Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijack/Search Engine Redirect


  • This topic is locked This topic is locked
15 replies to this topic

#1 blazersrock2002

blazersrock2002

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 10 February 2012 - 02:30 AM

Hi,
So I believe my computer is/was infected by some kind of trojan (AVG described it as Agent3.atli) which I think I removed however all three of my browsers (firefox, chrome, IE) are subject to being redirecting from search links. I believe I have some kind of browser hijack with a rootkit infection as I have run TDSS killer which initially found problems but now can't see anything wrong. What should I do to regain control of my computer?
Thanks
*running 64bit so no GMER

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:44 PM

Posted 10 February 2012 - 02:34 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Can you please post the contents of the TDSSKiller logs for me?


=====


Running aswMBR.exe

Download aswMBR.exe (4.5mb) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image



NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log files.
3. aswMBR.exe log file
4. OTL.txt & Extras.txt log files.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 blazersrock2002

blazersrock2002
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 13 February 2012 - 06:25 PM

Ahh so I was trying to access these forums and for some reason didn't see that you had responded. I just posted again. Should I go ahead an follow your instructions and delete my new post?

#4 blazersrock2002

blazersrock2002
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 13 February 2012 - 07:32 PM

1. Since the topic wasn't closed I'm going to proceed
---------------------------------------------------------------------------------------------
2. TDSS report is attached below

17:30:31.0261 0800 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
17:30:31.0527 0800 ============================================================
17:30:31.0527 0800 Current date / time: 2012/02/13 17:30:31.0527
17:30:31.0527 0800 SystemInfo:
17:30:31.0527 0800
17:30:31.0527 0800 OS Version: 6.1.7600 ServicePack: 0.0
17:30:31.0527 0800 Product type: Workstation
17:30:31.0527 0800 ComputerName: SHANIK-PC
17:30:31.0528 0800 UserName: Shanik
17:30:31.0528 0800 Windows directory: C:\Windows
17:30:31.0528 0800 System windows directory: C:\Windows
17:30:31.0528 0800 Running under WOW64
17:30:31.0528 0800 Processor architecture: Intel x64
17:30:31.0528 0800 Number of processors: 2
17:30:31.0528 0800 Page size: 0x1000
17:30:31.0528 0800 Boot type: Normal boot
17:30:31.0528 0800 ============================================================
17:30:35.0221 0800 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
17:30:35.0249 0800 \Device\Harddisk0\DR0:
17:30:35.0250 0800 MBR used
17:30:35.0250 0800 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:30:35.0250 0800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
17:30:35.0815 0800 Initialize success
17:30:35.0815 0800 ============================================================
17:30:37.0301 4276 ============================================================
17:30:37.0302 4276 Scan started
17:30:37.0302 4276 Mode: Manual;
17:30:37.0302 4276 ============================================================
17:30:39.0913 4276 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
17:30:39.0950 4276 1394ohci - ok
17:30:39.0992 4276 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
17:30:40.0000 4276 ACPI - ok
17:30:40.0024 4276 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
17:30:40.0057 4276 AcpiPmi - ok
17:30:40.0187 4276 ADIHdAudAddService (560649e6a9c11f6124f97310ef387c45) C:\Windows\system32\drivers\ADIHdAud.sys
17:30:40.0245 4276 ADIHdAudAddService - ok
17:30:40.0302 4276 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:30:40.0312 4276 adp94xx - ok
17:30:40.0343 4276 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:30:40.0352 4276 adpahci - ok
17:30:40.0386 4276 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:30:40.0391 4276 adpu320 - ok
17:30:40.0462 4276 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
17:30:40.0500 4276 AFD - ok
17:30:40.0530 4276 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
17:30:40.0533 4276 agp440 - ok
17:30:40.0550 4276 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
17:30:40.0566 4276 aliide - ok
17:30:40.0578 4276 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
17:30:40.0580 4276 amdide - ok
17:30:40.0605 4276 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:30:40.0622 4276 AmdK8 - ok
17:30:40.0651 4276 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:30:40.0654 4276 AmdPPM - ok
17:30:40.0705 4276 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
17:30:40.0709 4276 amdsata - ok
17:30:40.0748 4276 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:30:40.0766 4276 amdsbs - ok
17:30:40.0808 4276 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
17:30:40.0810 4276 amdxata - ok
17:30:40.0846 4276 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
17:30:40.0862 4276 AppID - ok
17:30:40.0919 4276 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:30:40.0922 4276 arc - ok
17:30:40.0941 4276 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:30:40.0945 4276 arcsas - ok
17:30:40.0964 4276 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:30:40.0966 4276 AsyncMac - ok
17:30:40.0981 4276 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
17:30:40.0981 4276 atapi - ok
17:30:41.0039 4276 AvgLdx64 (b447db072bf939db9e07bef2adf4ecbd) C:\Windows\system32\Drivers\avgldx64.sys
17:30:41.0047 4276 AvgLdx64 - ok
17:30:41.0095 4276 AvgMfx64 (0db5a749acd8e66091736f88c40207bd) C:\Windows\system32\Drivers\avgmfx64.sys
17:30:41.0111 4276 AvgMfx64 - ok
17:30:41.0162 4276 AvgTdiA (8aa68c0ba2b84fd7eb3e1f10bbfc825b) C:\Windows\system32\Drivers\avgtdia.sys
17:30:41.0170 4276 AvgTdiA - ok
17:30:41.0206 4276 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:30:41.0235 4276 b06bdrv - ok
17:30:41.0288 4276 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:30:41.0324 4276 b57nd60a - ok
17:30:41.0357 4276 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:30:41.0359 4276 Beep - ok
17:30:41.0405 4276 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:30:41.0408 4276 blbdrive - ok
17:30:41.0497 4276 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
17:30:41.0550 4276 bowser - ok
17:30:41.0584 4276 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:30:41.0618 4276 BrFiltLo - ok
17:30:41.0630 4276 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:30:41.0632 4276 BrFiltUp - ok
17:30:41.0645 4276 Bridge (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:30:41.0648 4276 Bridge - ok
17:30:41.0670 4276 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:30:41.0671 4276 BridgeMP - ok
17:30:41.0696 4276 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:30:41.0705 4276 Brserid - ok
17:30:41.0726 4276 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:30:41.0728 4276 BrSerWdm - ok
17:30:41.0750 4276 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:30:41.0752 4276 BrUsbMdm - ok
17:30:41.0773 4276 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:30:41.0809 4276 BrUsbSer - ok
17:30:41.0860 4276 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:30:41.0884 4276 BTHMODEM - ok
17:30:41.0943 4276 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:30:41.0964 4276 cdfs - ok
17:30:42.0016 4276 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
17:30:42.0021 4276 cdrom - ok
17:30:42.0045 4276 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:30:42.0048 4276 circlass - ok
17:30:42.0097 4276 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:30:42.0107 4276 CLFS - ok
17:30:42.0210 4276 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:30:42.0243 4276 CmBatt - ok
17:30:42.0315 4276 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
17:30:42.0322 4276 cmdide - ok
17:30:42.0396 4276 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
17:30:42.0416 4276 CNG - ok
17:30:42.0458 4276 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:30:42.0484 4276 Compbatt - ok
17:30:42.0522 4276 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:30:42.0525 4276 CompositeBus - ok
17:30:42.0554 4276 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:30:42.0556 4276 crcdisk - ok
17:30:42.0683 4276 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
17:30:42.0787 4276 CSC - ok
17:30:42.0862 4276 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
17:30:42.0865 4276 CVirtA - ok
17:30:42.0936 4276 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
17:30:42.0985 4276 CVPNDRVA - ok
17:30:43.0034 4276 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
17:30:43.0089 4276 DfsC - ok
17:30:43.0176 4276 DgiVecp (2d589a2c024b2fb238535db9f7b3597d) C:\Windows\system32\Drivers\DgiVecp.sys
17:30:43.0179 4276 DgiVecp - ok
17:30:43.0210 4276 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:30:43.0229 4276 discache - ok
17:30:43.0278 4276 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:30:43.0293 4276 Disk - ok
17:30:43.0367 4276 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
17:30:43.0390 4276 DNE - ok
17:30:43.0433 4276 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:30:43.0436 4276 drmkaud - ok
17:30:43.0492 4276 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
17:30:43.0525 4276 DXGKrnl - ok
17:30:43.0564 4276 e1express (416a2007878ed1d6fc5dddb9e1f6db3e) C:\Windows\system32\DRIVERS\e1e6032e.sys
17:30:43.0583 4276 e1express - ok
17:30:43.0665 4276 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:30:43.0751 4276 ebdrv - ok
17:30:43.0790 4276 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:30:43.0821 4276 elxstor - ok
17:30:43.0843 4276 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
17:30:43.0846 4276 ErrDev - ok
17:30:43.0889 4276 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:30:43.0896 4276 exfat - ok
17:30:43.0918 4276 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:30:43.0924 4276 fastfat - ok
17:30:43.0946 4276 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:30:43.0994 4276 fdc - ok
17:30:44.0039 4276 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:30:44.0063 4276 FileInfo - ok
17:30:44.0096 4276 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:30:44.0172 4276 Filetrace - ok
17:30:44.0211 4276 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:30:44.0217 4276 flpydisk - ok
17:30:44.0238 4276 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
17:30:44.0247 4276 FltMgr - ok
17:30:44.0271 4276 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:30:44.0274 4276 FsDepends - ok
17:30:44.0290 4276 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:30:44.0293 4276 Fs_Rec - ok
17:30:44.0333 4276 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:30:44.0356 4276 fvevol - ok
17:30:44.0380 4276 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:30:44.0382 4276 gagp30kx - ok
17:30:44.0417 4276 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:30:44.0446 4276 GEARAspiWDM - ok
17:30:44.0524 4276 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:30:44.0527 4276 hcw85cir - ok
17:30:44.0588 4276 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
17:30:44.0617 4276 HdAudAddService - ok
17:30:44.0702 4276 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:30:44.0707 4276 HDAudBus - ok
17:30:44.0731 4276 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:30:44.0733 4276 HidBatt - ok
17:30:44.0767 4276 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:30:44.0770 4276 HidBth - ok
17:30:44.0806 4276 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:30:44.0809 4276 HidIr - ok
17:30:44.0847 4276 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
17:30:44.0849 4276 HidUsb - ok
17:30:44.0928 4276 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
17:30:44.0931 4276 HpSAMD - ok
17:30:44.0971 4276 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
17:30:45.0223 4276 HTTP - ok
17:30:45.0243 4276 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
17:30:45.0245 4276 hwpolicy - ok
17:30:45.0277 4276 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:30:45.0295 4276 i8042prt - ok
17:30:45.0342 4276 iastor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\Drivers\iaStor.sys
17:30:45.0364 4276 iastor - ok
17:30:45.0414 4276 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
17:30:45.0426 4276 iaStorV - ok
17:30:45.0581 4276 IBMPMDRV (16a43abb5a334c7842f4a60cf9ff8041) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
17:30:45.0595 4276 IBMPMDRV - ok
17:30:45.0991 4276 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:30:45.0994 4276 iirsp - ok
17:30:46.0015 4276 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
17:30:46.0018 4276 intelide - ok
17:30:46.0049 4276 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:30:46.0091 4276 intelppm - ok
17:30:46.0182 4276 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:30:46.0185 4276 IpFilterDriver - ok
17:30:46.0284 4276 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:30:46.0287 4276 IPMIDRV - ok
17:30:46.0355 4276 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:30:46.0359 4276 IPNAT - ok
17:30:46.0479 4276 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:30:46.0499 4276 IRENUM - ok
17:30:46.0547 4276 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
17:30:46.0549 4276 isapnp - ok
17:30:46.0588 4276 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
17:30:46.0594 4276 iScsiPrt - ok
17:30:46.0623 4276 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:30:46.0625 4276 kbdclass - ok
17:30:46.0645 4276 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
17:30:46.0647 4276 kbdhid - ok
17:30:46.0697 4276 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
17:30:46.0712 4276 KSecDD - ok
17:30:46.0749 4276 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
17:30:46.0771 4276 KSecPkg - ok
17:30:46.0801 4276 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:30:46.0803 4276 ksthunk - ok
17:30:46.0855 4276 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:30:46.0879 4276 lltdio - ok
17:30:46.0923 4276 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:30:46.0927 4276 LSI_FC - ok
17:30:46.0947 4276 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:30:46.0950 4276 LSI_SAS - ok
17:30:46.0981 4276 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:30:46.0984 4276 LSI_SAS2 - ok
17:30:47.0006 4276 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:30:47.0010 4276 LSI_SCSI - ok
17:30:47.0028 4276 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:30:47.0032 4276 luafv - ok
17:30:47.0069 4276 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:30:47.0072 4276 megasas - ok
17:30:47.0105 4276 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:30:47.0113 4276 MegaSR - ok
17:30:47.0155 4276 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:30:47.0178 4276 Modem - ok
17:30:47.0222 4276 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:30:47.0266 4276 monitor - ok
17:30:47.0292 4276 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:30:47.0295 4276 mouclass - ok
17:30:47.0329 4276 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:30:47.0337 4276 mouhid - ok
17:30:47.0369 4276 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
17:30:47.0372 4276 mountmgr - ok
17:30:47.0404 4276 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
17:30:47.0409 4276 mpio - ok
17:30:47.0433 4276 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:30:47.0481 4276 mpsdrv - ok
17:30:47.0556 4276 MREMP50a64 - ok
17:30:47.0563 4276 MREMPR5 - ok
17:30:47.0568 4276 MRENDIS5 - ok
17:30:47.0573 4276 MRESP50a64 - ok
17:30:47.0600 4276 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
17:30:47.0659 4276 MRxDAV - ok
17:30:47.0705 4276 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:30:47.0733 4276 mrxsmb - ok
17:30:47.0784 4276 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:30:47.0837 4276 mrxsmb10 - ok
17:30:47.0866 4276 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:30:47.0888 4276 mrxsmb20 - ok
17:30:47.0913 4276 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
17:30:47.0916 4276 msahci - ok
17:30:47.0980 4276 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
17:30:47.0985 4276 msdsm - ok
17:30:48.0009 4276 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:30:48.0012 4276 Msfs - ok
17:30:48.0031 4276 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:30:48.0034 4276 mshidkmdf - ok
17:30:48.0103 4276 MSHUSBVideo (55218f924e55fd2786ed40edf4ed79c3) C:\Windows\system32\Drivers\nx6000.sys
17:30:48.0122 4276 MSHUSBVideo - ok
17:30:48.0149 4276 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
17:30:48.0151 4276 msisadrv - ok
17:30:48.0191 4276 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:30:48.0209 4276 MSKSSRV - ok
17:30:48.0249 4276 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:30:48.0253 4276 MSPCLOCK - ok
17:30:48.0275 4276 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:30:48.0277 4276 MSPQM - ok
17:30:48.0307 4276 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
17:30:48.0326 4276 MsRPC - ok
17:30:48.0354 4276 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:30:48.0375 4276 mssmbios - ok
17:30:48.0401 4276 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:30:48.0404 4276 MSTEE - ok
17:30:48.0423 4276 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:30:48.0426 4276 MTConfig - ok
17:30:48.0462 4276 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:30:48.0465 4276 Mup - ok
17:30:48.0525 4276 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:30:48.0567 4276 NativeWifiP - ok
17:30:48.0636 4276 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
17:30:48.0670 4276 NDIS - ok
17:30:48.0700 4276 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:30:48.0702 4276 NdisCap - ok
17:30:48.0737 4276 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:30:48.0761 4276 NdisTapi - ok
17:30:48.0795 4276 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
17:30:48.0798 4276 Ndisuio - ok
17:30:48.0824 4276 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:30:48.0830 4276 NdisWan - ok
17:30:48.0849 4276 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
17:30:48.0852 4276 NDProxy - ok
17:30:48.0873 4276 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:30:48.0895 4276 NetBIOS - ok
17:30:48.0934 4276 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
17:30:48.0977 4276 NetBT - ok
17:30:49.0124 4276 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
17:30:49.0267 4276 netw5v64 - ok
17:30:49.0302 4276 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:30:49.0304 4276 nfrd960 - ok
17:30:49.0342 4276 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:30:49.0345 4276 Npfs - ok
17:30:49.0362 4276 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:30:49.0388 4276 nsiproxy - ok
17:30:49.0470 4276 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
17:30:49.0529 4276 Ntfs - ok
17:30:49.0556 4276 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:30:49.0558 4276 Null - ok
17:30:49.0816 4276 nvlddmkm (5d0c43555b4244d9f5699a12288d1847) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:30:50.0021 4276 nvlddmkm - ok
17:30:50.0181 4276 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
17:30:50.0186 4276 nvraid - ok
17:30:50.0236 4276 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
17:30:50.0241 4276 nvstor - ok
17:30:50.0278 4276 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
17:30:50.0282 4276 nv_agp - ok
17:30:50.0308 4276 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
17:30:50.0312 4276 ohci1394 - ok
17:30:50.0382 4276 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:30:50.0415 4276 Parport - ok
17:30:50.0446 4276 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
17:30:50.0449 4276 partmgr - ok
17:30:50.0470 4276 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
17:30:50.0475 4276 pci - ok
17:30:50.0490 4276 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
17:30:50.0492 4276 pciide - ok
17:30:50.0531 4276 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:30:50.0536 4276 pcmcia - ok
17:30:50.0558 4276 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:30:50.0562 4276 pcw - ok
17:30:50.0589 4276 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:30:50.0648 4276 PEAUTH - ok
17:30:50.0715 4276 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
17:30:50.0718 4276 PptpMiniport - ok
17:30:50.0739 4276 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:30:50.0742 4276 Processor - ok
17:30:50.0767 4276 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
17:30:50.0802 4276 Psched - ok
17:30:50.0856 4276 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:30:50.0890 4276 ql2300 - ok
17:30:50.0915 4276 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:30:50.0919 4276 ql40xx - ok
17:30:50.0938 4276 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:30:50.0941 4276 QWAVEdrv - ok
17:30:50.0963 4276 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:30:50.0999 4276 RasAcd - ok
17:30:51.0041 4276 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:30:51.0089 4276 RasAgileVpn - ok
17:30:51.0120 4276 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:30:51.0143 4276 Rasl2tp - ok
17:30:51.0180 4276 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:30:51.0183 4276 RasPppoe - ok
17:30:51.0225 4276 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:30:51.0259 4276 RasSstp - ok
17:30:51.0295 4276 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
17:30:51.0327 4276 rdbss - ok
17:30:51.0364 4276 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:30:51.0366 4276 rdpbus - ok
17:30:51.0384 4276 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:30:51.0386 4276 RDPCDD - ok
17:30:51.0428 4276 RDPDISPM (f56aed34ea2a292e92a3a09736c3648e) C:\Windows\system32\DRIVERS\rdpdispm.sys
17:30:51.0448 4276 RDPDISPM - ok
17:30:51.0491 4276 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
17:30:51.0536 4276 RDPDR - ok
17:30:51.0580 4276 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:30:51.0604 4276 RDPENCDD - ok
17:30:51.0641 4276 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:30:51.0669 4276 RDPREFMP - ok
17:30:51.0708 4276 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
17:30:51.0713 4276 RDPWD - ok
17:30:51.0752 4276 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
17:30:51.0757 4276 rdyboost - ok
17:30:51.0816 4276 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
17:30:51.0886 4276 RimUsb - ok
17:30:51.0935 4276 rismxdp (2a43f9e6dbde12bc0c104785c3b3f5df) C:\Windows\system32\DRIVERS\rixdpx64.sys
17:30:51.0983 4276 rismxdp - ok
17:30:52.0025 4276 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:30:52.0058 4276 rspndr - ok
17:30:52.0122 4276 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
17:30:52.0161 4276 s3cap - ok
17:30:52.0191 4276 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
17:30:52.0194 4276 sbp2port - ok
17:30:52.0220 4276 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
17:30:52.0223 4276 scfilter - ok
17:30:52.0267 4276 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
17:30:52.0270 4276 sdbus - ok
17:30:52.0299 4276 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:30:52.0329 4276 secdrv - ok
17:30:52.0364 4276 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:30:52.0378 4276 Serenum - ok
17:30:52.0406 4276 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:30:52.0409 4276 Serial - ok
17:30:52.0432 4276 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:30:52.0435 4276 sermouse - ok
17:30:52.0463 4276 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
17:30:52.0483 4276 sffdisk - ok
17:30:52.0525 4276 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:30:52.0552 4276 sffp_mmc - ok
17:30:52.0585 4276 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:30:52.0610 4276 sffp_sd - ok
17:30:52.0641 4276 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:30:52.0647 4276 sfloppy - ok
17:30:52.0712 4276 Shockprf (5a5346931ce61ea85f8338f7a03131f7) C:\Windows\system32\DRIVERS\Apsx64.sys
17:30:52.0717 4276 Shockprf - ok
17:30:52.0752 4276 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:30:52.0755 4276 SiSRaid2 - ok
17:30:52.0794 4276 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:30:52.0797 4276 SiSRaid4 - ok
17:30:52.0842 4276 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:30:52.0848 4276 Smb - ok
17:30:52.0884 4276 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:30:52.0887 4276 spldr - ok
17:30:52.0962 4276 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
17:30:53.0031 4276 srv - ok
17:30:53.0058 4276 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
17:30:53.0115 4276 srv2 - ok
17:30:53.0180 4276 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
17:30:53.0189 4276 SrvHsfHDA - ok
17:30:53.0245 4276 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
17:30:53.0338 4276 SrvHsfV92 - ok
17:30:53.0369 4276 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
17:30:53.0385 4276 SrvHsfWinac - ok
17:30:53.0457 4276 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
17:30:53.0482 4276 srvnet - ok
17:30:53.0524 4276 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
17:30:53.0539 4276 SSPORT - ok
17:30:53.0575 4276 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:30:53.0578 4276 stexstor - ok
17:30:53.0626 4276 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
17:30:53.0630 4276 storflt - ok
17:30:53.0656 4276 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
17:30:53.0675 4276 storvsc - ok
17:30:53.0710 4276 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:30:53.0714 4276 swenum - ok
17:30:53.0775 4276 SynTP (929c9fa0b18ad2ebc8340591c4bf00ff) C:\Windows\system32\DRIVERS\SynTP.sys
17:30:53.0796 4276 SynTP - ok
17:30:53.0875 4276 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
17:30:53.0926 4276 Tcpip - ok
17:30:53.0991 4276 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
17:30:54.0002 4276 TCPIP6 - ok
17:30:54.0054 4276 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
17:30:54.0078 4276 tcpipreg - ok
17:30:54.0125 4276 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:30:54.0149 4276 TDPIPE - ok
17:30:54.0187 4276 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:30:54.0190 4276 TDTCP - ok
17:30:54.0234 4276 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
17:30:54.0238 4276 tdx - ok
17:30:54.0266 4276 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
17:30:54.0270 4276 TermDD - ok
17:30:54.0332 4276 TIEHDUSB (199c2e87d9a5ec58d0bcd94e893bf629) C:\Windows\system32\DRIVERS\tiehdusb.sys
17:30:54.0355 4276 TIEHDUSB - ok
17:30:54.0406 4276 TPDIGIMN (7e25f9ae51daac0791df1eb949a58dbe) C:\Windows\system32\DRIVERS\ApsHM64.sys
17:30:54.0409 4276 TPDIGIMN - ok
17:30:54.0448 4276 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
17:30:54.0480 4276 TPM - ok
17:30:54.0521 4276 TPPWRIF (2c067e01d6bbccc88b233b868e210907) C:\Windows\system32\drivers\Tppwr64v.sys
17:30:54.0523 4276 TPPWRIF - ok
17:30:54.0550 4276 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:30:54.0554 4276 tssecsrv - ok
17:30:54.0585 4276 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
17:30:54.0589 4276 tunnel - ok
17:30:54.0610 4276 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:30:54.0613 4276 uagp35 - ok
17:30:54.0644 4276 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
17:30:54.0673 4276 udfs - ok
17:30:54.0708 4276 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
17:30:54.0711 4276 uliagpkx - ok
17:30:54.0728 4276 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
17:30:54.0730 4276 umbus - ok
17:30:54.0763 4276 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:30:54.0765 4276 UmPass - ok
17:30:54.0811 4276 USBAAPL64 (9e58997a211c8c9ac9e6cffa53614a73) C:\Windows\system32\Drivers\usbaapl64.sys
17:30:54.0856 4276 USBAAPL64 - ok
17:30:54.0918 4276 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
17:30:54.0937 4276 usbaudio - ok
17:30:54.0988 4276 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
17:30:55.0022 4276 usbccgp - ok
17:30:55.0058 4276 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
17:30:55.0064 4276 usbcir - ok
17:30:55.0127 4276 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
17:30:55.0164 4276 usbehci - ok
17:30:55.0222 4276 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
17:30:55.0253 4276 usbhub - ok
17:30:55.0294 4276 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
17:30:55.0320 4276 usbohci - ok
17:30:55.0368 4276 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:30:55.0371 4276 usbprint - ok
17:30:55.0421 4276 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:30:55.0442 4276 usbscan - ok
17:30:55.0479 4276 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:30:55.0541 4276 USBSTOR - ok
17:30:55.0584 4276 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
17:30:55.0622 4276 usbuhci - ok
17:30:55.0696 4276 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
17:30:55.0733 4276 usbvideo - ok
17:30:55.0775 4276 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
17:30:55.0777 4276 vdrvroot - ok
17:30:55.0794 4276 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:30:55.0798 4276 vga - ok
17:30:55.0817 4276 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:30:55.0820 4276 VgaSave - ok
17:30:55.0846 4276 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
17:30:55.0851 4276 vhdmp - ok
17:30:55.0875 4276 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
17:30:55.0877 4276 viaide - ok
17:30:55.0914 4276 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
17:30:55.0920 4276 vmbus - ok
17:30:55.0937 4276 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
17:30:55.0954 4276 VMBusHID - ok
17:30:55.0968 4276 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
17:30:55.0971 4276 volmgr - ok
17:30:56.0024 4276 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
17:30:56.0057 4276 volmgrx - ok
17:30:56.0090 4276 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
17:30:56.0102 4276 volsnap - ok
17:30:56.0162 4276 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:30:56.0169 4276 vsmraid - ok
17:30:56.0203 4276 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:30:56.0225 4276 vwifibus - ok
17:30:56.0272 4276 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:30:56.0275 4276 WacomPen - ok
17:30:56.0296 4276 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:30:56.0321 4276 WANARP - ok
17:30:56.0325 4276 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:30:56.0326 4276 Wanarpv6 - ok
17:30:56.0372 4276 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:30:56.0376 4276 Wd - ok
17:30:56.0450 4276 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:30:56.0479 4276 Wdf01000 - ok
17:30:56.0528 4276 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:30:56.0574 4276 WfpLwf - ok
17:30:56.0616 4276 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:30:56.0619 4276 WIMMount - ok
17:30:56.0686 4276 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
17:30:56.0701 4276 WinUsb - ok
17:30:56.0733 4276 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:30:56.0735 4276 WmiAcpi - ok
17:30:56.0779 4276 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:30:56.0796 4276 ws2ifsl - ok
17:30:56.0831 4276 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
17:30:56.0835 4276 WudfPf - ok
17:30:56.0855 4276 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:30:56.0861 4276 WUDFRd - ok
17:30:56.0947 4276 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
17:30:56.0980 4276 xusb21 - ok
17:30:57.0014 4276 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:30:57.0076 4276 \Device\Harddisk0\DR0 - ok
17:30:57.0084 4276 Boot (0x1200) (7a6469cf3f4483118cecbd590e9048e8) \Device\Harddisk0\DR0\Partition0
17:30:57.0086 4276 \Device\Harddisk0\DR0\Partition0 - ok
17:30:57.0096 4276 Boot (0x1200) (aaec64e744b4252bcbfe28ea6ee6e9c0) \Device\Harddisk0\DR0\Partition1
17:30:57.0098 4276 \Device\Harddisk0\DR0\Partition1 - ok
17:30:57.0098 4276 ============================================================
17:30:57.0098 4276 Scan finished
17:30:57.0098 4276 ============================================================
17:30:57.0304 6948 Detected object count: 0
17:30:57.0304 6948 Actual detected object count: 0
---------------------------------------------------------------------------------------------
3. aswMBR.exe log file
aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-13 17:35:07
-----------------------------
17:35:07.897 OS Version: Windows x64 6.1.7600
17:35:07.897 Number of processors: 2 586 0x1706
17:35:07.898 ComputerName: SHANIK-PC UserName: Shanik
17:35:08.674 Initialize success
17:36:39.653 AVAST engine defs: 12021302
17:36:50.920 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
17:36:50.921 Disk 0 Vendor: ST9320421AS SD13 Size: 305245MB BusType: 11
17:36:50.941 Disk 0 MBR read successfully
17:36:50.942 Disk 0 MBR scan
17:36:50.946 Disk 0 Windows 7 default MBR code
17:36:50.951 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:36:50.963 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
17:36:50.967 Service scanning
17:36:55.642 Modules scanning
17:36:55.645 Disk 0 trace - called modules:
17:36:55.654 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:36:55.657 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80027da3f0]
17:36:55.661 3 CLASSPNP.SYS[fffff8800106143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0xfffffa80022f3060]
17:36:57.288 AVAST engine scan C:\Windows
17:37:02.790 AVAST engine scan C:\Windows\system32
17:47:09.407 AVAST engine scan C:\Windows\system32\drivers
17:47:33.124 AVAST engine scan C:\Users\Shanik
18:16:48.909 AVAST engine scan C:\ProgramData
18:19:22.510 Scan finished successfully
18:31:55.940 Disk 0 MBR has been saved successfully to "C:\Users\Shanik\Desktop\Bleeping Computer Logs\MBR.dat"
18:31:55.945 The log file has been saved successfully to "C:\Users\Shanik\Desktop\Bleeping Computer Logs\aswMBR.txt"




---------------------------------------------------------------------------------------------
4. OTL.txt & Extras.txt log files.

OTL logfile created on: 2/13/2012 5:35:42 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Shanik\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.98 Gb Total Physical Memory | 0.48 Gb Available Physical Memory | 24.17% Memory free
3.97 Gb Paging File | 1.29 Gb Available in Paging File | 32.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 142.84 Gb Free Space | 47.93% Space Free | Partition Type: NTFS

Computer Name: SHANIK-PC | User Name: Shanik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/13 17:32:36 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Shanik\Downloads\aswMBR.exe
PRC - [2012/02/13 17:32:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Shanik\Desktop\OTL.exe
PRC - [2012/02/02 03:01:09 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\Shanik\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe
PRC - [2012/01/26 10:33:23 | 002,077,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2011/12/09 15:16:00 | 000,161,336 | ---- | M] (Google) -- C:\Users\Shanik\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/03/14 08:22:06 | 002,125,472 | ---- | M] (Audible, Inc.) -- C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2010/12/11 20:37:33 | 000,395,640 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/07/15 08:07:48 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/23 11:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/08/20 11:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/07/15 12:18:00 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/07/08 19:28:42 | 000,365,872 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
PRC - [2009/04/07 07:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/27 02:49:31 | 000,429,040 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\Application\17.0.963.46\ppgooglenaclpluginchrome.dll
MOD - [2012/01/27 02:49:29 | 003,772,912 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\Application\17.0.963.46\pdf.dll
MOD - [2012/01/27 02:48:17 | 000,527,344 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\Application\17.0.963.46\libglesv2.dll
MOD - [2012/01/27 02:48:15 | 000,114,672 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\Application\17.0.963.46\libegl.dll
MOD - [2012/01/27 02:48:06 | 000,122,880 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\Application\17.0.963.46\avutil-51.dll
MOD - [2012/01/27 02:48:05 | 000,222,208 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\Application\17.0.963.46\avformat-53.dll
MOD - [2012/01/27 02:48:03 | 001,746,944 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\Application\17.0.963.46\avcodec-53.dll
MOD - [2012/01/26 23:41:13 | 008,593,056 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\Application\17.0.963.46\gcswf32.dll
MOD - [2011/03/16 22:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 13:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/11/03 14:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/11/03 14:51:34 | 001,239,840 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/11/03 14:51:26 | 000,039,712 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/20 13:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/01/12 08:07:44 | 000,046,080 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm, Inc\novacom\amd64\novacomd.exe -- (NovacomD)
SRV:64bit: - [2010/01/07 04:56:13 | 000,051,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/15 12:18:00 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/03 20:47:08 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2009/06/29 15:51:04 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2008/07/15 19:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV:64bit: - [2007/06/01 04:02:16 | 000,043,568 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2010/07/15 08:07:48 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/23 11:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/09 05:05:00 | 000,075,040 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/12 23:23:56 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2011/09/12 14:09:09 | 000,035,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2011/05/05 16:32:34 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2011/03/11 00:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/05/20 13:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/03/23 11:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/02/08 06:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010/01/07 04:56:55 | 000,010,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpdispm.sys -- (RDPDISPM)
DRV:64bit: - [2009/09/09 05:05:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2009/09/03 15:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009/08/28 18:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/13 20:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/08/07 07:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iastor)
DRV:64bit: - [2009/07/14 17:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 17:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/29 15:51:02 | 000,133,672 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2009/06/29 15:51:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 14:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 19:31:56 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/02 13:12:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2009/03/02 13:12:14 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)
DRV:64bit: - [2008/11/16 16:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007/06/01 04:01:52 | 000,026,928 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2007/05/14 14:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2006/11/18 15:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2171543394-2643742330-3000438092-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2171543394-2643742330-3000438092-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
IE - HKU\S-1-5-21-2171543394-2643742330-3000438092-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2171543394-2643742330-3000438092-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2171543394-2643742330-3000438092-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DD 66 AB 6A 68 47 CC 01 [binary data]
IE - HKU\S-1-5-21-2171543394-2643742330-3000438092-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2171543394-2643742330-3000438092-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: SQLiteManager@mrinalkant.blogspot.com:0.6.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.1.10
FF - prefs.js..extensions.enabledItems: zoteroWinWordIntegration@zotero.org:3.1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Shanik\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Shanik\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Shanik\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Shanik\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/10 01:17:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/10 01:17:01 | 000,000,000 | ---D | M]

[2010/11/25 23:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shanik\AppData\Roaming\Mozilla\Extensions
[2012/02/09 20:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shanik\AppData\Roaming\Mozilla\Firefox\Profiles\6nf30vhb.default\extensions
[2012/01/28 16:45:37 | 000,000,000 | ---D | M] (SQLite Manager) -- C:\Users\Shanik\AppData\Roaming\Mozilla\Firefox\Profiles\6nf30vhb.default\extensions\SQLiteManager@mrinalkant.blogspot.com
[2011/11/13 11:45:23 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Shanik\AppData\Roaming\Mozilla\Firefox\Profiles\6nf30vhb.default\extensions\zotero@chnm.gmu.edu
[2011/11/13 11:46:25 | 000,000,000 | ---D | M] (Zotero Word for Windows Integration) -- C:\Users\Shanik\AppData\Roaming\Mozilla\Firefox\Profiles\6nf30vhb.default\extensions\zoteroWinWordIntegration@zotero.org
[2012/02/10 01:17:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/29 09:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/29 07:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/29 07:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Shanik\AppData\Local\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Shanik\AppData\Local\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Shanik\AppData\Local\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Users\Shanik\AppData\Local\Google\Chrome\Application\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Users\Shanik\AppData\Local\Google\Chrome\Application\plugins\nprpjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Shanik\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Shanik\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

O1 HOSTS File: ([2012/01/28 13:51:52 | 000,000,884 | RH-- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 94.63.240.133 www.google.com
O1 - Hosts: 94.63.240.134 www.bing.com
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2171543394-2643742330-3000438092-1000\..\Toolbar\WebBrowser: (no name) - {081230F8-EA50-42A9-983C-D22ABC2EED3B} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2171543394-2643742330-3000438092-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Windows\SysNative\nwiz.exe ()
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files (x86)\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2171543394-2643742330-3000438092-1000..\Run: [EPSON NX510 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Windows\TEMP\E_S92F7.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-2171543394-2643742330-3000438092-1000..\Run: [MoeMonitor.exe] C:\Users\Shanik\AppData\Local\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2171543394-2643742330-3000438092-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Shanik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Shanik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2171543394-2643742330-3000438092-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} https://www.mesh.com/0.9.4014.28/TSWeb.cab (WLCTSCControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab (WebBrowserType Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06EAA1D0-BEF0-4B30-94E4-C646897E60EA}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9479ec2c-fb82-11de-b3ad-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9479ec2c-fb82-11de-b3ad-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{a7b8a32e-790a-11e0-b723-001fe21009bd}\Shell - "" = AutoRun
O33 - MountPoints2\{a7b8a32e-790a-11e0-b723-001fe21009bd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/13 17:32:52 | 000,000,000 | ---D | C] -- C:\Users\Shanik\Desktop\Bleeping Computer Logs
[2012/02/13 17:32:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Shanik\Desktop\OTL.exe
[2012/02/06 20:28:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/02/06 20:28:19 | 000,000,000 | ---D | C] -- C:\Users\Shanik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/02/06 19:37:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/02/06 19:36:50 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/02/06 19:36:50 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/02/06 19:36:50 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/02/06 19:32:13 | 002,059,312 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Shanik\Desktop\TDSSKiller.exe
[2012/02/06 18:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/02/03 16:23:05 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/01/31 09:30:26 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/31 09:30:25 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/31 09:30:24 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/31 09:30:24 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/31 09:30:24 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/31 09:30:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/29 11:32:40 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/01/29 11:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/01/29 11:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/28 12:22:47 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%USERPROFILE%
[2012/01/28 12:19:53 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[4 C:\Users\Shanik\Documents\*.tmp files -> C:\Users\Shanik\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/13 17:32:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Shanik\Desktop\OTL.exe
[2012/02/13 17:09:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/13 17:08:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2171543394-2643742330-3000438092-1000UA.job
[2012/02/13 16:18:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/13 08:33:18 | 092,879,641 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2012/02/13 07:41:05 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/13 07:41:05 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2171543394-2643742330-3000438092-1000Core.job
[2012/02/10 01:17:07 | 000,002,048 | ---- | M] () -- C:\Users\Shanik\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/10 01:17:07 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/06 21:33:08 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/06 21:33:08 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/06 20:28:19 | 000,002,981 | ---- | M] () -- C:\Users\Shanik\Desktop\HiJackThis.lnk
[2012/02/06 20:02:03 | 1596,690,432 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/06 18:59:02 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\incavi.avm
[2012/02/06 18:59:02 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\iavichjw.avm
[2012/02/06 18:49:06 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/01 09:31:04 | 002,059,312 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Shanik\Desktop\TDSSKiller.exe
[2012/01/30 03:35:08 | 000,743,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/30 03:35:08 | 000,636,084 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/30 03:35:08 | 000,111,626 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/29 11:32:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/01/29 02:14:02 | 421,488,164 | ---- | M] () -- C:\Windows\MEMORY.DMP
[4 C:\Users\Shanik\Documents\*.tmp files -> C:\Users\Shanik\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/10 01:17:07 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/06 20:28:19 | 000,002,981 | ---- | C] () -- C:\Users\Shanik\Desktop\HiJackThis.lnk
[2012/01/29 11:32:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/01/28 14:59:10 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/09/01 17:17:08 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011/08/27 16:29:27 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/08/27 16:29:27 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/08/27 16:29:27 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/08/27 16:29:27 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/08/27 16:29:27 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/08/27 16:29:27 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/08/27 16:29:27 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/08/27 16:29:27 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/08/27 16:29:27 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/08/27 16:29:27 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/08/27 16:29:27 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/08/27 16:29:27 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/08/27 16:29:27 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/08/27 16:29:27 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/08/27 16:29:27 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/08/27 16:29:27 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/07/22 22:00:29 | 000,007,680 | ---- | C] () -- C:\Users\Shanik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/29 00:52:04 | 000,004,096 | -H-- | C] () -- C:\Users\Shanik\AppData\Local\keyfile3.drm
[2010/11/25 23:06:56 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/07/15 22:34:23 | 000,204,920 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/07/12 18:03:21 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/06/28 16:22:50 | 000,000,073 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/06/28 09:14:45 | 000,001,226 | ---- | C] () -- C:\ProgramData\ss.ini
[2010/06/28 09:13:28 | 000,000,034 | ---- | C] () -- C:\Users\Shanik\AppData\Roaming\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/06/28 09:13:25 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/06/23 14:49:48 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/06/06 18:38:17 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/02/16 20:55:23 | 000,757,008 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/07 03:10:22 | 001,514,016 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2010/01/07 03:10:22 | 001,108,512 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:D746CE5A

< End of report >




OTL Extras logfile created on: 2/13/2012 5:35:42 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Shanik\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.98 Gb Total Physical Memory | 0.48 Gb Available Physical Memory | 24.17% Memory free
3.97 Gb Paging File | 1.29 Gb Available in Paging File | 32.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 142.84 Gb Free Space | 47.93% Space Free | Partition Type: NTFS

Computer Name: SHANIK-PC | User Name: Shanik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2171543394-2643742330-3000438092-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B812FCC0-6192-4BFA-A9C6-1E8578F255DA}" = iTunes
"{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)
"84713BEB4A2EB4B0E2F1346FDEBFFE94DAB5225D" = Windows Driver Package - Palm (WinUSB) Palm Devices (11/30/2008 1.0.0)
"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)
"EPSON NX510 Series" = EPSON NX510 Series Printer Uninstall
"Maple 13" = Maple 13
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OnScreenDisplay" = On Screen Display
"Power Management Driver" = ThinkPad Power Management Driver
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{235C31BC-BBAE-4932-9F17-15395C65907B}" = Boingo Wi-Fi
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 30
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.1
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AF6D9313-E338-48F0-9B0C-7DE20EDB99CF}" = BioEdit
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DCB4E1D9-B187-4B54-971E-1478485C9A53}" = Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{F07AE5AB-516C-4CEB-A0AA-AD083B9182C6}" = TI NoteFolio Creator
"{FF6A778A-02DA-4B2D-82F7-733A467984EC}" = Secure Download Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon Kindle For PC" = Amazon Kindle For PC
"AudibleDownloadManager" = Audible Download Manager
"AVG9Uninstall" = AVG Free 9.0
"EPSON Scanner" = EPSON Scan
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.1.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Maple 13" = Maple 13
"Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
"RealAlt_is1" = Real Alternative 2.0.2 Lite
"Samsung ML-2510 Series" = Samsung ML-2510 Series
"The Rosetta Stone" = The Rosetta Stone
"uTorrent" = µTorrent
"VideoSpirit Pro" = VideoSpirit Pro 1.59
"VLC media player" = VLC media player 1.0.3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2171543394-2643742330-3000438092-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/6/2012 10:22:44 PM | Computer Name = Shanik-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 2/6/2012 10:22:46 PM | Computer Name = Shanik-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 2/7/2012 12:33:36 AM | Computer Name = Shanik-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 16.0.912.77 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1290 Start
Time: 01cce53e4b4bed09 Termination Time: 774 Application Path: C:\Users\Shanik\AppData\Local\Google\Chrome\Application\chrome.exe

Report
Id: df60ebe2-5144-11e1-9ab1-001fe21009bd

Error - 2/7/2012 1:09:52 AM | Computer Name = Shanik-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 16.0.912.77 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1690 Start
Time: 01cce551f7207b3c Termination Time: 13 Application Path: C:\Users\Shanik\AppData\Local\Google\Chrome\Application\chrome.exe

Report
Id: f3e94acc-5149-11e1-9ab1-001fe21009bd

Error - 2/7/2012 7:55:03 PM | Computer Name = Shanik-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 16.0.912.77 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 16cc Start
Time: 01cce556ba38f312 Termination Time: 376 Application Path: C:\Users\Shanik\AppData\Local\Google\Chrome\Application\chrome.exe

Report
Id: 200652dc-51e7-11e1-9ab1-001fe21009bd

Error - 2/10/2012 3:09:28 AM | Computer Name = Shanik-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 17.0.963.46 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1bd0 Start
Time: 01cce7be8a07335c Termination Time: 6 Application Path: C:\Users\Shanik\AppData\Local\Google\Chrome\Application\chrome.exe

Report
Id: 20bd36bf-53b6-11e1-9ab1-001fe21009bd

Error - 2/10/2012 9:02:43 AM | Computer Name = Shanik-PC | Source = UPEK biometric adapter | ID = 1
Description = S1: Fingerprint sensor device communication error.

Error - 2/10/2012 9:08:43 AM | Computer Name = Shanik-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 2/12/2012 7:22:52 PM | Computer Name = Shanik-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 2/12/2012 10:37:19 PM | Computer Name = Shanik-PC | Source = Windows Backup | ID = 4103
Description =

[ System Events ]
Error - 2/7/2012 9:25:51 PM | Computer Name = Shanik-PC | Source = Schannel | ID = 36882
Description = The certificate received from the remote server was issued by an untrusted
certificate authority. Because of this, none of the data contained in the certificate
can be validated. The SSL connection request has failed. The attached data contains
the server certificate.

Error - 2/7/2012 9:25:51 PM | Computer Name = Shanik-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 48. The internal error state
is 552.

Error - 2/7/2012 9:25:51 PM | Computer Name = Shanik-PC | Source = Schannel | ID = 36882
Description = The certificate received from the remote server was issued by an untrusted
certificate authority. Because of this, none of the data contained in the certificate
can be validated. The SSL connection request has failed. The attached data contains
the server certificate.

Error - 2/7/2012 9:25:51 PM | Computer Name = Shanik-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 48. The internal error state
is 552.

Error - 2/7/2012 9:25:51 PM | Computer Name = Shanik-PC | Source = Schannel | ID = 36882
Description = The certificate received from the remote server was issued by an untrusted
certificate authority. Because of this, none of the data contained in the certificate
can be validated. The SSL connection request has failed. The attached data contains
the server certificate.

Error - 2/7/2012 9:25:51 PM | Computer Name = Shanik-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 48. The internal error state
is 552.

Error - 2/7/2012 9:25:51 PM | Computer Name = Shanik-PC | Source = Schannel | ID = 36882
Description = The certificate received from the remote server was issued by an untrusted
certificate authority. Because of this, none of the data contained in the certificate
can be validated. The SSL connection request has failed. The attached data contains
the server certificate.

Error - 2/8/2012 11:23:38 PM | Computer Name = Shanik-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Biometric Service service to connect.

Error - 2/8/2012 11:23:38 PM | Computer Name = Shanik-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 2/8/2012 11:23:38 PM | Computer Name = Shanik-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Biometric Service service failed to start due to the following
error: %%1053


< End of report >

---------------------------------------------------------------------------------------------
5. Computer is generally running slow. The redirects are worse and more frequent now. But I am hopeful!

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:44 PM

Posted 14 February 2012 - 09:10 AM

Hi blazersrock2002!

I went ahead abd closed your other thread, so we don't have any confusion with both of them being open.

Do you have any other TDSSKiller logs in your C:\ drive?

From the looks of your logs I can see that your host file is infected so that your Google and Bing searches will be redirected to malicious web pages.

These are the entries in your OTL log that indicate that:

O1 - Hosts: 94.63.240.133 www.google.com
O1 - Hosts: 94.63.240.134 www.bing.com

OTL Fix

We need to run an OTL Fix

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    :OTL
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    O1 - Hosts: 94.63.240.133	www.google.com
    O1 - Hosts: 94.63.240.134	www.bing.com
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-2171543394-2643742330-3000438092-1000\..\Toolbar\WebBrowser: (no name) - {081230F8-EA50-42A9-983C-D22ABC2EED3B} - No CLSID value found.
    O4 - HKU\S-1-5-21-2171543394-2643742330-3000438092-1000..\Run: [EPSON NX510 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Windows\TEMP\E_S92F7.tmp" /EF "HKCU" File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O33 - MountPoints2\{9479ec2c-fb82-11de-b3ad-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{9479ec2c-fb82-11de-b3ad-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
    O33 - MountPoints2\{a7b8a32e-790a-11e0-b723-001fe21009bd}\Shell - "" = AutoRun
    O33 - MountPoints2\{a7b8a32e-790a-11e0-b723-001fe21009bd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
    O33 - MountPoints2\D\Shell - "" = AutoRun
    O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
  • If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.


Be sure to let me know how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 blazersrock2002

blazersrock2002
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 15 February 2012 - 05:02 PM

Hi
1. Thanks for the help!The computer seems to be running faster and a preliminary test search indicates no more redirects!
------------------------------------------------------------------------------------------
2. OTL
All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
94.63.240.133 www.google.com removed from HOSTS file successfully
94.63.240.134 www.bing.com removed from HOSTS file successfully
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2171543394-2643742330-3000438092-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{081230F8-EA50-42A9-983C-D22ABC2EED3B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{081230F8-EA50-42A9-983C-D22ABC2EED3B}\ not found.
Registry value HKEY_USERS\S-1-5-21-2171543394-2643742330-3000438092-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON NX510 Series deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9479ec2c-fb82-11de-b3ad-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9479ec2c-fb82-11de-b3ad-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9479ec2c-fb82-11de-b3ad-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9479ec2c-fb82-11de-b3ad-806e6f6e6963}\ not found.
File D:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7b8a32e-790a-11e0-b723-001fe21009bd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7b8a32e-790a-11e0-b723-001fe21009bd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7b8a32e-790a-11e0-b723-001fe21009bd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7b8a32e-790a-11e0-b723-001fe21009bd}\ not found.
File E:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\setup.exe not found.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\hosts
C:\Users\Shanik\Desktop\cmd.bat deleted successfully.
C:\Users\Shanik\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Shanik\Desktop\cmd.bat deleted successfully.
C:\Users\Shanik\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Shanik
->Temp folder emptied: 3026644083 bytes
->Temporary Internet Files folder emptied: 398558866 bytes
->Java cache emptied: 49435824 bytes
->FireFox cache emptied: 45501042 bytes
->Google Chrome cache emptied: 365434975 bytes
->Flash cache emptied: 20684 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1533363 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 171911932 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes
RecycleBin emptied: 36133 bytes

Total Files Cleaned = 3,871.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Shanik
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Shanik
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02152012_092210

Files\Folders moved on Reboot...
C:\Users\Shanik\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
---------------------------------------------------------------------------------------------
3.ComboFix
ComboFix 12-02-15.01 - Shanik 02/15/2012 15:32:24.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2030.606 [GMT -6:00]
Running from: c:\users\Shanik\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\Shanik\AppData\Roaming\Desktopicon
c:\users\Shanik\Documents\~WRL1286.tmp
c:\users\Shanik\Documents\~WRL1335.tmp
c:\users\Shanik\Documents\~WRL2335.tmp
c:\users\Shanik\Documents\~WRL3193.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-15 to 2012-02-15 )))))))))))))))))))))))))))))))
.
.
2012-02-15 21:42 . 2012-02-15 21:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-15 15:22 . 2012-02-15 15:22 -------- d-----w- C:\_OTL
2012-02-15 09:03 . 2012-02-15 09:07 -------- d-----w- C:\ad9130afb2045e33b7d34730cd5b
2012-02-15 02:49 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 02:49 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 02:49 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 02:49 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 02:49 . 2012-01-14 04:02 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 02:49 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 02:48 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 02:48 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-10 07:17 . 2012-01-29 15:55 97240 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2012-02-10 07:17 . 2012-01-29 15:55 818136 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2012-02-10 07:17 . 2012-01-29 15:55 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-02-10 07:17 . 2012-01-29 15:55 437208 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2012-02-10 07:17 . 2012-01-29 15:55 1911768 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2012-02-10 07:17 . 2012-01-29 15:55 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2012-02-10 07:17 . 2012-01-29 15:55 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-02-10 07:17 . 2012-01-29 13:36 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-02-10 07:17 . 2012-01-29 13:36 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-02-10 07:17 . 2012-01-29 13:36 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-02-10 07:17 . 2012-01-29 13:36 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-02-10 07:17 . 2012-01-29 13:36 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-02-07 02:28 . 2012-02-07 02:28 -------- d-----w- c:\program files (x86)\Trend Micro
2012-02-07 01:37 . 2012-02-07 01:37 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-07 00:58 . 2012-02-07 00:59 -------- d-----w- c:\programdata\MFAData
2012-02-03 22:23 . 2012-02-06 00:12 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-29 17:32 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2012-01-29 17:32 . 2012-02-03 22:16 -------- d-----w- c:\programdata\AVAST Software
2012-01-29 17:32 . 2012-01-29 17:32 -------- d-----w- c:\program files\AVAST Software
2012-01-28 18:22 . 2012-01-28 18:22 -------- d-sh--w- c:\windows\SysWow64\%USERPROFILE%
2012-01-28 18:19 . 2012-01-28 18:19 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-07 02:28 . 2012-02-07 02:28 388096 ----a-r- c:\users\Shanik\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-13 05:23 . 2010-06-29 04:07 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2011-12-10 21:24 . 2010-08-02 21:40 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-19 15:07 . 2012-01-12 00:39 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:06 . 2012-01-12 00:39 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Shanik\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Shanik\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Shanik\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Shanik\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"MoeMonitor.exe"="c:\users\Shanik\AppData\Local\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe" [2010-01-07 2149184]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-09 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 910208]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-12-12 395640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-19 1314816]
"TPKMAPHELPER"="c:\program files (x86)\ThinkPad\Utilities\TpKmapAp.exe" [2007-02-27 992816]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2009-09-09 884512]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2012-01-26 2077536]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-11-21 2429]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Shanik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Shanik\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-04 45424]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2009-09-09 75040]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\Drivers\avgldx64.sys [x]
S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\Drivers\avgmfx64.sys [x]
S1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\Drivers\avgtdia.sys [x]
S2 avg9wd;AVG Free WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-04-30 517632]
S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacom\amd64\novacomd.exe [2010-01-12 46080]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320]
S2 wlcrasvc;Live Mesh Remote Desktop;c:\program files\Live Mesh\Remote Desktop\wlcrasvc.exe [2010-01-07 51024]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 21:25]
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 21:25]
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2171543394-2643742330-3000438092-1000Core.job
- c:\users\Shanik\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-07 10:22]
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2171543394-2643742330-3000438092-1000UA.job
- c:\users\Shanik\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-07 10:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Shanik\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Shanik\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Shanik\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Shanik\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-08-27 1712672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-06 16336488]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-14 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"TpShocks"="TpShocks.exe" [2009-07-09 380704]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.att.net
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.254
DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} - hxxps://www.mesh.com/0.9.4014.28/TSWeb.cab
FF - ProfilePath - c:\users\Shanik\AppData\Roaming\Mozilla\Firefox\Profiles\6nf30vhb.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-60494094.sys
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\AVG\AVG9\avgtray.exe
c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
.
**************************************************************************
.
Completion time: 2012-02-15 15:55:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-15 21:55
.
Pre-Run: 155,481,096,192 bytes free
Post-Run: 155,097,157,632 bytes free
.
- - End Of File - - CDF920674825A862A066AA92EDD87E20
---------------------------------------------------------------------------------------------
4. The computer "seems" to be running faster right now. Not sure if it is because of the multiple reboots. Overall system seems to be running well. Thanks!

#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:44 PM

Posted 16 February 2012 - 03:01 AM

Hi blazersrock2002!

1. Thanks for the help!The computer seems to be running faster and a preliminary test search indicates no more redirects!

Not a problem! I'm glad to be of assistance! I'm also glad to hear that things appear to be running better. :)

Your logs are looking better. We need to run a script with ComboFix now.

Lets see where we stand after these scans:

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
ClearJavaCache::
DirLook::
c:\windows\SysWow64\%USERPROFILE%
c:\windows\SysWow64\%APPDATA%

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 blazersrock2002

blazersrock2002
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 22 February 2012 - 02:49 AM

Hi SweetTech,
I apologize for the delay but I will get you the logs as I get them done.

#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:44 PM

Posted 22 February 2012 - 11:17 AM

Okay, thanks for letting me know that you're still with me. I appreciate it. :)

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 blazersrock2002

blazersrock2002
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 22 February 2012 - 08:18 PM

Hi SweetTech,

1.
ComboFix 12-02-15.01 - Shanik 02/22/2012 2:06.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2030.881 [GMT -6:00]
Running from: c:\users\Shanik\Desktop\ComboFix.exe
Command switches used :: c:\users\Shanik\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2012-01-22 to 2012-02-22 )))))))))))))))))))))))))))))))
.
.
2012-02-22 08:12 . 2012-02-22 08:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-15 15:22 . 2012-02-15 15:22 -------- d-----w- C:\_OTL
2012-02-15 09:03 . 2012-02-15 09:07 -------- d-----w- C:\ad9130afb2045e33b7d34730cd5b
2012-02-15 02:49 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 02:49 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 02:49 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 02:49 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 02:49 . 2012-01-14 04:02 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 02:49 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 02:48 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 02:48 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-10 07:17 . 2012-01-29 15:55 97240 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2012-02-10 07:17 . 2012-01-29 15:55 818136 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2012-02-10 07:17 . 2012-01-29 15:55 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-02-10 07:17 . 2012-01-29 15:55 437208 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2012-02-10 07:17 . 2012-01-29 15:55 1911768 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2012-02-10 07:17 . 2012-01-29 15:55 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2012-02-10 07:17 . 2012-01-29 15:55 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-02-10 07:17 . 2012-01-29 13:36 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-02-10 07:17 . 2012-01-29 13:36 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-02-10 07:17 . 2012-01-29 13:36 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-02-10 07:17 . 2012-01-29 13:36 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-02-10 07:17 . 2012-01-29 13:36 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-02-07 02:28 . 2012-02-07 02:28 -------- d-----w- c:\program files (x86)\Trend Micro
2012-02-07 01:37 . 2012-02-07 01:37 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-07 00:58 . 2012-02-07 00:59 -------- d-----w- c:\programdata\MFAData
2012-02-03 22:23 . 2012-02-06 00:12 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-29 17:32 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2012-01-29 17:32 . 2012-02-03 22:16 -------- d-----w- c:\programdata\AVAST Software
2012-01-29 17:32 . 2012-01-29 17:32 -------- d-----w- c:\program files\AVAST Software
2012-01-28 18:22 . 2012-01-28 18:22 -------- d-sh--w- c:\windows\SysWow64\%USERPROFILE%
2012-01-28 18:19 . 2012-01-28 18:19 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-07 02:28 . 2012-02-07 02:28 388096 ----a-r- c:\users\Shanik\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-13 05:23 . 2010-06-29 04:07 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2011-12-10 21:24 . 2010-08-02 21:40 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\SysWow64\%APPDATA% ----
.
2012-01-28 18:19 . 2012-01-28 20:50 16384 --sha-w- c:\windows\SysWow64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
.
---- Directory of c:\windows\SysWow64\%USERPROFILE% ----
.
2012-01-28 18:23 . 2012-01-28 18:27 80 ----a-w- c:\windows\SysWow64\%USERPROFILE%\AppData\Local\Microsoft\Internet Explorer\DOMStore\XIAEYNSX\blogs.babble[1].xml
2012-01-28 18:23 . 2012-01-28 18:23 13 ----a-w- c:\windows\SysWow64\%USERPROFILE%\AppData\Local\Microsoft\Internet Explorer\DOMStore\QRGQILFU\bh.contextweb[1].xml
2012-01-28 18:22 . 2012-01-28 18:23 160961 ----a-w- c:\windows\SysWow64\%USERPROFILE%\AppData\Local\Microsoft\Internet Explorer\DOMStore\F5MI68VD\www.meebo[1].xml
2012-01-28 18:22 . 2012-01-28 18:22 13 ----a-w- c:\windows\SysWow64\%USERPROFILE%\AppData\Local\Microsoft\Internet Explorer\DOMStore\1IA8L162\bestofyoutube.mevio[1].xml
2012-01-28 18:22 . 2012-01-28 18:19 32768 --sha-w- c:\windows\SysWow64\%USERPROFILE%\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-15_21.47.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-07 10:06 . 2012-02-21 12:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-07 10:06 . 2011-11-04 01:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-04 07:01 . 2011-10-13 07:13 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-04 07:01 . 2012-02-17 09:03 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-02-22 08:15 . 2012-02-22 08:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-15 21:44 . 2012-02-15 21:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-22 08:15 . 2012-02-22 08:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-15 21:44 . 2012-02-15 21:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-02-22 08:13 410844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-02-15 21:43 410844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-15 09:34 . 2012-02-22 08:13 2593000 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-09-16 23:20 . 2012-02-22 08:13 14551248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2171543394-2643742330-3000438092-1000-12288.dat
+ 2012-02-17 09:02 . 2012-02-17 09:02 20333056 c:\windows\Installer\792fa08.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Shanik\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Shanik\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Shanik\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Shanik\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"MoeMonitor.exe"="c:\users\Shanik\AppData\Local\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe" [2010-01-07 2149184]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-09 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 910208]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-12-12 395640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-19 1314816]
"TPKMAPHELPER"="c:\program files (x86)\ThinkPad\Utilities\TpKmapAp.exe" [2007-02-27 992816]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2009-09-09 884512]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2012-01-26 2077536]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-11-21 2429]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Shanik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Shanik\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-04 45424]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2009-09-09 75040]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\Drivers\avgldx64.sys [x]
S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\Drivers\avgmfx64.sys [x]
S1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\Drivers\avgtdia.sys [x]
S2 avg9wd;AVG Free WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-04-30 517632]
S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacom\amd64\novacomd.exe [2010-01-12 46080]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320]
S2 wlcrasvc;Live Mesh Remote Desktop;c:\program files\Live Mesh\Remote Desktop\wlcrasvc.exe [2010-01-07 51024]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 21:25]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 21:25]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2171543394-2643742330-3000438092-1000Core.job
- c:\users\Shanik\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-07 10:22]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2171543394-2643742330-3000438092-1000UA.job
- c:\users\Shanik\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-07 10:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Shanik\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Shanik\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Shanik\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Shanik\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-08-27 1712672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-06 16336488]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-14 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"TpShocks"="TpShocks.exe" [2009-07-09 380704]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.att.net
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.254
DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} - hxxps://www.mesh.com/0.9.4014.28/TSWeb.cab
FF - ProfilePath - c:\users\Shanik\AppData\Roaming\Mozilla\Firefox\Profiles\6nf30vhb.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\AVG\AVG9\avgtray.exe
c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
c:\program files (x86)\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2012-02-22 02:26:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-22 08:26
ComboFix2.txt 2012-02-15 21:55
.
Pre-Run: 157,918,670,848 bytes free
Post-Run: 157,550,649,344 bytes free
.
- - End Of File - - 44EFBB52FE32C4E78BD6E873903DF70A
--------------------------------------------------------------------------------------------
2.Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.22.04

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Shanik :: SHANIK-PC [administrator]

2/22/2012 1:24:28 PM
mbam-log-2012-02-22 (13-24-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188093
Time elapsed: 6 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
---------------------------------------------------------------------------------------------
3. HSET
C:\Users\Shanik\Music\MGShareware FreeRIP Pro v3.1 + Serial [RH]\FrRipPro.3.1_[RH].rar Win32/Adware.ADON application
C:\Users\Shanik\Music\MGShareware FreeRIP Pro v3.1 + Serial [RH]\FrRipPro.3.1_[RH]\MGShareware FreeRIP Pro v3.1\FreeRipPro.3.1.exe Win32/Adware.ADON application
-------------------------------------------------------------------------------------------
4.Security Check
Results of screen317's Security Check version 0.99.31
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG Free 9.0
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 30
Adobe Flash Player 10.0.42.34 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (10.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````
---------------------------------------------------------------------------------------------
5. Computer is running great! No complaints. Thanks for all your help!

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:44 PM

Posted 23 February 2012 - 01:32 AM

Hi blazersrock2002!

These threat(s) below will be removed very shortly:

C:\Users\Shanik\Music\MGShareware FreeRIP Pro v3.1 + Serial [RH]\FrRipPro.3.1_[RH].rar Win32/Adware.ADON application
C:\Users\Shanik\Music\MGShareware FreeRIP Pro v3.1 + Serial [RH]\FrRipPro.3.1_[RH]\MGShareware FreeRIP Pro v3.1\FreeRipPro.3.1.exe Win32/Adware.ADON application


____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

Your SecurityCheck log indicates that your version of Flash Player is outdated. This is a vulnerability that needs to be addressed. Please remove the outdated version of Flash Player and then install the latest version.

Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform:
    • 32-bit Select: Windows x86 Offline.
    • 64-bit Select: Windows x64.
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u3-windows-i586-s.exe (or jre-7u3-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT



Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    
    :Reg
    
    :Files
    C:\Users\Shanik\Music\MGShareware FreeRIP Pro v3.1 + Serial [RH]\FrRipPro.3.1_[RH].rar
    C:\Users\Shanik\Music\MGShareware FreeRIP Pro v3.1 + Serial [RH]\
    ipconfig /flushdns /c
    :Commands
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %systemroot%\*. /rp /s
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 blazersrock2002

blazersrock2002
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 25 February 2012 - 12:15 AM

Hi SweetTech,

1. Done
2. Holding off on Adobe installation for now.
--------------------------------------------------------------------------------------------
3.
OTL
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\Users\Shanik\Music\MGShareware FreeRIP Pro v3.1 + Serial [RH]\FrRipPro.3.1_[RH].rar moved successfully.
C:\Users\Shanik\Music\MGShareware FreeRIP Pro v3.1 + Serial [RH]\FrRipPro.3.1_[RH]\MGShareware FreeRIP Pro v3.1\Images folder moved successfully.
C:\Users\Shanik\Music\MGShareware FreeRIP Pro v3.1 + Serial [RH]\FrRipPro.3.1_[RH]\MGShareware FreeRIP Pro v3.1 folder moved successfully.
C:\Users\Shanik\Music\MGShareware FreeRIP Pro v3.1 + Serial [RH]\FrRipPro.3.1_[RH] folder moved successfully.
C:\Users\Shanik\Music\MGShareware FreeRIP Pro v3.1 + Serial [RH] folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Shanik\Desktop\cmd.bat deleted successfully.
C:\Users\Shanik\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Shanik
->Temp folder emptied: 690637652 bytes
->Temporary Internet Files folder emptied: 4795483 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 8938378 bytes
->Google Chrome cache emptied: 380160303 bytes
->Flash cache emptied: 15205 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2976 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50132 bytes
RecycleBin emptied: 1277258 bytes

Total Files Cleaned = 1,036.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Shanik
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Shanik
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02242012_225555

Files\Folders moved on Reboot...
C:\Users\Shanik\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
---------------------------------------------------------------------------------------------
4.TL logfile created on: 2/24/2012 11:05:27 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Shanik\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.98 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 29.46% Memory free
3.97 Gb Paging File | 2.29 Gb Available in Paging File | 57.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 145.58 Gb Free Space | 48.85% Space Free | Partition Type: NTFS

Computer Name: SHANIK-PC | User Name: Shanik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/13 17:32:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Shanik\Desktop\OTL.exe
PRC - [2012/01/26 10:33:23 | 002,077,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2011/03/14 08:22:06 | 002,125,472 | ---- | M] (Audible, Inc.) -- C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2010/12/11 20:37:33 | 000,395,640 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/07/15 08:07:48 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/23 11:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/08/20 11:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/07/15 12:18:00 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/07/08 19:28:42 | 000,365,872 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
PRC - [2009/04/07 07:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/14 23:03:36 | 000,429,040 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\Application\17.0.963.56\ppgooglenaclpluginchrome.dll
MOD - [2012/02/14 23:03:34 | 003,772,912 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
MOD - [2012/02/14 23:02:10 | 000,122,880 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\Application\17.0.963.56\avutil-51.dll
MOD - [2012/02/14 23:02:08 | 000,220,672 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\Application\17.0.963.56\avformat-53.dll
MOD - [2012/02/14 23:02:07 | 001,747,456 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\Application\17.0.963.56\avcodec-53.dll
MOD - [2011/03/16 22:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 13:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/11/03 14:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/11/03 14:51:26 | 000,039,712 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/20 13:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/01/12 08:07:44 | 000,046,080 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm, Inc\novacom\amd64\novacomd.exe -- (NovacomD)
SRV:64bit: - [2010/01/07 04:56:13 | 000,051,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/15 12:18:00 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/03 20:47:08 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2009/06/29 15:51:04 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2008/07/15 19:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV:64bit: - [2007/06/01 04:02:16 | 000,043,568 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2010/07/15 08:07:48 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/23 11:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/09 05:05:00 | 000,075,040 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/12 23:23:56 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2011/09/12 14:09:09 | 000,035,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2011/05/05 16:32:34 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2011/03/11 00:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/05/20 13:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/03/23 11:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/02/08 06:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010/01/07 04:56:55 | 000,010,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpdispm.sys -- (RDPDISPM)
DRV:64bit: - [2009/09/09 05:05:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2009/09/03 15:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009/08/28 18:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/13 20:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/08/07 07:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iastor)
DRV:64bit: - [2009/07/14 17:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 17:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/29 15:51:02 | 000,133,672 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2009/06/29 15:51:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 14:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 19:31:56 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/02 13:12:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2009/03/02 13:12:14 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)
DRV:64bit: - [2008/11/16 16:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007/06/01 04:01:52 | 000,026,928 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2007/05/14 14:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2006/11/18 15:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DD 66 AB 6A 68 47 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Shanik\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Shanik\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Shanik\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Shanik\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/10 01:17:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/10 01:17:01 | 000,000,000 | ---D | M]

[2010/11/25 23:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shanik\AppData\Roaming\Mozilla\Extensions
[2012/02/13 21:23:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shanik\AppData\Roaming\Mozilla\Firefox\Profiles\6nf30vhb.default\extensions
[2011/11/13 11:45:23 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Shanik\AppData\Roaming\Mozilla\Firefox\Profiles\6nf30vhb.default\extensions\zotero@chnm.gmu.edu
[2011/11/13 11:46:25 | 000,000,000 | ---D | M] (Zotero Word for Windows Integration) -- C:\Users\Shanik\AppData\Roaming\Mozilla\Firefox\Profiles\6nf30vhb.default\extensions\zoteroWinWordIntegration@zotero.org
[2012/02/10 01:17:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\SHANIK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6NF30VHB.DEFAULT\EXTENSIONS\SQLITEMANAGER@MRINALKANT.BLOGSPOT.COM.XPI
[2012/01/29 09:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/29 07:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/29 07:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Shanik\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Shanik\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Shanik\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Users\Shanik\AppData\Local\Google\Chrome\Application\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Users\Shanik\AppData\Local\Google\Chrome\Application\plugins\nprpjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Shanik\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Shanik\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

O1 HOSTS File: ([2012/02/22 02:16:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Windows\SysNative\nwiz.exe ()
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files (x86)\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKCU..\Run: [MoeMonitor.exe] C:\Users\Shanik\AppData\Local\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe (Microsoft Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Shanik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Shanik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} https://www.mesh.com/0.9.4014.28/TSWeb.cab (WLCTSCControl Class)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab (WebBrowserType Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06EAA1D0-BEF0-4B30-94E4-C646897E60EA}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2012/02/24 23:04:49 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/24 22:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/02/22 19:11:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/22 13:41:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/02/22 02:26:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/15 15:30:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/15 15:30:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/15 15:30:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/15 15:30:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/15 09:47:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/15 09:45:05 | 004,404,931 | R--- | C] (Swearware) -- C:\Users\Shanik\Desktop\ComboFix.exe
[2012/02/15 09:22:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/15 03:03:43 | 000,000,000 | ---D | C] -- C:\ad9130afb2045e33b7d34730cd5b
[2012/02/13 17:32:52 | 000,000,000 | ---D | C] -- C:\Users\Shanik\Desktop\Bleeping Computer Logs
[2012/02/13 17:32:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Shanik\Desktop\OTL.exe
[2012/02/06 20:28:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/02/06 20:28:19 | 000,000,000 | ---D | C] -- C:\Users\Shanik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/02/06 19:37:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/02/06 19:32:13 | 002,059,312 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Shanik\Desktop\TDSSKiller.exe
[2012/02/06 18:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/02/03 16:23:05 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/01/29 11:32:40 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/01/29 11:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/01/29 11:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/28 12:22:47 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%USERPROFILE%
[2012/01/28 12:19:53 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

========== Files - Modified Within 30 Days ==========

[2012/02/24 23:08:05 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2171543394-2643742330-3000438092-1000UA.job
[2012/02/24 23:07:01 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/24 23:07:01 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/24 23:02:21 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/24 22:59:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/24 22:59:22 | 1596,690,432 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/24 22:19:47 | 093,479,313 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2012/02/24 22:16:48 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2171543394-2643742330-3000438092-1000Core.job
[2012/02/24 22:16:36 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/22 19:09:47 | 000,879,700 | ---- | M] () -- C:\Users\Shanik\Desktop\SecurityCheck.exe
[2012/02/22 02:16:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/15 09:45:12 | 004,404,931 | R--- | M] (Swearware) -- C:\Users\Shanik\Desktop\ComboFix.exe
[2012/02/15 03:35:36 | 000,443,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/15 03:11:26 | 000,758,356 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/15 03:11:26 | 000,636,084 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/15 03:11:26 | 000,111,626 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/13 17:32:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Shanik\Desktop\OTL.exe
[2012/02/10 01:17:07 | 000,002,048 | ---- | M] () -- C:\Users\Shanik\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/10 01:17:07 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/06 20:28:19 | 000,002,981 | ---- | M] () -- C:\Users\Shanik\Desktop\HiJackThis.lnk
[2012/02/06 18:59:02 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\incavi.avm
[2012/02/06 18:59:02 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\iavichjw.avm
[2012/02/06 18:49:06 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/01 09:31:04 | 002,059,312 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Shanik\Desktop\TDSSKiller.exe
[2012/01/29 11:32:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/01/29 02:14:02 | 421,488,164 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2012/02/22 19:09:50 | 000,879,700 | ---- | C] () -- C:\Users\Shanik\Desktop\SecurityCheck.exe
[2012/02/15 15:30:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/15 15:30:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/15 15:30:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/15 15:30:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/15 15:30:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/10 01:17:07 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/06 20:28:19 | 000,002,981 | ---- | C] () -- C:\Users\Shanik\Desktop\HiJackThis.lnk
[2012/01/29 11:32:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/01/28 14:59:10 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/09/01 17:17:08 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011/08/27 16:29:27 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/08/27 16:29:27 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/08/27 16:29:27 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/08/27 16:29:27 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/08/27 16:29:27 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/08/27 16:29:27 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/08/27 16:29:27 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/08/27 16:29:27 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/08/27 16:29:27 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/08/27 16:29:27 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/08/27 16:29:27 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/08/27 16:29:27 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/08/27 16:29:27 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/08/27 16:29:27 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/08/27 16:29:27 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/08/27 16:29:27 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/07/22 22:00:29 | 000,007,680 | ---- | C] () -- C:\Users\Shanik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/29 00:52:04 | 000,004,096 | -H-- | C] () -- C:\Users\Shanik\AppData\Local\keyfile3.drm
[2010/11/25 23:06:56 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/07/15 22:34:23 | 000,204,920 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/07/12 18:03:21 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/06/28 16:22:50 | 000,000,073 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/06/28 09:14:45 | 000,001,226 | ---- | C] () -- C:\ProgramData\ss.ini
[2010/06/28 09:13:28 | 000,000,034 | ---- | C] () -- C:\Users\Shanik\AppData\Roaming\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/06/28 09:13:25 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/06/23 14:49:48 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/06/06 18:38:17 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/02/16 20:55:23 | 000,757,008 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/07 03:10:22 | 001,514,016 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2010/01/07 03:10:22 | 001,108,512 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/06/24 07:02:25 | 000,000,000 | ---D | M] -- C:\Users\Shanik\AppData\Roaming\Amazon
[2010/01/07 03:49:48 | 000,000,000 | ---D | M] -- C:\Users\Shanik\AppData\Roaming\Auslogics
[2010/10/01 21:55:42 | 000,000,000 | ---D | M] -- C:\Users\Shanik\AppData\Roaming\CanuckSoftware
[2012/02/24 23:03:13 | 000,000,000 | ---D | M] -- C:\Users\Shanik\AppData\Roaming\Dropbox
[2011/10/31 18:18:13 | 000,000,000 | ---D | M] -- C:\Users\Shanik\AppData\Roaming\e-academy Inc
[2011/08/27 16:40:19 | 000,000,000 | ---D | M] -- C:\Users\Shanik\AppData\Roaming\Epson
[2010/08/26 11:37:29 | 000,000,000 | ---D | M] -- C:\Users\Shanik\AppData\Roaming\Maple
[2010/05/31 17:23:09 | 000,000,000 | ---D | M] -- C:\Users\Shanik\AppData\Roaming\StudyMinder
[2012/02/24 23:03:04 | 000,000,000 | ---D | M] -- C:\Users\Shanik\AppData\Roaming\uTorrent
[2012/02/06 16:11:41 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/29 09:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/29 09:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/29 09:55:53 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/01/29 09:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/01/29 09:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/29 09:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Shanik\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/02/14 23:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Shanik\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/02/14 23:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Shanik\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/02/14 23:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Shanik\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/02/14 23:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/09/01 17:13:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/09/01 17:13:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/09/01 17:13:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/09/01 17:13:48 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2011/09/01 17:13:48 | 000,748,336 | ---- | M] (Microsoft Corporation)

< %systemroot%\*. /rp /s >

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
[2011/08/02 23:33:50 | 000,001,763 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\.ChromotingConfig.json
[2012/02/24 23:13:15 | 000,012,456 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Local State
[2011/06/25 14:06:11 | 000,007,961 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Local State.bad
[2012/02/24 23:08:42 | 005,112,496 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom
[2012/02/24 23:08:42 | 001,916,165 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Filter 2
[2012/02/24 23:08:42 | 000,134,252 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Safe Browsing Csd Whitelist
[2012/02/24 23:08:41 | 003,642,560 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Safe Browsing Download
[2012/02/24 23:08:42 | 000,014,044 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Safe Browsing Download Whitelist
[2011/11/28 21:22:24 | 000,000,055 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Service State
[34 C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\*.tmp files -> C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\*.tmp -> ]
[2012/02/10 01:19:05 | 000,053,248 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Archived History
[2012/01/25 23:54:42 | 000,026,225 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
[2012/01/25 23:54:42 | 000,026,225 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak
[2012/02/24 23:13:35 | 001,349,632 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Cookies
[2012/02/24 23:14:18 | 000,244,087 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Current Session
[2012/02/24 23:05:00 | 000,000,000 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
[2012/02/03 16:17:34 | 000,007,168 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
[2012/02/24 22:54:39 | 001,140,736 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Favicons
[2012/02/24 22:54:39 | 000,027,240 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
[2012/02/24 23:13:17 | 001,855,488 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\History
[2012/02/24 23:13:17 | 014,782,464 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-02
[2012/02/24 23:13:17 | 000,254,960 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-02-journal
[2012/02/24 22:45:00 | 000,024,197 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
[2012/02/24 23:13:17 | 000,070,280 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\History-journal
[2012/02/24 23:03:45 | 000,021,945 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Last Session
[2012/02/24 23:03:40 | 000,000,008 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
[2012/01/24 22:08:00 | 000,040,960 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Login Data
[2012/01/24 22:08:00 | 000,008,736 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
[2012/02/24 23:12:01 | 001,931,264 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
[2012/02/24 23:12:01 | 000,940,664 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal
[2012/02/24 23:13:15 | 000,121,293 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Preferences
[2012/02/23 23:13:12 | 000,013,312 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\QuotaManager
[2012/02/24 23:12:00 | 000,073,728 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Shortcuts
[2012/02/24 23:12:00 | 000,012,824 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journal
[2010/04/29 08:35:09 | 000,000,008 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\StrictTransportSecurity
[2012/02/24 22:52:42 | 000,430,080 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Top Sites
[2011/08/16 23:02:09 | 000,000,008 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
[2012/02/24 22:55:56 | 000,131,072 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Visited Links
[2012/02/24 23:12:16 | 001,400,832 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Web Data
[2012/02/24 23:12:17 | 000,006,680 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
[5 C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\*.tmp files -> C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\*.tmp -> ]
[2012/01/29 02:17:01 | 000,184,320 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Index
[2012/01/29 02:17:07 | 000,045,056 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\data_0
[2012/01/29 02:17:07 | 000,794,624 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\data_1
[2012/01/29 02:17:07 | 001,056,768 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\data_2
[2012/01/29 02:17:07 | 008,396,800 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\data_3
[2011/07/11 01:56:19 | 000,058,601 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\f_00014b
[2011/05/28 16:42:55 | 000,524,656 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache\index
[2012/02/24 23:03:56 | 000,045,056 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
[2012/02/24 23:03:56 | 000,270,336 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
[2012/02/24 23:03:56 | 001,056,768 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
[2012/02/24 23:03:56 | 004,202,496 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
[2012/02/24 23:02:57 | 000,020,648 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000002
[2012/02/24 23:02:58 | 000,121,511 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000003
[2012/02/24 23:03:02 | 000,029,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000004
[2012/02/24 23:03:06 | 000,036,316 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000005
[2012/02/24 23:03:06 | 000,076,973 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000006
[2012/02/24 23:03:06 | 000,045,233 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000007
[2012/02/24 23:03:08 | 000,049,338 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000008
[2012/02/24 23:03:08 | 000,073,116 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000009
[2012/02/24 23:03:09 | 000,020,153 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000a
[2012/02/24 23:03:15 | 000,032,103 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000b
[2012/02/24 23:11:57 | 000,021,012 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
[2012/02/24 23:12:01 | 000,022,532 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d
[2012/02/24 23:12:20 | 000,034,115 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e
[2012/02/24 23:12:20 | 000,022,532 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f
[2012/02/24 23:12:20 | 000,018,172 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010
[2012/02/24 23:12:21 | 000,085,260 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011
[2012/02/24 23:12:21 | 000,016,520 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000012
[2012/02/24 23:12:21 | 000,201,658 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000013
[2012/02/24 23:12:32 | 000,475,740 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000014
[2012/02/24 23:13:16 | 007,510,183 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000015
[2012/02/24 23:02:55 | 000,524,656 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Cache\index
[2010/01/25 23:48:03 | 000,000,855 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Cached Theme Images\theme_frame_inactive
[2010/01/25 23:48:03 | 000,000,856 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Cached Theme Images\theme_frame_incognito
[2010/01/25 23:48:03 | 000,000,855 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Cached Theme Images\theme_frame_incognito_inactive
[2010/01/25 23:48:03 | 000,000,855 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Cached Theme Images\theme_frame_original
[2010/01/25 23:48:03 | 000,000,856 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Cached Theme Images\theme_tab_background_incognito
[2010/01/25 23:48:03 | 000,000,863 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Cached Theme Images\theme_tab_background_original
[2012/02/19 23:00:56 | 000,009,216 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db
[2012/02/23 09:48:20 | 000,024,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\databases\https_www.google.com_0\12
[2011/10/24 09:16:02 | 000,020,257 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\128.png
[2011/10/24 09:16:02 | 000,000,920 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\16.png
[2011/10/24 09:16:02 | 000,000,716 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\manifest.json
[2011/10/24 09:16:02 | 000,000,176 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\ar\messages.json
[2011/10/24 09:16:02 | 000,000,296 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\bg\messages.json
[2011/10/24 09:16:02 | 000,000,104 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\ca\messages.json
[2011/10/24 09:16:02 | 000,000,105 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\cs\messages.json
[2011/10/24 09:16:02 | 000,000,107 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\da\messages.json
[2011/10/24 09:16:02 | 000,000,106 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\de\messages.json
[2011/10/24 09:16:02 | 000,000,296 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\el\messages.json
[2011/10/24 09:16:02 | 000,000,093 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\en\messages.json
[2011/10/24 09:16:01 | 000,000,083 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\en-GB\messages.json
[2011/10/24 09:16:02 | 000,000,131 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\es\messages.json
[2011/10/24 09:16:01 | 000,000,102 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\es-419\messages.json
[2011/10/24 09:16:02 | 000,000,112 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\et\messages.json
[2011/10/24 09:16:02 | 000,000,100 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\fi\messages.json
[2011/10/24 09:16:02 | 000,000,103 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\fil\messages.json
[2011/10/24 09:16:02 | 000,000,131 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\fr\messages.json
[2011/10/24 09:16:02 | 000,000,092 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\hr\messages.json
[2011/10/24 09:16:02 | 000,000,114 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\hu\messages.json
[2011/10/24 09:16:02 | 000,000,089 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\id\messages.json
[2011/10/24 09:16:02 | 000,000,097 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\it\messages.json
[2011/10/24 09:16:02 | 000,000,096 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\iw\messages.json
[2011/10/24 09:16:02 | 000,000,179 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\ja\messages.json
[2011/10/24 09:16:02 | 000,000,182 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\ko\messages.json
[2011/10/24 09:16:02 | 000,000,121 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\lt\messages.json
[2011/10/24 09:16:02 | 000,000,113 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\lv\messages.json
[2011/10/24 09:16:02 | 000,000,090 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\nl\messages.json
[2011/10/24 09:16:02 | 000,000,083 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\no\messages.json
[2011/10/24 09:16:02 | 000,000,099 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\pl\messages.json
[2011/10/24 09:16:02 | 000,000,090 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\pt-BR\messages.json
[2011/10/24 09:16:02 | 000,000,087 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\pt-PT\messages.json
[2011/10/24 09:16:02 | 000,000,113 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\ro\messages.json
[2011/10/24 09:16:02 | 000,000,220 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\ru\messages.json
[2011/10/24 09:16:02 | 000,000,092 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\sk\messages.json
[2011/10/24 09:16:02 | 000,000,095 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\sl\messages.json
[2011/10/24 09:16:02 | 000,000,236 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\sr\messages.json
[2011/10/24 09:16:02 | 000,000,113 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\sv\messages.json
[2011/10/24 09:16:02 | 000,000,200 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\th\messages.json
[2011/10/24 09:16:02 | 000,000,113 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\tr\messages.json
[2011/10/24 09:16:02 | 000,000,254 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\uk\messages.json
[2011/10/24 09:16:02 | 000,000,176 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\vi\messages.json
[2011/10/24 09:16:02 | 000,000,085 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\zh-CN\messages.json
[2011/10/24 09:16:02 | 000,000,082 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\_locales\zh-TW\messages.json
[18 C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp files -> C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp -> ]
[18 C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp files -> C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp -> ]
[2012/02/23 00:45:20 | 000,003,072 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-devtools_devtools_0.localstorage
[2010/12/25 17:08:23 | 000,003,072 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eemcgdkfndhakfknompkggombfjjjeno_0.localstorage
[2012/02/15 21:25:18 | 000,003,072 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.amazon.com_0.localstorage
[2012/02/16 14:55:18 | 000,003,072 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.meebo.com_0.localstorage
[2012/02/21 06:35:53 | 000,003,072 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_abcnews.go.com_0.localstorage
[2012/02/22 00:59:03 | 000,003,072 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_blogs.citypages.com_0.localstorage
[2012/02/21 19:52:26 | 000,003,072 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_hypem.com_0.localstorage
[2012/02/21 22:05:39 | 000,003,072 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_knowyourmeme.com_0.localstorage
[2012/02/16 20:06:55 | 000,003,072 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_latino.foxnews.com_0.localstorage
[2012/02/16 18:39:36 | 000,003,072 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_madmen.wikia.com_0.localstorage
[2012/02/22 00:58:23 | 000,003,072 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mediacdn.disqus.com_0.localstorage
[2012/02/15 23:55:24 | 000,003,072 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_money.cnn.com_0.localstorage
[2012/02/13 16:36:32 | 000,003,072 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_msn.foxsports.com_0.localstorage
[2012/02/14 16:51:47 | 000,003,072 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_news.yahoo.com_0.localstorage
[2012/02/23 23:26:03 | 000,003,072 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pitchfork.com_0.localstorage
[2012/02/13 21:39:23 | 000,003,072 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_soundcloud.com_0.localstorage
[2012/02/15 07:41:23 | 000,007,168 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.4chan.org_0.localstorage
[2012/02/15 23:19:00 | 000,003,072 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage
[2012/02/21 23:10:10 | 000,003,072 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.expedia.com_0.localstorage
[2012/02/20 20:50:45 | 000,003,072 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.guardian.co.uk_0.localstorage
[2012/02/16 18:38:42 | 000,275,456 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.meebo.com_0.localstorage
[2012/02/15 21:56:26 | 000,003,072 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.npr.org_0.localstorage
[2012/02/15 16:04:22 | 000,003,072 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.reuters.com_0.localstorage
[2012/02/10 07:24:06 | 000,003,072 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.sheknows.com_0.localstorage
[2012/02/16 01:37:41 | 000,003,072 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.thesun.co.uk_0.localstorage
[2012/02/24 01:03:07 | 000,003,072 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.youtube.com_0.localstorage
[2012/02/24 22:45:11 | 000,045,056 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_0
[2012/02/24 22:45:11 | 000,270,336 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_1
[2012/02/10 01:19:14 | 000,008,192 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_2
[2012/02/10 01:19:14 | 000,008,192 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_3
[2012/02/10 01:20:00 | 000,174,180 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000001
[2012/02/24 00:15:01 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000002
[2012/02/24 00:15:03 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000003
[2012/02/24 00:15:28 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000004
[2012/02/24 00:15:43 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000005
[2012/02/24 00:15:59 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000006
[2012/02/24 00:16:10 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000007
[2012/02/24 00:16:12 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000008
[2012/02/24 00:16:29 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000009
[2012/02/24 00:16:49 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000a
[2012/02/24 00:17:27 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000b
[2012/02/24 00:26:59 | 001,002,375 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000c
[2012/02/24 00:18:55 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000d
[2012/02/24 00:19:05 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000e
[2012/02/24 00:19:22 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000f
[2012/02/24 00:19:23 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000010
[2012/02/24 00:19:37 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000011
[2012/02/24 00:19:48 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000012
[2012/02/24 00:20:01 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000013
[2012/02/24 00:20:09 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000014
[2012/02/24 00:20:12 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000015
[2012/02/24 00:20:20 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000016
[2012/02/24 00:20:27 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000017
[2012/02/24 00:20:28 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000018
[2012/02/24 00:20:35 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000019
[2012/02/24 00:20:48 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00001a
[2012/02/24 00:20:59 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00001b
[2012/02/24 00:21:01 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00001c
[2012/02/24 00:21:12 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00001d
[2012/02/24 00:26:26 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00001e
[2012/02/24 00:26:27 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00001f
[2012/02/24 00:26:28 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000020
[2012/02/24 00:26:35 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000021
[2012/02/24 00:26:41 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000022
[2012/02/24 00:26:47 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000023
[2012/02/24 00:26:49 | 001,048,576 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000024
[2012/02/10 01:19:14 | 000,524,656 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Media Cache\index
[2010/01/07 05:22:31 | 000,017,408 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Plugin Data\Google Gears\localserver.db
[2010/01/11 01:36:56 | 000,019,456 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Plugin Data\Google Gears\permissions.db
[2010/01/17 14:47:54 | 000,004,096 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\Plugin Data\Google Gears\search.yahoo.com\http_80\ysearch_storage#database
[2010/09/08 23:11:30 | 000,000,000 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets\Custom.css
[2012/02/09 21:06:50 | 000,001,443 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\manifest.json
[2012/02/09 21:06:50 | 007,761,920 | ---- | M] () -- C:\Users\Shanik\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:D746CE5A

< End of report >


---------------------------------------------------------------------------------------------
5. Thank you so much everything is running great!

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:44 PM

Posted 25 February 2012 - 09:46 AM

Hi blazersrock2002!

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Commands
    [ClearAllRestorePoints]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===



Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.


Make Internet Explorer more secure

  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



Extra Goodies

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates

  • Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome and Opera.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 blazersrock2002

blazersrock2002
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 27 February 2012 - 10:01 PM

Hi SweetTech,
I'm going to run these fixes this weekend, and I'll get back to you. Thanks for all your help.

#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:44 PM

Posted 28 February 2012 - 02:08 AM

Okay, thanks for letting me know. :thumbsup:

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users