Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Analytics Redirect Virus


  • This topic is locked This topic is locked
4 replies to this topic

#1 Shivy29

Shivy29

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 16 November 2010 - 04:02 PM

Hi, I'm new to this site and I was having troubles with my internet. Every second or third time I click a link it will take to me to: google-analytics.com and some other sites. I have scanned my computer with Ad-Aware and AVG both coming up with nothing. I have attached a HiJackThis Log and an OTL log.

Thank you.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:53:30 AM, on 17-Nov-10
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynAsus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\USB_video_device\Driver\Driver32\emmon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\Roshni\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roshni\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roshni\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.news.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?

LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe

\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG

\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft

Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files

\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java

\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager

\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA

\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Roshni\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -update

plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK

SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: emMon.lnk = C:\Program Files\USB_video_device\Driver\Driver32\emmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:

\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:

\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:

\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{7928B0A5-B00D-4D58-AFE4-F135F4933518}: NameServer =

93.188.162.235,93.188.161.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{91CC948D-29C4-480B-BDC0-D3567C2A9847}: NameServer =

93.188.162.235,93.188.161.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2ABAD00-F8F5-40A3-800C-4D7345A63BB6}: NameServer =

93.188.162.235,93.188.161.235
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.235,93.188.161.235
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.235,93.188.161.235
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.235,93.188.161.235
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office

\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support

\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG

\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - Unknown owner - C:\Program Files\AVG\AVG9\Identity Protection\Agent

\Bin\AVGIDSAgent.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo

\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision

Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\nlssrv32.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard

\SwitchBoard.exe

--
End of file - 7949 bytes


OTL Log

OTL logfile created on: 17-Nov-10 6:55:32 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Roshni\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.44 Gb Total Space | 39.88 Gb Free Space | 34.25% Space Free | Partition Type: NTFS
Drive D: | 106.68 Gb Total Space | 19.44 Gb Free Space | 18.22% Space Free | Partition Type: NTFS
Drive G: | 1.83 Gb Total Space | 0.32 Gb Free Space | 17.37% Space Free | Partition Type: FAT

Computer Name: ROSHNI-PC | User Name: Roshni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010-11-17 06:49:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Roshni\Desktop\OTL.exe
PRC - [2010-11-16 21:25:25 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 1\plugin-container.exe
PRC - [2010-11-16 21:25:24 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 1\firefox.exe
PRC - [2010-11-12 12:11:35 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010-11-02 07:36:03 | 000,974,904 | ---- | M] (Google Inc.) -- C:\Users\Roshni\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010-10-07 06:27:56 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010-10-07 06:27:56 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010-10-07 06:27:56 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010-10-07 06:27:56 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010-10-07 06:27:56 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010-09-08 22:59:41 | 001,355,928 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010-09-08 22:59:41 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010-09-02 20:10:04 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010-08-13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010-01-25 17:28:08 | 000,063,488 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe
PRC - [2009-10-31 15:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-09-17 16:08:24 | 000,081,408 | ---- | M] (eMPIA Technology, Inc.) -- C:\Program Files\USB_video_device\Driver\Driver32\emmon.exe
PRC - [2009-08-17 12:14:42 | 000,222,504 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsus.exe
PRC - [2009-07-31 17:10:32 | 000,233,472 | ---- | M] (AlcorMicro Co., Ltd.) -- C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
PRC - [2009-07-14 11:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2007-03-06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe


========== Modules (SafeList) ==========

MOD - [2010-11-17 06:49:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Roshni\Desktop\OTL.exe
MOD - [2010-11-12 12:11:35 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009-07-14 11:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009-07-14 11:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009-07-14 11:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009-07-14 11:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009-07-14 11:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009-07-14 11:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009-07-14 11:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009-07-14 11:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009-07-14 11:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009-07-14 11:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009-07-14 11:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010-11-09 10:38:14 | 003,019,352 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_4176eef.dll -- (Akamai)
SRV - [2010-10-07 06:27:56 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010-10-07 06:27:56 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010-09-11 18:36:14 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-09-08 22:59:41 | 001,355,928 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010-08-13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010-06-19 08:14:27 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010-01-25 17:28:08 | 000,063,488 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc)
SRV - [2009-07-14 11:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009-07-14 11:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009-07-14 11:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009-07-14 11:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009-07-14 11:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009-07-14 11:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009-07-14 11:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009-07-14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 11:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 11:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009-07-14 11:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009-07-14 11:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009-07-14 11:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009-07-14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-07-14 11:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009-07-14 11:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009-07-14 11:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009-07-14 11:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009-07-14 11:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009-07-14 11:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009-07-14 11:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009-07-14 11:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2007-03-06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Program Files\Safe Returner\RegKernelHelp.sys -- (RegKernelHelp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Roshni\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - [2010-11-17 06:48:27 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010-11-17 06:48:24 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys -- (AVGIDSDriverw7x)
DRV - [2010-11-17 06:48:24 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys -- (AVGIDSFilterw7x)
DRV - [2010-11-17 06:48:24 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\AVGIDSwx.sys -- (AVGIDSErHrw7x)
DRV - [2010-11-17 06:48:24 | 000,020,560 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys -- (AVGIDSShimw7x)
DRV - [2010-11-12 12:11:35 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010-11-12 12:11:32 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010-09-12 09:09:57 | 000,032,256 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2010-09-08 22:59:42 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010-09-08 22:59:41 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010-09-01 06:20:27 | 000,697,328 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-07-13 09:56:36 | 000,065,640 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2010-06-07 16:02:28 | 001,579,144 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini)
DRV - [2010-04-14 01:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009-12-11 17:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009-12-03 16:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009-11-05 14:14:56 | 000,230,912 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009-09-17 16:01:18 | 000,579,840 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2009-09-17 16:00:38 | 000,543,744 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2009-09-15 19:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel®
DRV - [2009-08-17 12:15:44 | 000,223,920 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009-07-14 11:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009-07-14 11:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009-07-14 11:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009-07-14 11:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009-07-14 11:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009-07-14 11:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009-07-14 11:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009-07-14 11:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009-07-14 11:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009-07-14 11:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009-07-14 11:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009-07-14 11:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009-07-14 11:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009-07-14 11:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009-07-14 11:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009-07-14 11:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009-07-14 11:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009-07-14 11:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009-07-14 11:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009-07-14 11:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009-07-14 11:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009-07-14 11:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009-07-14 11:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009-07-14 11:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009-07-14 11:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009-07-14 11:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009-07-14 11:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009-07-14 11:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009-07-14 11:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009-07-14 11:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009-07-14 11:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009-07-14 11:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009-07-14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-07-14 11:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009-07-14 11:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009-07-14 11:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009-07-14 11:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009-07-14 11:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009-07-14 11:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009-07-14 11:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009-07-14 11:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009-07-14 11:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009-07-14 10:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009-07-14 10:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009-07-14 10:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009-07-14 09:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009-07-14 09:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009-07-14 09:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009-07-14 09:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009-07-14 09:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (VWiFiFlt)
DRV - [2009-07-14 09:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009-07-14 09:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009-07-14 09:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009-07-14 09:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009-07-14 09:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009-07-14 09:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009-07-14 09:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009-07-14 09:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009-07-14 09:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009-07-14 09:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009-07-14 09:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009-07-14 09:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009-07-14 09:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009-07-14 09:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009-07-14 08:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-14 08:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009-07-14 08:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009-07-14 08:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009-07-14 08:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009-07-14 08:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009-07-14 08:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009-07-14 08:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009-07-14 08:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009-07-14 08:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009-07-14 08:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009-07-02 00:59:00 | 009,786,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009-06-25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009-06-25 16:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009-06-25 16:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008-04-03 09:01:56 | 000,024,576 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2007-07-31 02:39:00 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.news.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://iat.ninemsn.com.au/tickler/default.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE 48 50 DE BE 0E CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "news.com.au"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010-11-17 06:48:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 1\components [2010-11-16 21:25:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 1\plugins

[2010-07-21 22:04:13 | 000,000,000 | ---D | M] -- C:\Users\Roshni\AppData\Roaming\Mozilla\Extensions
[2010-07-21 22:04:13 | 000,000,000 | ---D | M] -- C:\Users\Roshni\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010-06-18 19:06:28 | 000,000,000 | ---D | M] -- C:\Users\Roshni\AppData\Roaming\Mozilla\Firefox\Profiles\0i5c9dwj.default\extensions
[2010-06-18 19:05:09 | 000,001,819 | ---- | M] () -- C:\Users\Roshni\AppData\Roaming\Mozilla\Firefox\Profiles\0i5c9dwj.default\searchplugins\bing.xml
[2010-06-25 17:41:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-06-19 15:28:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-06-19 15:27:56 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010-09-12 09:01:05 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10h_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.235,93.188.161.235
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2240bc4a-bbf1-11df-a178-0015affdf17b}\Shell - "" = AutoRun
O33 - MountPoints2\{2240bc4a-bbf1-11df-a178-0015affdf17b}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O33 - MountPoints2\{649447dc-b53d-11df-a154-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{649447dc-b53d-11df-a154-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Adobe CS5\Set-up.exe -- File not found
O33 - MountPoints2\{9ca35c97-8aea-11df-92d7-0015affdf17b}\Shell - "" = AutoRun
O33 - MountPoints2\{9ca35c97-8aea-11df-92d7-0015affdf17b}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{e457c736-bd6c-11df-90fd-0015affdf17b}\Shell - "" = AutoRun
O33 - MountPoints2\{e457c736-bd6c-11df-90fd-0015affdf17b}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
O33 - MountPoints2\{e6df7416-de69-11df-b635-0015affdf17b}\Shell - "" = AutoRun
O33 - MountPoints2\{e6df7416-de69-11df-b635-0015affdf17b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010-11-17 06:49:49 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Roshni\Desktop\OTL.exe
[2010-11-12 20:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SafeReturner
[2010-11-12 20:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\Safe Returner
[2010-11-12 20:41:57 | 003,507,614 | ---- | C] (SafeReturner Anti-Malware Studio ) -- C:\Users\Roshni\Desktop\safereturner.exe
[2010-11-09 12:15:03 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonMF Uninstaller Information
[2010-11-09 12:14:54 | 000,069,632 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNAS0MMK.DLL
[2010-11-09 12:14:41 | 000,188,416 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCLSU34b.DLL
[2010-11-09 12:14:41 | 000,131,072 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCLSD34b.DLL
[2010-11-09 12:14:41 | 000,106,496 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCLST34b.DLL
[2010-11-09 12:14:41 | 000,102,400 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCLSI34b.DLL
[2010-11-09 12:14:41 | 000,094,208 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCLSC34b.DLL
[2010-11-09 12:14:40 | 000,114,688 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNCL4320.DLL
[2010-11-09 12:14:40 | 000,086,016 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNCI4320.DLL
[2010-11-09 12:14:40 | 000,053,248 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCLSO34b.dll
[2010-11-09 12:14:39 | 000,278,528 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNCC4320.DLL
[2010-11-09 12:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2010-11-03 19:50:04 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TABCTL32.OCX
[2010-11-03 19:50:04 | 000,063,488 | ---- | C] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe
[2010-11-03 19:49:45 | 000,000,000 | ---D | C] -- C:\S2winPortal
[2010-10-31 15:24:07 | 000,000,000 | ---D | C] -- C:\Users\Roshni\Documents\Visual Studio 2005
[2010-10-25 23:14:04 | 000,000,000 | ---D | C] -- C:\Users\Roshni\AppData\Roaming\U3
[2010-10-25 21:40:26 | 000,000,000 | ---D | C] -- C:\Users\Roshni\Desktop\Photos old
[2010-10-15 20:46:44 | 000,000,000 | ---D | C] -- C:\Users\Roshni\Desktop\core.aawdef
[2010-10-14 06:18:39 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010-10-14 06:18:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\{437292BE-95BD-4B12-B699-6D217A03ACAF}
[2010-10-14 06:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010-10-13 17:45:41 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Roshni\Desktop\mbam-setup-1.46.exe
[2010-10-13 17:45:21 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Roshni\Desktop\TFC.exe
[2010-10-13 17:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-10-12 17:27:36 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010-10-12 17:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010-10-12 17:25:04 | 000,000,000 | ---D | C] -- C:\Users\Roshni\AppData\Roaming\GetRightToGo
[2010-10-09 11:03:31 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010-10-07 06:27:45 | 000,025,168 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSwx.sys
[2010-10-06 17:44:35 | 000,000,000 | ---D | C] -- C:\Users\Roshni\AppData\Roaming\Grisoft
[2010-10-06 17:43:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Grisoft
[2010-10-06 17:23:42 | 000,000,000 | ---D | C] -- C:\Users\Roshni\Documents\My Chat Logs
[2010-10-06 17:21:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus!
[2010-10-06 17:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger Plus! Live
[2010-09-29 16:45:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010-09-12 09:01:01 | 000,000,000 | ---D | C] -- C:\_OTM
[2010-09-12 08:50:49 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010-09-11 18:58:23 | 000,000,000 | ---D | C] -- C:\Users\Roshni\New folder (3)
[2010-09-11 18:36:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010-09-10 20:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010-09-10 20:14:16 | 000,000,000 | ---D | C] -- C:\Users\Roshni\Documents\Adobe
[2010-09-09 21:11:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010-09-09 21:11:50 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010-09-05 16:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2010-09-05 15:24:26 | 000,139,264 | ---- | C] (Ligos Corporation) -- C:\Windows\System32\Mpeg2Decoder.ax
[2010-09-05 15:24:26 | 000,094,208 | ---- | C] (Ligos Corporation) -- C:\Windows\System32\Mpeg2Parser.ax
[2010-09-05 15:04:40 | 000,000,000 | ---D | C] -- C:\Users\Roshni\Documents\Ulead VideoStudio
[2010-09-05 15:04:19 | 000,000,000 | ---D | C] -- C:\Users\Roshni\AppData\Roaming\Ulead Systems
[2010-09-05 14:57:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InterVideo
[2010-09-05 14:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2010-09-02 06:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010-09-02 06:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010-09-02 06:53:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010-09-02 06:19:49 | 000,000,000 | ---D | C] -- C:\Users\Roshni\Flash
[2010-09-02 06:18:56 | 000,000,000 | ---D | C] -- C:\Users\Roshni\New folder (2)
[2010-09-02 06:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2010-09-01 06:19:53 | 000,000,000 | ---D | C] -- C:\Users\Roshni\AppData\Roaming\DAEMON Tools Pro
[2010-09-01 06:19:53 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2010-08-29 19:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2010-08-29 19:18:29 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2010-08-29 19:18:26 | 000,000,000 | ---D | C] -- C:\Users\Roshni\AppData\Roaming\NCH Software
[2010-08-29 15:59:07 | 000,579,840 | ---- | C] (eMPIA Technology, Inc.) -- C:\Windows\System32\drivers\emBDA.sys
[2010-08-29 15:59:07 | 000,543,744 | ---- | C] (eMPIA Technology, Inc.) -- C:\Windows\System32\drivers\emOEM.sys
[2010-08-29 15:59:07 | 000,113,664 | ---- | C] (eMPIA Technology, Inc.) -- C:\Windows\System32\emPRP.ax
[2010-08-29 15:59:07 | 000,081,408 | ---- | C] (eMPIA Technology, Inc.) -- C:\Windows\emMON.exe
[2010-08-29 15:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\USB_video_device
[2010-08-25 21:05:04 | 000,000,000 | ---D | C] -- C:\Users\Roshni\New folder
[2010-08-20 22:10:37 | 000,000,000 | ---D | C] -- C:\Users\Roshni\AppData\Local\WMTools Downloaded Files
[2010-08-20 21:52:42 | 013,874,824 | ---- | C] (Syntek America Inc.) -- C:\Windows\System32\drivers\StkCPipe.sys
[2010-08-20 21:52:42 | 001,579,144 | ---- | C] (Syntek) -- C:\Windows\System32\drivers\StkCMini.sys
[2010-08-20 21:52:42 | 000,347,152 | ---- | C] (Syntek Corporation) -- C:\Windows\VideoView.exe
[2010-08-20 21:52:42 | 000,236,168 | ---- | C] (Syntek America Inc.) -- C:\Windows\System32\StkCProp.ax
[2010-08-20 21:52:42 | 000,113,288 | ---- | C] (Syntek America Inc.) -- C:\Windows\StkC112X.exe
[2010-08-20 21:52:42 | 000,076,424 | ---- | C] (Syntek America Inc.) -- C:\Windows\System32\StkCWIA.dll
[2010-08-20 21:52:42 | 000,055,944 | ---- | C] (Syntek America Inc.) -- C:\Windows\System32\StkSSrv.dll
[2010-08-20 21:52:42 | 000,031,368 | ---- | C] (Syntek America Inc.) -- C:\Windows\System32\StkCSrv.exe
[2010-08-20 21:52:03 | 000,000,000 | ---D | C] -- C:\Users\Roshni\AppData\Roaming\InstallShield
[2010-08-20 21:45:04 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010-08-20 21:40:39 | 000,000,000 | ---D | C] -- C:\Users\Roshni\AppData\Local\ElevatedDiagnostics
[2010-08-20 20:18:25 | 000,000,000 | ---D | C] -- C:\Users\Roshni\Documents\Corel VideoStudio Pro
[2010-08-20 20:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2010-08-20 20:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\InterVideo
[2010-08-20 19:27:01 | 000,000,000 | ---D | C] -- C:\Users\Roshni\Documents\Corel DVD MovieFactory
[2010-08-20 19:13:07 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2010-08-20 19:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2010-08-20 19:11:10 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2010-08-20 18:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Noel Danjou
[2010-08-20 17:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc
[2010-08-20 17:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\SmartSound Software
[2010-08-19 21:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010-08-19 18:23:27 | 000,000,000 | ---D | C] -- C:\Users\Roshni\Documents\CyberLink
[2010-08-19 18:23:01 | 000,000,000 | ---D | C] -- C:\Users\Roshni\AppData\Roaming\CyberLink
[2010-08-19 18:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010-08-19 18:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2010-08-19 18:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2010-08-19 18:03:11 | 000,000,000 | ---D | C] -- C:\Users\Roshni\Documents\VHS to DVD
[2010-08-19 18:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\honestech VHS to DVD 2.0 SE
[2010-08-19 17:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\honestech

========== Files - Modified Within 90 Days ==========

[2010-11-17 06:49:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Roshni\Desktop\OTL.exe
[2010-11-17 06:48:27 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010-11-17 06:48:24 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSwx.sys
[2010-11-17 06:45:22 | 000,000,046 | ---- | M] () -- C:\Users\Roshni\jagex_runescape_preferences.dat
[2010-11-17 06:44:37 | 000,000,099 | ---- | M] () -- C:\Users\Roshni\jagex_runescape_preferences2.dat
[2010-11-17 06:44:22 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3297803446-1291834462-3839551090-1001UA.job
[2010-11-17 06:44:22 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3297803446-1291834462-3839551090-1001Core.job
[2010-11-17 06:44:22 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010-11-17 06:44:20 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010-11-17 06:43:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-11-16 16:56:06 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010-11-16 16:56:06 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010-11-15 13:04:20 | 067,626,283 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010-11-12 20:43:17 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Safe Returner.lnk
[2010-11-12 20:36:18 | 003,507,614 | ---- | M] (SafeReturner Anti-Malware Studio ) -- C:\Users\Roshni\Desktop\safereturner.exe
[2010-11-12 20:28:34 | 000,296,448 | ---- | M] () -- C:\Users\Roshni\Desktop\psnsij9i.exe
[2010-11-12 12:11:35 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010-11-12 12:11:35 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010-11-12 12:11:32 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010-11-09 22:03:33 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-11-09 22:03:33 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-11-09 21:19:17 | 1609,912,320 | -HS- | M] () -- C:\hiberfil.sys
[2010-11-09 12:15:26 | 000,001,171 | ---- | M] () -- C:\Users\Public\Desktop\Canon MF Toolbox 4.9.lnk
[2010-11-04 19:51:27 | 000,013,489 | ---- | M] () -- C:\Users\Roshni\Desktop\SIX APPROACHES TO DEAL WITH RESISTANCE TO CHANGE.docx
[2010-11-03 20:13:00 | 000,329,714 | ---- | M] () -- C:\Users\Roshni\Documents\Trial-5S--Trial1.xlsx
[2010-11-03 20:11:33 | 000,184,332 | ---- | M] () -- C:\Users\Roshni\Documents\Trial-SIPOC--Trial1.xlsx
[2010-11-02 16:41:32 | 366,741,504 | ---- | M] () -- C:\Users\Roshni\Desktop\Chuck.S04E07.HDTV.XviD-LOL.avi
[2010-10-31 23:29:46 | 000,161,280 | ---- | M] () -- C:\Users\Roshni\Desktop\kEY BEHAVIOURS.doc
[2010-10-31 15:27:10 | 000,115,200 | ---- | M] () -- C:\Users\Roshni\Desktop\Change Readiness_Impact Analysis.doc
[2010-10-31 15:25:55 | 000,135,680 | ---- | M] () -- C:\Users\Roshni\Desktop\Situational Analysis.doc
[2010-10-31 15:24:44 | 000,209,408 | ---- | M] () -- C:\Users\Roshni\Desktop\Stakeholder Analysis Summary.doc
[2010-10-31 15:19:47 | 000,052,736 | ---- | M] () -- C:\Users\Roshni\Desktop\CPP Variation Business Rules.doc
[2010-10-31 15:11:57 | 000,246,784 | ---- | M] () -- C:\Users\Roshni\Desktop\2005-005 Online Contract Management Model_Draft.doc
[2010-10-31 15:11:03 | 000,070,144 | ---- | M] () -- C:\Users\Roshni\Desktop\Key Points_Project Management.doc
[2010-10-31 14:51:11 | 000,072,704 | ---- | M] () -- C:\Users\Roshni\Desktop\Project budget Costings.xls
[2010-10-31 13:59:39 | 000,024,064 | ---- | M] () -- C:\Users\Roshni\Desktop\Project Communication Management Matrix.xls
[2010-10-31 13:59:16 | 000,024,064 | ---- | M] () -- C:\Users\Roshni\Desktop\Responsibility Assignment Matrix.xls
[2010-10-31 13:58:23 | 000,020,992 | ---- | M] () -- C:\Users\Roshni\Desktop\Communication Requirements of Stakeholders.xls
[2010-10-31 13:51:38 | 000,395,264 | ---- | M] () -- C:\Users\Roshni\Desktop\IMS_BSU_Manual_3.1_Pay Invoice.doc
[2010-10-30 23:22:06 | 000,347,136 | ---- | M] () -- C:\Users\Roshni\Desktop\pmtoolbox.com_RISK+ASSESSMENT+TEMPLATE.doc
[2010-10-30 23:21:28 | 000,014,654 | ---- | M] () -- C:\Users\Roshni\Desktop\Project Risk Management Plan.docx
[2010-10-30 23:20:35 | 000,046,592 | ---- | M] () -- C:\Users\Roshni\Desktop\_Project+Risk+Management+Plan pmtoolbox.com.doc
[2010-10-30 23:15:20 | 000,650,240 | ---- | M] () -- C:\Users\Roshni\Desktop\Engagement Methodology.doc
[2010-10-30 22:41:46 | 002,438,656 | ---- | M] () -- C:\Users\Roshni\Desktop\De Bonos six-thinking-hats.ppt
[2010-10-30 22:05:53 | 000,058,750 | ---- | M] () -- C:\Users\Roshni\Desktop\Business_Case_Workshop template.pdf
[2010-10-30 22:05:44 | 000,058,750 | ---- | M] () -- C:\Users\Roshni\Desktop\Business_Case_template.pdf
[2010-10-30 22:05:38 | 000,058,750 | ---- | M] () -- C:\Users\Roshni\Documents\Business_Case_Workshop template.pdf
[2010-10-28 22:17:01 | 000,192,796 | ---- | M] () -- C:\Users\Roshni\Desktop\TICKET CONFIRMATION.docx
[2010-10-28 22:03:25 | 000,014,497 | ---- | M] () -- C:\Users\Roshni\Desktop\Int Prep.docx
[2010-10-28 20:02:59 | 000,031,068 | ---- | M] () -- C:\Users\Roshni\Desktop\virgin itinerary return.pdf
[2010-10-27 19:39:52 | 000,020,467 | ---- | M] () -- C:\Users\Roshni\Desktop\Ten Tips for Successfully Implementing ITI1.docx
[2010-10-19 16:27:14 | 366,716,928 | ---- | M] () -- C:\Users\Roshni\Desktop\Chuck.S04E05.HDTV.XviD-LOL.avi
[2010-10-15 20:46:36 | 111,657,557 | ---- | M] () -- C:\Users\Roshni\Desktop\core.aawdef.zip
[2010-10-14 06:18:02 | 000,001,124 | ---- | M] () -- C:\Users\Roshni\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010-10-14 06:18:02 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010-10-13 17:45:55 | 000,293,376 | ---- | M] () -- C:\Users\Roshni\Desktop\qb3y2ure.exe
[2010-10-13 17:45:51 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Roshni\Desktop\mbam-setup-1.46.exe
[2010-10-13 17:45:22 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Roshni\Desktop\TFC.exe
[2010-10-13 17:39:03 | 000,002,043 | ---- | M] () -- C:\Users\Roshni\Desktop\HijackThis.lnk
[2010-10-07 06:38:54 | 000,142,495 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010-10-07 06:27:46 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll.old
[2010-09-12 09:09:57 | 000,032,256 | ---- | M] () -- C:\Windows\System32\drivers\discache.sys
[2010-09-12 09:01:05 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010-09-11 00:54:40 | 002,541,948 | ---- | M] () -- C:\Users\Roshni\Desktop\buffethutch1.jpg
[2010-09-11 00:54:40 | 002,541,948 | ---- | M] () -- C:\Users\Roshni\Desktop\BuffetHutch.jpg
[2010-09-10 20:10:26 | 003,988,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010-09-08 22:59:42 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010-09-04 19:01:38 | 002,685,046 | ---- | M] () -- C:\Users\Roshni\Desktop\Hutch.jpg
[2010-09-01 06:20:27 | 000,697,328 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2010-08-29 19:45:41 | 007,327,744 | ---- | M] () -- C:\Users\Roshni\Documents\Capture(0).mpg
[2010-08-29 19:43:43 | 000,000,671 | ---- | M] () -- C:\Users\Roshni\Documents\Roshni - Shortcut.lnk
[2010-08-29 19:43:26 | 005,834,752 | ---- | M] () -- C:\Users\Roshni\Documents\Capture.mpg
[2010-08-29 18:47:04 | 000,001,170 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\emMon.lnk
[2010-08-20 20:19:35 | 000,005,018 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010-08-20 20:18:25 | 000,000,088 | RHS- | M] () -- C:\ProgramData\ADA75893DA.sys
[2010-08-20 19:32:41 | 000,000,095 | ---- | M] () -- C:\Windows\MovieHunter.INI
[2010-08-20 17:33:28 | 000,140,912 | ---- | M] () -- C:\Users\Roshni\Documents\PDR.dmp

========== Files Created - No Company Name ==========

[2010-11-12 20:43:17 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Safe Returner.lnk
[2010-11-12 20:41:57 | 000,296,448 | ---- | C] () -- C:\Users\Roshni\Desktop\psnsij9i.exe
[2010-11-09 12:15:26 | 000,001,171 | ---- | C] () -- C:\Users\Public\Desktop\Canon MF Toolbox 4.9.lnk
[2010-11-09 12:14:41 | 000,000,502 | ---- | C] () -- C:\Windows\System32\CNCMFP34.INI
[2010-11-04 19:50:21 | 000,013,489 | ---- | C] () -- C:\Users\Roshni\Desktop\SIX APPROACHES TO DEAL WITH RESISTANCE TO CHANGE.docx
[2010-11-03 20:12:55 | 000,329,714 | ---- | C] () -- C:\Users\Roshni\Documents\Trial-5S--Trial1.xlsx
[2010-11-03 20:11:29 | 000,184,332 | ---- | C] () -- C:\Users\Roshni\Documents\Trial-SIPOC--Trial1.xlsx
[2010-11-02 17:08:30 | 366,741,504 | ---- | C] () -- C:\Users\Roshni\Desktop\Chuck.S04E07.HDTV.XviD-LOL.avi
[2010-10-31 23:29:44 | 000,161,280 | ---- | C] () -- C:\Users\Roshni\Desktop\kEY BEHAVIOURS.doc
[2010-10-31 17:07:49 | 011,078,656 | ---- | C] () -- C:\Users\Roshni\Desktop\Workbook Impact Assessment Workbook.xls
[2010-10-31 15:27:09 | 000,115,200 | ---- | C] () -- C:\Users\Roshni\Desktop\Change Readiness_Impact Analysis.doc
[2010-10-31 15:25:54 | 000,135,680 | ---- | C] () -- C:\Users\Roshni\Desktop\Situational Analysis.doc
[2010-10-31 15:24:43 | 000,209,408 | ---- | C] () -- C:\Users\Roshni\Desktop\Stakeholder Analysis Summary.doc
[2010-10-31 15:19:47 | 000,052,736 | ---- | C] () -- C:\Users\Roshni\Desktop\CPP Variation Business Rules.doc
[2010-10-31 15:11:56 | 000,246,784 | ---- | C] () -- C:\Users\Roshni\Desktop\2005-005 Online Contract Management Model_Draft.doc
[2010-10-31 15:11:02 | 000,070,144 | ---- | C] () -- C:\Users\Roshni\Desktop\Key Points_Project Management.doc
[2010-10-31 14:08:54 | 000,072,704 | ---- | C] () -- C:\Users\Roshni\Desktop\Project budget Costings.xls
[2010-10-31 13:59:38 | 000,024,064 | ---- | C] () -- C:\Users\Roshni\Desktop\Project Communication Management Matrix.xls
[2010-10-31 13:59:16 | 000,024,064 | ---- | C] () -- C:\Users\Roshni\Desktop\Responsibility Assignment Matrix.xls
[2010-10-31 13:58:22 | 000,020,992 | ---- | C] () -- C:\Users\Roshni\Desktop\Communication Requirements of Stakeholders.xls
[2010-10-31 13:51:37 | 000,395,264 | ---- | C] () -- C:\Users\Roshni\Desktop\IMS_BSU_Manual_3.1_Pay Invoice.doc
[2010-10-30 23:22:04 | 000,347,136 | ---- | C] () -- C:\Users\Roshni\Desktop\pmtoolbox.com_RISK+ASSESSMENT+TEMPLATE.doc
[2010-10-30 23:20:34 | 000,046,592 | ---- | C] () -- C:\Users\Roshni\Desktop\_Project+Risk+Management+Plan pmtoolbox.com.doc
[2010-10-30 23:19:37 | 000,014,654 | ---- | C] () -- C:\Users\Roshni\Desktop\Project Risk Management Plan.docx
[2010-10-30 22:41:44 | 002,438,656 | ---- | C] () -- C:\Users\Roshni\Desktop\De Bonos six-thinking-hats.ppt
[2010-10-30 22:17:58 | 000,650,240 | ---- | C] () -- C:\Users\Roshni\Desktop\Engagement Methodology.doc
[2010-10-30 22:05:53 | 000,058,750 | ---- | C] () -- C:\Users\Roshni\Desktop\Business_Case_Workshop template.pdf
[2010-10-30 22:05:44 | 000,058,750 | ---- | C] () -- C:\Users\Roshni\Desktop\Business_Case_template.pdf
[2010-10-30 22:05:38 | 000,058,750 | ---- | C] () -- C:\Users\Roshni\Documents\Business_Case_Workshop template.pdf
[2010-10-28 21:02:30 | 000,014,497 | ---- | C] () -- C:\Users\Roshni\Desktop\Int Prep.docx
[2010-10-28 20:01:48 | 000,031,068 | ---- | C] () -- C:\Users\Roshni\Desktop\virgin itinerary return.pdf
[2010-10-28 19:38:19 | 000,192,796 | ---- | C] () -- C:\Users\Roshni\Desktop\TICKET CONFIRMATION.docx
[2010-10-27 19:31:54 | 000,020,467 | ---- | C] () -- C:\Users\Roshni\Desktop\Ten Tips for Successfully Implementing ITI1.docx
[2010-10-24 22:04:43 | 002,104,325 | ---- | C] () -- C:\Users\Roshni\Desktop\DiningBuffetHutch.JPG
[2010-10-24 22:04:21 | 002,957,322 | ---- | C] () -- C:\Users\Roshni\Desktop\dining suite.jpg
[2010-10-24 22:00:45 | 002,541,948 | ---- | C] () -- C:\Users\Roshni\Desktop\buffethutch1.jpg
[2010-10-24 21:59:54 | 002,685,046 | ---- | C] () -- C:\Users\Roshni\Desktop\Hutch.jpg
[2010-10-24 21:58:00 | 002,541,948 | ---- | C] () -- C:\Users\Roshni\Desktop\BuffetHutch.jpg
[2010-10-19 17:00:14 | 366,716,928 | ---- | C] () -- C:\Users\Roshni\Desktop\Chuck.S04E05.HDTV.XviD-LOL.avi
[2010-10-15 20:46:21 | 111,657,557 | ---- | C] () -- C:\Users\Roshni\Desktop\core.aawdef.zip
[2010-10-14 06:18:02 | 000,001,124 | ---- | C] () -- C:\Users\Roshni\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010-10-14 06:18:02 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010-10-13 17:45:55 | 000,293,376 | ---- | C] () -- C:\Users\Roshni\Desktop\qb3y2ure.exe
[2010-10-13 17:39:03 | 000,002,043 | ---- | C] () -- C:\Users\Roshni\Desktop\HijackThis.lnk
[2010-09-11 15:43:38 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010-09-11 15:43:33 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010-09-05 14:57:14 | 000,210,456 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2010-09-05 14:57:14 | 000,206,360 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2010-09-05 14:57:14 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2010-09-05 14:57:14 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2010-09-05 14:57:14 | 000,194,072 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2010-09-05 14:57:14 | 000,026,136 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2010-09-01 06:20:27 | 000,697,328 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010-08-29 19:44:51 | 007,327,744 | ---- | C] () -- C:\Users\Roshni\Documents\Capture(0).mpg
[2010-08-29 19:43:43 | 000,000,671 | ---- | C] () -- C:\Users\Roshni\Documents\Roshni - Shortcut.lnk
[2010-08-29 19:43:02 | 005,834,752 | ---- | C] () -- C:\Users\Roshni\Documents\Capture.mpg
[2010-08-29 18:47:04 | 000,001,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\emMon.lnk
[2010-08-29 15:57:16 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010-08-29 15:57:16 | 000,050,688 | ---- | C] () -- C:\Windows\System32\ff_acm.acm
[2010-08-20 21:52:42 | 000,197,648 | ---- | C] () -- C:\Windows\System32\drivers\StkCSF.sys
[2010-08-20 20:16:45 | 000,000,088 | RHS- | C] () -- C:\ProgramData\ADA75893DA.sys
[2010-08-20 20:16:40 | 000,005,018 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010-08-20 19:27:36 | 000,000,095 | ---- | C] () -- C:\Windows\MovieHunter.INI
[2010-08-20 18:17:00 | 000,016,382 | ---- | C] () -- C:\Windows\System32\drivers\merlinFW.rom
[2010-08-19 18:48:34 | 000,140,912 | ---- | C] () -- C:\Users\Roshni\Documents\PDR.dmp
[2010-08-19 17:56:36 | 000,084,616 | ---- | C] () -- C:\Windows\StkUnist.exe
[2010-08-19 17:56:36 | 000,025,608 | ---- | C] () -- C:\Windows\System32\drivers\StkCSam.sys
[2010-06-19 15:51:41 | 000,000,600 | ---- | C] () -- C:\Users\Roshni\AppData\Roaming\winscp.rnd
[2009-12-02 19:39:02 | 020,317,504 | ---- | C] () -- C:\Windows\System32\TrueSuiteCoInst02020000.dll
[2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009-07-14 09:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-07-14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009-07-14 09:24:05 | 000,032,256 | ---- | C] () -- C:\Windows\System32\drivers\discache.sys
[2009-03-05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2002-03-17 10:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000104.DLL
[2002-03-17 10:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000079.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

Edited by sundavis, 17 November 2010 - 06:18 PM.
Remove quote box


BC AdBot (Login to Remove)

 


#2 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:45 PM

Posted 17 November 2010 - 06:33 PM

Hi Shivy29,



Welcome to BleepingComputer Virus, Trojan, Spyware, and Malware Removal Logs Forum.
My name is sundavis, I will be helping you to deal with your Malware problems today.

Do not code box your reply. It will take a bit hard for us to review the logs.
Please advise me what kind of brand or model of the router you're using now in your next reply. Thanks.

Step1


  • Please start OTL on your desktop.
  • Under the Custom Scans/Fixes box at the bottom, copy/paste the following contents of code box.

    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. 
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. 
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.235,93.188.161.235
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.  
    O33 - MountPoints2\{2240bc4a-bbf1-11df-a178-0015affdf17b}\Shell - "" = AutoRun 
    O33 - MountPoints2\{2240bc4a-bbf1-11df-a178-0015affdf17b}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found 
    O33 - MountPoints2\{649447dc-b53d-11df-a154-806e6f6e6963}\Shell - "" = AutoRun 
    O33 - MountPoints2\{649447dc-b53d-11df-a154-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Adobe CS5\Set-up.exe -- File not found 
    O33 - MountPoints2\{9ca35c97-8aea-11df-92d7-0015affdf17b}\Shell - "" = AutoRun 
    O33 - MountPoints2\{9ca35c97-8aea-11df-92d7-0015affdf17b}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found 
    O33 - MountPoints2\{e457c736-bd6c-11df-90fd-0015affdf17b}\Shell - "" = AutoRun 
    O33 - MountPoints2\{e457c736-bd6c-11df-90fd-0015affdf17b}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found 
    O33 - MountPoints2\{e6df7416-de69-11df-b635-0015affdf17b}\Shell - "" = AutoRun 
    O33 - MountPoints2\{e6df7416-de69-11df-b635-0015affdf17b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found 
    O34 - HKLM BootExecute: (autocheck autochk *) -  File not found 
    [2010-11-17 06:44:22 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job 
    [2010-11-17 06:44:20 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job 
    
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [resethosts]
    [start explorer]
    [Reboot]
    
  • Click Run Fix button on the top.
  • Click OK and let it run unhindered.
  • OTL will ask to reboot the machine. Please OK the prompt.
  • A report will open. Copy and Paste that report in your next reply.

Step2


Please unplug your internet access (unplug it from your router or modem) and do the following:

A.
1.Click on Start button.
2.Type Cmd in the Start Search text box.
3.Press Ctrl-Shift-Enter keyboard shortcut to run Command Prompt as Administrator. Allow elevation request.
4.Type netsh int ip reset in the Command Prompt, and then press the Enter key.
5.Restart the computer.


B.
1. Click the Start logo in the bottom left corner of the screen
2. Click All Programs
3. Click Accessories
4. RIGHT-click on Command Prompt
5. Select Run As Administrator
6. In the command window type the following and then hit enter:

ipconfig /flushdns

7. You will see the following confirmation:

Windows IP Configuration
Successfully flushed the DNS Resolver Cache.


C.
After that, What I'd like you to do is a hard reset with your router if you have one. Leave it on, and there should be a little pinhole in the back of the unit. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). Then change your admin login and password--make it a strong password. You may also want to ask your ISP for help in case there are custom settings that need to be maintained.


Step3


Please plug your internet access and do the following:


1.Please download the traceroute utility from Here by Malwarebytes on your desktop.

2.Double click on it and let it run unhindered---> Win7 user, Please right-click on it and Select Run As Administrator.

3.It will go through 3 phases to complete the process. When done, a log file should prompt or locate it on C:\traceroute_malwarebytes_cdn. Please post that content in your next reply.



In your next reply, please post back:

1.OTL delete log
2.traceroute log

Let me know if you have any remaining issues on your pc.

Edited by sundavis, 17 November 2010 - 06:34 PM.


#3 Shivy29

Shivy29
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 18 November 2010 - 01:22 AM

Thanks for the response. Sorry about the Code boxes. I did Step 2 A,B and C. But with Step 3 I cannot open Malwarebytes.org, I think it might be down at the moment. I will try again later and I will post that log when I can get that file.

I use a Netgear Wireless Router. I'm not sure what model number.

,
OTL REPORT:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2240bc4a-bbf1-11df-a178-0015affdf17b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2240bc4a-bbf1-11df-a178-0015affdf17b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2240bc4a-bbf1-11df-a178-0015affdf17b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2240bc4a-bbf1-11df-a178-0015affdf17b}\ not found.
File F:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{649447dc-b53d-11df-a154-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{649447dc-b53d-11df-a154-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{649447dc-b53d-11df-a154-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{649447dc-b53d-11df-a154-806e6f6e6963}\ not found.
File F:\Adobe CS5\Set-up.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ca35c97-8aea-11df-92d7-0015affdf17b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ca35c97-8aea-11df-92d7-0015affdf17b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ca35c97-8aea-11df-92d7-0015affdf17b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ca35c97-8aea-11df-92d7-0015affdf17b}\ not found.
File F:\WD SmartWare.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e457c736-bd6c-11df-90fd-0015affdf17b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e457c736-bd6c-11df-90fd-0015affdf17b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e457c736-bd6c-11df-90fd-0015affdf17b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e457c736-bd6c-11df-90fd-0015affdf17b}\ not found.
File G:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6df7416-de69-11df-b635-0015affdf17b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6df7416-de69-11df-b635-0015affdf17b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6df7416-de69-11df-b635-0015affdf17b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6df7416-de69-11df-b635-0015affdf17b}\ not found.
File F:\LaunchU3.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
File C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job not found.
File C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Roshni
->Temp folder emptied: 2402 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 24534055 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1216 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 23.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Roshni
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.17.3 log created on 11182010_161219

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Edited by Shivy29, 18 November 2010 - 01:23 AM.


#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:45 PM

Posted 18 November 2010 - 01:37 AM

Hi Shivy29,



Step 3 I cannot open Malwarebytes.org...

I check it and the download thread is perfect. After performing step1 and step2, you should not be blocked by Google DNS Changer.

Go to this thread for resetting your router to factory defaults and make a strong password if you don't know how.


Let me know if you have any remaining issues on your pc.

#5 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:45 PM

Posted 22 November 2010 - 02:34 AM

Due to the lack of feedback, this topic is now Closed.

Everyone else please start a new topic in the Malware Removal forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users