Elite Member
neal, how are you? its been a long time since i have posted anything in this website
I would like to know if i have viruses running in my computer. i noticed that my system is running slow, and sometimes its hanging while running applications. it happens sometimes only. also when i load up my computer, the process space taken is more then 500mb when loading itsself to the desktop. Please check and let me know what to do. thanks
this is the hijackthis log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:33:34 PM, on 8/22/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Users\ramesh\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Tata Photon Whiz\Aide.exe
C:\Program Files (x86)\AutorunRemover\AutorunRemover.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Tata Photon Whiz\Tata Photon Whiz.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\PROGRA~2\DUMETE~1\DUMeter.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = NuevaQ.Fm Donde Manda Nuestra Cumbia
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = NuevaQ.Fm Donde Manda Nuestra Cumbia
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = NuevaQ.Fm Donde Manda Nuestra Cumbia
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://shop.thefreevpn.com/home.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Free Online News, Sport, Music, Movies, Money, Cars and Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Free Online News, Sport, Music, Movies, Money, Cars and Windows Live from MSN UK
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = NuevaQ.Fm Donde Manda Nuestra Cumbia
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: HotSpot International Toolbar - {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Program Files (x86)\HotSpot_International\tbHotS.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HotSpot International Toolbar - {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Program Files (x86)\HotSpot_International\tbHotS.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: HotSpot International Toolbar - {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Program Files (x86)\HotSpot_International\tbHotS.dll
O4 - HKLM\..\Run: [Aide] "C:\Program Files (x86)\Tata Photon Whiz\Aide.exe"
O4 - HKLM\..\Run: [AutorunRemover.exe] C:\Program Files (x86)\AutorunRemover\AutorunRemover.exe -Hide
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [googletalk] C:\Users\ramesh\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_Pl ugin.exe -update plugin
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F50BC3A-4E7D-4EDB-BD90-88B2C73AC029}: NameServer = 121.242.190.180 121.242.190.211
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1225EE1-C74C-4A01-B42F-9C59AA2F44BA}: NameServer = 10.28.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\SysWow64\DreamScene.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd. - C:\Program Files (x86)\DU Meter\DUMeterSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8590 bytes
Senior Member
Hi.
Neal is not present at the moment, so...
Please, read HERE and post required logs.
Elite Member
Malwarebytes' Anti-Malware 1.46
Malwarebytes
Database version: 4465
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
8/23/2010 9:18:34 PM
mbam-log-2010-08-23 (21-18-34).txt
Scan type: Quick scan
Objects scanned: 132807
Time elapsed: 8 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 1
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.Homepage) -> Bad: (NuevaQ.Fm Donde Manda Nuestra Cumbia) Good: (Google) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Homepage) -> Bad: (NuevaQ.Fm Donde Manda Nuestra Cumbia) Good: (Google) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Local Page (Hijack.StartPage) -> Bad: (NuevaQ.Fm Donde Manda Nuestra Cumbia) Good: (Google) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.StartPage) -> Bad: (NuevaQ.Fm Donde Manda Nuestra Cumbia) Good: (Google) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files (x86)\Bug Doctor (Rogue.BugDoctor) -> Quarantined and deleted successfully.
Files Infected:
C:\Users\ramesh\downloads\USB.Disk.Security.5.3.0. 20.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Bug Doctor\BugDoctor.exe (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Users\ramesh\AppData\Roaming\cglogs.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\ramesh\AppData\Roaming\chrtmp (Malware.Trace) -> Quarantined and deleted successfully.
GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-23 21:32:55
Windows 6.1.7600
Running: qltpuwvd.exe
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{5CDC81A6-2795-7F20-A872-03BD76BBDEFD}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{5CDC81A6-2795-7F20-A872-03BD76BBDEFD}@paiimadhdjhhcnmioehfcbdnhfhpocbp 0x6A 0x61 0x64 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{5CDC81A6-2795-7F20-A872-03BD76BBDEFD}@aboickoooghnhmojcplgljfgcdahbdnlfj 0x6A 0x61 0x64 0x65 ...
---- EOF - GMER 1.0.15 ----
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: HCL Infosystems Limited
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: HCL Infosystems Limited
System Product Name: Notebook PC
Logical Drives Mask: 0x0000007c
Kernel Drivers (total 198):
0x02C64000 \SystemRoot\system32\ntoskrnl.exe
0x02C1B000 \SystemRoot\system32\hal.dll
0x00BA4000 \SystemRoot\system32\kdcom.dll
0x00CF1000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D35000 \SystemRoot\system32\PSHED.dll
0x00D49000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E27000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00ECB000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EDA000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F31000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F3A000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F44000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F77000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F84000 \SystemRoot\System32\drivers\partmgr.sys
0x00F99000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FA2000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FAE000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x01006000 \SystemRoot\System32\drivers\volmgrx.sys
0x01062000 \SystemRoot\system32\DRIVERS\viaide.sys
0x0106A000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x0107A000 \SystemRoot\System32\drivers\mountmgr.sys
0x01094000 \SystemRoot\system32\DRIVERS\atapi.sys
0x0109D000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x010C7000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x010D2000 \SystemRoot\system32\drivers\fltmgr.sys
0x0111E000 \SystemRoot\system32\drivers\fileinfo.sys
0x01229000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01132000 \SystemRoot\System32\Drivers\msrpc.sys
0x013CC000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01407000 \SystemRoot\System32\Drivers\cng.sys
0x0147A000 \SystemRoot\System32\drivers\pcw.sys
0x0148B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01495000 \SystemRoot\system32\drivers\ndis.sys
0x01587000 \SystemRoot\system32\drivers\NETIO.SYS
0x01190000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01602000 \SystemRoot\System32\drivers\tcpip.sys
0x00DA7000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x015E7000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x018A9000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x018F5000 \SystemRoot\system32\DRIVERS\uagp35.sys
0x01908000 \SystemRoot\System32\Drivers\spldr.sys
0x01910000 \SystemRoot\System32\drivers\rdyboost.sys
0x0194A000 \SystemRoot\System32\Drivers\mup.sys
0x0195C000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01965000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0199F000 \SystemRoot\system32\DRIVERS\disk.sys
0x019B5000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0181C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01846000 \SystemRoot\System32\Drivers\Null.SYS
0x0184F000 \SystemRoot\System32\Drivers\Beep.SYS
0x01856000 \SystemRoot\System32\drivers\vga.sys
0x01864000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01889000 \SystemRoot\System32\drivers\watchdog.sys
0x01899000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x015F7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x013E6000 \SystemRoot\system32\drivers\rdprefmp.sys
0x013EF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01200000 \SystemRoot\System32\Drivers\Npfs.SYS
0x011BB000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01211000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x011D9000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x03A3B000 \SystemRoot\system32\drivers\afd.sys
0x03AC5000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x03ACF000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03B14000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x03B1F000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03B28000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03B4E000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03B64000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03B73000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03B8E000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03BA2000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x03C5C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03CAD000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03CB9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03CC4000 \SystemRoot\System32\drivers\discache.sys
0x03CD3000 \SystemRoot\system32\drivers\csc.sys
0x03D56000 \SystemRoot\System32\Drivers\dfsc.sys
0x03D74000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03D85000 \SystemRoot\System32\Drivers\aswSP.SYS
0x03DA8000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03DCE000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03DE4000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x03E61000 \SystemRoot\system32\DRIVERS\VTGKModeDX64.sys
0x03F66000 \SystemRoot\system32\DRIVERS\ucb_lh64.sys
0x04013000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04107000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0414D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x0415A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x041B0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x041C1000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03F9F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x041DF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x041E1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x041F0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04000000 \SystemRoot\system32\DRIVERS\FETN62A.sys
0x03E00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03E24000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03E34000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03C00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03E4A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03C24000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03BBC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03BD7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03A00000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03FF0000 \SystemRoot\system32\DRIVERS\taphss.sys
0x03DE9000 \SystemRoot\system32\DRIVERS\tap0901.sys
0x03A1A000 \SystemRoot\System32\Drivers\pcouffin.sys
0x03E56000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x0400D000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04445000 \SystemRoot\system32\DRIVERS\ks.sys
0x04488000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0449A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x044F4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04509000 \SystemRoot\system32\drivers\HdAudio.sys
0x04565000 \SystemRoot\system32\drivers\portcls.sys
0x045A2000 \SystemRoot\system32\drivers\drmk.sys
0x045C4000 \SystemRoot\system32\drivers\ksthunk.sys
0x042E3000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys
0x04A04000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys
0x04335000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
0x04B78000 \SystemRoot\system32\drivers\modem.sys
0x04B87000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04B95000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x04BA1000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x04BAA000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x04BBD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x00000000 \SystemRoot\System32\win32k.sys
0x04BDA000 \SystemRoot\System32\drivers\Dxapi.sys
0x04200000 \SystemRoot\system32\DRIVERS\ewusbmdm.sys
0x04BE6000 \SystemRoot\system32\DRIVERS\monitor.sys
0x0421D000 \SystemRoot\system32\DRIVERS\netr7364.sys
0x042D6000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x005E0000 \SystemRoot\System32\TSDDD.dll
0x00760000 \SystemRoot\System32\cdd.dll
0x045CA000 \SystemRoot\system32\drivers\luafv.sys
0x04400000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x04BF4000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x0441A000 \SystemRoot\system32\drivers\WudfPf.sys
0x019E5000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x022B6000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02309000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0231C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02334000 \SystemRoot\system32\drivers\HTTP.sys
0x02200000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0221E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02236000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02263000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x00FC3000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x022B1000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x04639000 \SystemRoot\system32\drivers\peauth.sys
0x046DF000 \SystemRoot\System32\Drivers\secdrv.SYS
0x046EA000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x04717000 \SystemRoot\System32\drivers\tcpipreg.sys
0x04729000 \SystemRoot\system32\DRIVERS\XAudio64.sys
0x04731000 \SystemRoot\system32\drivers\spsys.sys
0x04C27000 \SystemRoot\System32\DRIVERS\srv2.sys
0x04C8F000 \SystemRoot\System32\DRIVERS\srv.sys
0x77AD0000 \Windows\System32\ntdll.dll
0x479D0000 \Windows\System32\smss.exe
0xFFDF0000 \Windows\System32\apisetschema.dll
0xFFEB0000 \Windows\System32\autochk.exe
0xFFD90000 \Windows\System32\Wldap32.dll
0xFFD80000 \Windows\System32\lpk.dll
0x779B0000 \Windows\System32\kernel32.dll
0xFFD70000 \Windows\System32\nsi.dll
0xFFB90000 \Windows\System32\setupapi.dll
0xFFAB0000 \Windows\System32\advapi32.dll
0x77CA0000 \Windows\System32\normaliz.dll
0xFFA30000 \Windows\System32\difxapi.dll
0x778B0000 \Windows\System32\user32.dll
0xFF990000 \Windows\System32\clbcatq.dll
0xFF8B0000 \Windows\System32\oleaut32.dll
0xFF880000 \Windows\System32\imm32.dll
0xFF7B0000 \Windows\System32\usp10.dll
0xFF790000 \Windows\System32\sechost.dll
0x77C90000 \Windows\System32\psapi.dll
0xFF720000 \Windows\System32\gdi32.dll
0xFF6D0000 \Windows\System32\ws2_32.dll
0xFF650000 \Windows\System32\shlwapi.dll
0xFF540000 \Windows\System32\msctf.dll
0xFF410000 \Windows\System32\wininet.dll
0xFF290000 \Windows\System32\urlmon.dll
0xFF160000 \Windows\System32\rpcrt4.dll
0xFF0C0000 \Windows\System32\comdlg32.dll
0xFEEB0000 \Windows\System32\ole32.dll
0xFEE90000 \Windows\System32\imagehlp.dll
0xFE100000 \Windows\System32\shell32.dll
0xFDEA0000 \Windows\System32\iertutil.dll
0xFDE00000 \Windows\System32\msvcrt.dll
0xFDDC0000 \Windows\System32\cfgmgr32.dll
0xFDC50000 \Windows\System32\crypt32.dll
0xFDC10000 \Windows\System32\wintrust.dll
0xFDBF0000 \Windows\System32\devobj.dll
0xFDB80000 \Windows\System32\KernelBase.dll
0xFDAE0000 \Windows\System32\comctl32.dll
0xFDAD0000 \Windows\System32\msasn1.dll
Processes (total 53):
0 System Idle Process
4 System
360 C:\Windows\System32\smss.exe
452 csrss.exe
532 C:\Windows\System32\wininit.exe
556 csrss.exe
600 C:\Windows\System32\services.exe
616 C:\Windows\System32\lsass.exe
624 C:\Windows\System32\lsm.exe
680 C:\Windows\System32\winlogon.exe
760 C:\Windows\System32\svchost.exe
860 C:\Windows\System32\svchost.exe
908 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
388 C:\Windows\System32\svchost.exe
424 C:\Windows\System32\audiodg.exe
1048 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\svchost.exe
1368 C:\Windows\System32\spoolsv.exe
1396 C:\Windows\System32\svchost.exe
1484 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1544 C:\Program Files (x86)\DU Meter\DUMeterSvc.exe
1588 C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
1608 C:\Windows\System32\svchost.exe
1628 C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
1676 C:\Windows\System32\sppsvc.exe
1780 C:\Windows\System32\svchost.exe
2044 C:\Windows\System32\taskhost.exe
2436 C:\Windows\System32\dwm.exe
2460 C:\Windows\explorer.exe
2544 C:\PROGRA~2\DUMETE~1\DUMeter.exe
2636 C:\Windows\System32\S3Funkey.exe
2848 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2856 C:\Users\ramesh\AppData\Roaming\Google\Google Talk\googletalk.exe
3028 C:\Windows\System32\SearchIndexer.exe
436 C:\Program Files (x86)\Skype\Phone\Skype.exe
2008 C:\Program Files (x86)\Tata Photon Whiz\Aide.exe
1996 C:\Program Files (x86)\AutorunRemover\AutorunRemover.exe
2408 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3284 C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
3404 C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
3932 C:\Windows\System32\notepad.exe
976 C:\Windows\System32\svchost.exe
3248 C:\Windows\System32\svchost.exe
3160 C:\Program Files\Windows Media Player\wmpnetwk.exe
3376 C:\Program Files (x86)\FreeVPN\FreeVPN.exe
3712 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3736 C:\Program Files (x86)\FreeVPN\openvpn.exe
3476 C:\Windows\System32\conhost.exe
2388 C:\Users\ramesh\Downloads\MBRCheck.exe
3132 C:\Windows\System32\conhost.exe
3292 C:\Windows\System32\dllhost.exe
3660 taskhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000019`09700000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000000d`c1f00000 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000006`40100000 (NTFS)
PhysicalDrive0 Model Number: WDCWD1600BEVS-22UST0, Rev: 01.01A01
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
OTL logfile created on: 8/23/2010 9:39:31 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\ramesh\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
958.00 Mb Total Physical Memory | 222.00 Mb Available Physical Memory | 23.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48.90 Gb Total Space | 19.98 Gb Free Space | 40.86% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 2.24 Gb Free Space | 8.96% Space Free | Partition Type: NTFS
Drive E: | 45.02 Gb Total Space | 0.31 Gb Free Space | 0.69% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 30.03 Gb Total Space | 0.35 Gb Free Space | 1.17% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: GAMING-PC
Current User Name: ramesh
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/08/23 21:16:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\ramesh\Downloads\OTL.exe
PRC - [2010/08/22 15:14:10 | 002,931,744 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files (x86)\DU Meter\DUMeter.exe
PRC - [2010/08/19 12:13:48 | 001,411,616 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe
PRC - [2010/07/27 05:30:06 | 000,247,808 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2010/06/29 02:27:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/29 02:27:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/23 08:18:08 | 000,322,608 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2010/04/29 19:07:40 | 002,796,032 | ---- | M] (TheFreeVPN) -- C:\Program Files (x86)\FreeVPN\FreeVPN.exe
PRC - [2010/04/02 13:49:18 | 001,370,624 | ---- | M] () -- C:\Program Files (x86)\AutorunRemover\AutorunRemover.exe
PRC - [2009/12/12 02:47:44 | 000,578,048 | ---- | M] () -- C:\Program Files (x86)\FreeVPN\openvpn.exe
PRC - [2009/03/31 16:30:52 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Tata Photon Whiz\Aide.exe
PRC - [2007/01/02 02:52:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\ramesh\AppData\Roaming\Google\Google Talk\googletalk.exe
========== Modules (SafeList) ==========
MOD - [2010/08/23 21:16:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\ramesh\Downloads\OTL.exe
MOD - [2009/07/14 06:44:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 06:33:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_4211 89da2b7fabfc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/06/29 02:27:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/06/29 02:27:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/06/29 02:27:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/14 07:11:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 07:11:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 07:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 07:10:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 07:10:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/19 12:13:48 | 001,411,616 | ---- | M] (Hagel Technologies Ltd.) [Disabled | Running] -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
SRV - [2010/07/27 05:30:06 | 000,247,808 | ---- | M] () [Disabled | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010/07/27 04:11:20 | 000,057,640 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/07/06 20:33:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/06/23 08:18:08 | 000,322,608 | ---- | M] () [Disabled | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ms corsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/04/29 0318 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2010/06/29 02:03:00 | 000,061,008 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/06/17 02:03:40 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2010/05/16 13:30:00 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/02/24 07:06:20 | 000,726,816 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2010/01/21 14:54:26 | 000,018,944 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2009/12/30 11:31:40 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.s ys -- (UsbserFilt)
DRV:64bit: - [2009/12/30 11:31:30 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2009/12/30 11:31:30 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sy s -- (upperdev)
DRV:64bit: - [2009/12/30 11:25:12 | 000,173,056 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2009/12/30 11:25:10 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2009/11/20 16:26:50 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009/08/13 08:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:64bit: - [2009/07/23 04:46:26 | 000,049,792 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FETN62A.sys -- (FETNDIS)
DRV:64bit: - [2009/07/14 07:22:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 07:22:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 07:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 07:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 07:17:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 07:15:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 07:15:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 07:15:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 07:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 05:36:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/07/14 05:12:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 05:12:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 04:54:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/11 02:31:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/11 02:31:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/11 02:31:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/11 02:08:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 02:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 02:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 02:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 02:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/29 03
DRV:64bit: - [2009/02/12 14:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/12 14:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/12 14:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/10/17 02:11:56 | 001,023,488 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VTGKModeDX64.sys -- (S3GIGP)
DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/07/24 12:04:34 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2007/05/24 11:32:32 | 000,305,464 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2006/06/17 22:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2005/09/23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2010/08/19 12:13:52 | 000,020,904 | ---- | M] (Hagel Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\DU Meter\DUMetr64.sys -- (DUMeterDrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Program Files (x86)\HotSpot_International\tbHotS.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = mp3, mp3 download, download mp3 songs
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = India MSN Homepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 B7 DC 34 8C 17 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Program Files (x86)\HotSpot_International\tbHotS.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "HotSpot International Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2604146&SearchSource=3&q={s earchTerms}"
FF - prefs.js..browser.search.selectedEngine: "HotSpot International Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://shop.thefreevpn.com/home.php"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {0002ee26-8c11-49eb-9cdf-56eeffef664f}:2.6.0.15
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.9.8
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 895
FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.backup.gopher_port: 895
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 895
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 895
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 895
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 895
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 895
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 895
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 895
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FE F-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/05/17 07:18:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/13 21:20:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/21 19:18:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB 7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/05/17 07:18:55 | 000,000,000 | ---D | M]
[2010/04/24 21:03:57 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\Mozilla\Extensions
[2010/08/23 09:09:31 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\Mozilla\Firefox\Pr ofiles\274le5rg.default\extensions
[2010/08/17 17:55:05 | 000,000,000 | ---D | M] (HotSpot International Toolbar) -- C:\Users\ramesh\AppData\Roaming\Mozilla\Firefox\Pr ofiles\274le5rg.default\extensions\{0002ee26-8c11-49eb-9cdf-56eeffef664f}
[2010/07/19 09:05:51 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\ramesh\AppData\Roaming\Mozilla\Firefox\Pr ofiles\274le5rg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/04/21 20:07:06 | 000,000,945 | ---- | M] () -- C:\Users\ramesh\AppData\Roaming\Mozilla\Firefox\Pr ofiles\274le5rg.default\searchplugins\conduit.xml
[2010/08/17 17:55:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/25 13:02:17 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/09 13:59:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/09 13:58:51 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2010/02/19 15:43:12 | 000,001,465 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 sls.microsoft.com
O1 - Hosts: 127.0.0.1 genuine.microsoft.com
O1 - Hosts: 127.0.0.1 wat.microsoft.com
O1 - Hosts: 127.0.0.1 mpa.microsoft.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (HotSpot International Toolbar) - {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Program Files (x86)\HotSpot_International\tbHotS.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (HotSpot International Toolbar) - {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Program Files (x86)\HotSpot_International\tbHotS.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (HotSpot International Toolbar) - {0002EE26-8C11-49EB-9CDF-56EEFFEF664F} - C:\Program Files (x86)\HotSpot_International\tbHotS.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [S3Funkey] C:\Windows\SysNative\S3Funkey.exe (S3 Graphics Co., Ltd.)
O4:64bit: - HKLM..\Run: [S3Trayp] C:\Windows\SysNative\s3trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [Aide] C:\Program Files (x86)\Tata Photon Whiz\Aide.exe ()
O4 - HKLM..\Run: [AutorunRemover.exe] C:\Program Files (x86)\AutorunRemover\AutorunRemover.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [googletalk] C:\Users\ramesh\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\idmmbc.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\idmmbc.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\idmmbc.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\idmmbc.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\idmmbc.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\idmmbc.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\idmmbc.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\idmmbc.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\idmmbc.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\idmmbc.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\SysNative\idmmbc.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 87.117.198.200 87.117.237.100 87.117.196.200
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.ex e (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysWow64\DreamScene.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2feb002b-634b-11df-8de3-00106092d6de}\Shell - "" = AutoRun
O33 - MountPoints2\{2feb002b-634b-11df-8de3-00106092d6de}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{2feb0031-634b-11df-8de3-00106092d6de}\Shell - "" = AutoRun
O33 - MountPoints2\{2feb0031-634b-11df-8de3-00106092d6de}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{fddfce12-68d3-11df-be97-0040d0d4b17c}\Shell - "" = AutoRun
O33 - MountPoints2\{fddfce12-68d3-11df-be97-0040d0d4b17c}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{fef8667a-4f83-11df-b252-00106092d6de}\Shell - "" = AutoRun
O33 - MountPoints2\{fef8667a-4f83-11df-b252-00106092d6de}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 90 Days ==========
[2010/08/23 13:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/08/23 13:40:47 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Documents\Simply Super Software
[2010/08/23 13:40:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2010/08/23 13:40:34 | 000,000,000 | ---D | C] -- C:\Users\ramesh\AppData\Roaming\Simply Super Software
[2010/08/23 13:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010/08/23 08:30:18 | 000,000,000 | ---D | C] -- C:\Users\ramesh\AppData\Roaming\IDM
[2010/08/23 08:30:18 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Documents\Downloads
[2010/08/23 08:30:16 | 000,000,000 | ---D | C] -- C:\Users\ramesh\AppData\Roaming\DMCache
[2010/08/23 08:29:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Download Manager
[2010/08/23 06
[2010/08/23 06:20:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Youtube Downloader HD
[2010/08/22 16:29:03 | 000,000,000 | ---D | C] -- C:\Trend Micro
[2010/08/22 09:09:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Hagel Technologies
[2010/08/22 09:09:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DU Meter
[2010/08/21 18:24:57 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Desktop\Sura BGM
[2010/08/21 13:20:40 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Desktop\Sample Invitation + Pictures
[2010/08/19 06:45:27 | 000,000,000 | ---D | C] -- C:\Users\ramesh\AppData\Roaming\Passport Photo Studio
[2010/08/19 06:45:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Passport Photo Studio
[2010/08/19 00:39:04 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Desktop\Endhiran Audio Release Function
[2010/08/17 22:07:45 | 000,031,232 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2010/08/17 22:07:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeVPN
[2010/08/17 17:54:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/08/17 17:54:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HotSpot_International
[2010/08/17 17:52:42 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2010/08/17 17:52:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hotspot Shield
[2010/08/17 07:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\myWIFIzone
[2010/08/16 23:34:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wireless WEP Key Password Spy
[2010/08/15 12:58:46 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Desktop\Robot hindi
[2010/08/14 00:34:35 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Desktop\Trojan Remover 6.8.2 build 2596
[2010/08/13 22:53:41 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Desktop\New folder (2)
[2010/08/12 18:12:11 | 000,091,568 | ---- | C] (PowerISO Computing, Inc.) -- C:\Windows\SysNative\drivers\scdemu.sys
[2010/08/12 18:12:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2010/08/08 19:01:20 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Desktop\Endhiran pictures
[2010/08/07 10:18:36 | 000,000,000 | ---D | C] -- C:\Users\ramesh\AppData\Local\Apps
[2010/08/07 10:18:34 | 000,000,000 | ---D | C] -- C:\Users\ramesh\AppData\Local\Deployment
[2010/08/07 09:54:30 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Documents\GTA Vice City User Files
[2010/08/06 06:33:51 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Desktop\Tracks (u)
[2010/08/03 18:41:28 | 000,000,000 | ---D | C] -- C:\DriveKey
[2010/08/01 08:43:32 | 000,000,000 | ---D | C] -- C:\Users\ramesh\AppData\Roaming\vlc
[2010/07/30 21:19:42 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Desktop\New movies
[2010/07/22 00:37:58 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Desktop\Sample Invitations
[2010/07/19 11:33:33 | 000,000,000 | ---D | C] -- C:\Users\ramesh\AppData\Roaming\mIRC
[2010/07/18 16:10:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader
[2010/07/15 19:27:54 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Desktop\All Folders
[2010/07/15 19:15:14 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Desktop\Program Files
[2010/07/14 22:34:39 | 000,000,000 | ---D | C] -- C:\Users\ramesh\AppData\Roaming\OtakuSoftware
[2010/07/14 20:39:45 | 000,000,000 | ---D | C] -- C:\Users\ramesh\AppData\Roaming\Outerspace Software
[2010/07/14 20:39:45 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Documents\BluffTitler
[2010/07/13 20:10:40 | 000,000,000 | ---D | C] -- C:\Users\ramesh\AppData\Local\Stardock
[2010/07/13 20:09:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock
[2010/07/13 20:09:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Stardock
[2010/07/11 17:13:36 | 000,020,048 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/07/11 17:13:35 | 000,121,936 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/07/11 17:13:34 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/07/11 17:13:29 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/07/11 17:13:26 | 000,061,008 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/07/11 17:12:36 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/07/11 17:12:36 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/07/11 17:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/07/10 11:48:46 | 000,000,000 | -HSD | C] -- C:\found.001
[2010/07/05 02:34:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/06/27 23:40:39 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Desktop\Kaadhal Solla Vanthen (2010) U
[2010/06/20 15:31:20 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010/06/17 02:03:40 | 000,037,888 | ---- | C] (AnchorFree Inc) -- C:\Windows\SysNative\drivers\taphss.sys
[2010/05/29 18
[2010/05/29 17:31:12 | 000,000,000 | ---D | C] -- C:\Users\ramesh\AppData\Roaming\Yahoo!
[2010/05/26 18:27:42 | 000,210,352 | ---- | C] (Tonec Inc.) -- C:\Windows\SysWow64\idmmbc.dll
[2010/05/16 13:30:00 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\ramesh\AppData\Roaming\pcouffin.sys
========== Files - Modified Within 90 Days ==========
[2010/08/23 21:42:15 | 002,359,296 | -HS- | M] () -- C:\Users\ramesh\NTUSER.DAT
[2010/08/23 21:25:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/23 21:25:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/23 21:25:31 | 753,491,968 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/23 21:24:30 | 000,016,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/23 21:24:30 | 000,016,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/23 21:23:07 | 004,549,080 | -H-- | M] () -- C:\Users\ramesh\AppData\Local\IconCache.db
[2010/08/23 21:19:05 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1769084388-1775280267-758000404-1000UA.job
[2010/08/23 17:35:27 | 000,033,494 | ---- | M] () -- C:\Users\ramesh\Desktop\www_megaupload_default.htm l
[2010/08/23 17:27:42 | 000,018,202 | ---- | M] () -- C:\Users\ramesh\Desktop\-PDVD-Rip--N--M--A----500MB---X264---SNV-.mp4.001.html
[2010/08/23 11:48:55 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/08/23 11:48:55 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/08/23 07:19:09 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1769084388-1775280267-758000404-1000Core.job
[2010/08/22 16:29:03 | 000,002,941 | ---- | M] () -- C:\Users\ramesh\Desktop\HiJackThis.lnk
[2010/08/21 21:01:08 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/21 21:01:08 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/21 21:01:08 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/21 08:41:14 | 000,197,542 | ---- | M] () -- C:\Users\ramesh\Desktop\40308_421677243945_5027239 45_5006006_2524397_n.jpg
[2010/08/20 22:24:50 | 000,002,364 | ---- | M] () -- C:\Users\ramesh\Desktop\Google Chrome.lnk
[2010/08/20 20:27:54 | 000,000,326 | ---- | M] () -- C:\Users\ramesh\AppData\Roaming\PassportPhotoStudi o
[2010/08/20 07:09:51 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk
[2010/08/17 22:07:47 | 000,001,015 | ---- | M] () -- C:\Users\ramesh\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeVPN.lnk
[2010/08/17 22:07:47 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\FreeVPN.lnk
[2010/08/17 18:22:49 | 005,694,152 | ---- | M] () -- C:\Users\ramesh\Desktop\HSS-1.49-install-webroot-239-conduit2.exe
[2010/08/17 00:17:00 | 000,168,180 | ---- | M] () -- C:\Users\ramesh\Desktop\Untitled.jpg
[2010/08/15 16:46:54 | 000,105,506 | ---- | M] () -- C:\Users\ramesh\Desktop\Baana_Kaathadi_4110.jpg
[2010/08/15 14:16:39 | 000,326,843 | ---- | M] () -- C:\Users\ramesh\Desktop\Endhiran cut.mp3
[2010/08/15 12:23:02 | 001,276,591 | ---- | M] () -- C:\Users\ramesh\Desktop\pic4.jpg
[2010/08/15 12:19:26 | 001,304,681 | ---- | M] () -- C:\Users\ramesh\Desktop\pic3.jpg
[2010/08/15 12:15:25 | 001,130,845 | ---- | M] () -- C:\Users\ramesh\Desktop\pic2.jpg
[2010/08/15 11:53:32 | 001,144,823 | ---- | M] () -- C:\Users\ramesh\Desktop\Untitled-1.jpg
[2010/08/14 21
[2010/08/14 15:36:52 | 000,573,517 | ---- | M] () -- C:\Users\ramesh\Desktop\Inaugural.jpg
[2010/08/13 19:36:28 | 000,092,477 | ---- | M] () -- C:\Users\ramesh\Desktop\5084_93298434254_579359254 _1842982_5968112_n.jpg
[2010/08/13 07:26:37 | 000,000,792 | ---- | M] () -- C:\Users\ramesh\Desktop\sgs.html
[2010/08/11 00:54:32 | 000,000,742 | ---- | M] () -- C:\Users\ramesh\Desktop\ex1.html
[2010/08/10 22:58:47 | 000,485,082 | ---- | M] () -- C:\Users\ramesh\Desktop\21njqmq.gif
[2010/08/10 22:40:37 | 000,291,982 | ---- | M] () -- C:\Users\ramesh\Desktop\2vht16q.gif
[2010/08/07 15:57:56 | 000,044,194 | ---- | M] () -- C:\Users\ramesh\Desktop\Presentation1.pptx
[2010/08/07 08:13:18 | 000,261,261 | ---- | M] () -- C:\Users\ramesh\Desktop\professional-design.jpg
[2010/08/06 04:55:07 | 000,137,464 | ---- | M] () -- C:\Users\ramesh\Desktop\35969_1240770998978_182041 5720_462354_7582709_n.jpg
[2010/08/03 18:26:32 | 000,013,563 | ---- | M] () -- C:\Users\ramesh\Desktop\Designing webpage using HTML forms.docx
[2010/07/29 19:42:31 | 000,010,752 | ---- | M] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/07/28 21:50:56 | 003,347,932 | ---- | M] () -- C:\Users\ramesh\Desktop\virus file.rar
[2010/07/24 03:23:39 | 000,641,259 | ---- | M] () -- C:\Users\ramesh\Desktop\hall1.jpg
[2010/07/24 03:10:35 | 000,478,081 | ---- | M] () -- C:\Users\ramesh\Desktop\test.jpg
[2010/07/24 02:42:26 | 002,099,604 | ---- | M] () -- C:\Users\ramesh\Desktop\dept.jpg
[2010/07/24 02:40:28 | 002,341,024 | ---- | M] () -- C:\Users\ramesh\Desktop\sam 55.jpg
[2010/07/24 02:38:42 | 002,405,298 | ---- | M] () -- C:\Users\ramesh\Desktop\sam 5.jpg
[2010/07/23 22:48:32 | 000,004,099 | ---- | M] () -- C:\ProgramData\wmohyyzs.rfd
[2010/07/18 12:25:52 | 000,002,161 | ---- | M] () -- C:\Windows\Graffiti5.2Pin.ini
[2010/07/11 17:13:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/07/10 07:57:11 | 000,004,105 | ---- | M] () -- C:\ProgramData\rugqgaaw.ekm
[2010/07/04 21:41:40 | 000,565,248 | ---- | M] () -- C:\Users\ramesh\Desktop\Raji Microprocessor Manual.doc
[2010/06/29 02:27:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/06/29 02:27:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/06/29 02:07:56 | 000,051,280 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/06/29 02:07:36 | 000,121,936 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/06/29 02:03:17 | 000,028,752 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/06/29 02:03:00 | 000,061,008 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/06/29 02:02:36 | 000,020,048 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/06/17 02:03:40 | 000,037,888 | ---- | M] (AnchorFree Inc) -- C:\Windows\SysNative\drivers\taphss.sys
[2010/06/04 23:47:44 | 004,669,149 | ---- | M] () -- C:\Users\ramesh\Desktop\Blue Foundation - Eyes On Fire.mp3
[2010/05/30 19:16:20 | 000,000,403 | ---- | M] () -- C:\Windows\win.ini
[2010/05/29 17:16:15 | 000,001,159 | ---- | M] () -- C:\Users\ramesh\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
========== Files Created - No Company Name ==========
[2010/08/23 17:35:20 | 000,033,494 | ---- | C] () -- C:\Users\ramesh\Desktop\www_megaupload_default.htm l
[2010/08/23 17:27:37 | 000,018,202 | ---- | C] () -- C:\Users\ramesh\Desktop\-PDVD-Rip--N--M--A----500MB---X264---SNV-.mp4.001.html
[2010/08/23 13:40:39 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2010/08/23 13:40:39 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2010/08/23 13:40:39 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2010/08/23 13:40:38 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2010/08/23 11:48:48 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/08/23 11:48:48 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2010/08/23 09:10:06 | 000,313,323 | ---- | C] () -- C:\Users\ramesh\Desktop\warez sigs.docx
[2010/08/22 16:29:03 | 000,002,941 | ---- | C] () -- C:\Users\ramesh\Desktop\HiJackThis.lnk
[2010/08/21 08:40:46 | 000,197,542 | ---- | C] () -- C:\Users\ramesh\Desktop\40308_421677243945_5027239 45_5006006_2524397_n.jpg
[2010/08/19 06:45:30 | 000,000,326 | ---- | C] () -- C:\Users\ramesh\AppData\Roaming\PassportPhotoStudi o
[2010/08/17 22:07:47 | 000,001,015 | ---- | C] () -- C:\Users\ramesh\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeVPN.lnk
[2010/08/17 22:07:47 | 000,000,991 | ---- | C] () -- C:\Users\Public\Desktop\FreeVPN.lnk
[2010/08/17 18:16:29 | 005,694,152 | ---- | C] () -- C:\Users\ramesh\Desktop\HSS-1.49-install-webroot-239-conduit2.exe
[2010/08/17 17:55:33 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk
[2010/08/17 00:16:59 | 000,168,180 | ---- | C] () -- C:\Users\ramesh\Desktop\Untitled.jpg
[2010/08/15 16:46:42 | 000,105,506 | ---- | C] () -- C:\Users\ramesh\Desktop\Baana_Kaathadi_4110.jpg
[2010/08/15 14:15:33 | 000,326,843 | ---- | C] () -- C:\Users\ramesh\Desktop\Endhiran cut.mp3
[2010/08/15 12:22:58 | 001,276,591 | ---- | C] () -- C:\Users\ramesh\Desktop\pic4.jpg
[2010/08/15 12:17:34 | 001,304,681 | ---- | C] () -- C:\Users\ramesh\Desktop\pic3.jpg
[2010/08/15 12:14:26 | 001,130,845 | ---- | C] () -- C:\Users\ramesh\Desktop\pic2.jpg
[2010/08/15 11:53:31 | 001,144,823 | ---- | C] () -- C:\Users\ramesh\Desktop\Untitled-1.jpg
[2010/08/14 15:36:48 | 000,573,517 | ---- | C] () -- C:\Users\ramesh\Desktop\Inaugural.jpg
[2010/08/14 15:09:04 | 004,669,149 | ---- | C] () -- C:\Users\ramesh\Desktop\Blue Foundation - Eyes On Fire.mp3
[2010/08/13 19:36:16 | 000,092,477 | ---- | C] () -- C:\Users\ramesh\Desktop\5084_93298434254_579359254 _1842982_5968112_n.jpg
[2010/08/12 22:17:01 | 000,000,792 | ---- | C] () -- C:\Users\ramesh\Desktop\sgs.html
[2010/08/12 22:16:51 | 000,000,742 | ---- | C] () -- C:\Users\ramesh\Desktop\ex1.html
[2010/08/10 22:58:37 | 000,485,082 | ---- | C] () -- C:\Users\ramesh\Desktop\21njqmq.gif
[2010/08/10 22:40:33 | 000,291,982 | ---- | C] () -- C:\Users\ramesh\Desktop\2vht16q.gif
[2010/08/07 15:42:16 | 000,044,194 | ---- | C] () -- C:\Users\ramesh\Desktop\Presentation1.pptx
[2010/08/07 08:13:03 | 000,261,261 | ---- | C] () -- C:\Users\ramesh\Desktop\professional-design.jpg
[2010/08/06 04:54:57 | 000,137,464 | ---- | C] () -- C:\Users\ramesh\Desktop\35969_1240770998978_182041 5720_462354_7582709_n.jpg
[2010/08/03 18:37:41 | 005,483,264 | ---- | C] () -- C:\Users\ramesh\Desktop\37. Mis-teeq - One night stand.mp3
[2010/08/03 18:25:55 | 000,013,563 | ---- | C] () -- C:\Users\ramesh\Desktop\Designing webpage using HTML forms.docx
[2010/07/27 18:27:21 | 018,207,566 | ---- | C] () -- C:\Users\ramesh\Desktop\02.Neethane.AVI
[2010/07/24 03:23:28 | 000,641,259 | ---- | C] () -- C:\Users\ramesh\Desktop\hall1.jpg
[2010/07/24 03:10:34 | 000,478,081 | ---- | C] () -- C:\Users\ramesh\Desktop\test.jpg
[2010/07/24 02:42:22 | 002,099,604 | ---- | C] () -- C:\Users\ramesh\Desktop\dept.jpg
[2010/07/24 02:40:28 | 002,341,024 | ---- | C] () -- C:\Users\ramesh\Desktop\sam 55.jpg
[2010/07/24 02:38:41 | 002,405,298 | ---- | C] () -- C:\Users\ramesh\Desktop\sam 5.jpg
[2010/07/23 22:48:32 | 000,004,099 | ---- | C] () -- C:\ProgramData\wmohyyzs.rfd
[2010/07/10 07:57:11 | 000,004,105 | ---- | C] () -- C:\ProgramData\rugqgaaw.ekm
[2010/07/07 23:29:24 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/07/04 21:41:29 | 000,565,248 | ---- | C] () -- C:\Users\ramesh\Desktop\Raji Microprocessor Manual.doc
[2010/07/03 08:22:37 | 000,002,364 | ---- | C] () -- C:\Users\ramesh\Desktop\Google Chrome.lnk
[2010/07/03 07:14:35 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1769084388-1775280267-758000404-1000UA.job
[2010/07/03 07:14:33 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1769084388-1775280267-758000404-1000Core.job
[2010/05/29 17:16:15 | 000,001,159 | ---- | C] () -- C:\Users\ramesh\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/05/20 02:12:26 | 000,000,281 | ---- | C] () -- C:\Windows\pdf2word.INI
[2010/05/16 13:32:22 | 000,001,041 | ---- | C] () -- C:\Users\ramesh\AppData\Roaming\vso_ts_preview.xml
[2010/05/16 13:31:41 | 000,000,034 | ---- | C] () -- C:\Users\ramesh\AppData\Roaming\pcouffin.log
[2010/05/16 13:30:00 | 000,099,384 | ---- | C] () -- C:\Users\ramesh\AppData\Roaming\inst.exe
[2010/05/16 13:30:00 | 000,007,859 | ---- | C] () -- C:\Users\ramesh\AppData\Roaming\pcouffin.cat
[2010/05/16 13:30:00 | 000,001,167 | ---- | C] () -- C:\Users\ramesh\AppData\Roaming\pcouffin.inf
[2010/05/06 17:52:54 | 001,481,728 | ---- | C] () -- C:\Windows\SysWow64\LegitCheckControl.dll
[2010/05/06 17:52:54 | 000,190,976 | ---- | C] () -- C:\Windows\SysWow64\WgaLogon.dll
[2010/05/04 11:41:38 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\ZDTRLib.DLL
[2010/05/04 11:41:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ZD12APP.dll
[2010/05/04 11:41:38 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD.dll
[2010/04/30 01:32:26 | 000,004,608 | ---- | C] () -- C:\Users\ramesh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/25 22:04:27 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/04/25 07:05:39 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2010/04/25 07:05:39 | 000,002,161 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini
[2009/07/14 05:12:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 02:33:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2003/12/22 14:40:06 | 001,663,068 | ---- | C] () -- C:\Windows\SysWow64\libmmd.dll
========== LOP Check ==========
[2010/05/16 12:47:25 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\Bug Doctor
[2010/08/23 11:49:30 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\DMCache
[2010/08/23 17:35:27 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\IDM
[2010/05/17 18:05:44 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\Nokia
[2010/05/17 18:05:47 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\Nokia Ovi Suite
[2010/07/14 22:34:39 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\OtakuSoftware
[2010/07/14 20:39:45 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\Outerspace Software
[2010/08/20 20:27:55 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\Passport Photo Studio
[2010/05/17 0755 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\PC Suite
[2010/07/03 12:23:17 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\proDAD
[2010/08/23 13:40:34 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\Simply Super Software
[2010/08/06 06:58:45 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\TeamViewer
[2010/08/23 13:40:14 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\TeraCopy
[2010/05/20 02
[2010/08/23 17:09:04 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\uTorrent
[2010/05/16 17:05:25 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\Vso
[2010/05/22 07
[2010/08/23 06:55:33 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\Youtube Downloader HD
[2010/07/18 17:37:22 | 000,025,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/08/23 21:25:31 | 753,491,968 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/23 21:25:36 | 1073,741,824 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2009/07/14 11:02:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 11:02:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 11:02:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 11:02:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 06:45:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009/07/14 06:45:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\user32.dll /md5 >
[2009/07/14 06:41:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2009/07/14 06:46:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
< %systemroot%\system32\ws2help.dll /md5 >
[2009/07/14 06:41:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
========== Alternate Data Streams ==========
@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >
NEW HIJACKTHIS LOG
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:34:00 PM, on 8/23/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\PROGRA~2\DUMETE~1\DUMeter.exe
C:\Users\ramesh\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Tata Photon Whiz\Aide.exe
C:\Program Files (x86)\AutorunRemover\AutorunRemover.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Tata Photon Whiz\Tata Photon Whiz.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mp3, mp3 download, download mp3 songs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Free Online News, Sport, Music, Movies, Money, Cars and Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Free Online News, Sport, Music, Movies, Money, Cars and Windows Live from MSN UK
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: HotSpot International Toolbar - {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Program Files (x86)\HotSpot_International\tbHotS.dll
O2 - BHO: HotSpot International Toolbar - {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Program Files (x86)\HotSpot_International\tbHotS.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: HotSpot International Toolbar - {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Program Files (x86)\HotSpot_International\tbHotS.dll
O4 - HKLM\..\Run: [Aide] "C:\Program Files (x86)\Tata Photon Whiz\Aide.exe"
O4 - HKLM\..\Run: [AutorunRemover.exe] C:\Program Files (x86)\AutorunRemover\AutorunRemover.exe -Hide
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [googletalk] C:\Users\ramesh\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F50BC3A-4E7D-4EDB-BD90-88B2C73AC029}: NameServer = 121.242.190.180 121.242.190.211
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1225EE1-C74C-4A01-B42F-9C59AA2F44BA}: NameServer = 10.28.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\SysWow64\DreamScene.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7681 bytes
Senior Member
You have very little RAM as for Windows 7:
Windows 7 would like to run on at least 2GB of RAM. You'd see vast improvement.958.00 Mb Total Physical Memory
================================================== ===============
I don't need HJT log. We don't use it anymore around here.
================================================== ==============
Update your Java version here: Verify Java Version
Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.
Now, we need to remove old Java version and its remnants...
Download JavaRa to your desktop and unzip it to its own folder
- Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
- Accept any prompts.
================================================== ===========
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code::OTL O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O4 - HKCU..\Run: [] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysWow64\DreamScene.dll File not found O33 - MountPoints2\{2feb002b-634b-11df-8de3-00106092d6de}\Shell - "" = AutoRun O33 - MountPoints2\{2feb002b-634b-11df-8de3-00106092d6de}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{2feb0031-634b-11df-8de3-00106092d6de}\Shell - "" = AutoRun O33 - MountPoints2\{2feb0031-634b-11df-8de3-00106092d6de}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{fddfce12-68d3-11df-be97-0040d0d4b17c}\Shell - "" = AutoRun O33 - MountPoints2\{fddfce12-68d3-11df-be97-0040d0d4b17c}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{fef8667a-4f83-11df-b252-00106092d6de}\Shell - "" = AutoRun O33 - MountPoints2\{fef8667a-4f83-11df-b252-00106092d6de}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found [2010/07/23 22:48:32 | 000,004,099 | ---- | M] () -- C:\ProgramData\wmohyyzs.rfd [2010/07/10 07:57:11 | 000,004,105 | ---- | M] () -- C:\ProgramData\rugqgaaw.ekm @Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:CB0AACC9 :Services :Reg :Files :Commands [purity] [emptytemp] [emptyflash] [Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Elite Member
after scanning this is what i got...
OTL logfile created on: 8/24/2010 5:03:13 PM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\ramesh\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
958.00 Mb Total Physical Memory | 113.00 Mb Available Physical Memory | 12.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 45.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48.90 Gb Total Space | 19.50 Gb Free Space | 39.87% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 2.24 Gb Free Space | 8.96% Space Free | Partition Type: NTFS
Drive E: | 45.02 Gb Total Space | 0.31 Gb Free Space | 0.69% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 30.03 Gb Total Space | 0.35 Gb Free Space | 1.17% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: GAMING-PC
Current User Name: ramesh
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/08/23 21:16:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\ramesh\Downloads\OTL.exe
PRC - [2010/08/13 21:20:33 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/06/29 02:27:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/29 02:27:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/29 19:07:40 | 002,796,032 | ---- | M] (TheFreeVPN) -- C:\Program Files (x86)\FreeVPN\FreeVPN.exe
PRC - [2010/04/02 13:49:18 | 001,370,624 | ---- | M] () -- C:\Program Files (x86)\AutorunRemover\AutorunRemover.exe
PRC - [2009/12/12 02:47:44 | 000,578,048 | ---- | M] () -- C:\Program Files (x86)\FreeVPN\openvpn.exe
PRC - [2009/03/31 16:30:52 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Tata Photon Whiz\Aide.exe
PRC - [2008/07/28 15:05:28 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Tata Photon Whiz\Tata Photon Whiz.exe
PRC - [2007/01/02 02:52:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\ramesh\AppData\Roaming\Google\Google Talk\googletalk.exe
========== Modules (SafeList) ==========
MOD - [2010/08/23 21:16:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\ramesh\Downloads\OTL.exe
MOD - [2009/07/14 06:44:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 06:33:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_4211 89da2b7fabfc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/06/29 02:27:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/06/29 02:27:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/06/29 02:27:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/14 07:11:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 07:11:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 07:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 07:10:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 07:10:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/19 12:13:48 | 001,411,616 | ---- | M] (Hagel Technologies Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
SRV - [2010/07/27 05:30:06 | 000,247,808 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010/07/27 04:11:20 | 000,057,640 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/07/06 20:33:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/06/23 08:18:08 | 000,322,608 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ms corsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/04/29 03
========== Driver Services (SafeList) ==========
DRV:64bit: - [2010/06/29 02:03:00 | 000,061,008 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/06/17 02:03:40 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2010/05/16 13:30:00 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/02/24 07:06:20 | 000,726,816 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2010/01/21 14:54:26 | 000,018,944 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2009/12/30 11:31:40 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.s ys -- (UsbserFilt)
DRV:64bit: - [2009/12/30 11:31:30 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2009/12/30 11:31:30 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sy s -- (upperdev)
DRV:64bit: - [2009/12/30 11:25:12 | 000,173,056 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2009/12/30 11:25:10 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2009/11/20 16:26:50 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009/08/13 08:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:64bit: - [2009/07/23 04:46:26 | 000,049,792 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FETN62A.sys -- (FETNDIS)
DRV:64bit: - [2009/07/14 07:22:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 07:22:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 07:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 07:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 07:17:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 07:15:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 07:15:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 07:15:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 07:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 05:36:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/07/14 05:12:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 05:12:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 04:54:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/11 02:31:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/11 02:31:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/11 02:31:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/11 02:08:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 02:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 02:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 02:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 02:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/29 03
DRV:64bit: - [2009/02/12 14:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/12 14:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/12 14:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/10/17 02:11:56 | 001,023,488 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VTGKModeDX64.sys -- (S3GIGP)
DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/07/24 12:04:34 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2007/05/24 11:32:32 | 000,305,464 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2006/06/17 22:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2005/09/23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2010/08/19 12:13:52 | 000,020,904 | ---- | M] (Hagel Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\DU Meter\DUMetr64.sys -- (DUMeterDrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Program Files (x86)\HotSpot_International\tbHotS.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = mp3, mp3 download, download mp3 songs
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = India MSN Homepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 B7 DC 34 8C 17 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Program Files (x86)\HotSpot_International\tbHotS.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "HotSpot International Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2604146&SearchSource=3&q={s earchTerms}"
FF - prefs.js..browser.search.selectedEngine: "HotSpot International Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://shop.thefreevpn.com/home.php"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {0002ee26-8c11-49eb-9cdf-56eeffef664f}:2.6.0.15
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.9.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 895
FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.backup.gopher_port: 895
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 895
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 895
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 895
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 895
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 895
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 895
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 895
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FE F-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/05/17 07:18:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/13 21:20:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/21 19:18:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB 7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/05/17 07:18:55 | 000,000,000 | ---D | M]
[2010/04/24 21:03:57 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\Mozilla\Extensions
[2010/08/24 17:01:26 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\Mozilla\Firefox\Pr ofiles\274le5rg.default\extensions
[2010/08/17 17:55:05 | 000,000,000 | ---D | M] (HotSpot International Toolbar) -- C:\Users\ramesh\AppData\Roaming\Mozilla\Firefox\Pr ofiles\274le5rg.default\extensions\{0002ee26-8c11-49eb-9cdf-56eeffef664f}
[2010/07/19 09:05:51 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\ramesh\AppData\Roaming\Mozilla\Firefox\Pr ofiles\274le5rg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/04/21 20:07:06 | 000,000,945 | ---- | M] () -- C:\Users\ramesh\AppData\Roaming\Mozilla\Firefox\Pr ofiles\274le5rg.default\searchplugins\conduit.xml
[2010/08/24 07:45:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/25 13:02:17 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/09 13:59:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 07:45:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2010/02/19 15:43:12 | 000,001,465 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 sls.microsoft.com
O1 - Hosts: 127.0.0.1 genuine.microsoft.com
O1 - Hosts: 127.0.0.1 wat.microsoft.com
O1 - Hosts: 127.0.0.1 mpa.microsoft.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (HotSpot International Toolbar) - {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Program Files (x86)\HotSpot_International\tbHotS.dll (Conduit Ltd.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (HotSpot International Toolbar) - {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Program Files (x86)\HotSpot_International\tbHotS.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (HotSpot International Toolbar) - {0002EE26-8C11-49EB-9CDF-56EEFFEF664F} - C:\Program Files (x86)\HotSpot_International\tbHotS.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [S3Funkey] C:\Windows\SysNative\S3Funkey.exe (S3 Graphics Co., Ltd.)
O4:64bit: - HKLM..\Run: [S3Trayp] C:\Windows\SysNative\s3trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [Aide] C:\Program Files (x86)\Tata Photon Whiz\Aide.exe ()
O4 - HKLM..\Run: [AutorunRemover.exe] C:\Program Files (x86)\AutorunRemover\AutorunRemover.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [googletalk] C:\Users\ramesh\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\idmmbc.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\idmmbc.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\idmmbc.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\idmmbc.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\idmmbc.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\idmmbc.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\idmmbc.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\idmmbc.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\idmmbc.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\idmmbc.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\SysNative\idmmbc.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.ex e (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010/08/24 16:47:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/24 07:49:33 | 000,378,880 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\ramesh\Desktop\JavaRa.exe
[2010/08/24 07:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/08/23 13:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/08/23 13:40:47 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Documents\Simply Super Software
[2010/08/23 13:40:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2010/08/23 13:40:34 | 000,000,000 | ---D | C] -- C:\Users\ramesh\AppData\Roaming\Simply Super Software
[2010/08/23 13:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010/08/23 08:30:18 | 000,000,000 | ---D | C] -- C:\Users\ramesh\AppData\Roaming\IDM
[2010/08/23 08:30:18 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Documents\Downloads
[2010/08/23 08:30:16 | 000,000,000 | ---D | C] -- C:\Users\ramesh\AppData\Roaming\DMCache
[2010/08/23 08:29:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Download Manager
[2010/08/23 06
[2010/08/23 06:20:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Youtube Downloader HD
[2010/08/22 16:29:03 | 000,000,000 | ---D | C] -- C:\Trend Micro
[2010/08/22 09:09:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Hagel Technologies
[2010/08/22 09:09:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DU Meter
[2010/08/21 18:24:57 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Desktop\Sura BGM
[2010/08/21 13:20:40 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Desktop\Sample Invitation + Pictures
[2010/08/19 06:45:27 | 000,000,000 | ---D | C] -- C:\Users\ramesh\AppData\Roaming\Passport Photo Studio
[2010/08/19 06:45:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Passport Photo Studio
[2010/08/19 00:39:04 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Desktop\Endhiran Audio Release Function
[2010/08/17 22:07:45 | 000,031,232 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2010/08/17 22:07:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeVPN
[2010/08/17 17:54:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/08/17 17:54:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HotSpot_International
[2010/08/17 17:52:42 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2010/08/17 17:52:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hotspot Shield
[2010/08/17 07:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\myWIFIzone
[2010/08/16 23:34:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wireless WEP Key Password Spy
[2010/08/15 12:58:46 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Desktop\Robot hindi
[2010/08/14 00:34:35 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Desktop\Trojan Remover 6.8.2 build 2596
[2010/08/13 22:53:41 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Desktop\New folder (2)
[2010/08/12 18:12:11 | 000,091,568 | ---- | C] (PowerISO Computing, Inc.) -- C:\Windows\SysNative\drivers\scdemu.sys
[2010/08/12 18:12:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2010/08/08 19:01:20 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Desktop\Endhiran pictures
[2010/08/07 10:18:36 | 000,000,000 | ---D | C] -- C:\Users\ramesh\AppData\Local\Apps
[2010/08/07 10:18:34 | 000,000,000 | ---D | C] -- C:\Users\ramesh\AppData\Local\Deployment
[2010/08/07 09:54:30 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Documents\GTA Vice City User Files
[2010/08/06 06:33:51 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Desktop\Tracks (u)
[2010/08/03 18:41:28 | 000,000,000 | ---D | C] -- C:\DriveKey
[2010/08/01 08:43:32 | 000,000,000 | ---D | C] -- C:\Users\ramesh\AppData\Roaming\vlc
[2010/07/30 21:19:42 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Desktop\New movies
[2010/07/22 00:37:58 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Desktop\Sample Invitations
[2010/07/19 11:33:33 | 000,000,000 | ---D | C] -- C:\Users\ramesh\AppData\Roaming\mIRC
[2010/07/18 16:10:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader
[2010/07/15 19:27:54 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Desktop\All Folders
[2010/07/15 19:15:14 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Desktop\Program Files
[2010/07/14 22:34:39 | 000,000,000 | ---D | C] -- C:\Users\ramesh\AppData\Roaming\OtakuSoftware
[2010/07/14 20:39:45 | 000,000,000 | ---D | C] -- C:\Users\ramesh\AppData\Roaming\Outerspace Software
[2010/07/14 20:39:45 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Documents\BluffTitler
[2010/07/13 20:10:40 | 000,000,000 | ---D | C] -- C:\Users\ramesh\AppData\Local\Stardock
[2010/07/13 20:09:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock
[2010/07/13 20:09:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Stardock
[2010/07/11 17:13:36 | 000,020,048 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/07/11 17:13:35 | 000,121,936 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/07/11 17:13:34 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/07/11 17:13:29 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/07/11 17:13:26 | 000,061,008 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/07/11 17:12:36 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/07/11 17:12:36 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/07/11 17:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/07/10 11:48:46 | 000,000,000 | -HSD | C] -- C:\found.001
[2010/07/05 02:34:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/06/27 23:40:39 | 000,000,000 | ---D | C] -- C:\Users\ramesh\Desktop\Kaadhal Solla Vanthen (2010) U
[2010/06/20 15:31:20 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010/06/17 02:03:40 | 000,037,888 | ---- | C] (AnchorFree Inc) -- C:\Windows\SysNative\drivers\taphss.sys
[2010/05/29 18
[2010/05/29 17:31:12 | 000,000,000 | ---D | C] -- C:\Users\ramesh\AppData\Roaming\Yahoo!
[2010/05/26 18:27:42 | 000,210,352 | ---- | C] (Tonec Inc.) -- C:\Windows\SysWow64\idmmbc.dll
[2010/05/16 13:30:00 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\ramesh\AppData\Roaming\pcouffin.sys
========== Files - Modified Within 90 Days ==========
[2010/08/24 17:09:36 | 002,359,296 | -HS- | M] () -- C:\Users\ramesh\NTUSER.DAT
[2010/08/24 17:08:37 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/24 17:08:37 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/24 17:08:37 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/24 16:44:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/24 16:43:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/24 16:43:50 | 753,491,968 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/24 07:50:53 | 004,559,119 | -H-- | M] () -- C:\Users\ramesh\AppData\Local\IconCache.db
[2010/08/24 07:25:53 | 000,016,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/24 07:25:53 | 000,016,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/24 07:19:04 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1769084388-1775280267-758000404-1000Core.job
[2010/08/24 07:19:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1769084388-1775280267-758000404-1000UA.job
[2010/08/24 05:03:52 | 061,018,960 | ---- | M] () -- C:\Users\ramesh\Desktop\NN 3_(480p).flv
[2010/08/24 04:52:54 | 053,093,724 | ---- | M] () -- C:\Users\ramesh\Desktop\NN 4_(480p).flv
[2010/08/24 04:32:53 | 051,024,599 | ---- | M] () -- C:\Users\ramesh\Desktop\NN 2_(480p).flv
[2010/08/23 17:35:27 | 000,033,494 | ---- | M] () -- C:\Users\ramesh\Desktop\www_megaupload_default.htm l
[2010/08/23 17:27:42 | 000,018,202 | ---- | M] () -- C:\Users\ramesh\Desktop\-PDVD-Rip--N--M--A----500MB---X264---SNV-.mp4.001.html
[2010/08/23 11:48:55 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/08/23 11:48:55 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/08/23 02:00:26 | 077,034,076 | ---- | M] () -- C:\Users\ramesh\Desktop\NN 1 [www.keepvid.com].flv
[2010/08/22 16:29:03 | 000,002,941 | ---- | M] () -- C:\Users\ramesh\Desktop\HiJackThis.lnk
[2010/08/21 08:41:14 | 000,197,542 | ---- | M] () -- C:\Users\ramesh\Desktop\40308_421677243945_5027239 45_5006006_2524397_n.jpg
[2010/08/20 22:24:50 | 000,002,364 | ---- | M] () -- C:\Users\ramesh\Desktop\Google Chrome.lnk
[2010/08/20 20:27:54 | 000,000,326 | ---- | M] () -- C:\Users\ramesh\AppData\Roaming\PassportPhotoStudi o
[2010/08/20 07:09:51 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk
[2010/08/17 22:07:47 | 000,001,015 | ---- | M] () -- C:\Users\ramesh\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeVPN.lnk
[2010/08/17 22:07:47 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\FreeVPN.lnk
[2010/08/17 18:22:49 | 005,694,152 | ---- | M] () -- C:\Users\ramesh\Desktop\HSS-1.49-install-webroot-239-conduit2.exe
[2010/08/17 00:17:00 | 000,168,180 | ---- | M] () -- C:\Users\ramesh\Desktop\Untitled.jpg
[2010/08/15 16:46:54 | 000,105,506 | ---- | M] () -- C:\Users\ramesh\Desktop\Baana_Kaathadi_4110.jpg
[2010/08/15 14:16:39 | 000,326,843 | ---- | M] () -- C:\Users\ramesh\Desktop\Endhiran cut.mp3
[2010/08/15 12:23:02 | 001,276,591 | ---- | M] () -- C:\Users\ramesh\Desktop\pic4.jpg
[2010/08/15 12:19:26 | 001,304,681 | ---- | M] () -- C:\Users\ramesh\Desktop\pic3.jpg
[2010/08/15 12:15:25 | 001,130,845 | ---- | M] () -- C:\Users\ramesh\Desktop\pic2.jpg
[2010/08/15 11:53:32 | 001,144,823 | ---- | M] () -- C:\Users\ramesh\Desktop\Untitled-1.jpg
[2010/08/14 21
[2010/08/14 15:36:52 | 000,573,517 | ---- | M] () -- C:\Users\ramesh\Desktop\Inaugural.jpg
[2010/08/13 19:36:28 | 000,092,477 | ---- | M] () -- C:\Users\ramesh\Desktop\5084_93298434254_579359254 _1842982_5968112_n.jpg
[2010/08/13 07:26:37 | 000,000,792 | ---- | M] () -- C:\Users\ramesh\Desktop\sgs.html
[2010/08/11 00:54:32 | 000,000,742 | ---- | M] () -- C:\Users\ramesh\Desktop\ex1.html
[2010/08/10 22:58:47 | 000,485,082 | ---- | M] () -- C:\Users\ramesh\Desktop\21njqmq.gif
[2010/08/10 22:40:37 | 000,291,982 | ---- | M] () -- C:\Users\ramesh\Desktop\2vht16q.gif
[2010/08/09 14:51:12 | 000,378,880 | ---- | M] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\ramesh\Desktop\JavaRa.exe
[2010/08/08 14:09:10 | 000,002,758 | ---- | M] () -- C:\Users\ramesh\Desktop\Deutsch.lng
[2010/08/08 14:08:52 | 000,002,553 | ---- | M] () -- C:\Users\ramesh\Desktop\Suomi.lng
[2010/08/08 14:08:40 | 000,003,027 | ---- | M] () -- C:\Users\ramesh\Desktop\Français.lng
[2010/08/08 14:08:20 | 000,002,920 | ---- | M] () -- C:\Users\ramesh\Desktop\Italiano.lng
[2010/08/08 14:08:04 | 000,002,946 | ---- | M] () -- C:\Users\ramesh\Desktop\Español.lng
[2010/08/08 14:07:50 | 000,003,127 | ---- | M] () -- C:\Users\ramesh\Desktop\Nederlands.lng
[2010/08/07 15:57:56 | 000,044,194 | ---- | M] () -- C:\Users\ramesh\Desktop\Presentation1.pptx
[2010/08/07 08:13:18 | 000,261,261 | ---- | M] () -- C:\Users\ramesh\Desktop\professional-design.jpg
[2010/08/06 04:55:07 | 000,137,464 | ---- | M] () -- C:\Users\ramesh\Desktop\35969_1240770998978_182041 5720_462354_7582709_n.jpg
[2010/08/03 18:26:32 | 000,013,563 | ---- | M] () -- C:\Users\ramesh\Desktop\Designing webpage using HTML forms.docx
[2010/08/01 13:24:58 | 000,322,351 | ---- | M] () -- C:\Users\ramesh\Desktop\JavaRa.def
[2010/07/29 19:42:31 | 000,010,752 | ---- | M] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/07/28 21:50:56 | 003,347,932 | ---- | M] () -- C:\Users\ramesh\Desktop\virus file.rar
[2010/07/24 03:23:39 | 000,641,259 | ---- | M] () -- C:\Users\ramesh\Desktop\hall1.jpg
[2010/07/24 03:10:35 | 000,478,081 | ---- | M] () -- C:\Users\ramesh\Desktop\test.jpg
[2010/07/24 02:42:26 | 002,099,604 | ---- | M] () -- C:\Users\ramesh\Desktop\dept.jpg
[2010/07/24 02:40:28 | 002,341,024 | ---- | M] () -- C:\Users\ramesh\Desktop\sam 55.jpg
[2010/07/24 02:38:42 | 002,405,298 | ---- | M] () -- C:\Users\ramesh\Desktop\sam 5.jpg
[2010/07/23 22:48:32 | 000,004,099 | ---- | M] () -- C:\ProgramData\wmohyyzs.rfd
[2010/07/18 12:25:52 | 000,002,161 | ---- | M] () -- C:\Windows\Graffiti5.2Pin.ini
[2010/07/11 17:13:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/07/10 07:57:11 | 000,004,105 | ---- | M] () -- C:\ProgramData\rugqgaaw.ekm
[2010/07/04 21:41:40 | 000,565,248 | ---- | M] () -- C:\Users\ramesh\Desktop\Raji Microprocessor Manual.doc
[2010/06/29 02:27:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/06/29 02:27:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/06/29 02:07:56 | 000,051,280 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/06/29 02:07:36 | 000,121,936 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/06/29 02:03:17 | 000,028,752 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/06/29 02:03:00 | 000,061,008 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/06/29 02:02:36 | 000,020,048 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/06/17 02:03:40 | 000,037,888 | ---- | M] (AnchorFree Inc) -- C:\Windows\SysNative\drivers\taphss.sys
[2010/06/04 23:47:44 | 004,669,149 | ---- | M] () -- C:\Users\ramesh\Desktop\Blue Foundation - Eyes On Fire.mp3
[2010/05/30 19:16:20 | 000,000,403 | ---- | M] () -- C:\Windows\win.ini
[2010/05/29 17:16:15 | 000,001,159 | ---- | M] () -- C:\Users\ramesh\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
========== Files Created - No Company Name ==========
[2010/08/24 07:49:33 | 000,003,127 | ---- | C] () -- C:\Users\ramesh\Desktop\Nederlands.lng
[2010/08/24 07:49:33 | 000,002,553 | ---- | C] () -- C:\Users\ramesh\Desktop\Suomi.lng
[2010/08/24 07:49:32 | 000,322,351 | ---- | C] () -- C:\Users\ramesh\Desktop\JavaRa.def
[2010/08/24 07:49:32 | 000,003,027 | ---- | C] () -- C:\Users\ramesh\Desktop\Français.lng
[2010/08/24 07:49:32 | 000,002,946 | ---- | C] () -- C:\Users\ramesh\Desktop\Español.lng
[2010/08/24 07:49:32 | 000,002,920 | ---- | C] () -- C:\Users\ramesh\Desktop\Italiano.lng
[2010/08/24 07:49:32 | 000,002,758 | ---- | C] () -- C:\Users\ramesh\Desktop\Deutsch.lng
[2010/08/24 02:04:06 | 053,093,724 | ---- | C] () -- C:\Users\ramesh\Desktop\NN 4_(480p).flv
[2010/08/24 02:03:11 | 061,018,960 | ---- | C] () -- C:\Users\ramesh\Desktop\NN 3_(480p).flv
[2010/08/24 01:52:33 | 051,024,599 | ---- | C] () -- C:\Users\ramesh\Desktop\NN 2_(480p).flv
[2010/08/23 17:35:20 | 000,033,494 | ---- | C] () -- C:\Users\ramesh\Desktop\www_megaupload_default.htm l
[2010/08/23 17:27:37 | 000,018,202 | ---- | C] () -- C:\Users\ramesh\Desktop\-PDVD-Rip--N--M--A----500MB---X264---SNV-.mp4.001.html
[2010/08/23 13:40:39 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2010/08/23 13:40:39 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2010/08/23 13:40:39 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2010/08/23 13:40:38 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2010/08/23 11:48:48 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/08/23 11:48:48 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2010/08/23 09:10:06 | 000,313,323 | ---- | C] () -- C:\Users\ramesh\Desktop\warez sigs.docx
[2010/08/22 22:54:03 | 077,034,076 | ---- | C] () -- C:\Users\ramesh\Desktop\NN 1 [www.keepvid.com].flv
[2010/08/22 16:29:03 | 000,002,941 | ---- | C] () -- C:\Users\ramesh\Desktop\HiJackThis.lnk
[2010/08/21 08:40:46 | 000,197,542 | ---- | C] () -- C:\Users\ramesh\Desktop\40308_421677243945_5027239 45_5006006_2524397_n.jpg
[2010/08/19 06:45:30 | 000,000,326 | ---- | C] () -- C:\Users\ramesh\AppData\Roaming\PassportPhotoStudi o
[2010/08/17 22:07:47 | 000,001,015 | ---- | C] () -- C:\Users\ramesh\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeVPN.lnk
[2010/08/17 22:07:47 | 000,000,991 | ---- | C] () -- C:\Users\Public\Desktop\FreeVPN.lnk
[2010/08/17 18:16:29 | 005,694,152 | ---- | C] () -- C:\Users\ramesh\Desktop\HSS-1.49-install-webroot-239-conduit2.exe
[2010/08/17 17:55:33 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk
[2010/08/17 00:16:59 | 000,168,180 | ---- | C] () -- C:\Users\ramesh\Desktop\Untitled.jpg
[2010/08/15 16:46:42 | 000,105,506 | ---- | C] () -- C:\Users\ramesh\Desktop\Baana_Kaathadi_4110.jpg
[2010/08/15 14:15:33 | 000,326,843 | ---- | C] () -- C:\Users\ramesh\Desktop\Endhiran cut.mp3
[2010/08/15 12:22:58 | 001,276,591 | ---- | C] () -- C:\Users\ramesh\Desktop\pic4.jpg
[2010/08/15 12:17:34 | 001,304,681 | ---- | C] () -- C:\Users\ramesh\Desktop\pic3.jpg
[2010/08/15 12:14:26 | 001,130,845 | ---- | C] () -- C:\Users\ramesh\Desktop\pic2.jpg
[2010/08/15 11:53:31 | 001,144,823 | ---- | C] () -- C:\Users\ramesh\Desktop\Untitled-1.jpg
[2010/08/14 15:36:48 | 000,573,517 | ---- | C] () -- C:\Users\ramesh\Desktop\Inaugural.jpg
[2010/08/14 15:09:04 | 004,669,149 | ---- | C] () -- C:\Users\ramesh\Desktop\Blue Foundation - Eyes On Fire.mp3
[2010/08/13 19:36:16 | 000,092,477 | ---- | C] () -- C:\Users\ramesh\Desktop\5084_93298434254_579359254 _1842982_5968112_n.jpg
[2010/08/12 22:17:01 | 000,000,792 | ---- | C] () -- C:\Users\ramesh\Desktop\sgs.html
[2010/08/12 22:16:51 | 000,000,742 | ---- | C] () -- C:\Users\ramesh\Desktop\ex1.html
[2010/08/10 22:58:37 | 000,485,082 | ---- | C] () -- C:\Users\ramesh\Desktop\21njqmq.gif
[2010/08/10 22:40:33 | 000,291,982 | ---- | C] () -- C:\Users\ramesh\Desktop\2vht16q.gif
[2010/08/07 15:42:16 | 000,044,194 | ---- | C] () -- C:\Users\ramesh\Desktop\Presentation1.pptx
[2010/08/07 08:13:03 | 000,261,261 | ---- | C] () -- C:\Users\ramesh\Desktop\professional-design.jpg
[2010/08/06 04:54:57 | 000,137,464 | ---- | C] () -- C:\Users\ramesh\Desktop\35969_1240770998978_182041 5720_462354_7582709_n.jpg
[2010/08/03 18:37:41 | 005,483,264 | ---- | C] () -- C:\Users\ramesh\Desktop\37. Mis-teeq - One night stand.mp3
[2010/08/03 18:25:55 | 000,013,563 | ---- | C] () -- C:\Users\ramesh\Desktop\Designing webpage using HTML forms.docx
[2010/07/27 18:27:21 | 018,207,566 | ---- | C] () -- C:\Users\ramesh\Desktop\02.Neethane.AVI
[2010/07/24 03:23:28 | 000,641,259 | ---- | C] () -- C:\Users\ramesh\Desktop\hall1.jpg
[2010/07/24 03:10:34 | 000,478,081 | ---- | C] () -- C:\Users\ramesh\Desktop\test.jpg
[2010/07/24 02:42:22 | 002,099,604 | ---- | C] () -- C:\Users\ramesh\Desktop\dept.jpg
[2010/07/24 02:40:28 | 002,341,024 | ---- | C] () -- C:\Users\ramesh\Desktop\sam 55.jpg
[2010/07/24 02:38:41 | 002,405,298 | ---- | C] () -- C:\Users\ramesh\Desktop\sam 5.jpg
[2010/07/23 22:48:32 | 000,004,099 | ---- | C] () -- C:\ProgramData\wmohyyzs.rfd
[2010/07/10 07:57:11 | 000,004,105 | ---- | C] () -- C:\ProgramData\rugqgaaw.ekm
[2010/07/07 23:29:24 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/07/04 21:41:29 | 000,565,248 | ---- | C] () -- C:\Users\ramesh\Desktop\Raji Microprocessor Manual.doc
[2010/07/03 08:22:37 | 000,002,364 | ---- | C] () -- C:\Users\ramesh\Desktop\Google Chrome.lnk
[2010/07/03 07:14:35 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1769084388-1775280267-758000404-1000UA.job
[2010/07/03 07:14:33 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1769084388-1775280267-758000404-1000Core.job
[2010/05/29 17:16:15 | 000,001,159 | ---- | C] () -- C:\Users\ramesh\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/05/20 02:12:26 | 000,000,281 | ---- | C] () -- C:\Windows\pdf2word.INI
[2010/05/16 13:32:22 | 000,001,041 | ---- | C] () -- C:\Users\ramesh\AppData\Roaming\vso_ts_preview.xml
[2010/05/16 13:31:41 | 000,000,034 | ---- | C] () -- C:\Users\ramesh\AppData\Roaming\pcouffin.log
[2010/05/16 13:30:00 | 000,099,384 | ---- | C] () -- C:\Users\ramesh\AppData\Roaming\inst.exe
[2010/05/16 13:30:00 | 000,007,859 | ---- | C] () -- C:\Users\ramesh\AppData\Roaming\pcouffin.cat
[2010/05/16 13:30:00 | 000,001,167 | ---- | C] () -- C:\Users\ramesh\AppData\Roaming\pcouffin.inf
[2010/05/06 17:52:54 | 001,481,728 | ---- | C] () -- C:\Windows\SysWow64\LegitCheckControl.dll
[2010/05/06 17:52:54 | 000,190,976 | ---- | C] () -- C:\Windows\SysWow64\WgaLogon.dll
[2010/05/04 11:41:38 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\ZDTRLib.DLL
[2010/05/04 11:41:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ZD12APP.dll
[2010/05/04 11:41:38 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD.dll
[2010/04/30 01:32:26 | 000,004,608 | ---- | C] () -- C:\Users\ramesh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/25 22:04:27 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/04/25 07:05:39 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2010/04/25 07:05:39 | 000,002,161 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini
[2009/07/14 05:12:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 02:33:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2003/12/22 14:40:06 | 001,663,068 | ---- | C] () -- C:\Windows\SysWow64\libmmd.dll
========== LOP Check ==========
[2010/05/16 12:47:25 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\Bug Doctor
[2010/08/23 11:49:30 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\DMCache
[2010/08/23 17:35:27 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\IDM
[2010/05/17 18:05:44 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\Nokia
[2010/05/17 18:05:47 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\Nokia Ovi Suite
[2010/07/14 22:34:39 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\OtakuSoftware
[2010/07/14 20:39:45 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\Outerspace Software
[2010/08/20 20:27:55 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\Passport Photo Studio
[2010/05/17 07
[2010/07/03 12:23:17 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\proDAD
[2010/08/23 13:40:34 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\Simply Super Software
[2010/08/06 06:58:45 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\TeamViewer
[2010/08/24 07:20:58 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\TeraCopy
[2010/05/20 02
[2010/08/23 17:09:04 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\uTorrent
[2010/05/16 17:05:25 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\Vso
[2010/05/22 07
[2010/08/23 06:55:33 | 000,000,000 | ---D | M] -- C:\Users\ramesh\AppData\Roaming\Youtube Downloader HD
[2010/07/18 17:37:22 | 000,025,868 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >
is there anything else that needs to be done.. can i know what i just did since i am new to this type of software.. when i just checked with hijackthis.. it says that some files are missing or not found... is there any more steps that i should take in completing the procesS?
Senior Member
HJT is an obsolete tool and it's not even compatible with 64-bit systems. That's why you see those missing files entries.
You can safely uninstall it.
Last scans....
1. Download Security Check from HERE, and save it to your Desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
2. Download Temp File Cleaner (TFC)
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
3. Go to Kaspersky website and perform an online antivirus scan.
- Disable your active antivirus program.
- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Archives
- Mail databases
- Click on My Computer under Scan.
- Once the scan is complete, it will display the results. Click on View Scan Report.
- You will see a list of infected items there. Click on Save Report As....
- Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
Elite Member
this is the log file
Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
Autorun Virus Remover 2.3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 21
Adobe Flash Player 10.1.53.64
Adobe Reader 9.3.4
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
````````````````````````````````
DNS Vulnerability Check:
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)
``````````End of Log````````````
I didnt manage to scan using the kaspersky online.. it downloades the update files but then its not getting updated.. it gets stucked at 37% nomatter how long i leave it.. is there any other method or anything else taht i can use to scan this or some other prodcedure that i need to do?
Senior Member
Instead of Kaspersky...
Please run a free online scan with the ESET Online Scanner
- Disable your antivirus program
- Tick the box next to YES, I accept the Terms of Use
- IMPORTANT! UN-check Remove found threats
- Click Start
- Accept any security warnings from your browser.
- Check Scan archives
- Click Start
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, push List of found threats
- Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Elite Member
this is the scanned log
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application
C:\Program Files (x86)\Wireless WEP Key Password Spy\WKey.exe probably a variant of Win32/Agent.BERJBFB trojan
C:\Users\ramesh\AppData\Local\Mozilla\Firefox\Prof iles\274le5rg.default\Cache\49ADEAA4d01 Win32/Inject.NDA trojan
C:\Users\ramesh\AppData\Roaming\bf.exe Win32/Inject.NDA trojan
C:\Users\ramesh\Desktop\hss-1.47.exe a variant of Win32/HotSpotShield application
C:\Users\ramesh\Desktop\HSS-1.49-install-webroot-239-conduit2.exe a variant of Win32/HotSpotShield application
C:\Users\ramesh\Desktop\virus file.rar multiple threats
C:\Users\ramesh\Desktop\All Folders\rar files\Virtual Plastic Surgery Software - VPSS.rar a variant of Win32/Kryptik.BBT trojan
C:\Users\ramesh\Desktop\Speed.Dvd.Creator.V4.0.41\ Speed Dvd Creator Setup.exe Win32/Inject.NDA trojan
C:\Users\ramesh\Downloads\bugdoctor.rar Win32/Adware.BugDoctor application
C:\Users\ramesh\Downloads\Get4all.rar probably a variant of Win32/Agent.ICEJZCD trojan
C:\Users\ramesh\Downloads\Hollywood.part01.rar probably a variant of Win32/TrojanDownloader.Zlob.JPQNREP trojan
D:\New Folder1\IMPORTANT\random\just downloaded\mp3doctor.zip probably unknown NewHeur_PE virus
D:\New Folder1\IMPORTANT\random\just downloaded\setup.exe probably unknown NewHeur_PE virus
E:\Extra hard disk files\\MGA6crack.exe probably a variant of Win32/Agent.JEMANYM trojan
E:\Extra hard disk files\vpss.exe a variant of Win32/Kryptik.BBT trojan
E:\Extra hard disk files\Norton Ghost 10.0.7z probably a variant of Win32/Adware.Agent.GFRJHWV application
E:\Extra hard disk files\Evidence.Remover.v2.2.READ.NFO-CRD\cgg0015a.zip probably a variant of Win32/Agent.MTLAOGF trojan
E:\Extra hard disk files\3D_MP3_Sound_Recorder_v3.9.10-DIGERATI\d391sr01.zip probably a variant of Win32/Agent.NOZGFBT trojan
E:\Extra hard disk files\DVD.to.MP3.Ripper.v3.12.WinAll.Only-CRD\cm50026a.zip probably a variant of Win32/Agent.MTLAOGF trojan
E:\Extra hard disk files\Acala.Video.MP3.Ripper.v2.2.8.WinAll-CRD\cxx0044a.zip probably a variant of Win32/Agent.MTLAOGF trojan
E:\Extra hard disk files\adobe CAM\Flash CS3 Activation.exe probably a variant of Win32/Agent.MEUHDZC trojan
E:\Extra hard disk files\Antenna.Web.Design.Studio.v2.7.0.132 .exe probably a variant of Win32/Agent.LHYWVW trojan
E:\Extra hard disk files\Antenna.Web.Design.Studio.v2.7.0.132 probably a variant of Win32/Agent.LHYWVW trojan
E:\Extra hard disk files\Genuine\RockXP4.exe probably a variant of Win32/Adware.Agent.KHLCEYY application
E:\Extra hard disk files\\Windows 7 \MGA6crack.exe probably a variant of Win32/Agent.JEMANYM trojan
E:\Extra hard disk files\\Windows Seven Activators\Windows_7_Activation_Plus_Orbit30\Windo ws_7_Activation_Plus_Orbit30.EXE probably a variant of Win32/Agent.FXZKFGV trojan
E:\Extra hard disk files\Setups\IDM.exe a variant of Win32/Injector.CUA trojan
Senior Member
You have to start paying more attention to what you download!
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code::OTL :Services :Reg :Files C:\Program Files (x86)\Wireless WEP Key Password Spy\WKey.exe C:\Users\ramesh\AppData\Local\Mozilla\Firefox\Profiles\274le5rg.default\Cache\49ADEAA4d01 C:\Users\ramesh\AppData\Roaming\bf.exe C:\Users\ramesh\Desktop\hss-1.47.exe C:\Users\ramesh\Desktop\HSS-1.49-install-webroot-239-conduit2.exe C:\Users\ramesh\Desktop\virus file.rar C:\Users\ramesh\Desktop\All Folders\rar files\Virtual Plastic Surgery Software - VPSS.rar C:\Users\ramesh\Desktop\Speed.Dvd.Creator.V4.0.41\ Speed Dvd Creator Setup.exe C:\Users\ramesh\Downloads\bugdoctor.rar C:\Users\ramesh\Downloads\Get4all.rar C:\Users\ramesh\Downloads\Hollywood.part01.rar D:\New Folder1\IMPORTANT\random\just downloaded\mp3doctor.zip D:\New Folder1\IMPORTANT\random\just downloaded\setup.exe E:\Extra hard disk files\\MGA6crack.exe E:\Extra hard disk files\vpss.exe E:\Extra hard disk files\Norton Ghost 10.0.7z E:\Extra hard disk files\Evidence.Remover.v2.2.READ.NFO-CRD\cgg0015a.zip E:\Extra hard disk files\3D_MP3_Sound_Recorder_v3.9.10-DIGERATI\d391sr01.zip E:\Extra hard disk files\DVD.to.MP3.Ripper.v3.12.WinAll.Only-CRD\cm50026a.zip E:\Extra hard disk files\Acala.Video.MP3.Ripper.v2.2.8.WinAll-CRD\cxx0044a.zip E:\Extra hard disk files\adobe CAM\Flash CS3 Activation.exe E:\Extra hard disk files\Antenna.Web.Design.Studio.v2.7.0.132 .exe E:\Extra hard disk files\Antenna.Web.Design.Studio.v2.7.0.132 E:\Extra hard disk files\Genuine\RockXP4.exe E:\Extra hard disk files\\Windows 7 \MGA6crack.exe E:\Extra hard disk files\\Windows Seven Activators\Windows_7_Activation_Plus_Orbit30\Windo ws_7_Activation_Plus_Orbit30.EXE E:\Extra hard disk files\Setups\IDM.exe :Commands [purity] [emptytemp] [emptyflash] [Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
================================================== ==========
OTL Clean-Up
Clean up with OTL:
* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
================================================== ============
Your computer is clean
1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.
Turn off System Restore:
- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK
2. Restart computer.
3. Turn System Restore on.
4. Make sure, Windows Updates are current.
5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
6. Download, and install WOT (Web OF Trust): Safe Browsing Tool | WOT Web of Trust. It'll warn you (in most cases) about dangerous web sites.
7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
8. Run Temporary File Cleaner (TFC) weekly.
9. Download and install Secunia Personal Software Inspector (PSI): PSI - Consumer - Products. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
11. Run defrag at your convenience.
12. Read How did I get infected?, With steps so it does not happen again!: How did I get infected?
13. Please, let me know, how your computer is doing.
