Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware - Live Security Platinum [Closed] [Solved]

Started by Apocalypse_VC , Jul 14 2012 07:58 PM

This topic is locked

#1
Apocalypse_VC

Posted 14 July 2012 - 07:58 PM

Member

Member
169 posts

This morning I had the Live Security Platinum virus - which I successfully removed after following one of the guides posted here. However, I believe its affects are still lying around; I cannot turn on Windows Firewall, MSE won't run, a couple of programs which I run regularly won't open either.

OTL Log:
OTL logfile created on: 7/14/2012 9:51:11 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Ravi\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 65.23% Memory free
7.50 Gb Paging File | 5.97 Gb Available in Paging File | 79.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.78 Gb Total Space | 136.98 Gb Free Space | 58.85% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 39.84 Gb Free Space | 17.11% Space Free | Partition Type: NTFS

Computer Name: RAVI-PC | User Name: Ravi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/14 21:50:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ravi\Downloads\OTL.exe
PRC - [2012/07/11 10:55:33 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
PRC - [2012/06/14 18:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/05/25 17:16:05 | 000,932,528 | ---- | M] () -- C:\Users\Ravi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/05/08 13:44:34 | 000,405,504 | ---- | M] (Samsung) -- C:\Users\Ravi\AppData\Roaming\Izuzt\tysim.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/14 15:33:46 | 000,360,960 | ---- | M] () -- C:\Users\Ravi\AppData\Roaming\erlelg.dll
MOD - [2012/07/11 10:55:32 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012/06/14 18:20:15 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/25 17:16:05 | 000,932,528 | ---- | M] () -- C:\Users\Ravi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/07/02 09:54:58 | 002,607,872 | ---- | M] () -- C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
MOD - [2010/07/02 09:54:58 | 000,305,920 | ---- | M] () -- C:\Program Files (x86)\IMinent Toolbar\tbhelper.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/11 10:55:33 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/14 18:20:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/07 15:18:41 | 000,489,256 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 14:15:04 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/29 17:20:27 | 000,007,808 | ---- | M] (SweetLow) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidusbf.sys -- (hidusbf)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/05 15:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/11/18 19:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/10/19 15:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/07 19:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 19:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/09/21 11:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/23 18:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/20 04:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/06/18 21:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/10 14:15:04 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/06/04 17:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/05/24 20:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/12 23:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/12 23:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/12 23:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/06/20 08:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2012/03/07 20:17:15 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3198785
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 11 5A 2A C3 43 FC CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {cce665dd-f6dd-4808-968e-eaec971f70ef} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3AB09CE0-0937-4598-B347-697963CC76A3}: "URL" = http://websearch.ask...6D-626BC48F4775
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "MSN.COM"
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ravi\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ravi\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/11 10:51:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{CE19D4B8-CDEA-11E1-8270-B8AC6F996F26}: C:\Users\Ravi\AppData\Local\{CE19D4B8-CDEA-11E1-8270-B8AC6F996F26}\ [2012/07/14 15:33:47 | 000,000,000 | ---D | M]

[2012/07/11 10:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ravi\AppData\Roaming\Mozilla\Extensions
[2012/07/14 17:18:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ravi\AppData\Roaming\Mozilla\Firefox\Profiles\vwxbnay9.default\extensions
[2012/07/14 17:13:23 | 000,000,919 | ---- | M] () -- C:\Users\Ravi\AppData\Roaming\Mozilla\Firefox\Profiles\vwxbnay9.default\searchplugins\conduit.xml
[2012/07/11 10:51:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/14 15:33:47 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\RAVI\APPDATA\LOCAL\{CE19D4B8-CDEA-11E1-8270-B8AC6F996F26}
[2012/06/14 18:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/14 18:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 18:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Ask (Enabled)
CHR - default_search_provider: search_url = http://websearch.ask...q={searchTerms}
CHR - default_search_provider: suggest_url = http://ss.websearch....q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ravi\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ravi\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ravi\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ravi\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ravi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - homepage: http://search.condui...SearchSource=48
CHR - Extension: YouTube = C:\Users\Ravi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Ravi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Ravi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [erlelg] C:\Users\Ravi\AppData\Roaming\erlelg.dll ()
O4:64bit: - HKLM..\Run: [rtcfpc] C:\Users\Ravi\AppData\Roaming\rtcfpc.dll (DT Soft Ltd)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Gaityqfau] C:\Users\Ravi\AppData\Roaming\Izuzt\tysim.exe (Samsung)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Ravi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Users\Ravi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Acer = C:\Users\Ravi\AppData\Roaming\7E049E.exe ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20B933B8-D787-47BD-B8E5-7949F15BB700}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: findover - (C:\Windows\system32\repleout.dll) - C:\Windows\SysWOW64\repleout.dll (FRISK Software International)
O36 - AppCertDlls: Regieout - (C:\Windows\system32\repleout64.dll) - File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/14 17:12:50 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\CRE
[2012/07/14 17:12:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/07/14 17:12:24 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\Conduit
[2012/07/14 16:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/07/14 16:44:10 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Roaming\TestApp
[2012/07/14 16:44:10 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/07/14 16:30:13 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
[2012/07/14 15:41:45 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/07/14 15:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\0C1D1734000972D202DD0162F875EF60
[2012/07/14 15:33:47 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\{CE1A0F87-CDEA-11E1-8270-B8AC6F996F26}
[2012/07/14 15:33:47 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\{CE19D4B8-CDEA-11E1-8270-B8AC6F996F26}
[2012/07/14 15:33:02 | 000,062,976 | -H-- | C] (FRISK Software International) -- C:\Windows\SysNative\repleout64.dll
[2012/07/14 15:33:02 | 000,056,320 | -H-- | C] (FRISK Software International) -- C:\Windows\SysWow64\repleout.dll
[2012/07/14 15:32:45 | 000,152,064 | -HS- | C] (DT Soft Ltd) -- C:\Users\Ravi\AppData\Roaming\rtcfpc.dll
[2012/07/14 15:32:38 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Roaming\Taywwu
[2012/07/14 15:32:38 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Roaming\Ovdu
[2012/07/14 15:32:38 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Roaming\Izuzt
[2012/07/13 03:24:50 | 000,000,000 | ---D | C] -- C:\Users\Ravi\Documents\My Curse
[2012/07/13 03:24:24 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2012/07/13 03:23:27 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\Apps
[2012/07/13 03:23:25 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\Deployment
[2012/07/12 23:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012/07/12 22:40:08 | 000,000,000 | ---D | C] -- C:\World of Warcraft
[2012/07/12 06:13:43 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\{76936897-7BE1-4C59-94AD-702BD9C1B21A}
[2012/07/11 10:51:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/07/11 03:40:59 | 000,000,000 | R--D | C] -- C:\Users\Ravi\Saved Games
[2012/07/11 03:40:59 | 000,000,000 | R--D | C] -- C:\Users\Ravi\Links
[2012/07/11 03:40:59 | 000,000,000 | R--D | C] -- C:\Users\Ravi\Contacts
[2012/07/09 08:22:02 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\{EACE122D-E46F-4139-925E-D2DC075B4351}
[2012/07/09 08:21:51 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\{DBE0BFFE-2C01-4CFF-9D61-8DB401A07358}
[2012/07/07 04:45:56 | 000,000,000 | ---D | C] -- C:\Users\Ravi\riotsGamesLogs
[2012/07/01 04:59:41 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012/07/01 04:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012/07/01 02:59:14 | 000,000,000 | ---D | C] -- C:\Users\Ravi\Desktop\League of legends
[2012/07/01 02:59:01 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\PMB Files
[2012/07/01 02:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012/07/01 02:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/07/01 02:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/06/29 18:54:12 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/06/29 17:18:23 | 000,007,808 | ---- | C] (SweetLow) -- C:\Windows\SysNative\drivers\hidusbf.sys
[2012/06/22 04:35:11 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\{A53A92C0-76D0-4B82-ABEC-EC5B9A34FBD8}
[2012/06/22 04:34:58 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\{C9583209-B762-4208-B810-F37F9FBF1263}
[2012/06/22 04:34:28 | 000,000,000 | ---D | C] -- C:\Users\Ravi\Tracing
[2012/06/22 04:34:04 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/06/22 04:32:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012/06/22 04:17:39 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2012/06/22 04:17:34 | 000,000,000 | ---D | C] -- C:\Fraps
[2012/06/20 06:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012/06/20 06:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/06/20 06:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/06/20 06:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/06/20 06:16:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012/06/20 06:16:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/06/20 06:15:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012/06/20 06:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012/06/20 06:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/06/20 06:13:15 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\Microsoft Help
[2012/06/20 06:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/06/20 06:12:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/06/20 06:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/06/20 06:12:11 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/06/20 05:04:11 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Roaming\e-academy Inc
[2012/06/20 05:04:11 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\e-academy Inc
[2012/06/17 04:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
[2012/06/15 16:23:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/06/15 16:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
[2012/06/15 16:23:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2012/06/15 16:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/06/15 15:50:26 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\Macromedia

========== Files - Modified Within 30 Days ==========

[2012/07/14 21:54:15 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/14 21:54:15 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/14 21:46:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/14 21:46:30 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/14 21:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/14 20:31:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2363339078-451313169-379080543-1000UA.job
[2012/07/14 17:13:19 | 000,000,009 | ---- | M] () -- C:\END
[2012/07/14 15:33:46 | 000,360,960 | ---- | M] () -- C:\Users\Ravi\AppData\Roaming\erlelg.dll
[2012/07/14 15:33:02 | 000,062,976 | -H-- | M] (FRISK Software International) -- C:\Windows\SysNative\repleout64.dll
[2012/07/14 15:33:02 | 000,056,320 | -H-- | M] (FRISK Software International) -- C:\Windows\SysWow64\repleout.dll
[2012/07/14 15:32:31 | 000,152,064 | -HS- | M] (DT Soft Ltd) -- C:\Users\Ravi\AppData\Roaming\rtcfpc.dll
[2012/07/13 03:24:46 | 000,000,000 | ---- | M] () -- C:\Users\Ravi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2012/07/13 03:24:24 | 000,000,318 | ---- | M] () -- C:\Users\Ravi\Desktop\Curse Client.appref-ms
[2012/07/12 18:52:31 | 000,729,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/12 18:52:31 | 000,626,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/12 18:52:31 | 000,107,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/11 11:31:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2363339078-451313169-379080543-1000Core.job
[2012/07/11 10:51:54 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/11 03:40:29 | 000,436,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/01 05:05:23 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/06/29 17:20:27 | 000,007,808 | ---- | M] (SweetLow) -- C:\Windows\SysNative\drivers\hidusbf.sys
[2012/06/29 17:20:25 | 000,000,543 | ---- | M] () -- C:\Windows\NGO.cer

========== Files Created - No Company Name ==========

[2012/07/14 21:51:05 | 000,022,016 | ---- | C] () -- C:\Windows\Installer\{a44c7012-1f2e-27d9-e2b1-b33b101e424e}\U\800000cb.@
[2012/07/14 17:13:18 | 000,000,009 | ---- | C] () -- C:\END
[2012/07/14 15:33:43 | 000,360,960 | ---- | C] () -- C:\Users\Ravi\AppData\Roaming\erlelg.dll
[2012/07/14 15:32:53 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{a44c7012-1f2e-27d9-e2b1-b33b101e424e}\U\80000000.@
[2012/07/14 15:32:52 | 000,001,696 | ---- | C] () -- C:\Windows\Installer\{a44c7012-1f2e-27d9-e2b1-b33b101e424e}\U\00000001.@
[2012/07/13 03:24:46 | 000,000,000 | ---- | C] () -- C:\Users\Ravi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2012/07/13 03:24:24 | 000,000,318 | ---- | C] () -- C:\Users\Ravi\Desktop\Curse Client.appref-ms
[2012/07/11 10:55:34 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/11 10:51:54 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/11 10:51:53 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/01 05:05:23 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/06/29 17:20:25 | 000,000,543 | ---- | C] () -- C:\Windows\NGO.cer
[2012/06/22 04:33:16 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/06/22 04:32:48 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/04/21 20:22:50 | 006,908,648 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2012/03/14 15:35:00 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\pv_c3.exe
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/03/07 21:12:47 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/03/07 20:11:14 | 000,007,601 | ---- | C] () -- C:\Users\Ravi\AppData\Local\resmon.resmoncfg
[2012/03/07 20:08:02 | 000,007,168 | ---- | C] () -- C:\Users\Ravi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/07 16:57:44 | 000,072,704 | -HS- | C] () -- C:\Users\Ravi\AppData\Roaming\7E049E.exe
[2012/03/07 16:21:23 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2012/03/07 16:21:23 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini
[2012/03/07 16:21:22 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
[2012/03/07 16:01:21 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/07 14:37:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/03/07 08:02:05 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{a44c7012-1f2e-27d9-e2b1-b33b101e424e}\@
[2012/03/07 08:02:05 | 000,002,048 | -HS- | C] () -- C:\Users\Ravi\AppData\Local\{a44c7012-1f2e-27d9-e2b1-b33b101e424e}\@
[2012/02/14 22:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 22:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012/06/20 05:04:11 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\e-academy Inc
[2012/05/14 11:37:22 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\Iminent
[2012/07/14 15:32:38 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\Izuzt
[2012/05/02 12:51:13 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\LolClient
[2012/06/08 01:40:49 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\LolClient2
[2012/03/11 21:27:02 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\OpenOffice.org
[2012/07/14 21:51:48 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\Ovdu
[2012/06/20 02:43:50 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\Spotify
[2012/07/14 15:32:38 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\Taywwu
[2012/07/14 16:44:10 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\TestApp
[2012/07/10 21:26:30 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

#2
Essexboy

Posted 15 July 2012 - 06:13 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi you still have a zero access infection

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O4:64bit: - HKLM..\Run: [erlelg] C:\Users\Ravi\AppData\Roaming\erlelg.dll ()
O4:64bit: - HKLM..\Run: [rtcfpc] C:\Users\Ravi\AppData\Roaming\rtcfpc.dll (DT Soft Ltd)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Acer = C:\Users\Ravi\AppData\Roaming\7E049E.exe ()
O36 - AppCertDlls: findover - (C:\Windows\system32\repleout.dll) - C:\Windows\SysWOW64\repleout.dll (FRISK Software International)
O36 - AppCertDlls: Regieout - (C:\Windows\system32\repleout64.dll) - File not found
[2012/07/14 16:30:13 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
[2012/07/14 15:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\0C1D1734000972D202DD0162F875EF60
[2012/07/14 15:33:02 | 000,062,976 | -H-- | C] (FRISK Software International) -- C:\Windows\SysNative\repleout64.dll
[2012/07/14 15:33:02 | 000,056,320 | -H-- | C] (FRISK Software International) -- C:\Windows\SysWow64\repleout.dll
[2012/07/14 15:32:45 | 000,152,064 | -HS- | C] (DT Soft Ltd) -- C:\Users\Ravi\AppData\Roaming\rtcfpc.dll
[2012/07/14 15:32:38 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Roaming\Taywwu
[2012/07/14 15:32:38 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Roaming\Ovdu
[2012/07/14 15:32:38 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Roaming\Izuzt

:Files
C:\Windows\Installer\{a44c7012-1f2e-27d9-e2b1-b33b101e424e}
C:\Users\Ravi\AppData\Local\{a44c7012-1f2e-27d9-e2b1-b33b101e424e}

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#3
Apocalypse_VC

Posted 15 July 2012 - 07:22 PM

Member

Topic Starter
Member
169 posts

OTL Log:
All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\erlelg deleted successfully.
C:\Users\Ravi\AppData\Roaming\erlelg.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\rtcfpc deleted successfully.
C:\Users\Ravi\AppData\Roaming\rtcfpc.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Acer deleted successfully.
C:\Users\Ravi\AppData\Roaming\7E049E.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\findover deleted successfully.
C:\Windows\SysWOW64\repleout.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\Regieout deleted successfully.
C:\Users\Ravi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum folder moved successfully.
Folder C:\ProgramData\0C1D1734000972D202DD0162F875EF60\ not found.
C:\Windows\SysNative\repleout64.dll moved successfully.
File C:\Windows\SysWow64\repleout.dll not found.
File C:\Users\Ravi\AppData\Roaming\rtcfpc.dll not found.
C:\Users\Ravi\AppData\Roaming\Taywwu folder moved successfully.
C:\Users\Ravi\AppData\Roaming\Ovdu folder moved successfully.
C:\Users\Ravi\AppData\Roaming\Izuzt folder moved successfully.
========== FILES ==========
C:\Windows\Installer\{a44c7012-1f2e-27d9-e2b1-b33b101e424e}\U folder moved successfully.
C:\Windows\Installer\{a44c7012-1f2e-27d9-e2b1-b33b101e424e}\L folder moved successfully.
C:\Windows\Installer\{a44c7012-1f2e-27d9-e2b1-b33b101e424e} folder moved successfully.
C:\Users\Ravi\AppData\Local\{a44c7012-1f2e-27d9-e2b1-b33b101e424e}\U folder moved successfully.
C:\Users\Ravi\AppData\Local\{a44c7012-1f2e-27d9-e2b1-b33b101e424e}\L folder moved successfully.
C:\Users\Ravi\AppData\Local\{a44c7012-1f2e-27d9-e2b1-b33b101e424e} folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Ravi
->Temp folder emptied: 35243141 bytes
->Temporary Internet Files folder emptied: 2817918 bytes
->Java cache emptied: 8804701 bytes
->FireFox cache emptied: 694324582 bytes
->Google Chrome cache emptied: 374322977 bytes
->Flash cache emptied: 8515 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 48377 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 57094781 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,118.00 mb

Unable to start System Restore Service. Error code 1084

OTL by OldTimer - Version 3.2.54.0 log created on 07152012_205706

Files\Folders moved on Reboot...
C:\Users\Ravi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Ravi\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Combo Fix Log:
ComboFix 12-07-14.01 - Ravi 07/15/2012 21:07:49.1.2 - x64 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3838.2829 [GMT -4:00]
Running from: c:\users\Ravi\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\IMinent Toolbar\tbHElper.dll
c:\users\Ravi\AppData\Local\kcopxego.exe
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-16 to 2012-07-16 )))))))))))))))))))))))))))))))
.
.
2012-07-16 01:14 . 2012-07-16 01:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-16 00:57 . 2012-07-16 00:57 -------- d-----w- C:\_OTL
2012-07-14 21:12 . 2012-07-14 21:12 -------- d-----w- c:\users\Ravi\AppData\Local\CRE
2012-07-14 21:12 . 2012-07-14 21:12 -------- d-----w- c:\program files (x86)\Conduit
2012-07-14 21:12 . 2012-07-14 21:16 -------- d-----w- c:\users\Ravi\AppData\Local\Conduit
2012-07-14 20:44 . 2012-07-14 20:44 -------- d-----w- c:\users\Ravi\AppData\Roaming\TestApp
2012-07-14 20:44 . 2012-07-14 20:44 -------- d-----w- c:\programdata\PC Tools
2012-07-14 19:41 . 2012-07-14 19:41 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-14 19:33 . 2012-07-14 20:30 -------- d-----w- c:\programdata\0C1D1734000972D202DD0162F875EF60
2012-07-14 19:33 . 2012-07-14 19:33 -------- d-----w- c:\users\Ravi\AppData\Local\{CE1A0F87-CDEA-11E1-8270-B8AC6F996F26}
2012-07-14 19:33 . 2012-07-14 19:33 -------- d-----w- c:\users\Ravi\AppData\Local\{CE19D4B8-CDEA-11E1-8270-B8AC6F996F26}
2012-07-14 00:30 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7B1B71CD-FD3A-43CE-8B9B-A76E0237AA94}\mpengine.dll
2012-07-13 07:23 . 2012-07-13 07:23 -------- d-----w- c:\users\Ravi\AppData\Local\Apps
2012-07-13 07:23 . 2012-07-16 01:01 -------- d-----w- c:\users\Ravi\AppData\Local\Deployment
2012-07-13 03:13 . 2012-07-13 03:13 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-07-13 02:40 . 2012-07-16 00:43 -------- d-----w- C:\World of Warcraft
2012-07-12 22:38 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-11 14:55 . 2012-07-11 14:55 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-11 14:55 . 2012-07-11 14:55 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 07:07 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 02:41 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 02:41 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 02:41 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 02:41 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 02:41 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 02:41 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-07 08:45 . 2012-07-11 14:49 -------- d-----w- c:\users\Ravi\riotsGamesLogs
2012-07-04 08:25 . 2012-03-07 20:02 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66CA2CDE-646F-4DE6-9FD4-CB0EC2126603}\gapaengine.dll
2012-07-01 08:59 . 2012-07-01 08:59 -------- d-----w- C:\Riot Games
2012-07-01 06:59 . 2012-07-16 00:35 -------- d-----w- c:\users\Ravi\AppData\Local\PMB Files
2012-07-01 06:58 . 2012-07-16 00:35 -------- d-----w- c:\programdata\PMB Files
2012-07-01 06:48 . 2012-07-14 21:25 -------- d-----w- c:\program files\CCleaner
2012-06-29 21:18 . 2012-06-29 21:20 7808 ----a-w- c:\windows\system32\drivers\hidusbf.sys
2012-06-22 08:34 . 2012-07-12 10:13 -------- d-----w- c:\users\Ravi\Tracing
2012-06-22 08:34 . 2012-06-22 08:34 -------- d-----w- c:\windows\en
2012-06-22 08:32 . 2012-06-22 08:32 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-06-22 08:30 . 2009-09-04 21:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2012-06-22 08:30 . 2009-09-04 21:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2012-06-22 08:30 . 2009-09-04 21:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2012-06-22 08:30 . 2009-09-04 21:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-06-22 08:29 . 2006-11-29 17:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-06-22 08:29 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2012-06-22 08:28 . 2012-06-22 08:28 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\11d210ed1cd505102\DSETUP.dll
2012-06-22 08:28 . 2012-06-22 08:28 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\11d210ed1cd505102\DXSETUP.exe
2012-06-22 08:28 . 2012-06-22 08:28 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\11d210ed1cd505102\dsetup32.dll
2012-06-22 08:28 . 2012-06-22 08:28 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\cf7c28a1cd505101\DSETUP.dll
2012-06-22 08:28 . 2012-06-22 08:28 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\cf7c28a1cd505101\DXSETUP.exe
2012-06-22 08:28 . 2012-06-22 08:28 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\cf7c28a1cd505101\dsetup32.dll
2012-06-22 08:17 . 2012-06-22 08:24 -------- d-----w- C:\Fraps
2012-06-20 10:17 . 2012-06-20 10:17 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-06-20 10:16 . 2012-06-20 10:16 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-06-20 10:16 . 2012-06-20 10:16 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-06-20 10:15 . 2012-06-20 10:15 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-06-20 10:14 . 2012-06-20 10:14 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-06-20 10:14 . 2012-06-20 10:14 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-06-20 10:13 . 2012-06-20 10:13 -------- d-----w- c:\users\Ravi\AppData\Local\Microsoft Help
2012-06-20 10:12 . 2012-07-11 07:07 -------- d-----w- c:\programdata\Microsoft Help
2012-06-20 10:12 . 2012-06-20 10:12 -------- d-----r- C:\MSOCache
2012-06-20 09:04 . 2012-06-20 09:04 -------- d-----w- c:\users\Ravi\AppData\Roaming\e-academy Inc
2012-06-20 09:04 . 2012-06-20 09:04 -------- d-----w- c:\users\Ravi\AppData\Local\e-academy Inc
2012-06-19 02:29 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 02:29 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 02:29 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 02:29 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 02:29 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 02:29 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 02:29 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 02:29 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 02:29 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 17:46 . 2012-03-19 19:54 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-11 18:17 . 2012-06-11 18:17 71680 ----a-w- c:\windows\system32\frapsv64.dll
2012-06-11 18:17 . 2012-06-11 18:17 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2012-05-04 11:06 . 2012-06-13 19:11 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 19:11 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 19:11 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-02 17:59 . 2012-05-02 17:57 160148296 ----a-w- C:\12-4_mobility_vista_win7_64_dd_ccc.exe
2012-05-01 05:40 . 2012-06-13 19:11 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 05:32 . 2012-06-13 19:11 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-04-28 03:55 . 2012-06-13 19:11 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 19:11 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 19:11 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 19:11 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 19:11 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 19:11 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 19:11 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 19:11 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 19:11 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 19:11 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-22 00:21 . 2012-04-22 00:22 6908648 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
2010-07-02 13:54 2607872 ----a-w- c:\program files (x86)\IMinent Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files (x86)\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
.
[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Ravi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-25 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
.
c:\users\Ravi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-7-13 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-03-08 21712]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-04 216064]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-07 1255736]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-13 292864]
S3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\DRIVERS\hidusbf.sys [2012-06-29 7808]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-10-19 39480]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 14:55]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2363339078-451313169-379080543-1000Core.job
- c:\users\Ravi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-07 21:13]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2363339078-451313169-379080543-1000UA.job
- c:\users\Ravi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-07 21:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ravi\AppData\Roaming\Mozilla\Firefox\Profiles\vwxbnay9.default\
FF - prefs.js: browser.startup.homepage - MSN.COM
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Gaityqfau - c:\users\Ravi\AppData\Roaming\Izuzt\tysim.exe
SafeBoot-MsMpSvc
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
AddRemove-Counter-Strike 1.6 - E:\Uninstal.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-15 21:21:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-16 01:21
.
Pre-Run: 147,608,186,880 bytes free
Post-Run: 147,260,637,184 bytes free
.
- - End Of File - - 352EABE594C8F300C26E5CAE31B41862

#4
Essexboy

Posted 16 July 2012 - 07:52 AM

GeekU Moderator

Retired Staff
69,964 posts

How is the computer behaving now ? Any problems

Could you now update and run a quick malwarebytes scan and post the resultant log

#5
Essexboy

Posted 20 July 2012 - 07:44 AM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

#6
Essexboy

Posted 23 July 2012 - 07:59 AM

GeekU Moderator

Retired Staff
69,964 posts

User returned

#7
Apocalypse_VC

Posted 23 July 2012 - 11:30 PM

Member

Topic Starter
Member
169 posts

As mentioned, I got the Google Redirect virus. So, basically I search for something Google and when I click on the result it takes me somewhere else.

Here's the OTL log you requested:

OTL logfile created on: 7/23/2012 9:34:00 PM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Ravi\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 70.79% Memory free
7.50 Gb Paging File | 6.36 Gb Available in Paging File | 84.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.78 Gb Total Space | 124.76 Gb Free Space | 53.59% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 39.84 Gb Free Space | 17.11% Space Free | Partition Type: NTFS

Computer Name: RAVI-PC | User Name: Ravi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/14 21:50:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ravi\Desktop\OTL.exe
PRC - [2012/06/14 18:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/14 18:20:15 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/11 10:55:33 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/14 18:20:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/07 15:18:41 | 000,489,256 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 14:15:04 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/29 17:20:27 | 000,007,808 | ---- | M] (SweetLow) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidusbf.sys -- (hidusbf)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/05 15:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/11/18 19:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/10/19 15:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/07 19:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 19:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/09/21 11:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/23 18:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/20 04:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/06/18 21:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/10 14:15:04 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/06/04 17:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/05/24 20:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/12 23:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/12 23:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/12 23:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/06/20 08:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2012/03/07 20:17:15 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3198785
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 11 5A 2A C3 43 FC CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3AB09CE0-0937-4598-B347-697963CC76A3}: "URL" = http://websearch.ask...6D-626BC48F4775
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "MSN.COM"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ravi\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ravi\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/11 10:51:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{CE19D4B8-CDEA-11E1-8270-B8AC6F996F26}: C:\Users\Ravi\AppData\Local\{CE19D4B8-CDEA-11E1-8270-B8AC6F996F26}\ [2012/07/14 15:33:47 | 000,000,000 | ---D | M]

[2012/07/11 10:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ravi\AppData\Roaming\Mozilla\Extensions
[2012/07/16 01:02:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ravi\AppData\Roaming\Mozilla\Firefox\Profiles\vwxbnay9.default\extensions
[2012/07/14 17:13:23 | 000,000,919 | ---- | M] () -- C:\Users\Ravi\AppData\Roaming\Mozilla\Firefox\Profiles\vwxbnay9.default\searchplugins\conduit.xml
[2012/07/11 10:51:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/14 15:33:47 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\RAVI\APPDATA\LOCAL\{CE19D4B8-CDEA-11E1-8270-B8AC6F996F26}
[2012/06/14 18:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/14 18:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 18:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.condui...SearchSource=48
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.condui...&ctid=CT3198785
CHR - default_search_provider: suggest_url = http://search.conduit.com/
CHR - homepage: http://search.condui...SearchSource=48
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ravi\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ravi\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ravi\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ravi\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ravi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Ravi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Ravi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Ravi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/23 00:20:47 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20B933B8-D787-47BD-B8E5-7949F15BB700}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/23 00:28:44 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ravi\Desktop\TDSSKiller.exe
[2012/07/23 00:27:48 | 000,000,000 | ---D | C] -- C:\Users\Ravi\Desktop\GooredFix Backups
[2012/07/23 00:20:46 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/07/23 00:18:48 | 000,000,000 | ---D | C] -- C:\Windows\7-23-2012
[2012/07/23 00:17:25 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Ravi\Desktop\GooredFix.exe
[2012/07/23 00:17:07 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\Ravi\Desktop\OTM.exe
[2012/07/20 01:56:39 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.ocx
[2012/07/20 01:56:39 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Comdlg32.ocx
[2012/07/20 01:56:39 | 000,073,728 | ---- | C] (Oceanview Software Limited) -- C:\Windows\SysWow64\ovsCombo2D.ocx
[2012/07/20 01:56:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grey Dog Software
[2012/07/20 01:56:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\GDS
[2012/07/20 01:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GDS
[2012/07/16 01:01:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrentControl2
[2012/07/16 01:00:05 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Roaming\uTorrent
[2012/07/15 23:24:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/15 21:21:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/15 21:06:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/15 21:06:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/15 21:06:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/15 21:06:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/15 21:05:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/15 20:57:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/14 21:50:54 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Ravi\Desktop\OTL.exe
[2012/07/14 17:12:50 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\CRE
[2012/07/14 17:12:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/07/14 17:12:24 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\Conduit
[2012/07/14 16:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/07/14 16:44:10 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Roaming\TestApp
[2012/07/14 16:44:10 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/07/14 15:41:45 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/07/14 15:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\0C1D1734000972D202DD0162F875EF60
[2012/07/14 15:33:47 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\{CE1A0F87-CDEA-11E1-8270-B8AC6F996F26}
[2012/07/14 15:33:47 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\{CE19D4B8-CDEA-11E1-8270-B8AC6F996F26}
[2012/07/13 03:24:50 | 000,000,000 | ---D | C] -- C:\Users\Ravi\Documents\My Curse
[2012/07/13 03:24:24 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2012/07/13 03:23:27 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\Apps
[2012/07/13 03:23:25 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\Deployment
[2012/07/12 23:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012/07/12 22:40:08 | 000,000,000 | ---D | C] -- C:\World of Warcraft
[2012/07/12 06:13:43 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\{76936897-7BE1-4C59-94AD-702BD9C1B21A}
[2012/07/11 10:55:32 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/11 10:55:32 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/11 10:51:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/07/11 03:40:59 | 000,000,000 | R--D | C] -- C:\Users\Ravi\Saved Games
[2012/07/11 03:40:59 | 000,000,000 | R--D | C] -- C:\Users\Ravi\Links
[2012/07/11 03:40:59 | 000,000,000 | R--D | C] -- C:\Users\Ravi\Contacts
[2012/07/11 03:01:28 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/11 03:01:28 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/11 03:01:27 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/11 03:01:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/11 03:01:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/11 03:01:24 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/11 03:01:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/11 03:01:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/11 03:01:21 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/11 03:01:21 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/11 03:01:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/11 03:01:20 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/11 03:01:20 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/10 22:41:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/10 22:41:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/10 22:40:53 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/10 22:40:50 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/10 22:40:49 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/09 08:22:02 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\{EACE122D-E46F-4139-925E-D2DC075B4351}
[2012/07/09 08:21:51 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\{DBE0BFFE-2C01-4CFF-9D61-8DB401A07358}
[2012/07/07 04:45:56 | 000,000,000 | ---D | C] -- C:\Users\Ravi\riotsGamesLogs
[2012/07/01 04:59:41 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012/07/01 04:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012/07/01 02:59:14 | 000,000,000 | ---D | C] -- C:\Users\Ravi\Desktop\League of legends
[2012/07/01 02:59:01 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\PMB Files
[2012/07/01 02:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012/07/01 02:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/07/01 02:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/06/29 18:54:12 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/06/29 17:18:23 | 000,007,808 | ---- | C] (SweetLow) -- C:\Windows\SysNative\drivers\hidusbf.sys

========== Files - Modified Within 30 Days ==========

[2012/07/23 21:31:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2363339078-451313169-379080543-1000UA.job
[2012/07/23 21:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/23 19:02:17 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/23 19:02:17 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/23 18:55:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/23 18:54:53 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/23 00:20:47 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/07/23 00:17:39 | 002,117,152 | ---- | M] () -- C:\Users\Ravi\Desktop\tdsskiller.zip
[2012/07/23 00:17:25 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Ravi\Desktop\GooredFix.exe
[2012/07/23 00:17:08 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\Ravi\Desktop\OTM.exe
[2012/07/22 11:31:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2363339078-451313169-379080543-1000Core.job
[2012/07/20 22:46:18 | 000,437,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/19 22:15:05 | 000,746,732 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/19 22:15:05 | 000,629,182 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/19 22:15:05 | 000,108,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/16 22:11:26 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ravi\Desktop\TDSSKiller.exe
[2012/07/14 21:50:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ravi\Desktop\OTL.exe
[2012/07/14 17:13:19 | 000,000,009 | ---- | M] () -- C:\END
[2012/07/13 03:24:24 | 000,000,318 | ---- | M] () -- C:\Users\Ravi\Desktop\Curse Client.appref-ms
[2012/07/11 10:55:33 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/11 10:55:32 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/11 10:51:54 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/01 05:05:23 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/06/29 17:20:27 | 000,007,808 | ---- | M] (SweetLow) -- C:\Windows\SysNative\drivers\hidusbf.sys
[2012/06/29 17:20:25 | 000,000,543 | ---- | M] () -- C:\Windows\NGO.cer

========== Files Created - No Company Name ==========

[2012/07/23 00:17:33 | 002,117,152 | ---- | C] () -- C:\Users\Ravi\Desktop\tdsskiller.zip
[2012/07/15 21:06:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/15 21:06:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/15 21:06:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/15 21:06:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/15 21:06:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/14 17:13:18 | 000,000,009 | ---- | C] () -- C:\END
[2012/07/13 03:24:24 | 000,000,318 | ---- | C] () -- C:\Users\Ravi\Desktop\Curse Client.appref-ms
[2012/07/11 10:55:34 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/11 10:51:54 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/11 10:51:53 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/01 05:05:23 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/06/29 17:20:25 | 000,000,543 | ---- | C] () -- C:\Windows\NGO.cer
[2012/04/21 20:22:50 | 006,908,648 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2012/03/14 15:35:00 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\pv_c3.exe
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/03/07 21:12:47 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/03/07 20:11:14 | 000,007,601 | ---- | C] () -- C:\Users\Ravi\AppData\Local\resmon.resmoncfg
[2012/03/07 20:08:02 | 000,007,168 | ---- | C] () -- C:\Users\Ravi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/07 16:21:23 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2012/03/07 16:21:23 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini
[2012/03/07 16:21:22 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
[2012/03/07 16:01:21 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/07 14:37:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/02/14 22:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 22:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

< End of report >

#8
Essexboy

Posted 24 July 2012 - 07:56 AM

GeekU Moderator

Retired Staff
69,964 posts

Are the redirects in IE, Chrome, Firefox or all ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2012/07/14 17:13:23 | 000,000,919 | ---- | M] () -- C:\Users\Ravi\AppData\Roaming\Mozilla\Firefox\Profiles\vwxbnay9.default\searchplugins\conduit.xml
[2012/07/14 15:33:47 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\RAVI\APPDATA\LOCAL\{CE19D4B8-CDEA-11E1-8270-B8AC6F996F26}
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

:Files
ipconfig /flushdns /c
C:\Program Files (x86)\IMinent Toolbar

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download the following tool

Listparts

Run the tool, click Scan and post the log (Result.txt) it makes.

Posted Image

#9
Apocalypse_VC

Posted 24 July 2012 - 06:04 PM

Member

Topic Starter
Member
169 posts

I only use FireFox. I dont' use Chrome or IE although I have it.

OTL:

OTL logfile created on: 7/24/2012 7:55:36 PM - Run 3
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Ravi\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.76 Gb Available Physical Memory | 73.63% Memory free
7.50 Gb Paging File | 6.46 Gb Available in Paging File | 86.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.78 Gb Total Space | 127.95 Gb Free Space | 54.97% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 39.84 Gb Free Space | 17.11% Space Free | Partition Type: NTFS

Computer Name: RAVI-PC | User Name: Ravi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/14 21:50:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ravi\Desktop\OTL.exe
PRC - [2012/06/14 18:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/14 18:20:15 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/11 10:55:33 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/14 18:20:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/07 15:18:41 | 000,489,256 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 14:15:04 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/29 17:20:27 | 000,007,808 | ---- | M] (SweetLow) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidusbf.sys -- (hidusbf)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/05 15:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/11/18 19:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/10/19 15:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/07 19:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 19:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/09/21 11:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/23 18:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/20 04:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/06/18 21:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/10 14:15:04 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/06/04 17:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/05/24 20:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/12 23:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/12 23:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/12 23:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/06/20 08:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2012/03/07 20:17:15 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3198785
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 11 5A 2A C3 43 FC CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3AB09CE0-0937-4598-B347-697963CC76A3}: "URL" = http://websearch.ask...6D-626BC48F4775
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "MSN.COM"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ravi\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ravi\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/11 10:51:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{CE19D4B8-CDEA-11E1-8270-B8AC6F996F26}: C:\Users\Ravi\AppData\Local\{CE19D4B8-CDEA-11E1-8270-B8AC6F996F26}\

[2012/07/11 10:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ravi\AppData\Roaming\Mozilla\Extensions
[2012/07/16 01:02:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ravi\AppData\Roaming\Mozilla\Firefox\Profiles\vwxbnay9.default\extensions
[2012/07/11 10:51:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/14 18:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/14 18:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 18:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.condui...SearchSource=48
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.condui...&ctid=CT3198785
CHR - default_search_provider: suggest_url = http://search.conduit.com/
CHR - homepage: http://search.condui...SearchSource=48
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ravi\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ravi\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ravi\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ravi\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ravi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Ravi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Ravi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Ravi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/24 19:51:01 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20B933B8-D787-47BD-B8E5-7949F15BB700}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/23 00:28:44 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ravi\Desktop\TDSSKiller.exe
[2012/07/23 00:27:48 | 000,000,000 | ---D | C] -- C:\Users\Ravi\Desktop\GooredFix Backups
[2012/07/23 00:20:46 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/07/23 00:18:48 | 000,000,000 | ---D | C] -- C:\Windows\7-23-2012
[2012/07/23 00:17:25 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Ravi\Desktop\GooredFix.exe
[2012/07/23 00:17:07 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\Ravi\Desktop\OTM.exe
[2012/07/20 01:56:39 | 000,073,728 | ---- | C] (Oceanview Software Limited) -- C:\Windows\SysWow64\ovsCombo2D.ocx
[2012/07/20 01:56:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grey Dog Software
[2012/07/20 01:56:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\GDS
[2012/07/20 01:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GDS
[2012/07/16 01:01:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrentControl2
[2012/07/16 01:00:05 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Roaming\uTorrent
[2012/07/15 23:24:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/15 21:21:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/15 21:06:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/15 21:06:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/15 21:06:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/15 21:06:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/15 21:05:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/15 20:57:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/14 21:50:54 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Ravi\Desktop\OTL.exe
[2012/07/14 17:12:50 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\CRE
[2012/07/14 17:12:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/07/14 17:12:24 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\Conduit
[2012/07/14 16:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/07/14 16:44:10 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Roaming\TestApp
[2012/07/14 16:44:10 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/07/14 15:41:45 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/07/14 15:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\0C1D1734000972D202DD0162F875EF60
[2012/07/14 15:33:47 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\{CE1A0F87-CDEA-11E1-8270-B8AC6F996F26}
[2012/07/13 03:24:50 | 000,000,000 | ---D | C] -- C:\Users\Ravi\Documents\My Curse
[2012/07/13 03:24:24 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2012/07/13 03:23:27 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\Apps
[2012/07/13 03:23:25 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\Deployment
[2012/07/12 23:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012/07/12 22:40:08 | 000,000,000 | ---D | C] -- C:\World of Warcraft
[2012/07/12 06:13:43 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\{76936897-7BE1-4C59-94AD-702BD9C1B21A}
[2012/07/11 10:51:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/07/11 03:40:59 | 000,000,000 | R--D | C] -- C:\Users\Ravi\Saved Games
[2012/07/11 03:40:59 | 000,000,000 | R--D | C] -- C:\Users\Ravi\Links
[2012/07/11 03:40:59 | 000,000,000 | R--D | C] -- C:\Users\Ravi\Contacts
[2012/07/09 08:22:02 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\{EACE122D-E46F-4139-925E-D2DC075B4351}
[2012/07/09 08:21:51 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\{DBE0BFFE-2C01-4CFF-9D61-8DB401A07358}
[2012/07/07 04:45:56 | 000,000,000 | ---D | C] -- C:\Users\Ravi\riotsGamesLogs
[2012/07/01 04:59:41 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012/07/01 04:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012/07/01 02:59:14 | 000,000,000 | ---D | C] -- C:\Users\Ravi\Desktop\League of legends
[2012/07/01 02:59:01 | 000,000,000 | ---D | C] -- C:\Users\Ravi\AppData\Local\PMB Files
[2012/07/01 02:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012/07/01 02:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/07/01 02:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/06/29 18:54:12 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/06/29 17:18:23 | 000,007,808 | ---- | C] (SweetLow) -- C:\Windows\SysNative\drivers\hidusbf.sys

========== Files - Modified Within 30 Days ==========

[2012/07/24 20:00:16 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/24 20:00:16 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/24 20:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/24 19:53:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/24 19:52:52 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/24 19:51:01 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/07/24 19:31:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2363339078-451313169-379080543-1000UA.job
[2012/07/23 00:17:39 | 002,117,152 | ---- | M] () -- C:\Users\Ravi\Desktop\tdsskiller.zip
[2012/07/23 00:17:25 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Ravi\Desktop\GooredFix.exe
[2012/07/23 00:17:08 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\Ravi\Desktop\OTM.exe
[2012/07/22 11:31:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2363339078-451313169-379080543-1000Core.job
[2012/07/20 22:46:18 | 000,437,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/19 22:15:05 | 000,746,732 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/19 22:15:05 | 000,629,182 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/19 22:15:05 | 000,108,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/16 22:11:26 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ravi\Desktop\TDSSKiller.exe
[2012/07/14 21:50:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ravi\Desktop\OTL.exe
[2012/07/14 17:13:19 | 000,000,009 | ---- | M] () -- C:\END
[2012/07/13 03:24:24 | 000,000,318 | ---- | M] () -- C:\Users\Ravi\Desktop\Curse Client.appref-ms
[2012/07/11 10:51:54 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/01 05:05:23 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/06/29 17:20:27 | 000,007,808 | ---- | M] (SweetLow) -- C:\Windows\SysNative\drivers\hidusbf.sys
[2012/06/29 17:20:25 | 000,000,543 | ---- | M] () -- C:\Windows\NGO.cer

========== Files Created - No Company Name ==========

[2012/07/23 00:17:33 | 002,117,152 | ---- | C] () -- C:\Users\Ravi\Desktop\tdsskiller.zip
[2012/07/15 21:06:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/15 21:06:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/15 21:06:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/15 21:06:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/15 21:06:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/14 17:13:18 | 000,000,009 | ---- | C] () -- C:\END
[2012/07/13 03:24:24 | 000,000,318 | ---- | C] () -- C:\Users\Ravi\Desktop\Curse Client.appref-ms
[2012/07/11 10:55:34 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/11 10:51:54 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/11 10:51:53 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/01 05:05:23 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/06/29 17:20:25 | 000,000,543 | ---- | C] () -- C:\Windows\NGO.cer
[2012/04/21 20:22:50 | 006,908,648 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2012/03/14 15:35:00 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\pv_c3.exe
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/03/07 21:12:47 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/03/07 20:11:14 | 000,007,601 | ---- | C] () -- C:\Users\Ravi\AppData\Local\resmon.resmoncfg
[2012/03/07 20:08:02 | 000,007,168 | ---- | C] () -- C:\Users\Ravi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/07 16:21:23 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2012/03/07 16:21:23 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini
[2012/03/07 16:21:22 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
[2012/03/07 16:01:21 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/07 14:37:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/02/14 22:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 22:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012/06/20 05:04:11 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\e-academy Inc
[2012/05/14 11:37:22 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\Iminent
[2012/05/02 12:51:13 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\LolClient
[2012/06/08 01:40:49 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\LolClient2
[2012/03/11 21:27:02 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\OpenOffice.org
[2012/06/20 02:43:50 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\Spotify
[2012/07/14 16:44:10 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\TestApp
[2012/07/23 09:00:02 | 000,000,000 | ---D | M] -- C:\Users\Ravi\AppData\Roaming\uTorrent
[2012/07/10 21:26:30 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

List Parts:

ListParts by Farbar Version: 20-07-2012
Ran by Ravi (administrator) on 24-07-2012 at 19:54:53
Windows 7 (X64)
Running From: C:\Users\Ravi\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 25%
Total physical RAM: 3838.36 MB
Available physical RAM: 2843.37 MB
Total Pagefile: 7674.91 MB
Available Pagefile: 6631.05 MB
Total Virtual: 4095.88 MB
Available Virtual: 3985.56 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:232.78 GB) (Free:127.95 GB) NTFS
3 Drive e: (New Volume) (Fixed) (Total:232.88 GB) (Free:39.84 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 232 GB 101 MB
Partition 3 Primary 232 GB 232 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 System Rese NTFS Partition 100 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 232 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E New Volume NTFS Partition 232 GB Healthy

======================================================================================================

****** End Of Log ******

#10
Essexboy

Posted 25 July 2012 - 06:46 AM

GeekU Moderator

Retired Staff
69,964 posts

Could you check IE to see if the redirects occur there as well

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

#11
Apocalypse_VC

Posted 26 July 2012 - 08:01 AM

Member

Topic Starter
Member
169 posts

I think the redirects have gone away now. Thank you. I'll let you know if the redirect still continues, although I haven't seen any in ~2 days now

#12
Essexboy

Posted 26 July 2012 - 08:10 AM

GeekU Moderator

Retired Staff
69,964 posts

Let me know when you are happy and I will remove my tools

#13
Essexboy

Posted 30 July 2012 - 09:03 AM

GeekU Moderator

Retired Staff
69,964 posts

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK
Follow the prompts on the screen
A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

Go to control panel
Select folder options (Appearance > Folder options in category view)
Select the View Tab.
Under the Hidden files and folders heading select Do not show hidden files and folders.
Click Yes to confirm.
Click OK.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to this site and click Do I have Java
It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point

Go to Control Panel and select System
Select System
On the left select System Protection and accept the warning if you get one
Select System Protection Tab
Select Create at the bottom
Type in a name i.e. Clean
Select Create

Now we can purge the infected ones

GoStart > All programs > Accessories > system tools
Right click Disc cleanup and select run as administrator
Select Your main drive and accept the warning if you get one
For a few moments the system will make some calculations
Select the More Options tab
In the System Restore and Shadow Backups select Clean up
Select Delete on the pop up
Select OK
Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image

Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:

#14
Essexboy

Posted 01 August 2012 - 01:46 PM

GeekU Moderator

Retired Staff
69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.