Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect

Started by Apocalypse_VC , Apr 19 2011 08:38 PM

  • This topic is locked This topic is locked

#1
Apocalypse_VC
Posted 19 April 2011 - 08:38 PM

Apocalypse_VC

    Member

  • Member
  • PipPipPip
  • 169 posts
I followed the 'How to fix Google Redirects' guide posted,and the issue still exists.So here I have copied and pasted the OTL log and the OTM log.My computer has also slowed done severely,before I got this,so I was also wondering if you could help me out in making it faster.

EDIT - I also like to add that,I try to run Microsoft Security Essential's to scan for a virus.However,it immediately closes as I open it.I think this may be a virus.

OTL LOG:
OTL logfile created on: 4/19/2011 10:32:18 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Ravi\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 228.52 Gb Total Space | 136.29 Gb Free Space | 59.64% Space Free | Partition Type: NTFS
Drive E: | 225.42 Gb Total Space | 15.00 Gb Free Space | 6.66% Space Free | Partition Type: NTFS

Computer Name: RAVI-PC | User Name: Ravi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/19 22:30:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Ravi\Downloads\OTL(2).exe
PRC - [2011/03/23 11:04:32 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/05/24 02:40:01 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009/08/07 05:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe


========== Modules (SafeList) ==========

MOD - [2011/04/19 22:30:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Ravi\Downloads\OTL(2).exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 15:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 15:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/12/10 01:15:06 | 000,202,752 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/08/06 00:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Disabled | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/04/28 10:58:54 | 000,029,184 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)
SRV:64bit: - [2008/02/27 12:07:48 | 001,044,648 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysNative\lxdncoms.exe -- (lxdn_device)
SRV - [2011/04/16 03:57:10 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/07/20 01:29:20 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2010/07/20 01:29:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2010/05/24 02:40:01 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/20 20:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/08/07 05:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 17:15:04 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009/06/04 09:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/02/27 12:07:26 | 000,594,600 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysWow64\lxdncoms.exe -- (lxdn_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/20 23:16:05 | 000,007,808 | ---- | M] (SweetLow) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidusbf.sys -- (hidusbf)
DRV:64bit: - [2011/02/18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/01/07 19:30:43 | 000,513,080 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/10/24 22:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2009/12/30 12:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/12/22 17:00:51 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/12/10 03:40:30 | 006,179,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/11/18 18:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/10/19 14:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/07 18:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 18:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/10/05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/20 04:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/06/19 22:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/19 00:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 17:15:04 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2009/06/10 17:15:04 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 23:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 23:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 23:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/24 19:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/05/18 18:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 20:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 20:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/05/05 01:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/02/13 02:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 02:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 02:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/05/02 11:58:48 | 000,023,552 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2007/06/28 12:47:14 | 000,173,056 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdx64.sys -- (nmwcdx64)
DRV:64bit: - [2007/06/28 12:46:20 | 000,017,408 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdcmx64.sys -- (nmwcdcmx64)
DRV:64bit: - [2007/06/28 12:46:20 | 000,017,408 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdcjx64.sys -- (nmwcdcjx64)
DRV:64bit: - [2006/11/02 04:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...g8z165t47i1y203
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...g8z165t47i1y203
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...g8z165t47i1y203
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...g8z165t47i1y203

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...g8z165t47i1y203
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C F3 D1 19 4B A5 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "msn.com"
FF - prefs.js..extensions.enabledItems: gamebox@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/23 11:04:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/25 15:51:37 | 000,000,000 | ---D | M]

[2009/12/22 14:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ravi\AppData\Roaming\Mozilla\Extensions
[2009/12/22 14:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ravi\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/04/19 14:45:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ravi\AppData\Roaming\Mozilla\Firefox\Profiles\7b4jxgk2.default\extensions
[2011/04/08 09:53:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ravi\AppData\Roaming\Mozilla\Firefox\Profiles\7b4jxgk2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/14 20:14:09 | 000,000,000 | ---D | M] (GameBox) -- C:\Users\Ravi\AppData\Roaming\Mozilla\Firefox\Profiles\7b4jxgk2.default\extensions\gamebox@toolbar
[2010/10/28 19:59:29 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Ravi\AppData\Roaming\Mozilla\Firefox\Profiles\7b4jxgk2.default\extensions\vshare@toolbar
[2011/01/07 19:30:47 | 000,002,059 | ---- | M] () -- C:\Users\Ravi\AppData\Roaming\Mozilla\Firefox\Profiles\7b4jxgk2.default\searchplugins\daemon-search.xml
[2010/12/18 12:24:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/13 19:31:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/12 16:05:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/06 09:38:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/18 12:24:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/07/18 13:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nptgeqplugin.dll

O1 HOSTS File: ([2011/04/19 19:36:54 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - Startup: C:\Users\Ravi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5343e5fe-f5b2-11de-80d9-001f16cf7fa2}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{5343e5fe-f5b2-11de-80d9-001f16cf7fa2}\Shell\phone\command - "" = F:\autorun.exe
O33 - MountPoints2\{efc38360-5aff-11df-ac5f-a7a029be32cb}\Shell - "" = AutoRun
O33 - MountPoints2\{efc38360-5aff-11df-ac5f-a7a029be32cb}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\F\Shell\phone\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/19 19:50:42 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ravi\Desktop\TDSSKiller.exe
[2011/04/19 19:49:59 | 000,000,000 | ---D | C] -- C:\Users\Ravi\Desktop\GooredFix Backups
[2011/04/19 19:36:49 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/04/19 19:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/04/19 19:35:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/04/10 17:22:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2011/04/01 14:20:31 | 000,000,000 | ---D | C] -- C:\Users\Ravi\workspace
[2011/04/01 14:09:38 | 000,000,000 | ---D | C] -- C:\Users\Ravi\.metadata
[2011/03/31 20:40:01 | 000,000,000 | ---D | C] -- C:\Users\Ravi\Documents\.metadata
[2011/03/20 22:57:24 | 000,007,808 | ---- | C] (SweetLow) -- C:\Windows\SysNative\drivers\hidusbf.sys
[2011/03/20 22:57:24 | 000,000,000 | ---D | C] -- C:\Users\Ravi\Documents\DRIVER
[2010/02/17 17:54:15 | 001,101,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnserv.dll
[2010/02/17 17:54:15 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomc.dll
[2010/02/17 17:54:15 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnusb1.dll
[2010/02/17 17:54:15 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnhbn3.dll
[2010/02/17 17:54:15 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnpmui.dll
[2010/02/17 17:54:15 | 000,594,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncoms.exe
[2010/02/17 17:54:15 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnlmpm.dll
[2010/02/17 17:54:15 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomm.dll
[2010/02/17 17:54:15 | 000,365,224 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncfg.exe
[2010/02/17 17:54:15 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdninpa.dll
[2010/02/17 17:54:15 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdniesc.dll
[2010/02/17 17:54:15 | 000,320,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnih.exe
[2010/02/17 17:54:15 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnprox.dll

========== Files - Modified Within 30 Days ==========

[2011/04/19 22:29:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/19 22:29:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/19 21:49:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3225501953-3890301907-984766875-1000UA.job
[2011/04/19 20:07:14 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/19 20:07:14 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/19 20:00:05 | 000,000,304 | -HS- | M] () -- C:\Windows\tasks\uczwyev.job
[2011/04/19 20:00:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/19 19:59:49 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/19 19:36:54 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/04/19 19:35:43 | 000,001,108 | ---- | M] () -- C:\Users\Ravi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/04/19 19:35:39 | 000,000,909 | ---- | M] () -- C:\Users\Ravi\Desktop\ERUNT.lnk
[2011/04/19 18:09:18 | 000,352,250 | ---- | M] () -- C:\Users\Ravi\Desktop\deep purple tickets.xps
[2011/04/19 17:58:02 | 000,000,204 | ---- | M] () -- C:\Windows\wininit.ini
[2011/04/19 05:15:17 | 000,157,696 | ---- | M] () -- C:\Windows\Fcupaa.exe
[2011/04/19 05:15:16 | 000,123,392 | RHS- | M] () -- C:\Windows\SysWow64\rtutilsk.dll
[2011/04/18 03:46:22 | 000,729,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/18 03:46:22 | 000,626,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/18 03:46:22 | 000,107,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/15 11:21:12 | 000,341,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/15 03:57:49 | 005,283,295 | ---- | M] () -- C:\Users\Ravi\03 Kill Everybody.mp3
[2011/04/15 03:54:03 | 004,368,929 | ---- | M] () -- C:\Users\Ravi\02 Scary Monsters and Nice Sprites.mp3
[2011/04/13 10:58:32 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3225501953-3890301907-984766875-1000Core.job
[2011/04/05 21:08:21 | 000,017,920 | ---- | M] () -- C:\Users\Ravi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/02 16:31:36 | 000,001,441 | ---- | M] () -- C:\Users\Ravi\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/20 23:16:05 | 000,007,808 | ---- | M] (SweetLow) -- C:\Windows\SysNative\drivers\hidusbf.sys

========== Files Created - No Company Name ==========

[2011/04/19 19:35:43 | 000,001,108 | ---- | C] () -- C:\Users\Ravi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/04/19 19:35:39 | 000,000,909 | ---- | C] () -- C:\Users\Ravi\Desktop\ERUNT.lnk
[2011/04/19 18:09:13 | 000,352,250 | ---- | C] () -- C:\Users\Ravi\Desktop\deep purple tickets.xps
[2011/04/19 05:15:24 | 000,157,696 | ---- | C] () -- C:\Windows\Fcupaa.exe
[2011/04/19 05:15:16 | 000,123,392 | RHS- | C] () -- C:\Windows\SysWow64\rtutilsk.dll
[2011/04/19 05:15:16 | 000,000,304 | -HS- | C] () -- C:\Windows\tasks\uczwyev.job
[2011/04/15 03:41:35 | 005,283,295 | ---- | C] () -- C:\Users\Ravi\03 Kill Everybody.mp3
[2011/04/15 03:41:35 | 004,368,929 | ---- | C] () -- C:\Users\Ravi\02 Scary Monsters and Nice Sprites.mp3
[2011/02/02 16:18:35 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/10 23:43:48 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/05/24 02:36:08 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/05/08 20:20:41 | 000,061,786 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010/03/30 00:09:02 | 000,001,018 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/02/26 14:03:35 | 000,017,920 | ---- | C] () -- C:\Users\Ravi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/17 17:54:15 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDNinst.dll
[2010/02/17 17:54:15 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdncomx.dll
[2010/02/13 17:40:12 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2010/02/13 17:40:12 | 000,036,110 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpowerAMP Music Converter.dat
[2010/01/04 23:49:56 | 000,000,204 | ---- | C] () -- C:\Windows\wininit.ini
[2009/12/22 16:49:50 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/12/22 16:49:30 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/12/22 04:49:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/12/21 20:37:21 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/24 07:12:30 | 000,001,513 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2009/09/24 06:53:08 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009/09/24 06:40:43 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009/09/24 06:40:43 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
[2009/09/24 06:40:43 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini
[2009/08/22 02:01:04 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009/08/22 02:01:04 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009/08/22 02:01:02 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/08/22 02:01:02 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/08/22 02:01:02 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009/08/22 01:08:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/23 20:49:04 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdndrs.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 17:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 17:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 17:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/05/14 14:46:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdncaps.dll
[2007/10/02 15:51:10 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdncnv4.dll

========== LOP Check ==========

[2009/12/21 20:02:26 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\Acer
[2010/10/16 12:36:43 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\AVG10
[2011/01/08 18:37:39 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\DAEMON Tools Lite
[2010/05/08 20:18:24 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\DAEMON Tools Pro
[2009/12/23 02:40:43 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\GHISLER
[2009/12/21 20:08:35 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\Leadertech
[2010/07/12 05:00:12 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\Lexmark Productivity Studio
[2011/04/19 05:39:14 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\LimeWire
[2010/07/13 17:04:46 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\LolClient
[2010/11/13 20:32:32 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\ManyCam
[2010/01/23 15:16:41 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\mjusbsp
[2010/12/22 17:37:43 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\NCH Swift Sound
[2010/07/31 02:26:25 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\Octoshape
[2009/12/21 20:18:50 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\PowerCinema
[2009/12/26 21:03:31 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\Publish Providers
[2010/07/22 01:28:31 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\Registry Mechanic
[2009/12/29 00:37:06 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\Sony
[2009/12/29 16:39:44 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\SystemRequirementsLab
[2010/07/20 18:59:14 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\TeamViewer
[2011/04/16 22:54:59 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\tixati
[2009/12/23 02:35:53 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\WildTangent
[2010/11/17 16:11:03 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\Windows Live Writer
[2011/02/11 11:47:43 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/19 20:00:05 | 000,000,304 | -HS- | M] () -- C:\Windows\Tasks\uczwyev.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 156 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ravi\Downloads\cmd.bat deleted successfully.
C:\Users\Ravi\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Ravi
->Temp folder emptied: 81842 bytes
->Temporary Internet Files folder emptied: 216302006 bytes
->Java cache emptied: 52692 bytes
->FireFox cache emptied: 49043961 bytes
->Google Chrome cache emptied: 819568 bytes
->Apple Safari cache emptied: 12767232 bytes
->Flash cache emptied: 301194 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 345842 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 170608 bytes
RecycleBin emptied: 2392789897 bytes

Total Files Cleaned = 2,549.00 mb

Error creating restore point.

OTM by OldTimer - Version 3.1.17.2 log created on 04192011_223556

Files moved on Reboot...
C:\Users\Ravi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Ravi\AppData\Local\Mozilla\Firefox\Profiles\7b4jxgk2.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Ravi\AppData\Local\Mozilla\Firefox\Profiles\7b4jxgk2.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Ravi\AppData\Local\Mozilla\Firefox\Profiles\7b4jxgk2.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Ravi\AppData\Local\Mozilla\Firefox\Profiles\7b4jxgk2.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Ravi\AppData\Local\Mozilla\Firefox\Profiles\7b4jxgk2.default\urlclassifier3.sqlite moved successfully.
C:\Users\Ravi\AppData\Local\Mozilla\Firefox\Profiles\7b4jxgk2.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...

Edited by Apocalypse_VC, 21 April 2011 - 07:59 PM.

  • 0

Advertisements

#2
Salagubang
Posted 22 April 2011 - 05:11 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi Apocalypse_VC,

Welcome to Geekstogo. My name is Salagubang and I'll be helping you with this problem.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.

+++++++++++++++++++++++++++++++++++++++++++

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image
  • 0

#3
Apocalypse_VC
Posted 22 April 2011 - 06:50 PM

Apocalypse_VC

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
What do I do if Kaspersky Virus Removal Tool pops up saying that it has detected malicious software ? Do I delete it or ski pit ?
  • 0

#4
Salagubang
Posted 22 April 2011 - 06:56 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Let it deal with the infections found. :D

Cure if possible else, delete.
  • 0

#5
Apocalypse_VC
Posted 22 April 2011 - 07:14 PM

Apocalypse_VC

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
It's been 40 minutes and stuck at 7.It's been scanning this file for a long time : C:\Documents and Settings\Ravi\AppData\LocalLow\Sun\Java\jre1.6.0_24_x64\Data1.cab//regutils.dll

I'm guessing that this is gonna take a while lol
  • 0

#6
Salagubang
Posted 22 April 2011 - 07:17 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Yes, I am afraid the scan may take sometime to finish. :D
  • 0

#7
Apocalypse_VC
Posted 22 April 2011 - 08:01 PM

Apocalypse_VC

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
It's been 1 hour and 28mins,and it' still stuck at the same file. Should I restart the scan ?
  • 0

#8
Salagubang
Posted 22 April 2011 - 08:06 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Ok. We'll skip the scan for later. Please proceed with the instructions below:

  • Download aswMBR.exe ( 511KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • Click the "Fix" in case of infection

    Posted Image
  • Click Save log button and Save the aswMBR.log to the desktop
  • Post content of that log here for me

Next

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#9
Apocalypse_VC
Posted 22 April 2011 - 08:54 PM

Apocalypse_VC

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
I did the aswMBR scan,and there was nothing to fix.Here's the log :

aswMBR version 0.9.4 Copyright© 2011 AVAST Software
Run date: 2011-04-22 22:09:33
-----------------------------
22:09:33.783 OS Version: Windows x64 6.1.7600
22:09:33.784 Number of processors: 2 586 0x602
22:09:33.787 ComputerName: RAVI-PC UserName: Ravi
22:09:37.034 Initialize success
22:09:43.291 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000058
22:09:43.295 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 11
22:09:45.328 Disk 0 MBR read successfully
22:09:45.332 Disk 0 MBR scan
22:09:45.337 Service scanning
22:09:47.024 Disk 0 trace - called modules:
22:09:47.031 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800444b2c0]<<
22:09:47.036 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004991790]
22:09:47.042 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8004921040]
22:09:47.048 \Driver\amdxata[0xfffffa8004906db0] -> IRP_MJ_CREATE -> 0xfffffa800444b2c0
22:09:47.054 Scan finished successfully
aswMBR version 0.9.4 Copyright© 2011 AVAST Software
Run date: 2011-04-22 22:20:19
-----------------------------
22:20:19.263 OS Version: Windows x64 6.1.7600
22:20:19.263 Number of processors: 2 586 0x602
22:20:19.263 ComputerName: RAVI-PC UserName: Ravi
22:20:21.385 Initialize success
22:20:26.080 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057
22:20:26.080 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 11
22:20:28.124 Disk 0 MBR read successfully
22:20:28.139 Disk 0 MBR scan
22:20:28.139 Service scanning
22:20:38.654 Disk 0 trace - called modules:
22:20:38.670 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800446e2c0]<<
22:20:38.685 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049b3330]
22:20:38.685 3 CLASSPNP.SYS[fffff880012ae43f] -> nt!IofCallDriver -> [0xfffffa80049147b0]
22:20:38.685 \Driver\amdxata[0xfffffa8004927610] -> IRP_MJ_CREATE -> 0xfffffa800446e2c0
22:20:38.701 Scan finished successfully


As for the combofix it's been stuck at this screen for about 40mins,so I closed it(as I couldn't access the internet because of it).I'm guessing that there might be an error(?).

http://img832.images.../combofixk.jpg/
  • 0

#10
Salagubang
Posted 22 April 2011 - 10:32 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
What is the make and model of this machine were working on?

Also, can you try running Combofix on safemode:
  • To enter safe mode, restart the machine then press F8 until boot menu appears.
  • Select Boot into Safe Mode with Networking.
  • Run Combofix on Safe Mode and post the log on your next reply.

  • 0

Advertisements

#11
Apocalypse_VC
Posted 23 April 2011 - 12:08 AM

Apocalypse_VC

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
This an Acer Aspire 5542.

So,I did this in safe mode,and left it there for 30 mins and it's still stuck at the same screen.However,at the beginning stages it said that Microsoft Security Essentials was open and that it may interfere with the program,so I deleted,yet it still pops up.Could this be the problem ?
  • 0

#12
Salagubang
Posted 23 April 2011 - 02:07 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
I am not familiar with the Startoolsup program. Do you know what it's for?
  • 0

#13
Apocalypse_VC
Posted 23 April 2011 - 02:14 AM

Apocalypse_VC

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
Sorry,I'm not familiar with it either.I tried searching for it,but no results were found.

Is there any other solution ?
  • 0

#14
Salagubang
Posted 23 April 2011 - 02:19 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
See if you can uninstall it.

  • Open Programs and Features by clicking the Start button Picture of the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.
  • Locate for the program Startool, and then click Uninstall.

Tell me how it goes.
  • 0

#15
Apocalypse_VC
Posted 23 April 2011 - 02:22 AM

Apocalypse_VC

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
It doesn't show up.

Edit - I have to go sleep.I would get back to you tomorrow.

Edited by Apocalypse_VC, 23 April 2011 - 02:30 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP