Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Web redirection and virus problemsI

Started by redhari123 , Nov 10 2012 08:35 PM

  • This topic is locked This topic is locked

#1
redhari123
Posted 10 November 2012 - 08:35 PM

redhari123

    Member

  • Member
  • PipPip
  • 10 posts
It all started several weeks ago with my web pages being redirected.I didnt think to much of it untill I noticed that windows security services had been shut down along with system restore. This past week I have been frantiically downloading various free and paid for antivirus and malware programms but have had no succes. I also have been unable to uninstall stopzilla. Afew days ago I got this from my ISP.

We have received reports from the ACMA's Australian Internet Security
Initiative (AISI) that a machine accessing the Internet using your TPG
Service is causing unwanted traffic to be transmitted, such as spam
and viruses.

A summary of the last few complaints have been provided below:

[2012-11-10 09:46:00] [123.243.78.145] proxy
[2012-11-10 06:13:23] [123.243.78.145] Trojan: Generic
[2012-11-10 04:42:59] [123.243.78.145] Spam Sender - Messages reported: 1
[2012-11-09 11:42:00] [123.243.78.145] proxy


It may be that your equipment has been compromised by a hacker or some
other malicious software has been installed onto your system. Please
obtain an up to date antivirus software and ensure that all your
machines are cleaned as a matter of urgency. If you fail to do so and
the malicious traffic persists, TPG may take steps to limit it by
suspending your service.

For more information about how to protect your computer, please visit
the following websites below:

Can you please help.
many thanks


OTL logfile created on: 11/11/2012 1:22:13 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\hari\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 56.43% Memory free
6.00 Gb Paging File | 4.76 Gb Available in Paging File | 79.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive D: | 465.76 Gb Total Space | 98.89 Gb Free Space | 21.23% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 3.73 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 465.76 Gb Total Space | 54.96 Gb Free Space | 11.80% Space Free | Partition Type: NTFS

Computer Name: HARI | User Name: hari | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/11 01:19:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\hari\Desktop\OTL.exe
PRC - [2012/10/31 01:27:32 | 000,388,576 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2012/09/14 17:31:20 | 000,067,448 | R--- | M] (iS3, Inc.) -- D:\Program Files\STOPzilla!\SZServer.exe
PRC - [2012/09/14 17:31:10 | 000,194,424 | R--- | M] (iS3, Inc.) -- D:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2012/02/02 08:55:58 | 000,784,240 | ---- | M] () -- D:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2012/02/02 08:55:58 | 000,214,896 | ---- | M] () -- D:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2012/01/18 14:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/04/20 03:04:38 | 000,393,216 | ---- | M] (AMD) -- D:\Windows\System32\atieclxx.exe
PRC - [2011/04/20 03:04:08 | 000,176,128 | ---- | M] (AMD) -- D:\Windows\System32\atiesrxx.exe
PRC - [2011/02/25 16:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- D:\Windows\explorer.exe
PRC - [2010/10/14 21:40:22 | 001,866,864 | ---- | M] (PeerBlock, LLC) -- D:\Program Files\PeerBlock\peerblock.exe
PRC - [2009/06/17 13:02:36 | 000,023,552 | ---- | M] (Creative Technology Ltd) -- D:\Windows\System32\CTXFIHLP.EXE
PRC - [2009/06/17 12:57:44 | 001,225,216 | ---- | M] (Creative Technology Ltd) -- D:\Windows\System32\CTXFISPI.EXE
PRC - [2009/04/14 08:43:42 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- D:\Windows\SOUNDMAN.EXE
PRC - [2009/04/08 21:38:14 | 000,092,008 | ---- | M] (TomTom) -- D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/02/23 12:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- D:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/09/16 13:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/31 01:27:34 | 002,111,456 | ---- | M] () -- D:\Program Files\Mozilla Thunderbird\mozjs.dll
MOD - [2012/10/31 01:27:34 | 000,157,664 | ---- | M] () -- D:\Program Files\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2012/10/31 01:27:34 | 000,021,984 | ---- | M] () -- D:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2012/02/02 08:55:58 | 000,784,240 | ---- | M] () -- D:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2009/06/17 13:02:40 | 000,002,560 | ---- | M] () -- D:\Windows\CTXFIRES.DLL
MOD - [2009/04/20 12:55:58 | 000,148,480 | ---- | M] () -- D:\Windows\System32\APOMngr.DLL
MOD - [2008/09/16 21:18:06 | 000,132,608 | ---- | M] () -- D:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - [2012/11/10 17:45:13 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/10 10:30:20 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- D:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/14 17:31:20 | 000,067,448 | R--- | M] (iS3, Inc.) [Auto | Running] -- D:\Program Files\STOPzilla!\SZServer.exe -- (szserver)
SRV - [2012/06/11 12:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- D:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/02/02 08:55:58 | 000,214,896 | ---- | M] () [Auto | Running] -- D:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/04/20 03:04:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/08/21 00:19:07 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- D:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/08/21 00:16:37 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- D:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/05/07 21:46:37 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/14 12:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 12:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 12:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/08 21:38:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/02/23 12:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- D:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/02/10 18:01:49 | 000,116,104 | ---- | M] () [On_Demand | Stopped] -- D:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/09/16 13:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- D:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Boot | Stopped] -- -- (XMS1563K)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ap1espga)
DRV - [2012/06/11 12:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/05/04 14:05:34 | 000,073,008 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- D:\Windows\System32\drivers\SZKGFS.sys -- (szkgfs)
DRV - [2012/03/20 10:51:02 | 000,099,728 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- D:\Windows\System32\drivers\SZKG.sys -- (szkg5)
DRV - [2012/03/20 10:51:02 | 000,099,728 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- D:\Windows\System32\drivers\is3srv.sys -- (is3srv)
DRV - [2012/01/12 09:26:20 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- D:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2012/01/12 09:26:16 | 000,077,816 | R--- | M] (GFI Software) [File_System | Auto | Running] -- D:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2012/01/09 18:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012/01/09 18:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012/01/09 18:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012/01/09 18:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/09/22 14:38:40 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/04/30 01:06:48] [Kernel | Auto | Running] -- D:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2011/04/20 03:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/04/20 03:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/04/20 02:22:10 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/11/22 11:25:22 | 000,046,184 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- D:\Program Files\Free Ride Games\X6XSEx.sys -- (X6XSEx)
DRV - [2010/11/20 23:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- D:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 23:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- D:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 23:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 21:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 21:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 20:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 20:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 20:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/14 21:40:22 | 000,020,080 | ---- | M] () [Kernel | On_Demand | Running] -- D:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2010/07/09 13:18:54 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- D:\Windows\System32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2010/04/03 19:46:18 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- D:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/07/14 11:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 11:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/06/27 04:14:36 | 000,051,472 | ---- | M] () [File_System | Boot | Running] -- D:\Windows\System32\drivers\MFX.sys -- (MFX)
DRV - [2009/06/18 20:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM)
DRV - [2009/06/17 17:01:34 | 001,178,136 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\HA20X2K.SYS -- (ha20x2k)
DRV - [2009/06/17 17:01:14 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\EMUPIA2K.SYS -- (emupia)
DRV - [2009/06/17 17:00:46 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/17 17:00:32 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\CTPRXY2K.SYS -- (ctprxy2k)
DRV - [2009/06/17 17:00:16 | 000,129,560 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/17 17:00:00 | 000,527,640 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\CTAUD2K.SYS -- (ctaud2k)
DRV - [2009/06/17 16:59:44 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\CTAC32K.SYS -- (ctac32k)
DRV - [2009/06/17 16:59:22 | 001,324,568 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- D:\Windows\System32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2009/06/17 16:59:06 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- D:\Windows\System32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2009/06/17 16:58:50 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- D:\Windows\System32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2009/04/29 16:37:26 | 000,025,088 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
DRV - [2009/04/22 13:01:11 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/01/21 18:43:42 | 000,039,472 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- D:\Windows\System32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2007/08/29 04:04:04 | 000,116,264 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- D:\Windows\System32\drivers\SI3112r.sys -- (SI3112r)
DRV - [2007/08/29 04:04:04 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- D:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2007/06/21 18:18:12 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\aztech_npf32.sys -- (NPF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = H:\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://iat.ninemsn.c....aspx?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 71 91 4A E0 DA B5 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7AMSB_en
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaultthis.engineName: "IsoBuster Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledAddons: %7BDA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B%7D:1.2.337.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - prefs.js..extensions.enabledItems: {af5514fc-7603-4cec-9894-f07f3d8672a5}:1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:9.0.0.736
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.8
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..keyword.URL: "http://dts.search-re...id=406&sr=0&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: D:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: D:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: D:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: d:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: d:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: d:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Users\hari\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Users\hari\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/21 01:24:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: D:\Program Files\fbphotozoom\fbphotozoom14.xpi [2012/03/19 23:06:59 | 000,102,505 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: D:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2012/11/10 17:45:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2012/10/31 01:27:15 | 000,000,000 | ---D | M]

[2012/03/01 01:05:00 | 000,000,000 | ---D | M] (No name found) -- D:\Users\hari\AppData\Roaming\Mozilla\Extensions
[2010/09/01 09:40:51 | 000,000,000 | ---D | M] (No name found) -- D:\Users\hari\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/05/26 00:01:55 | 000,000,000 | ---D | M] (No name found) -- D:\Users\hari\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/10/22 21:50:10 | 000,000,000 | ---D | M] (No name found) -- D:\Users\hari\AppData\Roaming\Mozilla\Firefox\Profiles\jvf5jjry.default\extensions
[2010/06/13 09:13:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Users\hari\AppData\Roaming\Mozilla\Firefox\Profiles\jvf5jjry.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/01 23:25:04 | 000,000,000 | ---D | M] (Currency Converter) -- D:\Users\hari\AppData\Roaming\Mozilla\Firefox\Profiles\jvf5jjry.default\extensions\{af5514fc-7603-4cec-9894-f07f3d8672a5}
[2012/10/22 21:50:10 | 000,020,320 | ---- | M] () (No name found) -- D:\Users\hari\AppData\Roaming\Mozilla\Firefox\Profiles\jvf5jjry.default\extensions\[email protected]
[2012/09/13 00:06:42 | 000,621,521 | ---- | M] () (No name found) -- D:\Users\hari\AppData\Roaming\Mozilla\Firefox\Profiles\jvf5jjry.default\extensions\[email protected]
[2012/02/15 20:06:03 | 000,098,637 | ---- | M] () (No name found) -- D:\Users\hari\AppData\Roaming\Mozilla\Firefox\Profiles\jvf5jjry.default\extensions\{DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B}.xpi
[2010/01/21 08:27:20 | 000,000,909 | ---- | M] () -- D:\Users\hari\AppData\Roaming\Mozilla\Firefox\Profiles\jvf5jjry.default\searchplugins\conduit.xml
[2010/04/30 01:15:21 | 000,002,059 | ---- | M] () -- D:\Users\hari\AppData\Roaming\Mozilla\Firefox\Profiles\jvf5jjry.default\searchplugins\daemon-search.xml
[2012/02/29 21:04:15 | 000,002,519 | ---- | M] () -- D:\Users\hari\AppData\Roaming\Mozilla\Firefox\Profiles\jvf5jjry.default\searchplugins\Search_Results.xml
[2011/02/11 22:27:19 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
[2010/05/06 23:36:08 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/03/06 23:40:01 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- D:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/04/12 18:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - homepage: http://www.searchqu.com/406
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.searchqu.com/406
CHR - Extension: General Crawler = D:\Users\hari\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.5_0\
CHR - Extension: avast! WebRep = D:\Users\hari\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = D:\Users\hari\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: FBPHOTOZOOM = D:\Users\hari\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\1.4_0\

O1 HOSTS File: ([2012/10/23 00:06:04 | 000,000,862 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [CTxfiHlp] D:\Windows\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [SoundMan] D:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UpdReg] D:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [PeerBlock] D:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Anti-Banner - Reg Error: Value error. File not found
O8 - Extra context menu item: Download with &Media Finder - Reg Error: Value error. File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D21D9D4-39AA-45E6-8E24-BE99D1EB4ED6}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\Windows\system32\userinit.exe) - D:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009/06/11 08:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/03/21 02:42:25 | 000,000,024 | ---- | M] () - H:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{89d91777-28a8-11e1-a6a7-001a4d954853}\Shell - "" = AutoRun
O33 - MountPoints2\{f88a9053-4798-11de-ad4f-000feae37829}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/11 01:20:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Users\hari\Desktop\OTL.exe
[2012/11/10 21:57:48 | 000,000,000 | ---D | C] -- D:\ProgramData\ErrorEND
[2012/11/10 21:57:40 | 000,000,000 | ---D | C] -- D:\Users\hari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ErrorEND
[2012/11/10 21:57:40 | 000,000,000 | ---D | C] -- D:\Program Files\ErrorEND
[2012/11/10 21:42:22 | 000,000,000 | ---D | C] -- D:\ProgramData\Downloaded Installations
[2012/11/10 21:29:00 | 000,000,000 | ---D | C] -- D:\Program Files\GFI Software
[2012/11/10 21:27:37 | 000,000,000 | ---D | C] -- D:\Users\hari\AppData\Roaming\GFI Software
[2012/11/10 17:44:45 | 000,000,000 | ---D | C] -- D:\Program Files\Mozilla Firefox 4.0 Beta 7
[2012/11/07 15:48:50 | 000,000,000 | ---D | C] -- D:\Windows\Panther
[2012/10/31 20:34:19 | 000,012,872 | ---- | C] (SurfRight B.V.) -- D:\Windows\System32\bootdelete.exe
[2012/10/31 19:47:25 | 000,000,000 | ---D | C] -- D:\Program Files\HitmanPro
[2012/10/31 19:47:10 | 000,000,000 | ---D | C] -- D:\ProgramData\HitmanPro
[2012/10/31 01:27:13 | 000,000,000 | ---D | C] -- D:\Program Files\Mozilla Thunderbird
[2012/10/23 21:30:30 | 000,077,816 | R--- | C] (GFI Software) -- D:\Windows\System32\drivers\sbapifs.sys
[2012/10/23 21:25:35 | 000,000,000 | ---D | C] -- D:\Users\hari\AppData\Roaming\Malwarebytes
[2012/10/23 21:25:24 | 000,000,000 | ---D | C] -- D:\ProgramData\Malwarebytes
[2012/10/23 21:24:45 | 010,669,896 | ---- | C] (Malwarebytes Corporation ) -- D:\Users\hari\Desktop\mbam-setup.exe
[2012/10/23 00:18:25 | 000,000,000 | -HSD | C] -- D:\Config.Msi
[2012/10/22 21:28:04 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2012/10/22 21:27:56 | 000,000,000 | ---D | C] -- D:\Program Files\STOPzilla!
[2012/10/22 21:27:55 | 000,000,000 | ---D | C] -- D:\ProgramData\STOPzilla!
[2012/10/20 00:24:29 | 000,000,000 | ---D | C] -- D:\ProgramData\Google
[2012/10/20 00:22:20 | 000,000,000 | ---D | C] -- D:\ProgramData\AVAST Software
[2012/10/20 00:22:20 | 000,000,000 | ---D | C] -- D:\Program Files\AVAST Software
[1 D:\Windows\System32\*.tmp files -> D:\Windows\System32\*.tmp -> ]
[1 D:\*.tmp files -> D:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/11 01:19:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\hari\Desktop\OTL.exe
[2012/11/11 00:43:53 | 000,021,840 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/11 00:43:53 | 000,021,840 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/11 00:43:01 | 000,620,830 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/11/11 00:43:01 | 000,562,406 | ---- | M] () -- D:\Windows\System32\perfh008.dat
[2012/11/11 00:43:01 | 000,110,536 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/11/11 00:43:01 | 000,097,338 | ---- | M] () -- D:\Windows\System32\perfc008.dat
[2012/11/11 00:41:00 | 000,000,882 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/11 00:39:23 | 000,000,448 | ---- | M] () -- D:\Windows\System32\drivers\kgpcpy.cfg
[2012/11/11 00:38:24 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/11/11 00:38:15 | 2414,731,264 | -HS- | M] () -- D:\hiberfil.sys
[2012/11/11 00:37:24 | 000,054,740 | ---- | M] () -- D:\Windows\System32\BMXStateBkp-{00000005-00000000-00000000-00001102-00000005-0034415A}.rfx
[2012/11/11 00:37:24 | 000,054,740 | ---- | M] () -- D:\Windows\System32\BMXState-{00000005-00000000-00000000-00001102-00000005-0034415A}.rfx
[2012/11/11 00:37:24 | 000,000,788 | ---- | M] () -- D:\Windows\System32\DVCState-{00000005-00000000-00000000-00001102-00000005-0034415A}.rfx
[2012/11/10 22:42:01 | 000,000,366 | ---- | M] () -- D:\Windows\tasks\ReclaimerUpdateFiles_hari.job
[2012/11/10 22:39:28 | 000,000,118 | ---- | M] () -- D:\Users\hari\Desktop\-linkid=405.url
[2012/11/10 22:30:00 | 000,000,830 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/10 21:57:48 | 000,000,380 | ---- | M] () -- D:\Windows\tasks\ErrorEND.job
[2012/11/10 21:57:40 | 000,000,975 | ---- | M] () -- D:\Users\hari\Desktop\ErrorEND.lnk
[2012/11/10 21:31:24 | 000,001,945 | ---- | M] () -- D:\Windows\epplauncher.mif
[2012/11/10 18:10:44 | 000,002,103 | ---- | M] () -- D:\Users\hari\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 7.lnk
[2012/11/10 14:27:20 | 000,000,362 | ---- | M] () -- D:\Windows\tasks\ReclaimerUpdateXML_hari.job
[2012/11/08 04:06:24 | 000,002,489 | ---- | M] () -- D:\Users\hari\Desktop\Google Chrome.lnk
[2012/11/04 04:14:00 | 000,000,446 | ---- | M] () -- D:\Windows\tasks\Driver Robot.job
[2012/11/01 09:02:40 | 000,002,066 | ---- | M] () -- D:\Users\hari\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/11/01 01:21:42 | 000,000,206 | ---- | M] () -- D:\Users\hari\Desktop\hwmonitorw.ini
[2012/10/31 20:34:19 | 000,012,872 | ---- | M] (SurfRight B.V.) -- D:\Windows\System32\bootdelete.exe
[2012/10/23 21:24:02 | 010,669,896 | ---- | M] (Malwarebytes Corporation ) -- D:\Users\hari\Desktop\mbam-setup.exe
[2012/10/20 00:23:19 | 000,002,577 | ---- | M] () -- D:\Windows\System32\config.nt
[1 D:\Windows\System32\*.tmp files -> D:\Windows\System32\*.tmp -> ]
[1 D:\*.tmp files -> D:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/11 00:38:55 | 000,000,448 | ---- | C] () -- D:\Windows\System32\drivers\kgpcpy.cfg
[2012/11/10 22:39:28 | 000,000,118 | ---- | C] () -- D:\Users\hari\Desktop\-linkid=405.url
[2012/11/10 21:57:48 | 000,000,380 | ---- | C] () -- D:\Windows\tasks\ErrorEND.job
[2012/11/10 21:57:40 | 000,000,975 | ---- | C] () -- D:\Users\hari\Desktop\ErrorEND.lnk
[2012/06/09 11:16:56 | 000,000,064 | ---- | C] () -- D:\Windows\GPlrLanc.dat
[2011/10/26 23:49:24 | 000,000,100 | ---- | C] () -- D:\Windows\netctrl.ini
[2011/10/25 13:50:17 | 000,000,000 | ---- | C] () -- D:\Windows\pcfriend.INI
[2011/10/03 23:46:48 | 019,726,928 | ---- | C] () -- D:\Program Files\WinMLS2004Ver1.07Installation.exe
[2011/08/11 04:10:54 | 000,033,134 | ---- | C] () -- D:\Users\hari\AppData\Roaming\UserTile.png
[2011/07/15 19:23:40 | 000,000,076 | ---- | C] () -- D:\Windows\System32\dtirc.dll
[2011/07/13 22:28:08 | 000,016,302 | ---- | C] () -- D:\Windows\System32\llbror.dll
[2011/06/15 23:23:49 | 000,001,006 | ---- | C] () -- D:\Windows\netdet.ini
[2011/06/10 07:34:52 | 000,080,416 | ---- | C] () -- D:\Windows\System32\RtNicProp32.dll
[2011/04/20 02:21:02 | 000,037,376 | ---- | C] () -- D:\Windows\System32\atitmpxx.dll
[2011/03/17 18:51:46 | 000,003,929 | ---- | C] () -- D:\Windows\System32\atipblag.dat
[2011/02/28 22:30:06 | 000,233,012 | ---- | C] () -- D:\Windows\System32\atiicdxx.dat
[2011/02/24 20:02:52 | 000,080,896 | ---- | C] () -- D:\Windows\System32\RDVGHelper.exe
[2011/02/24 20:00:47 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe
[2010/05/15 01:11:19 | 000,000,990 | -HS- | C] () -- D:\Users\hari\AppData\Roaming\systemfl.$dk
[2010/03/16 23:35:30 | 000,007,605 | ---- | C] () -- D:\Users\hari\AppData\Local\resmon.resmoncfg

========== ZeroAccess Check ==========

[2009/07/14 15:42:31 | 000,000,227 | RHS- | M] () -- D:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 15:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 12:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/05/15 01:39:31 | 000,000,000 | -HSD | M] -- D:\Users\hari\AppData\Roaming\.#
[2010/03/01 23:24:34 | 000,000,000 | ---D | M] -- D:\Users\hari\AppData\Roaming\.myibay
[2012/02/17 22:06:57 | 000,000,000 | ---D | M] -- D:\Users\hari\AppData\Roaming\Babylon
[2011/12/15 09:17:42 | 000,000,000 | ---D | M] -- D:\Users\hari\AppData\Roaming\Binverse
[2011/07/09 12:33:25 | 000,000,000 | ---D | M] -- D:\Users\hari\AppData\Roaming\Canon
[2011/08/17 21:59:22 | 000,000,000 | ---D | M] -- D:\Users\hari\AppData\Roaming\CD-LabelPrint
[2010/03/04 21:13:09 | 000,000,000 | ---D | M] -- D:\Users\hari\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/30 01:16:40 | 000,000,000 | ---D | M] -- D:\Users\hari\AppData\Roaming\DAEMON Tools Lite
[2010/04/03 19:57:32 | 000,000,000 | ---D | M] -- D:\Users\hari\AppData\Roaming\DAEMON Tools Pro
[2010/03/01 23:24:35 | 000,000,000 | ---D | M] -- D:\Users\hari\AppData\Roaming\FileZilla
[2012/10/03 21:14:28 | 000,000,000 | ---D | M] -- D:\Users\hari\AppData\Roaming\foobar2000
[2012/11/10 21:27:37 | 000,000,000 | ---D | M] -- D:\Users\hari\AppData\Roaming\GFI Software
[2010/03/01 23:24:35 | 000,000,000 | ---D | M] -- D:\Users\hari\AppData\Roaming\Homecast
[2011/07/16 01:11:07 | 000,000,000 | ---D | M] -- D:\Users\hari\AppData\Roaming\J River
[2011/03/15 20:45:20 | 000,000,000 | ---D | M] -- D:\Users\hari\AppData\Roaming\LimeWire
[2012/06/16 14:20:52 | 000,000,000 | ---D | M] -- D:\Users\hari\AppData\Roaming\Media Finder
[2012/11/08 00:56:56 | 000,000,000 | ---D | M] -- D:\Users\hari\AppData\Roaming\MediaMonkey
[2010/03/01 23:24:37 | 000,000,000 | ---D | M] -- D:\Users\hari\AppData\Roaming\Medieval Software
[2012/05/09 00:49:15 | 000,000,000 | ---D | M] -- D:\Users\hari\AppData\Roaming\Motorola
[2011/03/24 19:15:29 | 000,000,000 | ---D | M] -- D:\Users\hari\AppData\Roaming\Nokia
[2011/12/04 21:50:45 | 000,000,000 | ---D | M] -- D:\Users\hari\AppData\Roaming\PC Suite
[2010/09/01 09:39:53 | 000,000,000 | ---D | M] -- D:\Users\hari\AppData\Roaming\Thunderbird
[2010/03/01 23:25:05 | 000,000,000 | ---D | M] -- D:\Users\hari\AppData\Roaming\TomTom
[2012/10/20 09:24:07 | 000,000,000 | ---D | M] -- D:\Users\hari\AppData\Roaming\uTorrent
[2011/09/28 00:25:04 | 000,000,000 | ---D | M] -- D:\Users\hari\AppData\Roaming\WebApp
[2011/03/12 01:06:03 | 000,000,000 | ---D | M] -- D:\Users\hari\AppData\Roaming\ZiggyTV

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 879 bytes -> D:\Users\hari\Desktop\Benchmark HDR.eml:OECustomProperty
@Alternate Data Stream - 121 bytes -> D:\ProgramData\Temp:63238B95

< End of report >
  • 0

Advertisements

#2
CompCav
Posted 10 November 2012 - 08:44 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Please do not double post Gringo-pr has responded to your initial request here.


Since he has responded this topic will be closed, respond to your origninal topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP