How do i remove it?
PLEEEASE HELP !!
How to remove Win32/Olmarik.TDL4 trojan
Started by
viz18639
, Sep 23 2011 10:07 AM
-
This topic is locked
#1
Posted 23 September 2011 - 10:07 AM
viz18639
-
- Member
-
- 6 posts
New Member
How do i remove it?
PLEEEASE HELP !!
#2
Posted 23 September 2011 - 12:45 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Hi there, lets see what variant it is first
Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
THEN
Download OTL to your Desktop
Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
THEN
Download OTL to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U /s
CREATERESTOREPOINT - Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Post both logs
#3
Posted 23 September 2011 - 11:00 PM
viz18639
- Topic Starter
-
- Member
-
- 6 posts
New Member
After i downloaded aswMBR.exe . As soon as i clicked scan, my pc restarted. I forgot to mention earlier i have this problem.
It all started like one day my pc just restarts by itself like once a day or something. Then one day after in restarted there was a startup problem and the startup repair could not fix it. So then i tried system restore which did not work. The only thing worked was bringing my pc back to factory settings. After that i installed ESET and came to know about the trojan virus. And also 1 more thing. In my Task Manager, under processes theres a thing called PING.EXE which hogs about 90% of my CPU.
And after it unexpectedly restarts this is the problem detail i get :-
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.768.3
Locale ID: 16393
Additional information about the problem:
BCCode: 3b
BCP1: 00000000C0000005
BCP2: FFFFF80002ADB1C1
BCP3: FFFFF88008B6D520
BCP4: 0000000000000000
OS Version: 6_1_7600
Service Pack: 0_0
Product: 768_1
Files that help describe the problem:
C:\WINDOWS\Minidump\092411-22386-01.dmp
C:\Users\Vishruth\AppData\Local\Temp\WER-53586-0.sysdata.xml
Read our privacy statement online:
http://go.microsoft....88&clcid=0x0409
If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt
It all started like one day my pc just restarts by itself like once a day or something. Then one day after in restarted there was a startup problem and the startup repair could not fix it. So then i tried system restore which did not work. The only thing worked was bringing my pc back to factory settings. After that i installed ESET and came to know about the trojan virus. And also 1 more thing. In my Task Manager, under processes theres a thing called PING.EXE which hogs about 90% of my CPU.
And after it unexpectedly restarts this is the problem detail i get :-
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.768.3
Locale ID: 16393
Additional information about the problem:
BCCode: 3b
BCP1: 00000000C0000005
BCP2: FFFFF80002ADB1C1
BCP3: FFFFF88008B6D520
BCP4: 0000000000000000
OS Version: 6_1_7600
Service Pack: 0_0
Product: 768_1
Files that help describe the problem:
C:\WINDOWS\Minidump\092411-22386-01.dmp
C:\Users\Vishruth\AppData\Local\Temp\WER-53586-0.sysdata.xml
Read our privacy statement online:
http://go.microsoft....88&clcid=0x0409
If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt
Edited by viz18639, 23 September 2011 - 11:11 PM.
#4
Posted 24 September 2011 - 04:38 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK can you get to safe mode ?
Restart the computer and then press and hold F8
A menu should appear
Select safe mode with networking
Please read carefully and follow these steps.
THEN
Run OTL as previously requested
Restart the computer and then press and hold F8
A menu should appear
Select safe mode with networking
Please read carefully and follow these steps.
- DownloadTDSSKiller and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
- If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
THEN
Run OTL as previously requested
#5
Posted 24 September 2011 - 05:19 AM
viz18639
- Topic Starter
-
- Member
-
- 6 posts
New Member
I ran the OTL in safe mode itself. Is it a problem?
OTL logfile created on: 9/24/2011 4:41:57 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Vishruth\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: India | Language: ENN | Date Format: dd-MM-yyyy
5.86 Gb Total Physical Memory | 5.21 Gb Available Physical Memory | 88.83% Memory free
11.73 Gb Paging File | 11.09 Gb Available in Paging File | 94.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.14 Gb Total Space | 390.29 Gb Free Space | 87.09% Space Free | Partition Type: NTFS
Computer Name: VISHRUTH-PC | User Name: Vishruth | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/09/24 16:40:00 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Vishruth\Desktop\OTL.exe
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/08/09 21:39:22 | 000,974,944 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/01/21 01:40:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/01/06 04:34:02 | 000,244,840 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/01/06 04:34:02 | 000,199,032 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
SRV:64bit: - [2010/01/06 04:34:02 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2009/12/16 18:46:30 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/11/18 11:15:40 | 000,202,752 | ---- | M] (AMD) [Auto | Stopped] -- C:\WINDOWS\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/02 23:18:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 07:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 00:12:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/08/06 06:45:26 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/08/06 06:44:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/08/06 06:43:37 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2010/08/06 06:24:48 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/05/21 22:28:30 | 000,673,088 | ---- | M] (SoftThinks) [Auto | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/09/30 17:31:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 17:31:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/07/06 02:42:26 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/06/24 02:32:42 | 000,060,928 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/06/11 02:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/06 05:37:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/05/21 19:29:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/09 13:57:12 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\WINDOWS\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 09:20:38 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\WINDOWS\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2011/08/04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\WINDOWS\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 09:20:38 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2011/08/04 09:20:38 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2010/01/21 01:40:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/01/06 04:34:02 | 000,528,232 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/01/06 04:34:02 | 000,440,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/01/06 04:34:02 | 000,279,752 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/01/06 04:34:02 | 000,189,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/01/06 04:34:02 | 000,121,504 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/01/06 04:34:02 | 000,093,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/01/06 04:34:02 | 000,075,288 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/01/06 04:34:02 | 000,062,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2009/12/16 18:46:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/12/16 18:46:14 | 003,053,560 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/11/18 11:51:20 | 006,171,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/11/02 23:18:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/12 16:30:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/30 07:04:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/17 10:24:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/08/24 08:50:22 | 000,285,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/20 21:35:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/24 11:43:02 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009/07/23 23:27:48 | 000,018,792 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\stdflt.sys -- (stdflt)
DRV:64bit: - [2009/07/14 07:22:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 07:22:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 07:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 07:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 07:17:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 07:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 13:30:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/04 16:57:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/02 06:24:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/07/01 16:01:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/06/25 14:34:20 | 000,067,584 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 14:08:52 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 13:43:44 | 000,055,296 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/15 23:36:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/11 02:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 02:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 02:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 02:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 23:21:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/14 06:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1200953381-1332551998-2081248267-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-1200953381-1332551998-2081248267-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-1200953381-1332551998-2081248267-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1200953381-1332551998-2081248267-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Vishruth\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Vishruth\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2011/09/23 20:05:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/09/23 20:05:15 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Vishruth\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Vishruth\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Vishruth\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Vishruth\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Ethereal 2 Theme By VikiTech = C:\Users\Vishruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjgenbiepgodgfapfnolmenbfncejmjf\1_0\
Hosts file not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20100805201922.dll (McAfee, Inc.)
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20100805201922.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1200953381-1332551998-2081248267-1000\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [ConduitHelper] C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe (Conduit Ltd.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1200953381-1332551998-2081248267-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1200953381-1332551998-2081248267-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2DF5769-43CD-482C-8124-9B021FFFB5E1}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 30 Days ==========
[2011/09/24 16:39:53 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Vishruth\Desktop\OTL.exe
[2011/09/24 16:30:53 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\Desktop\tdsskiller
[2011/09/24 13:12:18 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011/09/24 13:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/09/24 12:42:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/09/24 10:44:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/09/24 10:43:57 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\PackageAware
[2011/09/23 22:25:08 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\SupportSoft
[2011/09/23 21:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SupportSoft
[2011/09/23 21:05:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\supportsoft
[2011/09/23 20:36:38 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\Malwarebytes
[2011/09/23 20:36:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/23 20:36:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/23 20:36:18 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/09/23 20:36:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/09/23 20:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2011/09/23 14:43:15 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Threat Expert
[2011/09/23 14:36:17 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\FixCleaner
[2011/09/23 14:19:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/09/23 14:19:10 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\PC Tools
[2011/09/23 14:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/09/23 14:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/09/23 12:55:52 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\ESET
[2011/09/23 12:55:52 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\ESET
[2011/09/23 12:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/23 12:53:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011/09/23 12:49:08 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Adobe
[2011/09/23 12:48:31 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\WinRAR
[2011/09/23 12:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/09/23 12:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/09/22 21:04:07 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Microsoft Games
[2011/09/21 17:55:25 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\riotsGamesLogs
[2011/09/21 17:42:30 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\LolClient
[2011/09/21 10:59:35 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\vlc
[2011/09/21 10:50:10 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\CyberLink
[2011/09/21 10:31:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011/09/21 10:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
[2011/09/21 10:29:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GRETECH
[2011/09/21 10:10:16 | 000,000,000 | ---D | C] -- C:\Windows\SMINST
[2011/09/21 01:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2011/09/21 01:49:06 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\PCDr
[2011/09/21 01:45:51 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Absolute_Software
[2011/09/21 01:44:45 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\ElevatedDiagnostics
[2011/09/21 01:27:34 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/09/21 01:13:56 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\PMB Files
[2011/09/21 01:13:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011/09/21 00:46:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2011/09/21 00:42:01 | 000,000,000 | ---D | C] -- C:\extensions
[2011/09/21 00:42:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2011/09/21 00:41:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrentBar
[2011/09/21 00:41:58 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Conduit
[2011/09/21 00:41:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2011/09/21 00:40:48 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\uTorrent
[2011/09/21 00:40:48 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\uTorrent
[2011/09/21 00:36:18 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/09/21 00:34:14 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Google
[2011/09/21 00:33:57 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Deployment
[2011/09/21 00:33:57 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Apps
[2011/09/21 00:20:12 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\Macromedia
[2011/09/21 00:20:12 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\Adobe
[2011/09/21 00:13:55 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\MigWiz
[2011/09/21 00:13:32 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\My Backup Files
[2011/09/21 00:08:15 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\Dell
[2011/09/21 00:08:02 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\DataSafeOnline
[2011/09/21 00:07:56 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\Roxio
[2011/09/21 00:07:55 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Stardock_Corporation
[2011/09/21 00:07:49 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\ATI
[2011/09/21 00:07:49 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\ATI
[2011/09/21 00:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/09/21 00:07:19 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Searches
[2011/09/21 00:07:19 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/09/21 00:07:18 | 000,000,000 | -H-D | C] -- C:\Users\Vishruth\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/09/21 00:07:06 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\Identities
[2011/09/21 00:07:01 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Contacts
[2011/09/21 00:07:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/21 00:06:58 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\VirtualStore
[2011/09/21 00:04:09 | 000,000,000 | --SD | C] -- C:\Users\Vishruth\AppData\Roaming\Microsoft
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Videos
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Saved Games
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Pictures
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Music
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Links
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Favorites
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Downloads
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Documents
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Desktop
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\AppData\Local\Temporary Internet Files
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Templates
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Start Menu
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\SendTo
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Recent
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\PrintHood
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\NetHood
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Documents\My Videos
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Documents\My Pictures
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Documents\My Music
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\My Documents
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Local Settings
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\AppData\Local\History
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Cookies
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Application Data
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\AppData\Local\Application Data
[2011/09/21 00:04:09 | 000,000,000 | -H-D | C] -- C:\Users\Vishruth\AppData
[2011/09/21 00:04:09 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Temp
[2011/09/21 00:04:09 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\SoftThinks
[2011/09/21 00:04:09 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Microsoft
[2011/09/21 00:04:09 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\Media Center Programs
========== Files - Modified Within 30 Days ==========
[2011/09/24 16:40:57 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/24 16:40:57 | 000,619,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/24 16:40:57 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/24 16:40:00 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Vishruth\Desktop\OTL.exe
[2011/09/24 16:36:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/24 16:36:38 | 427,180,031 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/24 16:30:14 | 001,528,215 | ---- | M] () -- C:\Users\Vishruth\Desktop\tdsskiller.zip
[2011/09/24 16:22:41 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/09/24 15:39:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1200953381-1332551998-2081248267-1000UA.job
[2011/09/24 13:18:19 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/09/24 10:27:21 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/24 10:27:21 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/24 10:18:50 | 361,934,458 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/24 06:41:38 | 000,002,423 | ---- | M] () -- C:\Users\Vishruth\Desktop\Google Chrome.lnk
[2011/09/24 00:39:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1200953381-1332551998-2081248267-1000Core.job
[2011/09/21 10:32:24 | 000,039,219 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/09/21 10:32:24 | 000,039,219 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/09/21 01:47:24 | 000,000,046 | ---- | M] () -- C:\Users\Vishruth\AppData\Roaming\FactoryInstaller.xml
[2011/09/21 01:07:47 | 000,408,832 | ---- | M] () -- C:\Windows\SysWow64\yowtpuou.dat
[2011/09/21 01:07:47 | 000,365,824 | ---- | M] () -- C:\Windows\SysWow64\bvmfpzpk.dat
[2011/09/21 01:07:47 | 000,138,496 | ---- | M] () -- C:\Windows\SysWow64\ejwniphb.dat
[2011/09/21 01:07:47 | 000,058,112 | ---- | M] () -- C:\Windows\SysWow64\cqleesei.dat
[2011/09/21 01:07:47 | 000,055,040 | ---- | M] () -- C:\Windows\SysWow64\koidmlfp.dat
[2011/09/21 01:07:47 | 000,041,728 | ---- | M] () -- C:\Windows\SysWow64\vwxppnte.dat
[2011/09/21 01:07:47 | 000,034,048 | ---- | M] () -- C:\Windows\SysWow64\rpbjdasq.dat
[2011/09/21 01:07:46 | 000,154,368 | ---- | M] () -- C:\Windows\SysWow64\tmlfsnjg.dat
[2011/09/21 00:19:26 | 000,001,443 | ---- | M] () -- C:\Users\Vishruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/21 00:07:56 | 000,001,984 | ---- | M] () -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2011/09/24 16:30:07 | 001,528,215 | ---- | C] () -- C:\Users\Vishruth\Desktop\tdsskiller.zip
[2011/09/24 13:18:19 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/09/21 10:30:05 | 427,180,031 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/21 01:45:51 | 000,000,046 | ---- | C] () -- C:\Users\Vishruth\AppData\Roaming\FactoryInstaller.xml
[2011/09/21 01:27:25 | 361,934,458 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/21 01:07:47 | 000,408,832 | ---- | C] () -- C:\Windows\SysWow64\yowtpuou.dat
[2011/09/21 01:07:47 | 000,365,824 | ---- | C] () -- C:\Windows\SysWow64\bvmfpzpk.dat
[2011/09/21 01:07:47 | 000,138,496 | ---- | C] () -- C:\Windows\SysWow64\ejwniphb.dat
[2011/09/21 01:07:47 | 000,058,112 | ---- | C] () -- C:\Windows\SysWow64\cqleesei.dat
[2011/09/21 01:07:47 | 000,055,040 | ---- | C] () -- C:\Windows\SysWow64\koidmlfp.dat
[2011/09/21 01:07:47 | 000,041,728 | ---- | C] () -- C:\Windows\SysWow64\vwxppnte.dat
[2011/09/21 01:07:47 | 000,034,048 | ---- | C] () -- C:\Windows\SysWow64\rpbjdasq.dat
[2011/09/21 01:07:46 | 000,154,368 | ---- | C] () -- C:\Windows\SysWow64\tmlfsnjg.dat
[2011/09/21 00:36:19 | 000,002,423 | ---- | C] () -- C:\Users\Vishruth\Desktop\Google Chrome.lnk
[2011/09/21 00:34:23 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1200953381-1332551998-2081248267-1000UA.job
[2011/09/21 00:34:19 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1200953381-1332551998-2081248267-1000Core.job
[2011/09/21 00:32:03 | 000,000,452 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/09/21 00:19:26 | 000,001,443 | ---- | C] () -- C:\Users\Vishruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/21 00:07:56 | 000,001,984 | ---- | C] () -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2011/09/21 00:07:27 | 000,001,415 | ---- | C] () -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/09/21 00:07:20 | 000,001,449 | ---- | C] () -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/09/21 00:04:35 | 000,001,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2011/09/21 00:04:09 | 000,000,290 | ---- | C] () -- C:\Users\Vishruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/09/21 00:04:09 | 000,000,272 | ---- | C] () -- C:\Users\Vishruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/08/06 08:10:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/06 06:45:52 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2010/08/06 06:45:52 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2010/08/06 06:45:52 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2010/08/06 06:45:36 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/08/06 06:45:36 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/08/06 06:42:03 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/07/14 11:08:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 08:05:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 08:04:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 05:40:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 05:12:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 02:33:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 02:56:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
========== LOP Check ==========
[2011/09/23 12:55:52 | 000,000,000 | ---D | M] -- C:\Users\Vishruth\AppData\Roaming\ESET
[2011/09/23 14:41:59 | 000,000,000 | ---D | M] -- C:\Users\Vishruth\AppData\Roaming\FixCleaner
[2011/09/21 17:42:30 | 000,000,000 | ---D | M] -- C:\Users\Vishruth\AppData\Roaming\LolClient
[2011/09/21 01:49:07 | 000,000,000 | ---D | M] -- C:\Users\Vishruth\AppData\Roaming\PCDr
[2011/09/24 16:35:42 | 000,000,000 | ---D | M] -- C:\Users\Vishruth\AppData\Roaming\uTorrent
[2011/09/24 16:22:41 | 000,000,452 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2009/07/14 10:38:49 | 000,005,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2010/08/06 08:56:24 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 11:53:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\WINDOWS\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 10:49:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\WINDOWS\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 06:44:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 11:21:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\WINDOWS\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/08/06 08:56:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\WINDOWS\SysWOW64\explorer.exe
[2010/08/06 08:56:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 11:03:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\WINDOWS\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 11:49:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\WINDOWS\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 11:44:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\WINDOWS\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/08/06 08:56:24 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/08/06 08:56:31 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\WINDOWS\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/08/06 08:56:39 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\WINDOWS\explorer.exe
[2010/08/06 08:56:39 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/08/06 08:56:31 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/08/06 08:56:39 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/08/06 08:56:31 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 07:09:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/08/06 08:56:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/08/06 08:56:24 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 11:56:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\WINDOWS\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/08/06 08:56:31 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/08/06 08:56:24 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
< MD5 for: SVCHOST.EXE >
[2009/07/14 06:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\WINDOWS\SysWOW64\svchost.exe
[2009/07/14 06:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 07:09:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 07:09:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\WINDOWS\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >
[2009/07/14 06:44:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\WINDOWS\SysWOW64\userinit.exe
[2009/07/14 06:44:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 07:09:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 07:09:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\WINDOWS\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/07/14 07:09:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/08/06 08:56:39 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/08/06 08:56:39 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010/08/06 08:56:39 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< C:\Windows\assembly\tmp\U /s >
========== Alternate Data Streams ==========
@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
OTL logfile created on: 9/24/2011 4:41:57 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Vishruth\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: India | Language: ENN | Date Format: dd-MM-yyyy
5.86 Gb Total Physical Memory | 5.21 Gb Available Physical Memory | 88.83% Memory free
11.73 Gb Paging File | 11.09 Gb Available in Paging File | 94.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.14 Gb Total Space | 390.29 Gb Free Space | 87.09% Space Free | Partition Type: NTFS
Computer Name: VISHRUTH-PC | User Name: Vishruth | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/09/24 16:40:00 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Vishruth\Desktop\OTL.exe
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/08/09 21:39:22 | 000,974,944 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/01/21 01:40:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/01/06 04:34:02 | 000,244,840 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/01/06 04:34:02 | 000,199,032 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
SRV:64bit: - [2010/01/06 04:34:02 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2009/12/16 18:46:30 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/11/18 11:15:40 | 000,202,752 | ---- | M] (AMD) [Auto | Stopped] -- C:\WINDOWS\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/02 23:18:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 07:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 00:12:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/08/06 06:45:26 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/08/06 06:44:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/08/06 06:43:37 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2010/08/06 06:24:48 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/05/21 22:28:30 | 000,673,088 | ---- | M] (SoftThinks) [Auto | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/09/30 17:31:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 17:31:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/07/06 02:42:26 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/06/24 02:32:42 | 000,060,928 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/06/11 02:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/06 05:37:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/05/21 19:29:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/09 13:57:12 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\WINDOWS\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 09:20:38 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\WINDOWS\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2011/08/04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\WINDOWS\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 09:20:38 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2011/08/04 09:20:38 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2010/01/21 01:40:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/01/06 04:34:02 | 000,528,232 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/01/06 04:34:02 | 000,440,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/01/06 04:34:02 | 000,279,752 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/01/06 04:34:02 | 000,189,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/01/06 04:34:02 | 000,121,504 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/01/06 04:34:02 | 000,093,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/01/06 04:34:02 | 000,075,288 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/01/06 04:34:02 | 000,062,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2009/12/16 18:46:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/12/16 18:46:14 | 003,053,560 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/11/18 11:51:20 | 006,171,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/11/02 23:18:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/12 16:30:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/30 07:04:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/17 10:24:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/08/24 08:50:22 | 000,285,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/20 21:35:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/24 11:43:02 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009/07/23 23:27:48 | 000,018,792 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\stdflt.sys -- (stdflt)
DRV:64bit: - [2009/07/14 07:22:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 07:22:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 07:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 07:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 07:17:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 07:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 13:30:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/04 16:57:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/02 06:24:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/07/01 16:01:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/06/25 14:34:20 | 000,067,584 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 14:08:52 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 13:43:44 | 000,055,296 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/15 23:36:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/11 02:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 02:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 02:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 02:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 23:21:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/14 06:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1200953381-1332551998-2081248267-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-1200953381-1332551998-2081248267-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-1200953381-1332551998-2081248267-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1200953381-1332551998-2081248267-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Vishruth\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Vishruth\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2011/09/23 20:05:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/09/23 20:05:15 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Vishruth\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Vishruth\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Vishruth\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Vishruth\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Ethereal 2 Theme By VikiTech = C:\Users\Vishruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjgenbiepgodgfapfnolmenbfncejmjf\1_0\
Hosts file not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20100805201922.dll (McAfee, Inc.)
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20100805201922.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1200953381-1332551998-2081248267-1000\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [ConduitHelper] C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe (Conduit Ltd.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1200953381-1332551998-2081248267-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1200953381-1332551998-2081248267-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2DF5769-43CD-482C-8124-9B021FFFB5E1}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 30 Days ==========
[2011/09/24 16:39:53 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Vishruth\Desktop\OTL.exe
[2011/09/24 16:30:53 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\Desktop\tdsskiller
[2011/09/24 13:12:18 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011/09/24 13:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/09/24 12:42:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/09/24 10:44:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/09/24 10:43:57 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\PackageAware
[2011/09/23 22:25:08 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\SupportSoft
[2011/09/23 21:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SupportSoft
[2011/09/23 21:05:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\supportsoft
[2011/09/23 20:36:38 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\Malwarebytes
[2011/09/23 20:36:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/23 20:36:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/23 20:36:18 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/09/23 20:36:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/09/23 20:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2011/09/23 14:43:15 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Threat Expert
[2011/09/23 14:36:17 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\FixCleaner
[2011/09/23 14:19:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/09/23 14:19:10 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\PC Tools
[2011/09/23 14:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/09/23 14:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/09/23 12:55:52 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\ESET
[2011/09/23 12:55:52 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\ESET
[2011/09/23 12:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/23 12:53:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011/09/23 12:49:08 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Adobe
[2011/09/23 12:48:31 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\WinRAR
[2011/09/23 12:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/09/23 12:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/09/22 21:04:07 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Microsoft Games
[2011/09/21 17:55:25 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\riotsGamesLogs
[2011/09/21 17:42:30 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\LolClient
[2011/09/21 10:59:35 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\vlc
[2011/09/21 10:50:10 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\CyberLink
[2011/09/21 10:31:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011/09/21 10:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
[2011/09/21 10:29:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GRETECH
[2011/09/21 10:10:16 | 000,000,000 | ---D | C] -- C:\Windows\SMINST
[2011/09/21 01:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2011/09/21 01:49:06 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\PCDr
[2011/09/21 01:45:51 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Absolute_Software
[2011/09/21 01:44:45 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\ElevatedDiagnostics
[2011/09/21 01:27:34 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/09/21 01:13:56 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\PMB Files
[2011/09/21 01:13:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011/09/21 00:46:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2011/09/21 00:42:01 | 000,000,000 | ---D | C] -- C:\extensions
[2011/09/21 00:42:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2011/09/21 00:41:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrentBar
[2011/09/21 00:41:58 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Conduit
[2011/09/21 00:41:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2011/09/21 00:40:48 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\uTorrent
[2011/09/21 00:40:48 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\uTorrent
[2011/09/21 00:36:18 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/09/21 00:34:14 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Google
[2011/09/21 00:33:57 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Deployment
[2011/09/21 00:33:57 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Apps
[2011/09/21 00:20:12 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\Macromedia
[2011/09/21 00:20:12 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\Adobe
[2011/09/21 00:13:55 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\MigWiz
[2011/09/21 00:13:32 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\My Backup Files
[2011/09/21 00:08:15 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\Dell
[2011/09/21 00:08:02 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\DataSafeOnline
[2011/09/21 00:07:56 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\Roxio
[2011/09/21 00:07:55 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Stardock_Corporation
[2011/09/21 00:07:49 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\ATI
[2011/09/21 00:07:49 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\ATI
[2011/09/21 00:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/09/21 00:07:19 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Searches
[2011/09/21 00:07:19 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/09/21 00:07:18 | 000,000,000 | -H-D | C] -- C:\Users\Vishruth\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/09/21 00:07:06 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\Identities
[2011/09/21 00:07:01 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Contacts
[2011/09/21 00:07:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/21 00:06:58 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\VirtualStore
[2011/09/21 00:04:09 | 000,000,000 | --SD | C] -- C:\Users\Vishruth\AppData\Roaming\Microsoft
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Videos
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Saved Games
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Pictures
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Music
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Links
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Favorites
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Downloads
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Documents
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Desktop
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\AppData\Local\Temporary Internet Files
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Templates
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Start Menu
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\SendTo
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Recent
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\PrintHood
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\NetHood
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Documents\My Videos
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Documents\My Pictures
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Documents\My Music
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\My Documents
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Local Settings
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\AppData\Local\History
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Cookies
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Application Data
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\AppData\Local\Application Data
[2011/09/21 00:04:09 | 000,000,000 | -H-D | C] -- C:\Users\Vishruth\AppData
[2011/09/21 00:04:09 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Temp
[2011/09/21 00:04:09 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\SoftThinks
[2011/09/21 00:04:09 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Microsoft
[2011/09/21 00:04:09 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\Media Center Programs
========== Files - Modified Within 30 Days ==========
[2011/09/24 16:40:57 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/24 16:40:57 | 000,619,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/24 16:40:57 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/24 16:40:00 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Vishruth\Desktop\OTL.exe
[2011/09/24 16:36:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/24 16:36:38 | 427,180,031 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/24 16:30:14 | 001,528,215 | ---- | M] () -- C:\Users\Vishruth\Desktop\tdsskiller.zip
[2011/09/24 16:22:41 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/09/24 15:39:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1200953381-1332551998-2081248267-1000UA.job
[2011/09/24 13:18:19 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/09/24 10:27:21 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/24 10:27:21 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/24 10:18:50 | 361,934,458 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/24 06:41:38 | 000,002,423 | ---- | M] () -- C:\Users\Vishruth\Desktop\Google Chrome.lnk
[2011/09/24 00:39:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1200953381-1332551998-2081248267-1000Core.job
[2011/09/21 10:32:24 | 000,039,219 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/09/21 10:32:24 | 000,039,219 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/09/21 01:47:24 | 000,000,046 | ---- | M] () -- C:\Users\Vishruth\AppData\Roaming\FactoryInstaller.xml
[2011/09/21 01:07:47 | 000,408,832 | ---- | M] () -- C:\Windows\SysWow64\yowtpuou.dat
[2011/09/21 01:07:47 | 000,365,824 | ---- | M] () -- C:\Windows\SysWow64\bvmfpzpk.dat
[2011/09/21 01:07:47 | 000,138,496 | ---- | M] () -- C:\Windows\SysWow64\ejwniphb.dat
[2011/09/21 01:07:47 | 000,058,112 | ---- | M] () -- C:\Windows\SysWow64\cqleesei.dat
[2011/09/21 01:07:47 | 000,055,040 | ---- | M] () -- C:\Windows\SysWow64\koidmlfp.dat
[2011/09/21 01:07:47 | 000,041,728 | ---- | M] () -- C:\Windows\SysWow64\vwxppnte.dat
[2011/09/21 01:07:47 | 000,034,048 | ---- | M] () -- C:\Windows\SysWow64\rpbjdasq.dat
[2011/09/21 01:07:46 | 000,154,368 | ---- | M] () -- C:\Windows\SysWow64\tmlfsnjg.dat
[2011/09/21 00:19:26 | 000,001,443 | ---- | M] () -- C:\Users\Vishruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/21 00:07:56 | 000,001,984 | ---- | M] () -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2011/09/24 16:30:07 | 001,528,215 | ---- | C] () -- C:\Users\Vishruth\Desktop\tdsskiller.zip
[2011/09/24 13:18:19 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/09/21 10:30:05 | 427,180,031 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/21 01:45:51 | 000,000,046 | ---- | C] () -- C:\Users\Vishruth\AppData\Roaming\FactoryInstaller.xml
[2011/09/21 01:27:25 | 361,934,458 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/21 01:07:47 | 000,408,832 | ---- | C] () -- C:\Windows\SysWow64\yowtpuou.dat
[2011/09/21 01:07:47 | 000,365,824 | ---- | C] () -- C:\Windows\SysWow64\bvmfpzpk.dat
[2011/09/21 01:07:47 | 000,138,496 | ---- | C] () -- C:\Windows\SysWow64\ejwniphb.dat
[2011/09/21 01:07:47 | 000,058,112 | ---- | C] () -- C:\Windows\SysWow64\cqleesei.dat
[2011/09/21 01:07:47 | 000,055,040 | ---- | C] () -- C:\Windows\SysWow64\koidmlfp.dat
[2011/09/21 01:07:47 | 000,041,728 | ---- | C] () -- C:\Windows\SysWow64\vwxppnte.dat
[2011/09/21 01:07:47 | 000,034,048 | ---- | C] () -- C:\Windows\SysWow64\rpbjdasq.dat
[2011/09/21 01:07:46 | 000,154,368 | ---- | C] () -- C:\Windows\SysWow64\tmlfsnjg.dat
[2011/09/21 00:36:19 | 000,002,423 | ---- | C] () -- C:\Users\Vishruth\Desktop\Google Chrome.lnk
[2011/09/21 00:34:23 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1200953381-1332551998-2081248267-1000UA.job
[2011/09/21 00:34:19 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1200953381-1332551998-2081248267-1000Core.job
[2011/09/21 00:32:03 | 000,000,452 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/09/21 00:19:26 | 000,001,443 | ---- | C] () -- C:\Users\Vishruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/21 00:07:56 | 000,001,984 | ---- | C] () -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2011/09/21 00:07:27 | 000,001,415 | ---- | C] () -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/09/21 00:07:20 | 000,001,449 | ---- | C] () -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/09/21 00:04:35 | 000,001,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2011/09/21 00:04:09 | 000,000,290 | ---- | C] () -- C:\Users\Vishruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/09/21 00:04:09 | 000,000,272 | ---- | C] () -- C:\Users\Vishruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/08/06 08:10:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/06 06:45:52 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2010/08/06 06:45:52 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2010/08/06 06:45:52 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2010/08/06 06:45:36 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/08/06 06:45:36 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/08/06 06:42:03 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/07/14 11:08:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 08:05:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 08:04:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 05:40:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 05:12:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 02:33:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 02:56:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
========== LOP Check ==========
[2011/09/23 12:55:52 | 000,000,000 | ---D | M] -- C:\Users\Vishruth\AppData\Roaming\ESET
[2011/09/23 14:41:59 | 000,000,000 | ---D | M] -- C:\Users\Vishruth\AppData\Roaming\FixCleaner
[2011/09/21 17:42:30 | 000,000,000 | ---D | M] -- C:\Users\Vishruth\AppData\Roaming\LolClient
[2011/09/21 01:49:07 | 000,000,000 | ---D | M] -- C:\Users\Vishruth\AppData\Roaming\PCDr
[2011/09/24 16:35:42 | 000,000,000 | ---D | M] -- C:\Users\Vishruth\AppData\Roaming\uTorrent
[2011/09/24 16:22:41 | 000,000,452 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2009/07/14 10:38:49 | 000,005,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2010/08/06 08:56:24 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 11:53:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\WINDOWS\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 10:49:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\WINDOWS\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 06:44:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 11:21:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\WINDOWS\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/08/06 08:56:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\WINDOWS\SysWOW64\explorer.exe
[2010/08/06 08:56:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 11:03:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\WINDOWS\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 11:49:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\WINDOWS\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 11:44:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\WINDOWS\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/08/06 08:56:24 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/08/06 08:56:31 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\WINDOWS\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/08/06 08:56:39 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\WINDOWS\explorer.exe
[2010/08/06 08:56:39 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/08/06 08:56:31 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/08/06 08:56:39 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/08/06 08:56:31 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 07:09:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/08/06 08:56:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/08/06 08:56:24 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 11:56:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\WINDOWS\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/08/06 08:56:31 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/08/06 08:56:24 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
< MD5 for: SVCHOST.EXE >
[2009/07/14 06:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\WINDOWS\SysWOW64\svchost.exe
[2009/07/14 06:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 07:09:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 07:09:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\WINDOWS\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >
[2009/07/14 06:44:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\WINDOWS\SysWOW64\userinit.exe
[2009/07/14 06:44:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 07:09:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 07:09:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\WINDOWS\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/07/14 07:09:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/08/06 08:56:39 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/08/06 08:56:39 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010/08/06 08:56:39 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< C:\Windows\assembly\tmp\U /s >
========== Alternate Data Streams ==========
@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
Attached Files
-
TDSSKiller.2.6.0.0_24.09.2011_16.31.23_log.txt 77.17KB
143 downloads
-
OTL.Txt 105.5KB
103 downloads
-
Extras.Txt 39.74KB
126 downloads
#6
Posted 24 September 2011 - 05:39 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
That is the bad boy - dead16:31:44.0327 1680 Actual detected object count: 1
16:32:30.0548 1680 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
16:32:30.0548 1680 \Device\Harddisk0\DR0 - ok
16:32:30.0548 1680 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
16:33:42.0466 0632 Deinitialize success
Run this now from normal mode and on completion let me know what problems you are having
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - Reg Error: Value error. File not found
[2011/09/21 01:07:47 | 000,408,832 | ---- | M] () -- C:\Windows\SysWow64\yowtpuou.dat
[2011/09/21 01:07:47 | 000,365,824 | ---- | M] () -- C:\Windows\SysWow64\bvmfpzpk.dat
[2011/09/21 01:07:47 | 000,138,496 | ---- | M] () -- C:\Windows\SysWow64\ejwniphb.dat
[2011/09/21 01:07:47 | 000,058,112 | ---- | M] () -- C:\Windows\SysWow64\cqleesei.dat
[2011/09/21 01:07:47 | 000,055,040 | ---- | M] () -- C:\Windows\SysWow64\koidmlfp.dat
[2011/09/21 01:07:47 | 000,041,728 | ---- | M] () -- C:\Windows\SysWow64\vwxppnte.dat
[2011/09/21 01:07:47 | 000,034,048 | ---- | M] () -- C:\Windows\SysWow64\rpbjdasq.dat
[2011/09/21 01:07:46 | 000,154,368 | ---- | M] () -- C:\Windows\SysWow64\tmlfsnjg.dat
:Files
ipconfig /flushdns /c
C:\Windows\tasks\At*.job
:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
#7
Posted 24 September 2011 - 06:00 AM
viz18639
- Topic Starter
-
- Member
-
- 6 posts
New Member
The first file was the result after the reboot.
And the second file, after i ran the quick scan.
OTL logfile created on: 9/24/2011 5:19:47 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Vishruth\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: India | Language: ENN | Date Format: dd-MM-yyyy
5.86 Gb Total Physical Memory | 4.68 Gb Available Physical Memory | 79.79% Memory free
11.73 Gb Paging File | 10.27 Gb Available in Paging File | 87.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.14 Gb Total Space | 382.95 Gb Free Space | 85.45% Space Free | Partition Type: NTFS
Computer Name: VISHRUTH-PC | User Name: Vishruth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/09/24 16:40:00 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Vishruth\Desktop\OTL.exe
PRC - [2011/09/21 01:13:49 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011/09/21 00:41:23 | 000,640,888 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 15:29:14 | 000,274,216 | ---- | M] (Conduit Ltd.) -- C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe
PRC - [2011/08/09 21:39:22 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2010/05/21 22:30:52 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2010/05/21 22:28:30 | 000,673,088 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/02/10 00:04:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/12/30 03:05:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/10/15 13:40:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/09/30 17:31:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/22 19:22:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
PRC - [2009/07/06 02:42:26 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/06/25 02:51:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/05/21 19:29:14 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/05/21 19:29:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 19:29:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
========== Modules (No Company Name) ==========
MOD - [2011/09/21 01:13:49 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2010/05/21 22:30:52 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010/05/21 22:29:16 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010/05/21 22:28:56 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010/05/21 22:28:54 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2010/05/21 22:28:48 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010/05/21 22:28:46 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2010/05/21 22:28:42 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010/05/21 22:28:18 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010/02/10 00:04:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2010/02/10 00:04:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2010/02/10 00:04:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2010/02/10 00:04:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2010/02/10 00:04:00 | 000,058,688 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2010/02/10 00:04:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/10/15 13:40:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/07/22 19:22:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
MOD - [2009/07/14 10:30:25 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e033d390dc7e9567b6960b0f530cf30\System.Management.ni.dll
MOD - [2009/07/14 10:26:04 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\0929bf4ca3bc8e8b2131f27cdf500c7e\System.Web.Services.ni.dll
MOD - [2009/07/14 10:25:32 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
MOD - [2009/07/14 10:25:26 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009/07/14 10:25:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MOD - [2009/07/14 10:25:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
MOD - [2009/07/14 10:25:05 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009/07/14 10:25:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/08/09 21:39:22 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/01/21 01:40:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/01/06 04:34:02 | 000,244,840 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/01/06 04:34:02 | 000,199,032 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
SRV:64bit: - [2010/01/06 04:34:02 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2009/12/16 18:46:30 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/11/18 11:15:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\WINDOWS\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/02 23:18:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 07:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 00:12:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/08/06 06:45:26 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/08/06 06:44:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/08/06 06:43:37 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2010/08/06 06:24:48 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/05/21 22:28:30 | 000,673,088 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/09/30 17:31:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 17:31:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/07/06 02:42:26 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/06/24 02:32:42 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/06/11 02:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/06 05:37:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/05/21 19:29:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/09 13:57:12 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 09:20:38 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2011/08/04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 09:20:38 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2011/08/04 09:20:38 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2010/01/21 01:40:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/01/06 04:34:02 | 000,528,232 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/01/06 04:34:02 | 000,440,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/01/06 04:34:02 | 000,279,752 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/01/06 04:34:02 | 000,189,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/01/06 04:34:02 | 000,121,504 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/01/06 04:34:02 | 000,093,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/01/06 04:34:02 | 000,075,288 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/01/06 04:34:02 | 000,062,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2009/12/16 18:46:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/12/16 18:46:14 | 003,053,560 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/11/18 11:51:20 | 006,171,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/11/02 23:18:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/12 16:30:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/30 07:04:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/17 10:24:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/08/24 08:50:22 | 000,285,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/20 21:35:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/24 11:43:02 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009/07/23 23:27:48 | 000,018,792 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\stdflt.sys -- (stdflt)
DRV:64bit: - [2009/07/14 07:22:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 07:22:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 07:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 07:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 07:17:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 07:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 13:30:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/04 16:57:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/02 06:24:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/07/01 16:01:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/06/25 14:34:20 | 000,067,584 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 14:08:52 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 13:43:44 | 000,055,296 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/15 23:36:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/11 02:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 02:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 02:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 02:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 23:21:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/14 06:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Vishruth\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Vishruth\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2011/09/23 20:05:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/09/23 20:05:15 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Vishruth\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Vishruth\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Vishruth\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Vishruth\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Ethereal 2 Theme By VikiTech = C:\Users\Vishruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjgenbiepgodgfapfnolmenbfncejmjf\1_0\
O1 HOSTS File: ([2011/09/24 17:16:36 | 000,000,098 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20100805201922.dll (McAfee, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20100805201922.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [ConduitHelper] C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe (Conduit Ltd.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2DF5769-43CD-482C-8124-9B021FFFB5E1}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/24 17:16:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/24 16:39:53 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Vishruth\Desktop\OTL.exe
[2011/09/24 16:30:53 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\Desktop\tdsskiller
[2011/09/24 13:12:18 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011/09/24 13:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/09/24 12:42:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/09/24 10:44:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/09/24 10:43:57 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\PackageAware
[2011/09/23 22:25:08 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\SupportSoft
[2011/09/23 21:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SupportSoft
[2011/09/23 21:05:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\supportsoft
[2011/09/23 20:36:38 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\Malwarebytes
[2011/09/23 20:36:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/23 20:36:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/23 20:36:18 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/09/23 20:36:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/09/23 20:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2011/09/23 14:43:15 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Threat Expert
[2011/09/23 14:36:17 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\FixCleaner
[2011/09/23 14:19:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/09/23 14:19:10 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\PC Tools
[2011/09/23 14:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/09/23 14:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/09/23 12:55:52 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\ESET
[2011/09/23 12:55:52 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\ESET
[2011/09/23 12:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/23 12:53:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011/09/23 12:49:08 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Adobe
[2011/09/23 12:48:31 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\WinRAR
[2011/09/23 12:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/09/23 12:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/09/22 21:04:07 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Microsoft Games
[2011/09/21 17:55:25 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\riotsGamesLogs
[2011/09/21 17:42:30 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\LolClient
[2011/09/21 10:59:35 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\vlc
[2011/09/21 10:50:10 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\CyberLink
[2011/09/21 10:31:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011/09/21 10:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
[2011/09/21 10:29:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GRETECH
[2011/09/21 10:10:16 | 000,000,000 | ---D | C] -- C:\Windows\SMINST
[2011/09/21 01:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2011/09/21 01:49:06 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\PCDr
[2011/09/21 01:45:51 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Absolute_Software
[2011/09/21 01:44:45 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\ElevatedDiagnostics
[2011/09/21 01:27:34 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/09/21 01:13:56 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\PMB Files
[2011/09/21 01:13:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011/09/21 00:46:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2011/09/21 00:42:01 | 000,000,000 | ---D | C] -- C:\extensions
[2011/09/21 00:42:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2011/09/21 00:41:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrentBar
[2011/09/21 00:41:58 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Conduit
[2011/09/21 00:41:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2011/09/21 00:40:48 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\uTorrent
[2011/09/21 00:40:48 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\uTorrent
[2011/09/21 00:36:18 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/09/21 00:34:14 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Google
[2011/09/21 00:33:57 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Deployment
[2011/09/21 00:33:57 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Apps
[2011/09/21 00:20:12 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\Macromedia
[2011/09/21 00:20:12 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\Adobe
[2011/09/21 00:13:55 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\MigWiz
[2011/09/21 00:13:32 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\My Backup Files
[2011/09/21 00:08:15 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\Dell
[2011/09/21 00:08:02 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\DataSafeOnline
[2011/09/21 00:07:56 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\Roxio
[2011/09/21 00:07:55 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Stardock_Corporation
[2011/09/21 00:07:49 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\ATI
[2011/09/21 00:07:49 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\ATI
[2011/09/21 00:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/09/21 00:07:19 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Searches
[2011/09/21 00:07:19 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/09/21 00:07:18 | 000,000,000 | -H-D | C] -- C:\Users\Vishruth\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/09/21 00:07:06 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\Identities
[2011/09/21 00:07:01 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Contacts
[2011/09/21 00:07:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/21 00:06:58 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\VirtualStore
[2011/09/21 00:04:09 | 000,000,000 | --SD | C] -- C:\Users\Vishruth\AppData\Roaming\Microsoft
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Videos
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Saved Games
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Pictures
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Music
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Links
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Favorites
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Downloads
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Documents
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Desktop
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\AppData\Local\Temporary Internet Files
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Templates
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Start Menu
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\SendTo
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Recent
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\PrintHood
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\NetHood
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Documents\My Videos
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Documents\My Pictures
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Documents\My Music
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\My Documents
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Local Settings
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\AppData\Local\History
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Cookies
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Application Data
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\AppData\Local\Application Data
[2011/09/21 00:04:09 | 000,000,000 | -H-D | C] -- C:\Users\Vishruth\AppData
[2011/09/21 00:04:09 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Temp
[2011/09/21 00:04:09 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\SoftThinks
[2011/09/21 00:04:09 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Microsoft
[2011/09/21 00:04:09 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\Media Center Programs
========== Files - Modified Within 30 Days ==========
[2011/09/24 17:24:57 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/24 17:24:57 | 000,619,642 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/24 17:24:57 | 000,107,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/24 17:17:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/24 17:17:42 | 427,180,031 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/24 17:16:36 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/09/24 16:58:05 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/24 16:58:05 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/24 16:40:00 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Vishruth\Desktop\OTL.exe
[2011/09/24 16:30:14 | 001,528,215 | ---- | M] () -- C:\Users\Vishruth\Desktop\tdsskiller.zip
[2011/09/24 15:39:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1200953381-1332551998-2081248267-1000UA.job
[2011/09/24 13:18:19 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/09/24 10:18:50 | 361,934,458 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/24 06:41:38 | 000,002,423 | ---- | M] () -- C:\Users\Vishruth\Desktop\Google Chrome.lnk
[2011/09/24 00:39:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1200953381-1332551998-2081248267-1000Core.job
[2011/09/21 10:32:24 | 000,039,219 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/09/21 10:32:24 | 000,039,219 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/09/21 01:47:24 | 000,000,046 | ---- | M] () -- C:\Users\Vishruth\AppData\Roaming\FactoryInstaller.xml
[2011/09/21 00:19:26 | 000,001,443 | ---- | M] () -- C:\Users\Vishruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/21 00:07:56 | 000,001,984 | ---- | M] () -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2011/09/24 16:30:07 | 001,528,215 | ---- | C] () -- C:\Users\Vishruth\Desktop\tdsskiller.zip
[2011/09/24 13:18:19 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/09/21 10:30:05 | 427,180,031 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/21 01:45:51 | 000,000,046 | ---- | C] () -- C:\Users\Vishruth\AppData\Roaming\FactoryInstaller.xml
[2011/09/21 01:27:25 | 361,934,458 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/21 00:36:19 | 000,002,423 | ---- | C] () -- C:\Users\Vishruth\Desktop\Google Chrome.lnk
[2011/09/21 00:34:23 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1200953381-1332551998-2081248267-1000UA.job
[2011/09/21 00:34:19 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1200953381-1332551998-2081248267-1000Core.job
[2011/09/21 00:19:26 | 000,001,443 | ---- | C] () -- C:\Users\Vishruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/21 00:07:56 | 000,001,984 | ---- | C] () -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2011/09/21 00:07:27 | 000,001,415 | ---- | C] () -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/09/21 00:07:20 | 000,001,449 | ---- | C] () -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/09/21 00:04:35 | 000,001,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2011/09/21 00:04:09 | 000,000,290 | ---- | C] () -- C:\Users\Vishruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/09/21 00:04:09 | 000,000,272 | ---- | C] () -- C:\Users\Vishruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/08/06 08:10:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/06 06:45:52 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2010/08/06 06:45:52 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2010/08/06 06:45:52 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2010/08/06 06:45:36 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/08/06 06:45:36 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/08/06 06:42:03 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/07/14 11:08:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 08:05:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 08:04:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 05:40:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 05:12:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 02:33:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 02:56:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
========== LOP Check ==========
[2011/09/23 12:55:52 | 000,000,000 | ---D | M] -- C:\Users\Vishruth\AppData\Roaming\ESET
[2011/09/23 14:41:59 | 000,000,000 | ---D | M] -- C:\Users\Vishruth\AppData\Roaming\FixCleaner
[2011/09/21 17:42:30 | 000,000,000 | ---D | M] -- C:\Users\Vishruth\AppData\Roaming\LolClient
[2011/09/21 01:49:07 | 000,000,000 | ---D | M] -- C:\Users\Vishruth\AppData\Roaming\PCDr
[2011/09/24 17:18:42 | 000,000,000 | ---D | M] -- C:\Users\Vishruth\AppData\Roaming\uTorrent
[2009/07/14 10:38:49 | 000,006,070 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
And the second file, after i ran the quick scan.
OTL logfile created on: 9/24/2011 5:19:47 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Vishruth\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: India | Language: ENN | Date Format: dd-MM-yyyy
5.86 Gb Total Physical Memory | 4.68 Gb Available Physical Memory | 79.79% Memory free
11.73 Gb Paging File | 10.27 Gb Available in Paging File | 87.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.14 Gb Total Space | 382.95 Gb Free Space | 85.45% Space Free | Partition Type: NTFS
Computer Name: VISHRUTH-PC | User Name: Vishruth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/09/24 16:40:00 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Vishruth\Desktop\OTL.exe
PRC - [2011/09/21 01:13:49 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011/09/21 00:41:23 | 000,640,888 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 15:29:14 | 000,274,216 | ---- | M] (Conduit Ltd.) -- C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe
PRC - [2011/08/09 21:39:22 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2010/05/21 22:30:52 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2010/05/21 22:28:30 | 000,673,088 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/02/10 00:04:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/12/30 03:05:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/10/15 13:40:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/09/30 17:31:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/22 19:22:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
PRC - [2009/07/06 02:42:26 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/06/25 02:51:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/05/21 19:29:14 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/05/21 19:29:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 19:29:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
========== Modules (No Company Name) ==========
MOD - [2011/09/21 01:13:49 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2010/05/21 22:30:52 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010/05/21 22:29:16 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010/05/21 22:28:56 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010/05/21 22:28:54 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2010/05/21 22:28:48 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010/05/21 22:28:46 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2010/05/21 22:28:42 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010/05/21 22:28:18 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010/02/10 00:04:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2010/02/10 00:04:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2010/02/10 00:04:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2010/02/10 00:04:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2010/02/10 00:04:00 | 000,058,688 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2010/02/10 00:04:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/10/15 13:40:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/07/22 19:22:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
MOD - [2009/07/14 10:30:25 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e033d390dc7e9567b6960b0f530cf30\System.Management.ni.dll
MOD - [2009/07/14 10:26:04 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\0929bf4ca3bc8e8b2131f27cdf500c7e\System.Web.Services.ni.dll
MOD - [2009/07/14 10:25:32 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
MOD - [2009/07/14 10:25:26 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009/07/14 10:25:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MOD - [2009/07/14 10:25:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
MOD - [2009/07/14 10:25:05 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009/07/14 10:25:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/08/09 21:39:22 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/01/21 01:40:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/01/06 04:34:02 | 000,244,840 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/01/06 04:34:02 | 000,199,032 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
SRV:64bit: - [2010/01/06 04:34:02 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2009/12/16 18:46:30 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/11/18 11:15:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\WINDOWS\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/02 23:18:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 07:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 00:12:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/08/06 06:45:26 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/08/06 06:44:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/08/06 06:43:37 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2010/08/06 06:24:48 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/05/21 22:28:30 | 000,673,088 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/09/30 17:31:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 17:31:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/07/06 02:42:26 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/06/24 02:32:42 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/06/11 02:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/06 05:37:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/05/21 19:29:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/09 13:57:12 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 09:20:38 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2011/08/04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 09:20:38 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2011/08/04 09:20:38 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2010/01/21 01:40:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/01/06 04:34:02 | 000,528,232 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/01/06 04:34:02 | 000,440,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/01/06 04:34:02 | 000,279,752 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/01/06 04:34:02 | 000,189,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/01/06 04:34:02 | 000,121,504 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/01/06 04:34:02 | 000,093,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/01/06 04:34:02 | 000,075,288 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/01/06 04:34:02 | 000,062,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2009/12/16 18:46:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/12/16 18:46:14 | 003,053,560 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/11/18 11:51:20 | 006,171,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/11/02 23:18:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/12 16:30:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/30 07:04:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/17 10:24:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/08/24 08:50:22 | 000,285,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/20 21:35:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/24 11:43:02 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009/07/23 23:27:48 | 000,018,792 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\stdflt.sys -- (stdflt)
DRV:64bit: - [2009/07/14 07:22:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 07:22:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 07:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 07:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 07:17:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 07:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 13:30:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/04 16:57:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/02 06:24:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/07/01 16:01:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/06/25 14:34:20 | 000,067,584 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 14:08:52 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 13:43:44 | 000,055,296 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/15 23:36:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/11 02:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 02:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 02:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 02:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 23:21:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/14 06:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Vishruth\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Vishruth\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2011/09/23 20:05:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/09/23 20:05:15 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Vishruth\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Vishruth\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Vishruth\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Vishruth\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Ethereal 2 Theme By VikiTech = C:\Users\Vishruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjgenbiepgodgfapfnolmenbfncejmjf\1_0\
O1 HOSTS File: ([2011/09/24 17:16:36 | 000,000,098 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20100805201922.dll (McAfee, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20100805201922.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [ConduitHelper] C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe (Conduit Ltd.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2DF5769-43CD-482C-8124-9B021FFFB5E1}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/24 17:16:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/24 16:39:53 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Vishruth\Desktop\OTL.exe
[2011/09/24 16:30:53 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\Desktop\tdsskiller
[2011/09/24 13:12:18 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011/09/24 13:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/09/24 12:42:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/09/24 10:44:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/09/24 10:43:57 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\PackageAware
[2011/09/23 22:25:08 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\SupportSoft
[2011/09/23 21:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SupportSoft
[2011/09/23 21:05:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\supportsoft
[2011/09/23 20:36:38 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\Malwarebytes
[2011/09/23 20:36:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/23 20:36:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/23 20:36:18 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/09/23 20:36:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/09/23 20:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2011/09/23 14:43:15 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Threat Expert
[2011/09/23 14:36:17 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\FixCleaner
[2011/09/23 14:19:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/09/23 14:19:10 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\PC Tools
[2011/09/23 14:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/09/23 14:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/09/23 12:55:52 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\ESET
[2011/09/23 12:55:52 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\ESET
[2011/09/23 12:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/23 12:53:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011/09/23 12:49:08 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Adobe
[2011/09/23 12:48:31 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\WinRAR
[2011/09/23 12:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/09/23 12:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/09/22 21:04:07 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Microsoft Games
[2011/09/21 17:55:25 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\riotsGamesLogs
[2011/09/21 17:42:30 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\LolClient
[2011/09/21 10:59:35 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\vlc
[2011/09/21 10:50:10 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\CyberLink
[2011/09/21 10:31:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011/09/21 10:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
[2011/09/21 10:29:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GRETECH
[2011/09/21 10:10:16 | 000,000,000 | ---D | C] -- C:\Windows\SMINST
[2011/09/21 01:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2011/09/21 01:49:06 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\PCDr
[2011/09/21 01:45:51 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Absolute_Software
[2011/09/21 01:44:45 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\ElevatedDiagnostics
[2011/09/21 01:27:34 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/09/21 01:13:56 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\PMB Files
[2011/09/21 01:13:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011/09/21 00:46:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2011/09/21 00:42:01 | 000,000,000 | ---D | C] -- C:\extensions
[2011/09/21 00:42:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2011/09/21 00:41:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrentBar
[2011/09/21 00:41:58 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Conduit
[2011/09/21 00:41:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2011/09/21 00:40:48 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\uTorrent
[2011/09/21 00:40:48 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\uTorrent
[2011/09/21 00:36:18 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/09/21 00:34:14 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Google
[2011/09/21 00:33:57 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Deployment
[2011/09/21 00:33:57 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Apps
[2011/09/21 00:20:12 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\Macromedia
[2011/09/21 00:20:12 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\Adobe
[2011/09/21 00:13:55 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\MigWiz
[2011/09/21 00:13:32 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\My Backup Files
[2011/09/21 00:08:15 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\Dell
[2011/09/21 00:08:02 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\DataSafeOnline
[2011/09/21 00:07:56 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\Roxio
[2011/09/21 00:07:55 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Stardock_Corporation
[2011/09/21 00:07:49 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\ATI
[2011/09/21 00:07:49 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\ATI
[2011/09/21 00:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/09/21 00:07:19 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Searches
[2011/09/21 00:07:19 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/09/21 00:07:18 | 000,000,000 | -H-D | C] -- C:\Users\Vishruth\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/09/21 00:07:06 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\Identities
[2011/09/21 00:07:01 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Contacts
[2011/09/21 00:07:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/21 00:06:58 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\VirtualStore
[2011/09/21 00:04:09 | 000,000,000 | --SD | C] -- C:\Users\Vishruth\AppData\Roaming\Microsoft
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Videos
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Saved Games
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Pictures
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Music
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Links
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Favorites
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Downloads
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Documents
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\Desktop
[2011/09/21 00:04:09 | 000,000,000 | R--D | C] -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\AppData\Local\Temporary Internet Files
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Templates
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Start Menu
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\SendTo
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Recent
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\PrintHood
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\NetHood
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Documents\My Videos
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Documents\My Pictures
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Documents\My Music
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\My Documents
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Local Settings
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\AppData\Local\History
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Cookies
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\Application Data
[2011/09/21 00:04:09 | 000,000,000 | -HSD | C] -- C:\Users\Vishruth\AppData\Local\Application Data
[2011/09/21 00:04:09 | 000,000,000 | -H-D | C] -- C:\Users\Vishruth\AppData
[2011/09/21 00:04:09 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Temp
[2011/09/21 00:04:09 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\SoftThinks
[2011/09/21 00:04:09 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Local\Microsoft
[2011/09/21 00:04:09 | 000,000,000 | ---D | C] -- C:\Users\Vishruth\AppData\Roaming\Media Center Programs
========== Files - Modified Within 30 Days ==========
[2011/09/24 17:24:57 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/24 17:24:57 | 000,619,642 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/24 17:24:57 | 000,107,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/24 17:17:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/24 17:17:42 | 427,180,031 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/24 17:16:36 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/09/24 16:58:05 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/24 16:58:05 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/24 16:40:00 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Vishruth\Desktop\OTL.exe
[2011/09/24 16:30:14 | 001,528,215 | ---- | M] () -- C:\Users\Vishruth\Desktop\tdsskiller.zip
[2011/09/24 15:39:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1200953381-1332551998-2081248267-1000UA.job
[2011/09/24 13:18:19 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/09/24 10:18:50 | 361,934,458 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/24 06:41:38 | 000,002,423 | ---- | M] () -- C:\Users\Vishruth\Desktop\Google Chrome.lnk
[2011/09/24 00:39:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1200953381-1332551998-2081248267-1000Core.job
[2011/09/21 10:32:24 | 000,039,219 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/09/21 10:32:24 | 000,039,219 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/09/21 01:47:24 | 000,000,046 | ---- | M] () -- C:\Users\Vishruth\AppData\Roaming\FactoryInstaller.xml
[2011/09/21 00:19:26 | 000,001,443 | ---- | M] () -- C:\Users\Vishruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/21 00:07:56 | 000,001,984 | ---- | M] () -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2011/09/24 16:30:07 | 001,528,215 | ---- | C] () -- C:\Users\Vishruth\Desktop\tdsskiller.zip
[2011/09/24 13:18:19 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/09/21 10:30:05 | 427,180,031 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/21 01:45:51 | 000,000,046 | ---- | C] () -- C:\Users\Vishruth\AppData\Roaming\FactoryInstaller.xml
[2011/09/21 01:27:25 | 361,934,458 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/21 00:36:19 | 000,002,423 | ---- | C] () -- C:\Users\Vishruth\Desktop\Google Chrome.lnk
[2011/09/21 00:34:23 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1200953381-1332551998-2081248267-1000UA.job
[2011/09/21 00:34:19 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1200953381-1332551998-2081248267-1000Core.job
[2011/09/21 00:19:26 | 000,001,443 | ---- | C] () -- C:\Users\Vishruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/21 00:07:56 | 000,001,984 | ---- | C] () -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2011/09/21 00:07:27 | 000,001,415 | ---- | C] () -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/09/21 00:07:20 | 000,001,449 | ---- | C] () -- C:\Users\Vishruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/09/21 00:04:35 | 000,001,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2011/09/21 00:04:09 | 000,000,290 | ---- | C] () -- C:\Users\Vishruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/09/21 00:04:09 | 000,000,272 | ---- | C] () -- C:\Users\Vishruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/08/06 08:10:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/06 06:45:52 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2010/08/06 06:45:52 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2010/08/06 06:45:52 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2010/08/06 06:45:36 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/08/06 06:45:36 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/08/06 06:42:03 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/07/14 11:08:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 08:05:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 08:04:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 05:40:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 05:12:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 02:33:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 02:56:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
========== LOP Check ==========
[2011/09/23 12:55:52 | 000,000,000 | ---D | M] -- C:\Users\Vishruth\AppData\Roaming\ESET
[2011/09/23 14:41:59 | 000,000,000 | ---D | M] -- C:\Users\Vishruth\AppData\Roaming\FixCleaner
[2011/09/21 17:42:30 | 000,000,000 | ---D | M] -- C:\Users\Vishruth\AppData\Roaming\LolClient
[2011/09/21 01:49:07 | 000,000,000 | ---D | M] -- C:\Users\Vishruth\AppData\Roaming\PCDr
[2011/09/24 17:18:42 | 000,000,000 | ---D | M] -- C:\Users\Vishruth\AppData\Roaming\uTorrent
[2009/07/14 10:38:49 | 000,006,070 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
Attached Files
-
09242011_171634.log 4.95KB
88 downloads
-
OTL1.Txt 95.17KB
110 downloads
#8
Posted 24 September 2011 - 06:10 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Could you now update and run Malwarebytes posting the resultant log.. Also what are your current problems ?
#9
Posted 24 September 2011 - 06:43 AM
viz18639
- Topic Starter
-
- Member
-
- 6 posts
New Member
I have no problems now. I guess the virus is gone and that ping.exe cant be seen in the task manager.
So i guess, the problem is solved. Mainly i just wanted my pc to stop restarting unexpectedly.
Thanks a lot mate.
You are the best !
So i guess, the problem is solved. Mainly i just wanted my pc to stop restarting unexpectedly.
Thanks a lot mate.
You are the best !
Attached Files
-
mbam-log-2011-09-24 (17-53-16).txt 885bytes
125 downloads
#10
Posted 24 September 2011 - 09:39 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
I will now remove my tools but if you get the unexpected restarts please let me know
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.
Upgrading Java:
SPRING CLEAN
To manually create a new Restore Point
Now we can purge the infected ones
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Malwarebytes. Update and run weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Do not show hidden files and folders.
- Click Yes to confirm.
- Click OK.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.
Upgrading Java:
- Go to this site and click Do I have Java
- It will check your current version and then offer to update to the latest version
SPRING CLEAN
To manually create a new Restore Point
- Go to Control Panel and select System
- Select System
- On the left select System Protection and accept the warning if you get one
- Select System Protection Tab
- Select Create at the bottom
- Type in a name i.e. Clean
- Select Create
Now we can purge the infected ones
- GoStart > All programs > Accessories > system tools
- Right click Disc cleanup and select run as administrator
- Select Your main drive and accept the warning if you get one
- For a few moments the system will make some calculations
- Select the More Options tab
- In the System Restore and Shadow Backups select Clean up
- Select Delete on the pop up
- Select OK
- Select Delete
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Malwarebytes. Update and run weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe
#11
Posted 25 September 2011 - 05:37 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
