OTL logfile created on: 5/19/2012 7:46:33 PM - Run 1 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Raghavendra\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.99 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.84% Memory free 6.18 Gb Paging File | 5.08 Gb Available in Paging File | 82.26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 113.76 Gb Total Space | 64.43 Gb Free Space | 56.64% Space Free | Partition Type: NTFS Drive D: | 108.78 Gb Total Space | 64.83 Gb Free Space | 59.60% Space Free | Partition Type: NTFS Drive E: | 10.35 Gb Total Space | 3.85 Gb Free Space | 37.23% Space Free | Partition Type: NTFS Computer Name: APOLLO | User Name: Raghavendra | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/05/19 12:11:40 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Raghavendra\Desktop\iexplore.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/03/13 20:07:00 | 004,740,544 | ---- | M] (OpenSight Software, LLC) -- C:\Program Files\FlashFXP 4\FlashFXP.exe PRC - [2011/12/29 19:56:16 | 003,462,552 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe PRC - [2011/08/09 21:39:22 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe PRC - [2011/08/09 21:39:16 | 003,076,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe PRC - [2010/06/17 03:12:58 | 000,839,680 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe PRC - [2010/05/25 19:58:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe PRC - [2009/10/26 14:46:54 | 001,458,176 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe PRC - [2009/04/11 11:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008/12/04 13:00:20 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008/01/19 13:08:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe PRC - [2007/04/24 06:41:44 | 000,106,593 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe PRC - [2007/04/24 06:41:42 | 000,262,243 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/01/08 19:11:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2010/06/17 03:12:58 | 000,839,680 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2012/05/05 19:24:48 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/08/09 21:39:22 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn) SRV - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008/01/19 13:08:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/04/24 06:41:44 | 000,106,593 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS) SRV - [2007/04/24 06:41:42 | 000,262,243 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys -- (IDSvix86) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012/05/19 12:10:40 | 000,046,848 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Users\Raghavendra\AppData\Local\Temp\aswMBR.sys -- (aswMBR) DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/12/21 01:35:38 | 000,091,424 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\idmwfp.sys -- (IDMWFP) DRV - [2011/08/09 13:57:10 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\eamonm.sys -- (eamonm) DRV - [2011/08/04 09:20:38 | 000,147,480 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\epfw.sys -- (epfw) DRV - [2011/08/04 09:20:38 | 000,050,624 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\epfwwfp.sys -- (epfwwfp) DRV - [2011/08/04 09:20:38 | 000,033,656 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\EpfwLWF.sys -- (EpfwLWF) DRV - [2011/08/04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ehdrv.sys -- (ehdrv) DRV - [2010/02/25 01:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBTTN.sys -- (HBtnKey) DRV - [2009/12/30 12:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\revoflt.sys -- (Revoflt) DRV - [2009/10/26 15:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\smserial.sys -- (smserial) DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008/01/25 00:46:40 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007/03/01 18:19:58 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007/02/24 20:12:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007/01/23 22:33:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007/01/23 22:10:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006/11/02 13:00:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop IE - HKLM\..\SearchScopes,DefaultScope = {9FD89D22-C60B-4BC2-A131-284E0D766A35} IE - HKLM\..\SearchScopes\{896DB260-1B30-4FF3-B10E-B4961151320C}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd IE - HKLM\..\SearchScopes\{9FD89D22-C60B-4BC2-A131-284E0D766A35}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt IE - HKLM\..\SearchScopes\{A281B9DD-CB64-448D-A1EA-10A689AD2918}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {9FD89D22-C60B-4BC2-A131-284E0D766A35} IE - HKCU\..\SearchScopes\{896DB260-1B30-4FF3-B10E-B4961151320C}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd IE - HKCU\..\SearchScopes\{9FD89D22-C60B-4BC2-A131-284E0D766A35}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt IE - HKCU\..\SearchScopes\{A281B9DD-CB64-448D-A1EA-10A689AD2918}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.google.co.in/" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Raghavendra\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Raghavendra\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/05 19:24:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/03/23 15:09:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Raghavendra\AppData\Roaming\IDM\idmmzcc5 [2012/03/13 20:30:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Raghavendra\AppData\Roaming\IDM\idmmzcc5 [2012/03/13 20:30:23 | 000,000,000 | ---D | M] [2012/03/12 16:15:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raghavendra\AppData\Roaming\Mozilla\Extensions [2012/05/18 07:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raghavendra\AppData\Roaming\Mozilla\Firefox\Profiles\z7io7ajy.default\extensions [2012/03/27 08:44:17 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Raghavendra\AppData\Roaming\Mozilla\Firefox\Profiles\z7io7ajy.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} [2012/05/18 07:03:37 | 000,000,000 | ---D | M] (IDM CC) -- C:\Users\Raghavendra\AppData\Roaming\Mozilla\Firefox\Profiles\z7io7ajy.default\extensions\mozilla_cc@internetdownloadmanager.com [2012/05/05 19:24:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/05/05 19:24:47 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/02/16 16:12:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/02/16 16:12:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Raghavendra\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Raghavendra\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Raghavendra\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Google Update (Enabled) = C:\Users\Raghavendra\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Raghavendra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Raghavendra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Gmail = C:\Users\Raghavendra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/03/13 20:30:55 | 000,001,213 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 tonec.com O1 - Hosts: 127.0.0.1 *.tonec.com O1 - Hosts: 127.0.0.1 x.tonec.com O1 - Hosts: 127.0.0.1 www.tonec.com O1 - Hosts: 127.0.0.1 registeridm.com O1 - Hosts: 127.0.0.1 www.registeridm.com O1 - Hosts: 127.0.0.1 secure.registeridm.com O1 - Hosts: 127.0.0.1 internetdownloadmanager.com O1 - Hosts: 127.0.0.1 www.internetdownloadmanager.com O1 - Hosts: 127.0.0.1 secure.internetdownloadmanager.com O1 - Hosts: 127.0.0.1 mirror.internetdownloadmanager.com O1 - Hosts: 127.0.0.1 mirror2.internetdownloadmanager.com O1 - Hosts: 127.0.0.1 mirror3.internetdownloadmanager.com O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.) O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe () O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks) O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm () O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm () O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAECF98D-936B-4CB8-9F10-9B1C41375907}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAECF98D-936B-4CB8-9F10-9B1C41375907}: NameServer = 208.67.222.222,208.67.220.220 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Raghavendra\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Raghavendra\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/05/23 17:35:45 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005/09/11 20:48:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ] O33 - MountPoints2\{b93276eb-77b4-11e1-b000-001b24c394c2}\Shell - "" = AutoRun O33 - MountPoints2\{b93276eb-77b4-11e1-b000-001b24c394c2}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/05/19 16:59:54 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Raghavendra\Desktop\iexplore.exe [2012/05/16 21:42:42 | 000,000,000 | ---D | C] -- C:\Users\Raghavendra\Desktop\Horoscopes [2012/05/05 19:24:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/05/05 19:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012/04/28 11:31:32 | 000,000,000 | ---D | C] -- C:\Users\Raghavendra\Desktop\Desktop [2012/04/25 11:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Azhagi+ [2012/04/25 11:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\Azhagi+ [2012/04/24 14:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/04/24 14:51:19 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/04/24 14:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/04/24 11:26:31 | 000,000,000 | ---D | C] -- C:\Users\Raghavendra\AppData\Roaming\Malwarebytes [2012/04/24 11:25:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/05/19 20:03:06 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-435282272-506716919-4068098482-1000UA.job [2012/05/19 18:21:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/05/19 18:21:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/19 18:03:19 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-435282272-506716919-4068098482-1000Core.job [2012/05/19 16:57:37 | 000,000,512 | ---- | M] () -- C:\Users\Raghavendra\Documents\MBR.dat [2012/05/19 16:21:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/05/19 16:21:28 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys [2012/05/19 12:11:40 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Raghavendra\Desktop\iexplore.exe [2012/05/18 22:44:35 | 000,030,720 | ---- | M] () -- C:\Users\Raghavendra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/05/18 07:17:57 | 000,002,034 | ---- | M] () -- C:\Users\Raghavendra\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/05/18 07:17:48 | 000,002,072 | ---- | M] () -- C:\Users\Raghavendra\Desktop\Google Chrome.lnk [2012/05/10 23:23:24 | 000,436,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/05/10 22:23:44 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/05/10 22:23:44 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/05/01 17:56:37 | 000,060,228 | ---- | M] () -- C:\Users\Raghavendra\Desktop\Horoscope_Satish.pdf [2012/04/25 11:48:44 | 000,000,836 | ---- | M] () -- C:\Users\Raghavendra\Application Data\Microsoft\Internet Explorer\Quick Launch\Azhagi+.lnk [2012/04/25 11:48:43 | 000,000,812 | ---- | M] () -- C:\Users\Raghavendra\Desktop\Azhagi+.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/05/19 16:57:37 | 000,000,512 | ---- | C] () -- C:\Users\Raghavendra\Documents\MBR.dat [2012/05/18 22:25:27 | 3211,190,272 | -HS- | C] () -- C:\hiberfil.sys [2012/05/01 17:56:56 | 000,060,228 | ---- | C] () -- C:\Users\Raghavendra\Desktop\Horoscope_Satish.pdf [2012/04/25 11:48:44 | 000,000,836 | ---- | C] () -- C:\Users\Raghavendra\Application Data\Microsoft\Internet Explorer\Quick Launch\Azhagi+.lnk [2012/04/25 11:48:43 | 000,000,812 | ---- | C] () -- C:\Users\Raghavendra\Desktop\Azhagi+.lnk [2012/04/10 14:51:03 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2012/04/10 09:46:20 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll [2012/03/17 07:33:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2012/03/17 07:33:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2012/03/15 13:18:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2012/03/13 20:53:52 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll [2012/03/13 20:28:50 | 000,230,912 | ---- | C] () -- C:\Windows\System32\Zipit.dll [2012/03/13 20:28:50 | 000,099,840 | ---- | C] ( ) -- C:\Windows\System32\Zipdll.dll [2012/03/13 20:28:50 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\Unzdll.dll [2012/03/13 20:28:49 | 000,314,880 | ---- | C] () -- C:\Windows\System32\Tx32.dll [2012/03/12 16:24:48 | 000,030,720 | ---- | C] () -- C:\Users\Raghavendra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/02/09 14:20:38 | 004,794,880 | ---- | C] () -- C:\Windows\System32\x264vfw.dll [2012/01/09 19:45:18 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011/09/15 02:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin [color=#E56717]========== LOP Check ==========[/color] [2012/05/12 09:26:40 | 000,000,000 | ---D | M] -- C:\Users\Raghavendra\AppData\Roaming\AIMP3 [2012/03/28 18:00:49 | 000,000,000 | ---D | M] -- C:\Users\Raghavendra\AppData\Roaming\Auslogics [2012/03/13 19:58:40 | 000,000,000 | ---D | M] -- C:\Users\Raghavendra\AppData\Roaming\Boilsoft [2012/05/19 12:11:58 | 000,000,000 | ---D | M] -- C:\Users\Raghavendra\AppData\Roaming\DMCache [2012/03/23 09:25:13 | 000,000,000 | ---D | M] -- C:\Users\Raghavendra\AppData\Roaming\ESET [2012/05/12 10:54:07 | 000,000,000 | ---D | M] -- C:\Users\Raghavendra\AppData\Roaming\FileZilla [2012/03/15 09:41:29 | 000,000,000 | ---D | M] -- C:\Users\Raghavendra\AppData\Roaming\IDM [2012/04/06 14:30:55 | 000,000,000 | ---D | M] -- C:\Users\Raghavendra\AppData\Roaming\OpenDNS Updater [2012/03/15 14:51:09 | 000,000,000 | ---D | M] -- C:\Users\Raghavendra\AppData\Roaming\PearlMountain [2012/04/24 14:37:17 | 000,000,000 | ---D | M] -- C:\Users\Raghavendra\AppData\Roaming\uTorrent [2012/03/12 16:08:14 | 000,000,000 | ---D | M] -- C:\Users\Raghavendra\AppData\Roaming\VistaCodecs [2012/04/05 20:56:47 | 000,000,000 | ---D | M] -- C:\Users\Raghavendra\AppData\Roaming\WebMoney [2012/04/09 10:55:13 | 000,000,000 | ---D | M] -- C:\Users\Raghavendra\AppData\Roaming\Xilisoft Corporation [2012/05/19 09:21:35 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2012/03/12 21:16:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2012/03/12 21:15:52 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2012/03/12 21:15:47 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2012/03/13 14:26:06 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2012/03/13 14:26:06 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009/04/11 11:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\explorer.exe [2009/04/11 11:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2012/03/12 21:15:56 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006/11/02 15:15:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008/01/19 13:03:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe [2006/11/02 15:15:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe [2008/01/19 13:03:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\System32\svchost.exe [2008/01/19 13:03:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2008/01/19 13:03:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\System32\userinit.exe [2008/01/19 13:03:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006/11/02 15:15:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009/04/11 11:58:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\System32\winlogon.exe [2009/04/11 11:58:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006/11/02 15:15:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008/01/19 13:03:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe [color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >[/color] "DisplayName" = NETBT "Group" = PNP_TDI "ImagePath" = System32\DRIVERS\netbt.sys -- [2009/04/11 10:15:37 | 000,185,856 | ---- | M] (Microsoft Corporation) "Description" = This service implements NetBios over TCP/IP. "ErrorControl" = 1 "Start" = 1 "Type" = 1 "DependOnService" = Tdxtcpip [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage] "OtherDependencies" = Tcpip [binary data] "Bind" = [Binary data over 100 bytes] "Route" = [Binary data over 100 bytes] "Export" = [Binary data over 100 bytes] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters] "BcastNameQueryCount" = 3 "BcastQueryTimeout" = 750 "CacheTimeout" = 600000 "EnableLMHOSTS" = 1 "NameServerPort" = 137 "NameSrvQueryCount" = 3 "NameSrvQueryTimeout" = 1500 "NbProvider" = _tcp "SessionKeepAlive" = 3600000 "Size/Small/Medium/Large" = 1 "TransportBindName" = \Device\ "UseNewSmb" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{75BBC226-5F45-40F4-816B-4B5EA0F5C812}] "NameServerList" = [binary data] "NetbiosOptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{AAECF98D-936B-4CB8-9F10-9B1C41375907}] "NameServerList" = [binary data] "NetbiosOptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security] "Security" = [Binary data over 100 bytes] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum] "0" = Root\LEGACY_NETBT\0000 "Count" = 1 "NextInstance" = 1 [color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >[/color] "Type" = 2 "Start" = 1 "ErrorControl" = 1 "Tag" = 2 "ImagePath" = system32\DRIVERS\netbios.sys -- [2008/01/19 11:25:45 | 000,035,840 | ---- | M] (Microsoft Corporation) "DisplayName" = NetBIOS Interface "Group" = NetBIOSGroup "Description" = NetBIOS Interface [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage] "LanaMap" = 01 00 01 02 01 06 01 04 01 05 01 07 01 01 01 03 [binary data] "Bind" = [Binary data over 100 bytes] "Route" = [Binary data over 100 bytes] "Export" = [Binary data over 100 bytes] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters] "MaxLana" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock] "HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2006/11/02 15:16:14 | 000,011,264 | ---- | M] (Microsoft Corporation) "MaxSockAddrLength" = 20 "MinSockAddrLength" = 20 "Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum] "0" = Root\LEGACY_NETBIOS\0000 "Count" = 1 "NextInstance" = 1 [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color] HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/05/05 19:24:43 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/05/05 19:24:43 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/05/05 19:24:43 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/05/05 19:24:46 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/05/05 19:24:46 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/05/05 19:24:46 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Raghavendra\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/05/09 08:34:54 | 001,240,048 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Raghavendra\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/05/09 08:34:54 | 001,240,048 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Raghavendra\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/05/09 08:34:54 | 001,240,048 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Raghavendra\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/05/09 08:34:54 | 001,240,048 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/03/18 12:24:09 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/03/18 12:24:09 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/03/18 12:24:09 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/03/18 12:24:10 | 000,748,336 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/03/18 12:24:10 | 000,748,336 | ---- | M] (Microsoft Corporation) [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color] HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/05/05 19:24:43 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/05/05 19:24:43 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/05/05 19:24:43 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/05/05 19:24:46 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/05/05 19:24:46 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/05/05 19:24:46 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Raghavendra\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/05/09 08:34:54 | 001,240,048 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Raghavendra\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/05/09 08:34:54 | 001,240,048 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Raghavendra\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/05/09 08:34:54 | 001,240,048 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Raghavendra\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/05/09 08:34:54 | 001,240,048 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/03/18 12:24:09 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/03/18 12:24:09 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/03/18 12:24:09 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/03/18 12:24:10 | 000,748,336 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/03/18 12:24:10 | 000,748,336 | ---- | M] (Microsoft Corporation) [color=#A23BEC]< C:\Windows\assembly\tmp\U\*.* /s >[/color] [color=#A23BEC]< C:\Program Files\Common Files\ComObjects\*.* /s >[/color] [color=#A23BEC]< C:\windows\*. /RP /s >[/color] [color=#A23BEC]< %Temp%\smtmp\1\*.* >[/color] [color=#A23BEC]< %Temp%\smtmp\2\*.* >[/color] [color=#A23BEC]< %Temp%\smtmp\3\*.* >[/color] [color=#A23BEC]< %Temp%\smtmp\4\*.* >[/color] [color=#A23BEC]< type c:\diskreport.txt /c >[/color] Microsoft DiskPart version 6.0.6002 Copyright (C) 1999-2007 Microsoft Corporation. On computer: APOLLO Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- Volume 0 F DVD-ROM 0 B No Media Volume 1 C NTFS Partition 114 GB Healthy System Volume 2 D MULTIMEDIA NTFS Partition 109 GB Healthy Volume 3 E HP_RECOVERY NTFS Partition 10 GB Healthy [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:4BF2F6B5 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:A064CECC @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:41ADDB8A @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:07BF512B < End of report >