OTL logfile created on: 6/19/2015 3:37:29 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dharmesh\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 767.48 Mb Total Physical Memory | 527.57 Mb Available Physical Memory | 68.74% Memory free 1.83 Gb Paging File | 1.65 Gb Available in Paging File | 90.01% Paging File free Paging file location(s): C:\pagefile.sys 1152 2304 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 73.24 Gb Total Space | 65.35 Gb Free Space | 89.22% Space Free | Partition Type: NTFS Drive D: | 74.28 Gb Total Space | 70.08 Gb Free Space | 94.35% Space Free | Partition Type: NTFS Drive J: | 979.73 Mb Total Space | 882.16 Mb Free Space | 90.04% Space Free | Partition Type: FAT Computer Name: DHARMESH-1665FE | User Name: Dharmesh | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2015/06/19 15:21:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dharmesh\Desktop\OTL.exe PRC - [2004/08/03 17:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2003/11/26 19:00:00 | 000,099,840 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I0S2.EXE [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014/06/15 21:40:35 | 000,083,456 | ---- | M] () -- C:\Program Files\NCH Software\ExpressZip\ezcm.dll MOD - [2006/07/12 13:19:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2004/08/03 17:56:44 | 000,162,979 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\efmzn.dll -- (uliukt) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2009/07/13 16:51:12 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB) DRV - [2007/04/20 07:31:28 | 004,484,608 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2006/12/27 08:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2006/06/28 17:38:56 | 000,105,088 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=wnzp01_14_24_ch&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCtB0EtAtCtDzzyCzyyDyBtN0D0Tzu0SzzzyyBtN1L2XzutBtFtBtCtFyEtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StD0D0B0A0EyE0FyBtGtD0C0EyEtG0ByDyCtDtGyCyCyE0FtGyEyDtAyB0CyEzz0CyDyB0ByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyBtDtDtD0F0DyEtGyB0Bzy0BtGtA0C0A0AtG0BtCyD0FtGyC0E0CyD0F0AtCzy0CyByE0E2QtN1B1L1H1Ezu1O2U1M1B&cr=951822553&ir= IE - HKLM\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8} IE - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=wnzp01_14_24_ch&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCtB0EtAtCtDzzyCzyyDyBtN0D0Tzu0SzzzyyBtN1L2XzutBtFtBtCtFyEtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StD0D0B0A0EyE0FyBtGtD0C0EyEtG0ByDyCtDtGyCyCyE0FtGyEyDtAyB0CyEzz0CyDyB0ByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyBtDtDtD0F0DyEtGyB0Bzy0BtGtA0C0A0AtG0BtCyD0FtGyC0E0CyD0F0AtCzy0CyByE0E2QtN1B1L1H1Ezu1O2U1M1B&cr=951822553&ir= IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1202660629-413027322-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1202660629-413027322-682003330-1003\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8} IE - HKU\S-1-5-21-1202660629-413027322-682003330-1003\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=wnzp01_14_24_ch&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCtB0EtAtCtDzzyCzyyDyBtN0D0Tzu0SzzzyyBtN1L2XzutBtFtBtCtFyEtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StD0D0B0A0EyE0FyBtGtD0C0EyEtG0ByDyCtDtGyCyCyE0FtGyEyDtAyB0CyEzz0CyDyB0ByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyBtDtDtD0F0DyEtGyB0Bzy0BtGtA0C0A0AtG0BtCyD0FtGyC0E0CyD0F0AtCzy0CyByE0E2QtN1B1L1H1Ezu1O2U1M1B&cr=951822553&ir= IE - HKU\S-1-5-21-1202660629-413027322-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2014/06/15 19:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dharmesh\Application Data\Mozilla\Extensions [2014/06/15 19:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dharmesh\Application Data\Mozilla\Extensions\home2@tomtom.com [color=#E56717]========== Chrome ==========[/color] CHR - Extension: No name found = C:\Documents and Settings\Dharmesh\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\ CHR - Extension: No name found = C:\Documents and Settings\Dharmesh\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\ CHR - Extension: No name found = C:\Documents and Settings\Dharmesh\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\ CHR - Extension: No name found = C:\Documents and Settings\Dharmesh\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\ CHR - Extension: No name found = C:\Documents and Settings\Dharmesh\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\ CHR - Extension: No name found = C:\Documents and Settings\Dharmesh\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\ CHR - Extension: No name found = C:\Documents and Settings\Dharmesh\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\ CHR - Extension: No name found = C:\Documents and Settings\Dharmesh\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\ CHR - Extension: No name found = C:\Documents and Settings\Dharmesh\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_0\ CHR - Extension: No name found = C:\Documents and Settings\Dharmesh\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\ O1 HOSTS File: ([2001/08/23 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1202660629-413027322-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O15 - HKU\S-1-5-21-1202660629-413027322-682003330-1003\..Trusted Domains: google.co.uk ([www] https in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2817F6F-A172-43D4-9DE6-786DD102C385}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2817F6F-A172-43D4-9DE6-786DD102C385}: NameServer = 8.8.8.8,8.8.4.4 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Dharmesh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dharmesh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2014/04/29 21:21:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009/03/21 14:06:58 | 000,059,288 | RHS- | M] () - J:\AUTORUN.INF -- [ FAT ] O33 - MountPoints2\{1c490062-011a-11e4-aa1e-0019212e3108}\Shell - "" = AutoRun O33 - MountPoints2\{1c490062-011a-11e4-aa1e-0019212e3108}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{1c490062-011a-11e4-aa1e-0019212e3108}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{1facade7-168b-11e5-aa9a-0019212e3108}\Shell - "" = AutoRun O33 - MountPoints2\{1facade7-168b-11e5-aa9a-0019212e3108}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{1facade7-168b-11e5-aa9a-0019212e3108}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{78aeb65e-dc48-11e3-a9b1-0019212e3108}\Shell - "" = AutoRun O33 - MountPoints2\{78aeb65e-dc48-11e3-a9b1-0019212e3108}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{78aeb65e-dc48-11e3-a9b1-0019212e3108}\Shell\AutoRun\command - "" = J:\Startme.exe O33 - MountPoints2\{ae832719-35eb-11e4-aa3d-0019212e3108}\Shell - "" = AutoRun O33 - MountPoints2\{ae832719-35eb-11e4-aa3d-0019212e3108}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ae832719-35eb-11e4-aa3d-0019212e3108}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{ca658600-0239-11e4-aa26-0019212e3108}\Shell - "" = AutoRun O33 - MountPoints2\{ca658600-0239-11e4-aa26-0019212e3108}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ca658600-0239-11e4-aa26-0019212e3108}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{eef94110-dc4a-11e3-a9b2-0019212e3108}\Shell - "" = AutoRun O33 - MountPoints2\{eef94110-dc4a-11e3-a9b2-0019212e3108}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{eef94110-dc4a-11e3-a9b2-0019212e3108}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\J\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: uliukt - C:\WINDOWS\system32\efmzn.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 360 Days ==========[/color] [2015/06/19 15:31:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dharmesh\Desktop\OTL.exe [2015/06/19 15:09:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome [2015/06/13 14:40:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll [2015/06/13 14:40:50 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll [2015/06/13 14:40:49 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys [2015/06/12 14:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dharmesh\Desktop\NEW [2014/09/29 16:21:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dharmesh\Desktop\JES TRADERS LTD [2014/09/27 09:45:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dharmesh\Desktop\307 [2014/09/19 14:30:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dharmesh\Desktop\WEEK POLICY [2014/06/30 16:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dharmesh\Application Data\NCH Software [2014/06/25 18:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dharmesh\Desktop\jes gold medal & mix pic [2014/06/25 18:24:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dharmesh\Desktop\harrison rd 15.6.14 [2014/06/25 18:18:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dharmesh\Desktop\Skegness 13.6.2014 [2014/06/25 09:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\ChrisPC Free VideoTube Downloader [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 360 Days ==========[/color] [2015/06/19 15:21:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dharmesh\Desktop\OTL.exe [2015/06/19 15:12:59 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2015/06/19 15:12:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2015/06/19 15:09:20 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Dharmesh\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2015/06/19 15:09:09 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2015/06/19 14:29:59 | 000,073,451 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2015/06/19 14:29:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2015/06/19 13:29:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2015/06/12 16:35:21 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Dharmesh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2015/06/04 17:13:04 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics [2015/06/04 16:38:00 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2015/06/04 16:38:00 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2014/06/25 18:36:30 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Dharmesh\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2014/06/24 20:29:57 | 000,060,774 | ---- | M] () -- C:\Documents and Settings\Dharmesh\Desktop\Travel Insurance Doc.pdf [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2015/06/19 15:09:09 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\Dharmesh\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2015/06/19 15:09:09 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2015/06/19 15:07:43 | 000,000,890 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2015/06/19 15:07:42 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2015/06/12 15:49:12 | 001,635,455 | ---- | C] () -- C:\Documents and Settings\Dharmesh\Desktop\DSC_0972.jpg [2014/09/06 19:37:43 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Dharmesh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014/06/25 18:36:30 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Dharmesh\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2014/06/24 20:29:56 | 000,060,774 | ---- | C] () -- C:\Documents and Settings\Dharmesh\Desktop\Travel Insurance Doc.pdf [2014/04/30 21:47:40 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDEC66SeriesEuro.ini [2014/04/30 21:47:33 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT [2014/04/29 22:12:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2014/04/29 22:11:20 | 000,263,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2014/04/29 22:05:05 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2014/04/29 21:23:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2014/04/29 21:19:10 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2004/08/03 17:56:46 | 001,483,264 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004/08/03 17:56:44 | 000,472,064 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004/08/03 17:56:48 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== Custom Scans ==========[/color] [color=#E56717]========== Drive Information ==========[/color] Physical Drives --------------- Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media Interface type: IDE Media Type: Fixed\thard disk media Model: HDT722516DLA380 Partitions: 3 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE1 - Interface type: USB Media Type: Model: Generic USB SD Reader USB Device Partitions: 0 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE2 - Interface type: USB Media Type: Model: Generic USB CF Reader USB Device Partitions: 0 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE3 - Interface type: USB Media Type: Model: Generic USB SM Reader USB Device Partitions: 0 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE4 - Interface type: USB Media Type: Model: Generic USB MS Reader USB Device Partitions: 0 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE5 - Removable media other than\tfloppy Interface type: USB Media Type: Removable media other than\tfloppy Model: USB Device Partitions: 1 Status: OK Status Info: 0 Partitions --------------- DeviceID: Disk #0, Partition #0 PartitionType: Unknown Bootable: False BootPartition: False PrimaryPartition: True Size: 6.00GB Starting Offset: 32256 Hidden sectors: 0 DeviceID: Disk #0, Partition #1 PartitionType: Installable File System Bootable: True BootPartition: True PrimaryPartition: True Size: 73.00GB Starting Offset: 6284113920 Hidden sectors: 0 DeviceID: Disk #0, Partition #2 PartitionType: Extended w/Extended Int 13 Bootable: False BootPartition: False PrimaryPartition: False Size: 74.00GB Starting Offset: 84926016000 Hidden sectors: 0 DeviceID: Disk #5, Partition #0 PartitionType: 16-bit FAT Bootable: False BootPartition: False PrimaryPartition: True Size: 980.00MB Starting Offset: 0 Hidden sectors: 0 [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color] [2014/04/29 21:21:46 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2014/04/29 21:16:09 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2014/04/29 21:21:46 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2014/04/29 21:21:46 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2014/04/29 21:21:46 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/03 15:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2004/08/03 15:59:34 | 000,250,032 | RHS- | M] () -- C:\ntldr [2015/06/19 14:29:55 | 1207,959,552 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< %systemdrive%\drivers\*.exe >[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.* /90 >[/color] [color=#A23BEC]< %PROGRAMFILES%\*.* >[/color] [color=#A23BEC]< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs >[/color] HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2015/06/05 19:22:15 | 000,813,896 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2015/06/05 19:22:15 | 000,813,896 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2015/06/05 19:22:15 | 000,813,896 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2015/06/05 19:22:15 | 000,813,896 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2015/06/05 19:22:15 | 000,813,896 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2004/08/03 17:56:58 | 000,042,496 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2004/08/03 17:56:58 | 000,042,496 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2004/08/03 17:56:58 | 000,042,496 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe [color=#A23BEC]< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs >[/color] HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2015/06/05 19:22:15 | 000,813,896 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2015/06/05 19:22:15 | 000,813,896 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2015/06/05 19:22:15 | 000,813,896 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2015/06/05 19:22:15 | 000,813,896 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2015/06/05 19:22:15 | 000,813,896 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2004/08/03 17:56:58 | 000,042,496 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2004/08/03 17:56:58 | 000,042,496 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2004/08/03 17:56:58 | 000,042,496 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe < End of report >