Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Google and auto-url redirect virus

Started by athi , Aug 06 2010 08:31 AM

This topic is locked

#1
athi

Posted 06 August 2010 - 08:31 AM

New Member

Member
8 posts

Hi Geeks,

Recently our system got infected with google redirect virus. Whenever i try to click the search links in google, it redirects me to someother link for couple of times. Then as soon as i boot my pc and open IE, it automatically redirects me to some chinese url's.. This happens some 5-6 times then IE automatically closes. Afterwards if I open IE again, it works properly.

Could anyone help me resolve this.
Thanks in Advance,
Athi.

#2
Rorschach112

Posted 06 August 2010 - 08:35 AM

Ralphie

Retired Staff
47,710 posts

http://www.geekstogo...ogle-redirects/

#3
athi

Posted 06 August 2010 - 09:33 AM

New Member

Topic Starter
Member
8 posts

Hi Rorschach112,

Thank you for your reply.

I tried all the steps that was mentioned in ur thread, but the TDSSKiller scan detects no infection. What should I do now?

Thanks in Advance,
Athi.

#4
Rorschach112

Posted 06 August 2010 - 09:37 AM

Ralphie

Retired Staff
47,710 posts

post its log and do this

Download ComboFix here :

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

Click me
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

#5
athi

Posted 06 August 2010 - 10:08 AM

New Member

Topic Starter
Member
8 posts

Hi Rorschach112,

When I try to execute ComboFix, it says Incompatible OS. Mine is Windows 7 and Combofix supports only windows 2000 and XP. Is there any version available for windows 7. I tried googling but getting the same version.

Btn, pls find below the log for TDSSKiller.

Log for OTM:

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\athineethi\Desktop\Virus Issue\cmd.bat deleted successfully.
C:\Users\athineethi\Desktop\Virus Issue\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData

User: athineethi
->Temp folder emptied: 434327607 bytes
->Temporary Internet Files folder emptied: 1800882641 bytes
->Java cache emptied: 63979673 bytes
->Google Chrome cache emptied: 121306445 bytes
->Flash cache emptied: 591862 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17902831 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50467 bytes
RecycleBin emptied: 796 bytes

Total Files Cleaned = 2,326.00 mb

Restore point Set: OTM Restore Point

OTM by OldTimer - Version 3.1.15.0 log created on 0806201

TDSSKiller Log:

2010/08/06 12:06:22.0729 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41
2010/08/06 12:06:22.0729 ================================================================================
2010/08/06 12:06:22.0729 SystemInfo:
2010/08/06 12:06:22.0729
2010/08/06 12:06:22.0729 OS Version: 6.1.7600 ServicePack: 0.0
2010/08/06 12:06:22.0729 Product type: Workstation
2010/08/06 12:06:22.0729 ComputerName: ATHINEETHI-PC
2010/08/06 12:06:22.0730 UserName: athineethi
2010/08/06 12:06:22.0730 Windows directory: C:\Windows
2010/08/06 12:06:22.0730 System windows directory: C:\Windows
2010/08/06 12:06:22.0730 Running under WOW64
2010/08/06 12:06:22.0730 Processor architecture: Intel x64
2010/08/06 12:06:22.0730 Number of processors: 4
2010/08/06 12:06:22.0730 Page size: 0x1000
2010/08/06 12:06:22.0730 Boot type: Normal boot
2010/08/06 12:06:22.0730 ================================================================================
2010/08/06 12:06:22.0730 Utility is running under WOW64, functionality is limited.
2010/08/06 12:06:23.0548 Initialize success
2010/08/06 12:06:24.0606 ================================================================================
2010/08/06 12:06:24.0606 Scan started
2010/08/06 12:06:24.0606 Mode: Manual;
2010/08/06 12:06:24.0606 ================================================================================
2010/08/06 12:06:24.0976 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/08/06 12:06:25.0008 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2010/08/06 12:06:25.0032 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/08/06 12:06:25.0063 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/08/06 12:06:25.0095 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2010/08/06 12:06:25.0120 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2010/08/06 12:06:25.0178 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2010/08/06 12:06:25.0211 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2010/08/06 12:06:25.0248 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2010/08/06 12:06:25.0274 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2010/08/06 12:06:25.0298 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2010/08/06 12:06:25.0317 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2010/08/06 12:06:25.0340 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2010/08/06 12:06:25.0383 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/08/06 12:06:25.0408 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2010/08/06 12:06:25.0431 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2010/08/06 12:06:25.0476 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2010/08/06 12:06:25.0498 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2010/08/06 12:06:25.0535 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/06 12:06:25.0571 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2010/08/06 12:06:25.0687 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/08/06 12:06:25.0838 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2010/08/06 12:06:25.0889 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/08/06 12:06:25.0925 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2010/08/06 12:06:25.0967 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/08/06 12:06:25.0994 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2010/08/06 12:06:26.0016 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/08/06 12:06:26.0035 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/08/06 12:06:26.0074 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2010/08/06 12:06:26.0102 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/08/06 12:06:26.0126 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/08/06 12:06:26.0141 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/08/06 12:06:26.0163 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/08/06 12:06:26.0203 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/08/06 12:06:26.0237 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2010/08/06 12:06:26.0281 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2010/08/06 12:06:26.0319 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2010/08/06 12:06:26.0415 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/08/06 12:06:26.0441 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2010/08/06 12:06:26.0474 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2010/08/06 12:06:26.0491 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2010/08/06 12:06:26.0512 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/08/06 12:06:26.0538 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/08/06 12:06:26.0607 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2010/08/06 12:06:26.0644 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2010/08/06 12:06:26.0663 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2010/08/06 12:06:26.0737 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2010/08/06 12:06:26.0794 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2010/08/06 12:06:26.0887 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2010/08/06 12:06:26.0976 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2010/08/06 12:06:27.0005 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2010/08/06 12:06:27.0061 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2010/08/06 12:06:27.0088 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2010/08/06 12:06:27.0116 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2010/08/06 12:06:27.0162 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2010/08/06 12:06:27.0186 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2010/08/06 12:06:27.0211 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/08/06 12:06:27.0242 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2010/08/06 12:06:27.0289 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2010/08/06 12:06:27.0309 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2010/08/06 12:06:27.0347 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2010/08/06 12:06:27.0373 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/08/06 12:06:27.0460 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2010/08/06 12:06:27.0487 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2010/08/06 12:06:27.0520 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/08/06 12:06:27.0539 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/08/06 12:06:27.0562 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2010/08/06 12:06:27.0583 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2010/08/06 12:06:27.0630 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2010/08/06 12:06:27.0689 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/08/06 12:06:27.0729 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2010/08/06 12:06:27.0755 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2010/08/06 12:06:27.0791 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/08/06 12:06:27.0820 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/08/06 12:06:27.0859 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2010/08/06 12:06:27.0939 IntcAzAudAddService (f2b52c7b1c8e6a4fc4c4564f4a421f23) C:\Windows\system32\drivers\RTKVHD64.sys
2010/08/06 12:06:27.0968 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2010/08/06 12:06:27.0998 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2010/08/06 12:06:28.0041 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/06 12:06:28.0073 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/08/06 12:06:28.0095 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2010/08/06 12:06:28.0120 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2010/08/06 12:06:28.0143 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2010/08/06 12:06:28.0168 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/08/06 12:06:28.0190 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/08/06 12:06:28.0212 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/08/06 12:06:28.0252 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2010/08/06 12:06:28.0298 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2010/08/06 12:06:28.0319 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2010/08/06 12:06:28.0440 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2010/08/06 12:06:28.0493 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/08/06 12:06:28.0520 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/08/06 12:06:28.0543 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/08/06 12:06:28.0567 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/08/06 12:06:28.0595 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2010/08/06 12:06:28.0700 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2010/08/06 12:06:28.0722 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/08/06 12:06:28.0764 mfeavfk (4a1c21576fb7f96f4dbdea627ffda775) C:\Windows\system32\drivers\mfeavfk.sys
2010/08/06 12:06:28.0790 mfebopk (dd7b52227da36f2718306c98e474b51b) C:\Windows\system32\drivers\mfebopk.sys
2010/08/06 12:06:28.0816 mfehidk (9e0ac52b3232ff8dc65fee1a9c2fe8d1) C:\Windows\system32\drivers\mfehidk.sys
2010/08/06 12:06:28.0845 mferkdk (624d717b11e5004f68442b5740f17f21) C:\Windows\system32\drivers\mferkdk.sys
2010/08/06 12:06:28.0865 mfesmfk (0cd9de7b96735f33f078c4ea044e8b34) C:\Windows\system32\drivers\mfesmfk.sys
2010/08/06 12:06:28.0912 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2010/08/06 12:06:28.0937 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2010/08/06 12:06:28.0964 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2010/08/06 12:06:28.0986 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2010/08/06 12:06:29.0013 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2010/08/06 12:06:29.0039 MPFP (dfed96e61756c67533bae6b7d5f8cca3) C:\Windows\system32\Drivers\Mpfp.sys
2010/08/06 12:06:29.0080 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2010/08/06 12:06:29.0112 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2010/08/06 12:06:29.0152 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2010/08/06 12:06:29.0202 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/06 12:06:29.0248 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/06 12:06:29.0296 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/06 12:06:29.0317 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2010/08/06 12:06:29.0344 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2010/08/06 12:06:29.0406 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2010/08/06 12:06:29.0426 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2010/08/06 12:06:29.0443 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/08/06 12:06:29.0505 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2010/08/06 12:06:29.0526 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/06 12:06:29.0544 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2010/08/06 12:06:29.0569 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2010/08/06 12:06:29.0595 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/08/06 12:06:29.0620 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2010/08/06 12:06:29.0638 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/08/06 12:06:29.0672 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2010/08/06 12:06:29.0708 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2010/08/06 12:06:29.0748 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2010/08/06 12:06:29.0777 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/08/06 12:06:29.0796 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/06 12:06:29.0815 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/06 12:06:29.0836 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/06 12:06:29.0860 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2010/08/06 12:06:29.0876 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2010/08/06 12:06:29.0898 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2010/08/06 12:06:29.0958 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/08/06 12:06:29.0981 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2010/08/06 12:06:30.0009 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2010/08/06 12:06:30.0060 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2010/08/06 12:06:30.0104 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2010/08/06 12:06:30.0127 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/08/06 12:06:30.0152 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2010/08/06 12:06:30.0178 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/08/06 12:06:30.0224 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/08/06 12:06:30.0285 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2010/08/06 12:06:30.0309 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2010/08/06 12:06:30.0344 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2010/08/06 12:06:30.0365 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2010/08/06 12:06:30.0393 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/08/06 12:06:30.0424 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2010/08/06 12:06:30.0454 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2010/08/06 12:06:30.0562 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2010/08/06 12:06:30.0584 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2010/08/06 12:06:30.0638 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2010/08/06 12:06:30.0674 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
2010/08/06 12:06:30.0716 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2010/08/06 12:06:30.0751 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/08/06 12:06:30.0801 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2010/08/06 12:06:30.0890 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2010/08/06 12:06:30.0921 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/08/06 12:06:30.0954 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/06 12:06:30.0986 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/06 12:06:31.0003 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2010/08/06 12:06:31.0035 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2010/08/06 12:06:31.0060 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/08/06 12:06:31.0093 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/06 12:06:31.0117 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2010/08/06 12:06:31.0142 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2010/08/06 12:06:31.0167 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2010/08/06 12:06:31.0198 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2010/08/06 12:06:31.0261 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
2010/08/06 12:06:31.0324 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2010/08/06 12:06:31.0364 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
2010/08/06 12:06:31.0399 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/08/06 12:06:31.0435 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2010/08/06 12:06:31.0517 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/08/06 12:06:31.0570 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2010/08/06 12:06:31.0589 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2010/08/06 12:06:31.0609 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2010/08/06 12:06:31.0661 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/08/06 12:06:31.0676 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/08/06 12:06:31.0696 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/08/06 12:06:31.0716 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/08/06 12:06:31.0771 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/08/06 12:06:31.0795 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/08/06 12:06:31.0814 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2010/08/06 12:06:32.0005 SNPSTD3 (37d91c6385bb1104d67925fc43800ed0) C:\Windows\system32\DRIVERS\snpstd3.sys
2010/08/06 12:06:32.0066 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2010/08/06 12:06:32.0151 srv (37c3abc2338010e110d2a6a3930f3149) C:\Windows\system32\DRIVERS\srv.sys
2010/08/06 12:06:32.0183 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
2010/08/06 12:06:32.0209 srvnet (cce32bb223e9ff55d241099a858fa889) C:\Windows\system32\DRIVERS\srvnet.sys
2010/08/06 12:06:32.0256 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2010/08/06 12:06:32.0292 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2010/08/06 12:06:32.0393 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
2010/08/06 12:06:32.0451 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
2010/08/06 12:06:32.0488 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2010/08/06 12:06:32.0522 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2010/08/06 12:06:32.0539 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2010/08/06 12:06:32.0566 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2010/08/06 12:06:32.0592 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2010/08/06 12:06:32.0680 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/06 12:06:32.0706 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2010/08/06 12:06:32.0730 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2010/08/06 12:06:32.0754 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2010/08/06 12:06:32.0798 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/08/06 12:06:32.0817 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2010/08/06 12:06:32.0838 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2010/08/06 12:06:32.0875 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/06 12:06:32.0900 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2010/08/06 12:06:32.0924 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2010/08/06 12:06:32.0957 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2010/08/06 12:06:32.0984 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2010/08/06 12:06:33.0007 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2010/08/06 12:06:33.0028 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2010/08/06 12:06:33.0053 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/06 12:06:33.0069 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/08/06 12:06:33.0119 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/08/06 12:06:33.0149 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/06 12:06:33.0166 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2010/08/06 12:06:33.0199 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/08/06 12:06:33.0221 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2010/08/06 12:06:33.0242 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/08/06 12:06:33.0270 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2010/08/06 12:06:33.0293 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2010/08/06 12:06:33.0323 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/08/06 12:06:33.0357 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2010/08/06 12:06:33.0393 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2010/08/06 12:06:33.0418 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/06 12:06:33.0430 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/06 12:06:33.0509 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2010/08/06 12:06:33.0547 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2010/08/06 12:06:33.0642 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/08/06 12:06:33.0677 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
2010/08/06 12:06:33.0701 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2010/08/06 12:06:33.0814 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/08/06 12:06:33.0842 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/08/06 12:06:33.0939 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2010/08/06 12:06:34.0006 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2010/08/06 12:06:34.0032 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/08/06 12:06:34.0120 ================================================================================
2010/08/06 12:06:34.0120 Scan finished
2010/08/06 12:06:34.0120 ================================================================================

Thanks in Advance,
Athi.

#6
Rorschach112

Posted 06 August 2010 - 10:15 AM

Ralphie

Retired Staff
47,710 posts

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.*
%systemroot%\*. /mp /s
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.exe
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Update\*.*
CREATERESTOREPOINT
%PROGRAMFILES%\*.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
set /c
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

#7
athi

Posted 06 August 2010 - 12:09 PM

New Member

Topic Starter
Member
8 posts

Hi Rorschach112,

The Extras.txt log file content is as follows:

OTL Extras logfile created on: 8/6/2010 1:53:28 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\athineethi\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 7.00 Gb Available Physical Memory | 83.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.82 Gb Total Space | 739.07 Gb Free Space | 80.61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ATHINEETHI-PC
Current User Name: athineethi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers
"{257F446A-01ED-739C-16B8-237498DEDDDF}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java™ 6 Update 14 (64-bit)
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0301AC02-D87B-27E9-9429-7E4BB52D9183}" = CCC Help German
"{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1350DD04-57AD-6278-3F4D-D4281EEE7C5C}" = Catalyst Control Center Graphics Full New
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A6842E0-3047-BD62-9A28-5A7743D88E2A}" = Catalyst Control Center InstallProxy
"{2017CE7C-CB9D-4FF7-967D-5A6B67FC7EF2}" = LeapFrog Leapster2 Plugin
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 17
"{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
"{305CAF40-92F0-12ED-8B28-926B011788E4}" = CCC Help Spanish
"{34D6DE28-4FD0-9CCA-CDB4-316F7B3B30B5}" = CCC Help Portuguese
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{5089AEEE-052D-B75F-0B92-7CF981403025}" = Catalyst Control Center Graphics Light
"{54741B98-6335-43A1-C716-25B0A3C4016C}" = Catalyst Control Center Graphics Previews Common
"{5B94A120-16E7-6034-7494-22285B471EDE}" = CCC Help Hungarian
"{61128AC7-BD78-4D62-A114-2EF23856F558}" = Music Transfer Utility Ver.2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6E9D082B-F681-64AB-48B4-F3EC05D3A83F}" = CCC Help Chinese Traditional
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81CB0C83-5928-3387-AB23-10EC5F767FA8}" = CCC Help Turkish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B1C55-76D0-0DA3-8C12-10596CBB15BD}" = CCC Help Italian
"{846D0802-8606-7452-85FF-A71EB1B8AD6D}" = Catalyst Control Center Localization All
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DCE118A-1F3C-B056-D2A8-F832523C357C}" = CCC Help English
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96B1A291-2654-4415-59B4-AC90D29C3E1E}" = Catalyst Control Center Core Implementation
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A968BD3-88AF-B4D0-CA9A-78F4EF9FA23B}" = CCC Help Chinese Standard
"{A15ED800-19FF-11D5-AF7F-0050BA1191E9}" = InterVideo FilterSDK
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A52D8A45-B3A1-0022-B096-A0033B03E01F}" = Catalyst Control Center Graphics Full Existing
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE3BFAC5-A07A-7845-C576-0CB832E4B0AD}" = Skins
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B4ECB428-6A8D-8D53-4E76-1CEE7AC4BF32}" = CCC Help French
"{B674F947-56D6-4793-B465-7D7C87E04D0C}" = ImageMixer 3 SE Ver.5 Video Tools
"{B76D6D09-16D6-DF95-F7D7-2565E88B88BA}" = Catalyst Control Center Graphics Previews Vista
"{BD3E0D67-D90D-3CA6-DE34-22B56D425136}" = CCC Help Japanese
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Web Only
"{C82257D5-970D-4371-8616-6B8E5693C99F}" = LeapFrog Connect
"{CEC33429-CDDC-4C76-A2BD-A5DF5E93026D}" = Fotocom WebCAM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBF0A096-6EE7-488E-8C04-2536C7B3F120}" = Dell Touch Zone
"{DFE492C4-A9F5-413E-A2CC-6F5F3ACC229F}" = ImageMixer 3 SE Ver.5 Transfer Utility
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8B250A2-582A-6C80-108F-AA68E64A6F03}" = CCC Help Korean
"{FD040188-43B3-2C49-A8BF-5B0458031AED}" = ccc-core-static
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BFGC" = Big Fish Games: Game Manager
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Flux Family Secrets The Rabbit Hole Collectors Edition 1.00" = Flux Family Secrets The Rabbit Hole Collectors Edition 1.00
"GoToAssist" = GoToAssist 8.0.0.514
"Graboid Video" = Graboid Video 1.73
"Leapster2Plugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSC" = McAfee SecurityCenter
"MyCamera" = Canon Utilities MyCamera
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"UnityWebPlayer" = Unity Web Player
"UPCShell" = LeapFrog Connect
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/28/2010 11:28:19 AM | Computer Name = athineethi-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 7/28/2010 12:02:44 PM | Computer Name = athineethi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 7/28/2010 1:17:15 PM | Computer Name = athineethi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 7/28/2010 2:12:11 PM | Computer Name = athineethi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 7/28/2010 3:11:37 PM | Computer Name = athineethi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 7/28/2010 4:07:11 PM | Computer Name = athineethi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 7/28/2010 5:08:01 PM | Computer Name = athineethi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 7/28/2010 6:01:03 PM | Computer Name = athineethi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 7/28/2010 7:06:19 PM | Computer Name = athineethi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 7/28/2010 9:49:23 PM | Computer Name = athineethi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ Media Center Events ]
Error - 5/13/2010 2:02:59 PM | Computer Name = athineethi-PC | Source = MCUpdate | ID = 0
Description = 2:02:59 PM - Error connecting to the internet. 2:02:59 PM - Unable
to contact server..

Error - 5/13/2010 4:21:21 PM | Computer Name = athineethi-PC | Source = MCUpdate | ID = 0
Description = 4:21:21 PM - Error connecting to the internet. 4:21:21 PM - Unable
to contact server..

Error - 5/13/2010 6:16:16 PM | Computer Name = athineethi-PC | Source = MCUpdate | ID = 0
Description = 6:16:16 PM - Error connecting to the internet. 6:16:16 PM - Unable
to contact server..

Error - 5/13/2010 7:16:23 PM | Computer Name = athineethi-PC | Source = MCUpdate | ID = 0
Description = 7:16:23 PM - Error connecting to the internet. 7:16:23 PM - Unable
to contact server..

Error - 5/13/2010 9:03:43 PM | Computer Name = athineethi-PC | Source = MCUpdate | ID = 0
Description = 9:03:43 PM - Error connecting to the internet. 9:03:43 PM - Unable
to contact server..

Error - 7/3/2010 10:04:41 AM | Computer Name = athineethi-PC | Source = MCUpdate | ID = 0
Description = 10:04:38 AM - Error connecting to the internet. 10:04:38 AM - Unable
to contact server..

[ System Events ]
Error - 4/14/2010 8:06:40 AM | Computer Name = athineethi-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 4/15/2010 7:27:54 AM | Computer Name = athineethi-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 4/15/2010 7:27:54 AM | Computer Name = athineethi-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 4/16/2010 7:08:57 AM | Computer Name = athineethi-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 4/16/2010 7:08:57 AM | Computer Name = athineethi-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 4/16/2010 7:15:01 AM | Computer Name = athineethi-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee Inc. mferkdk service failed to start due to the following
error: %%127

Error - 4/16/2010 7:42:28 AM | Computer Name = athineethi-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 4/16/2010 7:42:28 AM | Computer Name = athineethi-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 4/17/2010 9:57:28 PM | Computer Name = athineethi-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 4/17/2010 9:57:28 PM | Computer Name = athineethi-PC | Source = atikmdag | ID = 43029
Description = Display is not active

< End of report >

OTL.txt contents:

OTL logfile created on: 8/6/2010 1:53:28 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\athineethi\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 7.00 Gb Available Physical Memory | 83.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.82 Gb Total Space | 739.07 Gb Free Space | 80.61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ATHINEETHI-PC
Current User Name: athineethi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/06 13:52:25 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\athineethi\Desktop\OTL.exe
PRC - [2010/07/14 08:42:45 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/06/30 08:43:29 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
PRC - [2010/06/10 13:22:44 | 000,554,328 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
PRC - [2010/06/09 19:14:30 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/05/14 11:00:26 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/03/04 13:28:08 | 000,658,656 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/12/08 21:28:54 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/11/10 16:39:26 | 005,244,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/02 14:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/06/24 22:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/02/06 20:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
PRC - [2008/12/18 16:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/22 04:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\athineethi\AppData\Roaming\Google\Google Talk\googletalk.exe

========== Modules (SafeList) ==========

MOD - [2010/08/06 13:52:25 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\athineethi\Desktop\OTL.exe
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/04 17:47:32 | 000,155,456 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV:64bit: - [2009/10/28 12:50:32 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2009/08/18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/31 15:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/12/18 16:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/06/09 19:14:30 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 13:28:08 | 000,658,656 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/11/27 00:35:58 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe -- (MpfService)
SRV - [2009/10/02 14:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/01/22 04:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WPRO_40_1340.sys -- (WPRO_40_1340) WinPcap Packet Driver (WPRO_40_1340)
DRV:64bit: - [2010/07/15 15:18:22 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2010/04/27 14:40:40 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/11/04 17:54:06 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009/11/04 17:54:06 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009/11/04 17:54:06 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/11/04 17:47:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/08/18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/18 10:15:16 | 000,041,032 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfebopk.sys -- (mfebopk)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 23:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/03/27 19:18:58 | 010,550,272 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/23
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2010/08/06 11:20:10 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {638A12E9-5EA1-5F86-7A83-65053B1F2473} - C:\Windows\SysWOW64\Faulttrep.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found
O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [ctfupd.exe] C:\Program Files\Common Files\Sysupdate\ctfupd.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [googletalk] C:\Users\athineethi\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [hufsuxjyewbd] c:\users\athineethi\appdata\local\tlqipdvgm\eullhy.exe File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - Startup: C:\Users\athineethi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\athineethi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Virtual%20Villagers%20-%20The%20Secret%20City/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.goo...4/uploader2.cab (UploadListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://costco.pnimed...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PEVSystemStart - Service
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: procexp90.Sys - Driver
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PEVSystemStart - Service
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: procexp90.Sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.MP42 - C:\Windows\SysWow64\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.MP43 - C:\Windows\SysWow64\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.MPG4 - C:\Windows\SysWow64\MPG4c32.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/08/06 13:52:25 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\athineethi\Desktop\OTL.exe
[2010/08/06 12:01:47 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/08/06 11:26:11 | 000,000,000 | ---D | C] -- C:\Users\athineethi\Desktop\GooredFix Backups
[2010/08/06 11:20:09 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/08/06 10:48:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/06 10:47:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/08/06 10:32:46 | 000,000,000 | ---D | C] -- C:\Users\athineethi\Desktop\Virus Issue
[2010/08/06 10:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\Hijackthis
[2010/07/27 08:56:22 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/07/23 14:41:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sysupdate
[2010/07/23 10:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Games
[2010/07/23 10:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\n7-89-o9-3r-4t-r9
[2010/07/22 21:19:53 | 000,000,000 | ---D | C] -- C:\Users\athineethi\AppData\Roaming\Mozilla
[2010/07/21 13:52:20 | 000,000,000 | ---D | C] -- C:\Users\athineethi\AppData\Roaming\BBB
[2010/07/21 13:51:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nick Arcade
[2010/07/21 09:44:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/07/19 15:55:12 | 000,000,000 | ---D | C] -- C:\Users\athineethi\Documents\Dora - Lost And Found
[2010/07/16 14:14:33 | 000,000,000 | ---D | C] -- C:\Users\athineethi\AppData\Roaming\Boomzap
[2010/07/15 15:18:26 | 000,000,000 | ---D | C] -- C:\Users\athineethi\AppData\Roaming\Skunk Studios
[2010/07/15 15:13:58 | 000,000,000 | ---D | C] -- C:\Users\athineethi\AppData\Roaming\Be a King 2
[2010/07/15 14:35:30 | 000,000,000 | ---D | C] -- C:\ProgramData\MythPeople
[2010/07/13 11:36:22 | 000,000,000 | ---D | C] -- C:\Users\athineethi\AppData\Roaming\Malwarebytes
[2010/07/13 11:36:15 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/07/13 11:36:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/13 10:32:07 | 000,000,000 | ---D | C] -- C:\Users\athineethi\AppData\Roaming\827CACFA2ED6D2F1ED659638DE84337B
[2010/07/12 14:42:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/07/12 14:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/07/12 14:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Leapfrog
[2010/07/12 14:22:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LeapFrog
[2010/07/07 15:44:03 | 000,000,000 | ---D | C] -- C:\Users\athineethi\AppData\Roaming\SaveThePuppy
[2010/06/29 17:59:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010/06/28 15:24:05 | 000,000,000 | ---D | C] -- C:\Users\athineethi\Documents\Canon Utilities
[2010/06/27 16:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/06/27 16:58:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/06/27 16:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/06/27 13:58:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2010/06/22 16:25:11 | 000,000,000 | ---D | C] -- C:\Users\athineethi\Documents\Vuze Downloads
[2010/06/22 16:23:02 | 000,000,000 | ---D | C] -- C:\Users\athineethi\AppData\Roaming\Azureus
[2010/06/22 16:22:54 | 000,000,000 | ---D | C] -- C:\Users\athineethi\AppData\Roaming\Raptr
[2010/06/22 16:22:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Raptr
[2010/06/22 16:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
[2010/06/22 16:21:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze_Remote
[2010/06/22 16:21:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/06/21 11:41:31 | 000,000,000 | ---D | C] -- C:\Users\athineethi\AppData\Roaming\Sonic
[2010/06/21 11:16:08 | 000,000,000 | ---D | C] -- C:\Users\athineethi\AppData\Roaming\Macrovision
[2010/06/15 13:52:06 | 000,000,000 | ---D | C] -- C:\Users\athineethi\Documents\2010_06_15
[2010/06/14 16:34:56 | 000,000,000 | ---D | C] -- C:\Users\athineethi\AppData\Roaming\NevoSoft Games
[2010/06/14 11:21:49 | 000,000,000 | ---D | C] -- C:\Users\athineethi\AppData\Roaming\SulusGames
[2010/06/11 11:45:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oberon Media
[2010/06/11 10:24:10 | 000,000,000 | ---D | C] -- C:\Users\athineethi\AppData\Local\Buried In Time
[2010/06/10 09:31:44 | 000,000,000 | ---D | C] -- C:\Users\athineethi\AppData\Roaming\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1
[2010/06/10 09:31:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/06/09 10:10:54 | 000,000,000 | ---D | C] -- C:\Users\athineethi\AppData\Roaming\DivX
[2010/06/09 10:10:36 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/06/09 10:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2010/06/09 10:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/06/09 07:50:48 | 000,000,000 | -H-D | C] -- C:\System Software Updates
[2010/06/08 13:55:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Penguins Arena
[2010/06/08 12:13:43 | 000,000,000 | ---D | C] -- C:\Users\athineethi\AppData\Local\Seven Zip
[2010/06/06 13:29:54 | 000,000,000 | ---D | C] -- C:\Songs
[2010/06/04 07:21:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Dell Touch Zone
[2010/06/04 07:20:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Fingertapps
[2010/06/04 07:20:27 | 000,000,000 | ---D | C] -- C:\Users\athineethi\AppData\Roaming\Dell Touch Zone
[2010/06/04 07:17:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Roxio Shared
[2010/06/04 07:17:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2010/06/04 07:17:22 | 000,000,000 | ---D | C] -- C:\Users\athineethi\AppData\Roaming\Roxio Log Files
[2010/06/04 07:15:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2010/06/04 07:14:54 | 000,000,000 | ---D | C] -- C:\Users\athineethi\AppData\Roaming\InstallShield
[2010/06/04 07:13:58 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2010/06/04 07:13:15 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2010/06/04 07:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Touch Zone
[2010/06/04 06:52:48 | 000,000,000 | ---D | C] -- C:\Users\athineethi\AppData\Local\Dell
[2010/05/28 15:06:08 | 000,000,000 | ---D | C] -- C:\Users\athineethi\AppData\Roaming\YoudaGames
[2010/05/28 10:13:22 | 000,000,000 | ---D | C] -- C:\Users\athineethi\AppData\Roaming\vlc
[2010/05/28 09:25:36 | 000,000,000 | ---D | C] -- C:\Users\athineethi\Documents\Graboid
[2010/05/28 09:24:03 | 000,000,000 | ---D | C] -- C:\Users\athineethi\AppData\Local\Graboid_Inc
[2010/05/28 09:24:02 | 000,000,000 | ---D | C] -- C:\Users\athineethi\AppData\Local\Graboid
[2010/05/28 09:24:00 | 000,000,000 | ---D | C] -- C:\Users\athineethi\AppData\Roaming\MozillaControl
[2010/05/28 09:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla ActiveX Control v1.7.12
[2010/05/28 09:23:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/05/28 09:23:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Graboid
[2010/05/19 13:29:43 | 000,000,000 | ---D | C] -- C:\Users\athineethi\AppData\Roaming\smc
[2010/05/19 13:23:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\softendo.com
[2010/05/19 10:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2010/05/19 10:44:01 | 000,000,000 | ---D | C] -- C:\Users\athineethi\AppData\Roaming\uTorrent
[2010/05/15 21:07:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/05/14 13:30:34 | 000,000,000 | ---D | C] -- C:\Users\athineethi\AppData\Roaming\Big Fish Games
[2010/05/13 14:03:02 | 000,000,000 | ---D | C] -- C:\Users\athineethi\AppData\Local\PowerDVD DX
[2010/05/13 14:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2007/03/12 12:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll

========== Files - Modified Within 90 Days ==========

[2010/08/06 13:55:03 | 002,883,584 | -HS- | M] () -- C:\Users\athineethi\NTUSER.DAT
[2010/08/06 13:52:25 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\athineethi\Desktop\OTL.exe
[2010/08/06 13:45:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/06 13:45:54 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/06 13:45:53 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3773498735-945440744-2964519479-1001UA.job
[2010/08/06 11:55:42 | 000,036,423 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2010/08/06 11:31:51 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/06 11:31:51 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/06 11:24:49 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/06 11:24:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/06 11:24:32 | 2146,045,951 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/06 11:23:59 | 005,356,748 | -H-- | M] () -- C:\Users\athineethi\AppData\Local\IconCache.db
[2010/08/06 11:20:10 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010/08/06 10:48:00 | 000,001,066 | ---- | M] () -- C:\Users\athineethi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/08/06 10:47:39 | 000,000,886 | ---- | M] () -- C:\Users\athineethi\Desktop\NTREGOPT.lnk
[2010/08/06 10:47:39 | 000,000,867 | ---- | M] () -- C:\Users\athineethi\Desktop\ERUNT.lnk
[2010/08/06 10:33:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/08/05 22:29:06 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3773498735-945440744-2964519479-1001Core.job
[2010/08/05 22:20:04 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/08/05 16:24:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/08/03 09:02:25 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/03 09:02:25 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/03 09:02:25 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/29 10:37:07 | 000,001,078 | ---- | M] () -- C:\Users\athineethi\AppData\Roaming\wklnhst.dat
[2010/07/28 09:33:44 | 000,002,431 | ---- | M] () -- C:\Users\athineethi\Desktop\Google Chrome.lnk
[2010/07/26 09:10:56 | 000,001,623 | ---- | M] () -- C:\Users\athineethi\Desktop\DivX Movies.lnk
[2010/07/25 05:20:20 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/07/23 10:40:15 | 000,002,584 | ---- | M] () -- C:\Users\athineethi\Desktop\Flux Family Secrets The Rabbit Hole CE.lnk
[2010/07/15 15:18:22 | 000,176,144 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\Mpfp.sys
[2010/07/12 14:42:48 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\LeapFrog Connect.lnk
[2010/06/22 16:49:47 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2010/06/22 16:22:06 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/06/22 16:22:06 | 000,001,850 | ---- | M] () -- C:\Users\athineethi\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/06/10 07:33:16 | 000,421,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/08 14:01:56 | 000,000,082 | ---- | M] () -- C:\Windows\mafosav.INI
[2010/06/04 07:07:56 | 000,002,001 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Touch Zone.lnk
[2010/05/28 09:23:56 | 000,001,306 | ---- | M] () -- C:\Users\athineethi\Desktop\Graboid Video.lnk
[2010/05/28 09:23:44 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/05/19 10:44:13 | 000,000,945 | ---- | M] () -- C:\Users\athineethi\Desktop\µTorrent.lnk
[2010/05/15 21:08:09 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/05/15 07:41:05 | 000,249,677 | ---- | M] () -- C:\Users\athineethi\Documents\TicketOps_Ticket_118865.pdf
[2010/05/10 19:24:20 | 434,237,367 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2010/08/06 10:48:00 | 000,001,066 | ---- | C] () -- C:\Users\athineethi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/08/06 10:47:39 | 000,000,886 | ---- | C] () -- C:\Users\athineethi\Desktop\NTREGOPT.lnk
[2010/08/06 10:47:39 | 000,000,867 | ---- | C] () -- C:\Users\athineethi\Desktop\ERUNT.lnk
[2010/07/23 10:40:15 | 000,002,584 | ---- | C] () -- C:\Users\athineethi\Desktop\Flux Family Secrets The Rabbit Hole CE.lnk
[2010/07/23 10:08:33 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At4.job
[2010/07/23 10:08:31 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At3.job
[2010/07/23 10:08:29 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010/07/23 10:08:29 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/07/12 14:42:48 | 000,000,946 | ---- | C] () -- C:\Users\Public\Desktop\LeapFrog Connect.lnk
[2010/06/22 16:49:46 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/06/22 16:22:06 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/06/22 16:22:06 | 000,001,850 | ---- | C] () -- C:\Users\athineethi\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/06/09 10:11:14 | 000,001,623 | ---- | C] () -- C:\Users\athineethi\Desktop\DivX Movies.lnk
[2010/06/08 14:01:53 | 000,000,082 | ---- | C] () -- C:\Windows\mafosav.INI
[2010/06/04 07:07:56 | 000,002,001 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Touch Zone.lnk
[2010/05/28 09:23:56 | 000,001,306 | ---- | C] () -- C:\Users\athineethi\Desktop\Graboid Video.lnk
[2010/05/28 09:23:44 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/05/19 10:44:13 | 000,000,945 | ---- | C] () -- C:\Users\athineethi\Desktop\µTorrent.lnk
[2010/05/15 21:07:46 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/05/15 07:41:05 | 000,249,677 | ---- | C] () -- C:\Users\athineethi\Documents\TicketOps_Ticket_118865.pdf
[2009/11/27 02:28:33 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/11/27 02:28:33 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 19:27:26 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\Faulttrep.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2004/02/27 17:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini

========== LOP Check ==========

[2010/02/03 11:09:33 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\1morebee
[2010/03/25 14:43:01 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\2monkeys
[2010/07/13 11:44:40 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\827CACFA2ED6D2F1ED659638DE84337B
[2010/06/23 12:38:20 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\Azureus
[2010/07/21 13:52:20 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\BBB
[2010/07/15 15:14:44 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\Be a King 2
[2010/05/14 13:30:34 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\Big Fish Games
[2010/07/16 14:14:33 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\Boomzap
[2010/02/01 14:14:09 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\Canon
[2010/06/10 09:31:44 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1
[2010/07/19 10:03:23 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\EleFun Games
[2010/04/30 13:39:32 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\freshgames
[2010/02/12 10:25:26 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\Friday's games
[2010/01/15 12:55:04 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\Gamehouse JanesZOO
[2010/02/04 18:36:48 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\Gamelab
[2009/12/24 12:10:07 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\ICAClient
[2009/12/22 14:37:13 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\iWin
[2010/01/06 13:00:39 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\iWin_generic
[2010/02/25 09:37:51 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\Ladia Group
[2010/06/14 16:34:56 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\NevoSoft Games
[2010/07/08 15:17:46 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\PlayFirst
[2010/01/07 11:54:17 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\Playrix Entertainment
[2010/06/22 16:30:43 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\Raptr
[2010/07/07 15:44:03 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\SaveThePuppy
[2010/07/23 10:42:11 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\Skunk Studios
[2010/06/08 11:31:47 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\smc
[2010/01/19 16:28:00 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\SpinTop
[2010/06/14 11:21:49 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\SulusGames
[2010/01/01 21:41:02 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\Template
[2010/07/23 21:29:21 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\uTorrent
[2010/02/12 10:01:31 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\Virtual City
[2010/02/09 13:55:08 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\World-LooM
[2010/05/28 15:06:08 | 000,000,000 | ---D | M] -- C:\Users\athineethi\AppData\Roaming\YoudaGames
[2010/08/05 22:20:04 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/07/25 05:20:20 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2010/08/06 10:33:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2010/08/05 16:24:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2010/04/20 08:11:04 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/11/27 02:20:42 | 000,003,384 | RH-- | M] () -- C:\dell.sdr
[2010/03/09 21:23:23 | 000,000,342 | ---- | M] () -- C:\fileinfo.txt
[2010/08/06 11:24:32 | 2146,045,951 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/03 10:21:00 | 000,230,424 | ---- | M] () -- C:\img2-001.raw
[2010/02/08 21:45:01 | 000,000,125 | ---- | M] () -- C:\ioSpecial.ini
[2010/08/06 11:24:35 | 4293,054,463 | -HS- | M] () -- C:\pagefile.sys
[2010/08/06 11:31:16 | 000,116,218 | ---- | M] () -- C:\TDSSKiller.2.4.1.0_06.08.2010_11.26.53_log.txt
[2010/08/06 12:08:19 | 000,116,218 | ---- | M] () -- C:\TDSSKiller.2.4.1.0_06.08.2010_12.06.22_log.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.exe >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 14:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\*. >
[2009/11/27 00:34:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010/07/21 10:18:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Alawar
[2009/11/27 00:34:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
[2010/03/31 11:00:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVS4YOU
[2010/03/25 14:41:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\bfgclient
[2010/01/31 19:59:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Canon
[2009/11/27 00:35:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Citrix
[2010/07/27 09:07:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010/06/22 16:21:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit
[2009/11/27 00:39:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2009/11/27 00:50:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell
[2010/06/26 11:49:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell DataSafe Local Backup
[2009/11/27 00:38:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Support Center
[2010/06/04 07:07:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Touch Zone
[2010/07/27 09:07:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DivX
[2010/08/06 10:48:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ERUNT
[2009/12/28 20:19:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Fotocom WebCAM
[2010/07/23 10:40:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Games
[2010/01/11 11:43:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Gardenscapes
[2010/01/31 16:22:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2010/05/28 09:23:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Graboid
[2010/06/04 07:15:52 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/06/04 07:14:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2010/06/10 07:32:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2009/12/28 20:21:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\InterVideo
[2010/03/03 10:28:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iWin.com
[2009/12/13 22:22:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2010/01/07 11:12:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Kelly Green Garden Queen
[2010/07/12 14:42:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LeapFrog
[2010/07/23 13:01:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee
[2009/06/30 02:27:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee.com
[2009/11/27 00:42:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2010/03/13 15:09:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2010/06/05 08:19:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2009/11/27 00:43:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2009/11/27 00:44:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/03/13 15:08:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/03/13 15:07:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/01/03 04:02:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2010/06/25 21:45:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2010/05/28 09:23:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla ActiveX Control v1.7.12
[2010/03/13 15:09:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010/07/21 14:10:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nick Arcade
[2010/06/14 09:51:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Oberon Media
[2010/06/08 13:57:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Penguins Arena
[2010/01/31 20:07:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PIXELA
[2010/06/22 16:30:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Raptr
[2010/06/08 11:31:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\RealArcade
[2010/06/04 07:15:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/14 01:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2009/12/22 15:40:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ReflexiveArcade
[2010/06/04 07:17:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Roxio
[2010/07/27 09:05:31 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2010/06/08 14:20:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\softendo.com
[2010/06/04 07:16:41 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2009/07/14 00:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2009/12/21 13:05:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Unity
[2010/05/27 11:55:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\uTorrent
[2010/05/28 09:23:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2010/06/22 16:22:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Vuze
[2010/06/22 16:50:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Vuze_Remote
[2009/07/14 01:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2009/11/27 00:45:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2009/11/27 00:42:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/05/12 22:01:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2009/12/09 20:30:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 01:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009/07/14 01:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009/07/14 01:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2009/07/14 01:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2009/12/22 17:04:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinRAR
[2009/12/16 10:14:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo!

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< set /c >
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\athineethi\AppData\Roaming
CommonProgramFiles=C:\Program Files (x86)\Common Files
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
CommonProgramW6432=C:\Program Files\Common Files
COMPUTERNAME=ATHINEETHI-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\athineethi
LOCALAPPDATA=C:\Users\athineethi\AppData\Local
LOGONSERVER=\\ATHINEETHI-PC
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_ARCHITEW6432=AMD64
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=170a
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files (x86)
ProgramFiles(x86)=C:\Program Files (x86)
ProgramW6432=C:\Program Files
PROMPT=$P$G
PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\ATHINE~1\AppData\Local\Temp
TMP=C:\Users\ATHINE~1\AppData\Local\Temp
USERDOMAIN=athineethi-PC
USERNAME=athineethi
USERPROFILE=C:\Users\athineethi
windir=C:\Windows

========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:8BB7AE6E
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:404390E0
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:9FCD0059
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:C18032C3
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:6E11933F
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:56F368C9
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:ADFAD95A
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:D7F35F63
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:8E9C9E8F
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:178093AE
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:B722BCE5
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:E6D148BC
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:65665647
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:07D9FF25
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:9D6EAEC3
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:1AC933DC
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:18BFD8F8
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:0E22C5DB
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:40EE25BB
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:393F7B1E
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:10CFA7D4
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:C6D0ABC3
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:257AC7F8
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:91730504
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:CDCEE6BF
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:413E2927
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:AB82C54F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:53DF4438
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2C678471
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:19823AC6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:FF9C44FE
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:74091520
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D453E38B
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8776F88E
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:49CABE45
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:05A9EC70
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:36A39835
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:F43B7E8F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:CD6E25A6
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:A6CDBCAC
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F6C0CA66
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E8435752
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:60C897F3
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:EA701346
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:19F494DE
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:C35B4B19
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:45C55624
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:A5264343
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:2342AE46
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:12EA4DC9
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:27F44544
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:AC0528D9
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:9D03192E
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:5BB43823
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:2CCC1C56
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:5CF48ABF
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:98AE08EA
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:114BD271
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:FA7CDE12
< End of report >

Thanks in advance,
AThi.

#8
Rorschach112

Posted 07 August 2010 - 05:45 AM

Ralphie

Retired Staff
47,710 posts

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O4 - HKCU..\Run: [hufsuxjyewbd] c:\users\athineethi\appdata\local\tlqipdvgm\eullhy.exe File not found
[2010/07/23 10:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\n7-89-o9-3r-4t-r9

:Services

:Reg

:Files
ipconfig /flushdns /c
C:\Windows\tasks\At*.job
:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
/list]

Download TFC to your desktop
- Open the file and close any other windows.
- It will close all programs itself when run, make sure to let it run uninterrupted.
- Click the Start button to begin the process. The program should not take long to finish its job
- Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Go to Kaspersky website and perform an online antivirus scan.
- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: [list]Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

#9
athi

Posted 09 August 2010 - 01:34 PM

New Member

Topic Starter
Member
8 posts

Hi Rorschach112,

Sorry for the late reply and thanks for your help.Please find below the logs.

Malwarebytes log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4410

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

09/08/2010 11:26:56 AM
mbam-log-2010-08-09 (11-26-56).txt

Scan type: Quick scan
Objects scanned: 142361
Time elapsed: 4 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\SysWOW64\Faulttrep.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{638a12e9-5ea1-5f86-7a83-65053b1f2473} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{638a12e9-5ea1-5f86-7a83-65053b1f2473} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{638a12e9-5ea1-5f86-7a83-65053b1f2473} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\SysWOW64\Faulttrep.dll (Trojan.BHO) -> Delete on reboot.
C:\Windows\System32\Faulttrep.dll (Trojan.BHO) -> Delete on reboot.

Kaspersky log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, August 9, 2010
Operating system: Microsoft (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, August 09, 2010 02:35:13
Records in database: 4131622
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
F:\
G:\
H:\
I:\

Scan statistics:
Objects scanned: 144286
Threats found: 4
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 02:40:53

File name / Threat / Threats count
C:\External hard disk contents\Share\New\crashdown.exe Infected: Trojan-GameThief.Win32.Lmir.ldk 1
C:\External hard disk contents\Share\New\New Folder\3footninja.exe Infected: Trojan-GameThief.Win32.Lmir.kst 1
C:\External hard disk contents\Share\New\New Folder\battleships.exe Infected: Trojan-GameThief.Win32.Lmir.jhm 1
C:\Program Files\Common Files\Sysupdate\ctfupd.exe Infected: Trojan.Win32.Vilsel.ajcm 1

Selected area has been scanned.

Still I have the problem. What do I do next.

Thanks in Advance,
Athi.

#10
Rorschach112

Posted 09 August 2010 - 01:36 PM

Ralphie

Retired Staff
47,710 posts

do you use a router ?

#11
athi

Posted 09 August 2010 - 01:38 PM

New Member

Topic Starter
Member
8 posts

Yes, we use a router.

#12
Rorschach112

Posted 09 August 2010 - 01:40 PM

Ralphie

Retired Staff
47,710 posts

It sounds like a case of Zlob/DNSchanger that change the router's DNS settings. Please download Malwarebytes' Anti-Malware from Here or Here

Next disconnect your system from the internet, and your router, then…

Double Click mbam-setup.exe to install the application.

Launch Malwarebytes' Anti-Malware, then click Finish.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
===============================================

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE

However, if there are other Zlob-infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site here for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router. Then return to this site to post your logs.

===============================================

Please post the Malwarebytes log and let me know how things are running now

#13
athi

Posted 12 August 2010 - 10:27 AM

New Member

Topic Starter
Member
8 posts

Hi Rorschach112,

Sorry for the late reply again and thank you for your responses.

AFter following your steps, It looks like the google auto redirect issue is solved. But the other issue is still there. Whenever I boot my pc and open IE, after few minutes it redirects automatically to some Russian website and keeps on changing every few seconds. It happens 5-6 times(meaning it redirects automatically 5-6 websites) and then IE closes automatically. Then if i open IE again, i dont get this issue again... It happens the first time I open IE after booting the pc.

Thanks in advance,
Athi.

#14
Rorschach112

Posted 13 August 2010 - 10:03 AM

Ralphie

Retired Staff
47,710 posts

either of these work ?

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double click GMER.exe.
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
  
  Click the image to enlarge it
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

* Go here to run an online scannner from ESET.

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Check next options: Remove found threats and Scan unwanted applications.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
Copy and paste that log as a reply to this topic

#15
athi

Posted 13 August 2010 - 01:33 PM

New Member

Topic Starter
Member
8 posts

Hi Rorschach112,

When I tried to open gmer.exe it gives the following error:

c:/Windows\system32\config\system:The system cannot find the file specified.

Because of this error I get all the options disabled except services,registry and files checked. When I scan it and save the log its 0bytes and says GMER hasnt found any system modification when the scan was over.

When I ran the online scanner that you mentioned, I scanned 4 threats but the log just has the following information:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

Please Advise,
Athi.