[2010/09/15 01:00:55 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/09/13 19:17:52 | 000,000,000 | -HSD | C] -- C:\Users\Home\.COMMgr
[2010/09/13 19:17:50 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\vpwkxpvvr
[2010/09/13 19:17:37 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/09/13 19:17:32 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\D3ADD88C79438E06E44D32E19B9A55BD
[2010/09/03 22:43:10 | 000,000,000 | ---D | C] -- C:\My Collection for bristol festival
[2010/09/03 22:42:48 | 000,000,000 | ---D | C] -- C:\Bristol Harbour Festival - Copy
[2010/09/03 22:29:24 | 000,000,000 | ---D | C] -- C:\Swizzz
[2010/08/01 00:13:17 | 000,000,000 | ---D | C] -- C:\bgam upload
[2010/08/01 00:09:51 | 000,000,000 | ---D | C] -- C:\B'gham
[2010/07/13 20:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010/07/13 20:51:42 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\OpenCandy
[2010/07/13 20:51:40 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\OpenCandy
[2010/07/13 20:51:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veoh Networks
[2010/07/11 17:39:37 | 000,000,000 | ---D | C] -- C:\Users\Home\Tracing
[2010/07/11 17:38:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office Outlook Connector
[2010/07/11 17:38:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/07/11 17:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/07/11 17:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/07/11 16:56:16 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Yahoo
[2010/07/11 16:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/07/11 16:55:14 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Yahoo!
[2010/07/11 16:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/07/11 16:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/07/10 18:09:56 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\My Documents
[2010/06/28 21:20:14 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Photos
========== Files - Modified Within 90 Days ==========
[2010/09/20 20:40:19 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A65F5209-7875-4623-BD41-CEFBD59CC1B4}.job
[2010/09/20 20:40:19 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7FBA0C7D-C412-4974-BE03-F7065C3D79FB}.job
[2010/09/20 20:39:57 | 002,097,152 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT
[2010/09/20 20:36:59 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1000UA.job
[2010/09/20 20:36:55 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010/09/20 20:34:43 | 000,000,680 | ---- | M] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
[2010/09/20 20:34:22 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/20 20:33:45 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/20 20:33:45 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/20 20:33:45 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/20 20:27:39 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/20 20:27:39 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/20 20:27:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/20 20:27:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/20 20:27:21 | 4251,828,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/20 20:26:21 | 000,524,288 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/09/20 20:26:21 | 000,065,536 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/09/20 20:26:19 | 006,291,456 | -H-- | M] () -- C:\Users\Home\AppData\Local\IconCache.db
[2010/09/20 20:23:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1001UA.job
[2010/09/20 20:13:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/20 19:04:04 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/20 19:01:33 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Home\Desktop\mbam-setup.exe
[2010/09/20 18:47:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\TFC.exe
[2010/09/19 21:32:38 | 000,001,048 | ---- | M] () -- C:\Users\Home\Desktop\Google Talk.lnk
[2010/09/19 18:26:05 | 000,002,039 | ---- | M] () -- C:\Users\Home\Desktop\Google Chrome.lnk
[2010/09/19 18:26:05 | 000,002,001 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/18 15:23:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1001Core.job
[2010/09/15 01:19:16 | 000,000,746 | ---- | M] () -- C:\Users\Home\Desktop\ERUNT.lnk
[2010/09/13 20:10:08 | 000,019,968 | ---- | M] () -- C:\Users\Home\Desktop\Swiss Expenses.xls
[2010/09/05 21:33:47 | 000,013,241 | ---- | M] () -- C:\Users\Home\Desktop\Jun9th to Jul 2.xlsx
[2010/09/05 21:33:40 | 000,012,509 | ---- | M] () -- C:\Users\Home\Documents\Aug Month Expenses.xlsx
[2010/09/05 21:33:40 | 000,012,509 | ---- | M] () -- C:\Users\Home\Desktop\Aug Month Expenses.xlsx
[2010/09/05 21:32:04 | 000,013,079 | ---- | M] () -- C:\Users\Home\Desktop\Jul 3rd-Aug 1st settlemnt.xlsx
[2010/09/04 00:43:35 | 000,029,184 | ---- | M] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/25 11:03:44 | 023,363,584 | ---- | M] () -- C:\Users\Home\Desktop\M2U00027.MPG
[2010/08/14 11:19:28 | 000,422,520 | ---- | M] () -- C:\Users\Home\Desktop\hdfctransfer.docx
[2010/08/14 10:34:28 | 000,385,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/03 19:46:07 | 000,184,332 | ---- | M] () -- C:\Users\Home\Desktop\ramya.docx
[2010/08/01 13:35:18 | 000,013,068 | ---- | M] () -- C:\Users\Home\Documents\Jul 3rd-Aug 1st settlemnt.xlsx
[2010/07/22 13:01:14 | 019,660,800 | ---- | M] () -- C:\Users\Home\Desktop\M2U00007.MPG
[2010/07/18 12:23:15 | 000,000,124 | ---- | M] () -- C:\Users\Home\JavaConnect.ini
[2010/07/15 21:39:36 | 000,000,969 | ---- | M] () -- C:\Users\Home\Desktop\Resume.doc
[2010/07/13 20:52:12 | 000,000,945 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2010/07/13 20:52:12 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/07/11 16:54:49 | 000,000,998 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger India.lnk
[2010/07/11 16:54:49 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger India.lnk
[2010/07/10 14:09:33 | 000,038,309 | ---- | M] () -- C:\Users\Home\Desktop\SwissTripbookingForm.docx
[2010/07/10 10:37:43 | 000,198,395 | ---- | M] () -- C:\Users\Home\Documents\OnlineBookingForm_web_updated.pdf
[2010/07/04 02:37:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2234389945-712795599-1784429939-1000Core.job
[2010/06/26 07:28:41 | 000,243,712 | ---- | M] () -- C:\Windows\SysNative\occache.dll
[2010/06/26 07:26:43 | 000,706,048 | ---- | M] () -- C:\Windows\SysNative\msfeeds.dll
[2010/06/26 07:26:05 | 001,538,560 | ---- | M] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/06/26 07:25:54 | 002,335,744 | ---- | M] () -- C:\Windows\SysNative\iertutil.dll
[2010/06/26 07:25:54 | 000,219,136 | ---- | M] () -- C:\Windows\SysNative\ieui.dll
[2010/06/26 07:25:54 | 000,132,096 | ---- | M] () -- C:\Windows\SysNative\iesysprep.dll
[2010/06/26 07:25:54 | 000,077,312 | ---- | M] () -- C:\Windows\SysNative\iesetup.dll
[2010/06/26 07:25:53 | 000,252,416 | ---- | M] () -- C:\Windows\SysNative\iepeers.dll
[2010/06/26 07:25:53 | 000,072,192 | ---- | M] () -- C:\Windows\SysNative\iernonce.dll
[2010/06/26 05:47:47 | 000,162,816 | ---- | M] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/06/26 05:47:29 | 000,070,656 | ---- | M] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/06/26 05:46:54 | 000,012,288 | ---- | M] () -- C:\Windows\SysNative\msfeedssync.exe
========== Files Created - No Company Name ==========
[2010/09/20 19:04:04 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/20 19:04:00 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/19 21:32:38 | 000,001,048 | ---- | C] () -- C:\Users\Home\Desktop\Google Talk.lnk
[2010/09/16 01:02:36 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\spoolsv.exe
[2010/09/16 01:02:24 | 000,295,424 | ---- | C] () -- C:\Windows\SysNative\MP4SDECD.DLL
[2010/09/16 01:02:22 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2010/09/16 00:58:10 | 000,622,080 | ---- | C] () -- C:\Windows\SysNative\usp10.dll
[2010/09/15 01:19:16 | 000,000,746 | ---- | C] () -- C:\Users\Home\Desktop\ERUNT.lnk
[2010/09/13 20:10:08 | 000,019,968 | ---- | C] () -- C:\Users\Home\Desktop\Swiss Expenses.xls
[2010/09/05 21:34:16 | 000,012,509 | ---- | C] () -- C:\Users\Home\Desktop\Aug Month Expenses.xlsx
[2010/09/05 19:37:49 | 000,012,509 | ---- | C] () -- C:\Users\Home\Documents\Aug Month Expenses.xlsx
[2010/08/25 18:34:34 | 019,660,800 | ---- | C] () -- C:\Users\Home\Desktop\M2U00007.MPG
[2010/08/25 18:33:46 | 023,363,584 | ---- | C] () -- C:\Users\Home\Desktop\M2U00027.MPG
[2010/08/14 11:17:48 | 000,422,520 | ---- | C] () -- C:\Users\Home\Desktop\hdfctransfer.docx
[2010/08/12 19:24:33 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/08/12 19:24:28 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/08/12 19:24:28 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/08/12 19:24:24 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/08/12 19:24:22 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll
[2010/08/12 19:24:11 | 004,675,976 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/12 19:23:56 | 009,250,816 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/08/12 19:23:55 | 012,473,344 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/08/12 19:23:53 | 002,335,744 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/08/12 19:23:50 | 001,487,360 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/08/12 19:23:50 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/08/12 19:23:50 | 000,706,048 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/08/12 19:23:50 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/08/12 19:23:49 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/12 19:23:49 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/08/12 19:23:49 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/08/12 19:23:49 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/08/12 19:23:49 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/08/12 19:23:49 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/12 19:23:49 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/08/12 19:23:49 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/08/12 19:23:49 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/08/12 19:23:49 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/08/12 19:23:48 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/08/12 19:23:48 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/08/12 19:23:48 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/12 19:23:48 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/12 19:23:32 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/08/12 19:23:30 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/08/03 19:46:05 | 000,184,332 | ---- | C] () -- C:\Users\Home\Desktop\ramya.docx
[2010/08/02 21:15:27 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/08/01 13:36:03 | 000,013,079 | ---- | C] () -- C:\Users\Home\Desktop\Jul 3rd-Aug 1st settlemnt.xlsx
[2010/08/01 13:34:17 | 000,013,068 | ---- | C] () -- C:\Users\Home\Documents\Jul 3rd-Aug 1st settlemnt.xlsx
[2010/08/01 11:34:48 | 000,013,241 | ---- | C] () -- C:\Users\Home\Desktop\Jun9th to Jul 2.xlsx
[2010/07/15 21:40:52 | 000,000,969 | ---- | C] () -- C:\Users\Home\Desktop\Resume.doc
[2010/07/13 20:52:12 | 000,000,945 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2010/07/13 20:52:12 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/07/11 17:38:03 | 000,061,288 | ---- | C] () -- C:\Windows\SysNative\drivers\fssfltr.sys
[2010/07/11 16:54:49 | 000,000,998 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger India.lnk
[2010/07/11 16:54:49 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger India.lnk
[2010/07/10 11:05:54 | 000,038,309 | ---- | C] () -- C:\Users\Home\Desktop\SwissTripbookingForm.docx
[2010/07/10 10:37:43 | 000,198,395 | ---- | C] () -- C:\Users\Home\Documents\OnlineBookingForm_web_updated.pdf
[2010/06/23 19:09:20 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2010/06/23 19:09:20 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2010/06/23 19:09:20 | 000,100,352 | ---- | C] () -- C:\Windows\SysNative\Mpeg2Data.ax
[2010/06/23 19:09:20 | 000,073,216 | ---- | C] () -- C:\Windows\SysNative\MSDvbNP.ax
[2010/06/23 19:09:12 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2010/06/23 19:09:10 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2010/06/23 19:09:10 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2010/06/23 19:08:47 | 001,942,856 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll
[2010/06/23 19:08:47 | 000,444,752 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll
[2010/06/23 19:08:47 | 000,320,352 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe
[2010/06/23 19:08:47 | 000,109,912 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/06/23 19:08:47 | 000,048,960 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll
[2010/06/22 20:44:51 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/06/22 20:44:50 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2009/10/31 19:16:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/20 17:52:55 | 009,771,742 | ---- | C] () -- C:\Users\Home\AppData\Local\VSMsiLog2AA9.txt
[2009/09/20 17:51:25 | 000,037,039 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_MSDN_vs_90.txt
[2009/09/20 17:51:14 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_error_msdn_vs_90.txt
[2009/09/20 17:51:13 | 000,258,736 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_install_msdn_vs_90.txt
[2009/09/20 17:48:16 | 000,188,218 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SqlPubWiz.msi271A.txt
[2009/09/20 17:48:08 | 000,283,760 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_RefInt_x64_MSI2700.txt
[2009/09/20 17:47:51 | 000,549,116 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_NetFxTools_x64_MSI26C9.txt
[2009/09/20 17:47:36 | 000,440,290 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Win32Tools_x64_MSI2698.txt
[2009/09/20 17:46:24 | 005,358,798 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Build_x64_MSI25AD.txt
[2009/09/20 17:46:06 | 000,653,338 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WinSDK_Tools_x64_MSI2572.txt
[2009/09/20 17:45:06 | 002,501,282 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_CrystalReports2007_x64_MSI24AE.txt
[2009/09/20 17:40:43 | 004,652,682 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_CrystalReports2007_MSI2153.txt
[2009/09/20 17:40:20 | 001,222,686 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_RDBG_AMD64_MSI2108.txt
[2009/09/20 17:38:48 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/20 17:33:11 | 000,488,718 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_64bitEmulator_MSI1B8F.txt
[2009/09/20 17:32:10 | 005,155,436 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WMSP_5_0_MSI1AC8.txt
[2009/09/20 17:30:43 | 007,073,050 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_WMPPC_5_0_MSI19AC.txt
[2009/09/20 17:30:24 | 000,739,886 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SSCEDeviceRuntime_MSI196E.txt
[2009/09/20 17:30:16 | 000,331,702 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SQLCEToolsForVS2007_MSI1953.txt
[2009/09/20 17:30:07 | 000,357,614 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_SSCERuntime_MSI1936.txt
[2009/09/20 17:29:20 | 000,842,960 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_VSTOR_MSI189D.txt
[2009/09/20 17:28:45 | 001,049,088 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NETCFSetupv35_MSI182A.txt
[2009/09/20 17:28:09 | 001,293,660 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NETCFSetupv2_MSI17B5.txt
[2009/09/20 17:00:05 | 053,868,066 | ---- | C] () -- C:\Users\Home\AppData\Local\VSMsiLog0239.txt
[2009/09/20 16:55:45 | 002,870,540 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_Dexplorer90_retMSI7EE8.txt
[2009/09/20 16:55:35 | 000,347,944 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_PreReq_AMD64_MSI7EC8.txt
[2009/09/20 16:54:04 | 001,864,064 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_NET_Framework35_x64_MSI7D9F.txt
[2009/09/20 16:53:05 | 000,175,713 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/09/20 16:53:01 | 000,131,474 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_dotnetfx35install.txt
[2009/09/20 16:53:01 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_dotnetfx35error.txt
[2009/09/20 16:52:41 | 000,837,792 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_VC_MinRed_MSI7C90.txt
[2009/09/20 16:50:28 | 000,191,477 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_depcheck_VS_PRO_90.txt
[2009/09/20 16:50:18 | 000,621,994 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_install_vs_procore_90.txt
[2009/09/20 16:50:18 | 000,037,810 | ---- | C] () -- C:\Users\Home\AppData\Local\uxeventlog.txt
[2009/09/20 16:50:18 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_error_vs_procore_90.txt
[2009/09/17 18:19:54 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/29 08:11:44 | 000,568,850 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2009/08/29 08:11:43 | 000,856,064 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/08/29 08:11:43 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/08/29 08:11:42 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/08/29 08:11:35 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/08/29 08:11:35 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009/08/03 20:05:19 | 000,000,200 | ---- | C] () -- C:\Users\Home\AppData\Roaming\wklnhst.dat
[2009/07/31 19:27:59 | 000,029,184 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/31 02:45:20 | 000,000,680 | ---- | C] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
[2008/01/21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/21 03:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
========== LOP Check ==========
[2010/09/20 20:25:37 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\D3ADD88C79438E06E44D32E19B9A55BD
[2010/07/13 20:51:48 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\OpenCandy
[2009/09/25 03:49:42 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TeamViewer
[2010/09/13 19:19:37 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Template
[2010/09/20 20:26:24 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/09/20 20:40:19 | 000,000,390 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7FBA0C7D-C412-4974-BE03-F7065C3D79FB}.job
[2010/09/20 20:40:19 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A65F5209-7875-4623-BD41-CEFBD59CC1B4}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2008/01/21 03:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/06/24 11:22:20 | 000,546,872 | ---- | M] (Microsoft Corporation) -- C:\bootmgr.efi
[2009/05/28 09:20:29 | 000,003,532 | RH-- | M] () -- C:\dell.sdr
[2010/09/20 20:27:21 | 4251,828,224 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 05:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/09/20 20:27:20 | 270,475,263 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\Fonts\*.com >
[2006/11/02 16:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 16:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 16:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 16:06:41 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006/09/18 22:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2008/01/21 04:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/07/31 04:52:58 | 000,000,286 | -HS- | M] () -- C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2010/09/20 19:01:33 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Home\Desktop\mbam-setup.exe
[2010/09/20 20:36:55 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010/09/20 18:47:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\TFC.exe
[2010/03/05 21:10:11 | 001,531,691 | ---- | M] () -- C:\Users\Home\Desktop\winrar-x64-392.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2009/07/30 04:01:35 | 000,000,402 | -HS- | M] () -- C:\Users\Home\Favorites\desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.exe >
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< %USERPROFILE%\Templates\*.tmp >
< %SYSTEMDRIVE%\explorexxx.exe\*.* >
< %Windir%\Installer\*.tmp >
< %systemroot%\System32\*.xco >
< %ProgramFiles%\system32\*.* >
< %systemroot%\System32\windos\*.* >
< %SystemRoot%\system32\sandbox\*.* >
< %SystemRoot%\system32\*.amo >
< %SystemRoot%\system32\Windows Live\*.* >
< %ProgramFiles%\logs\*.* >
< %ProgramFiles%\Bifrost\*.* >
< %SystemRoot%\system32\*.goo >
< %systemroot%\system32\IME\*.* >
< %systemroot%\BackUp\*.* >
< %systemroot%\system32\*.ico >
[2006/09/18 22:31:55 | 000,107,620 | ---- | M] () -- C:\Windows\SysWOW64\acwizard.ico
< %systemroot%\system\*.dat >
< %systemroot%\system\*.exe >
< %AppData%\Macromedia\Common\*.* >
< %SYSTEMDRIVE%\dir\*.* /s >
< %systemroot%\system32\ras\*.exe >
< %SYSTEMDRIVE%\MFILES\*.* >
< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >
< %systemroot%\system32\services\*.* >
< %systemroot%\Spooler\*.* >
< %ProgramFiles%\system32\*.* >
< %systemroot%\system32\Setup\*.dll /x >
< %systemroot%\system32\*.mine >
< %SYSTEMDRIVE%\cleansweep.exe\*.* >
< %systemroot%\system32\ras\*.dll >
< %systemroot%\system32\ras\*.drv >
< %systemroot%\*.iq >
< %systemroot%\system32\XP\*.* >
< %SYSTEMDRIVE%\Extracted\*.* >
< %systemroot%\system32\windows\*.* >
< %systemroot%\logs\*.* >
< %SYSTEMDRIVE%\Win.Msi\*.* >
< %systemroot%\regedit\*.* >
< %systemroot%\system32\skype\*.* >
< %AppData%\Adobe\dlluplwin25\*.* >
< %UserProfile%\*.dat >
[2010/09/20 20:44:46 | 002,097,152 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT
< %UserProfile%\*.dll >
< %systemroot%\system32\*.sxo >
< %SYSTEMDRIVE%\Gazma\*.* /s >
< %systemroot%\system32\spynet\*.* >
< %systemroot%\system32\System\*.* >
< %appdata%\Microsoft\Windows\*.* >
< %systemroot%\system32\WinDir\*.* >
< %systemroot%\_\*.* >
< %systemroot%\system32\windows32\*.* >
< %ProgramFiles%\win\*.* >
< %AppData%\Microsoft\CD Burning\*.* >
< %systemroot%\*.cab >
< %systemroot%\K.Backup\*.* >
< %ProgramFiles%\Massenger\*.* >
< %systemroot%\System32\*.doc >
< %systemroot%\Office12\*.* >
< %systemroot%\System32\Rundl32.exe\*.* >
< %ProgramFiles%\yahoo.net\*.* >
< %systemroot%\system32\*.igo >
< %systemroot%\*.rew >
< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >
< %USERPROFILE%\.COMMgr\*.* >
< %USERPROFILE%\Desktop\*.bat >
< %PROGRAMFILES%\Common Files\Real\visualizations\*.* >
< %PROGRAMFILES%\Internet Explorer\*.Jmp >
< %PROGRAMFILES%\Windows NT\system\*.dll >
< %systemroot%\system32\*.ext >
< %systemroot%\system32\Com\*.cfg >
< %systemroot%\system32\btz\*.* >
< %systemroot%\system32\EMP\*.* >
< %systemroot%\system32\expo\*.* >
< %systemroot%\system32\inet2\*.* >
< %systemroot%\system32\xrem\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
