Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Saltiy/trojan/recycler Infection


  • This topic is locked This topic is locked
23 replies to this topic

#1 lakan_309

lakan_309

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 27 September 2012 - 04:38 PM

I need help really bad.The other my computer and my external hdd was all clear (no viruses or whatever issues, at least that is what I thought it was) When I needed to use my external hdd again I found out that all my files have been turned into shortcuts with that extension .lnk. I'm using Avast free anti virus which detected this and it recommended that I shut it into its virus chest which I did. Apparently there's more and now I cannot see my files/data in my external hdd although it shows that the space it used to occupy is still the same.

I'm scanning my laptop with eset online scanner as I'm typing this message.The scan has been going on since last night. In the external hdd I found this RECYCLER FOLDER which was not there before yesterday. There is some .exe file in it which is now gone because of the previous antivirus recommendation that I followed. However there are other things detected by Malwarebytes which I also used last night. I think my external hdd still contains the data but I cant see it anywhere. I know that it is there because the space that used to be occupied did not change. I hope I can recover all of the data in my hdd.

The other issues detected by avast are WIN32 SALITY(there is a file which I don't recall I ever saw in the hdd called F:\jliix.exe) and INF:AutoRun-AW[wrm]. I also found this Win3:Dorkbot-BH[trj]. It had this F:\RECYCLER\e5188982.exe with it or it was found in there.
Eset Online scanner is not yet done but I'm seeing a lot of other threats it has already detecte
.

Here are the things you asked for:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Lakan at 0:18:21 on 2012-09-28
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3003.1372 [GMT 8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spybot - Search and Destroy *Enabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Ignatu Software\SmartPower\SmartPower.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\DllHost.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Recuva\recuva.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
F:\rcsetup143\recuva.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\micros~3\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\program files\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Shutdown_Manager]
uRun: [Facebook Update] "c:\users\lakan\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ScanSoft PDF Converter 3.0-reminder] "c:\program files\scansoft\pdf converter 3.0\ereg\ereg.exe" -r "c:\programdata\scansoft\pdf converter\3\ereg\ereg.ini"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-system: EnableInstallerDetection = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\program files\micros~3\office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\lakan\appdata\roaming\dvdvideosoftiehelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\lakan\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\program files\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
Trusted Zone: emirates.com\groupworld
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 121.1.3.82 121.1.3.20
TCP: Interfaces\{66EAD72B-87A5-4160-9171-34674204816C} : DhcpNameServer = 121.1.3.82 121.1.3.20
TCP: Interfaces\{66EAD72B-87A5-4160-9171-34674204816C}\27F67656 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{66EAD72B-87A5-4160-9171-34674204816C}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{66EAD72B-87A5-4160-9171-34674204816C}\D455E49434940514C402C4942425142595 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{66EAD72B-87A5-4160-9171-34674204816C}\D484F4E4 : DhcpNameServer = 121.1.3.82 121.1.3.20
TCP: Interfaces\{66EAD72B-87A5-4160-9171-34674204816C}\D4F62696C65675966496D283463333 : DhcpNameServer = 192.168.1.1 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\micros~3\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\lakan\appdata\roaming\mozilla\firefox\profiles\jt11skm7.default\
FF - prefs.js: browser.startup.homepage - hxxps://ekgrpapplications.emirates.com/Careersonlineapps/WEB_GN/PersonalDetails.aspx
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\program files\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\lakan\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-4-21 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-4-21 355632]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-28 63960]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-9-11 913792]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe [2009-3-2 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-4-21 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-4-21 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-8-24 44808]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-23 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-26 676936]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\oo software\defrag\oodag.exe [2011-11-17 2489680]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-9-26 1074720]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-9-26 1358360]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2012-9-26 166528]
R2 SmartPower;SmartPower;c:\program files\ignatu software\smartpower\SmartPower.exe [2012-4-24 28160]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-2 22856]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-5 116648]
S2 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;h:\app\lakan\product\11.1.0\db_1\bin\tnslsnr --> h:\app\lakan\product\11.1.0\db_1\bin\TNSLSNR [?]
S2 OracleServiceORCL;OracleServiceORCL;h:\app\lakan\product\11.1.0\db_1\bin\oracle.exe orcl --> h:\app\lakan\product\11.1.0\db_1\bin\ORACLE.EXE ORCL [?]
S2 OracleVssWriterORCL;Oracle ORCL VSS Writer Service;h:\app\lakan\product\11.1.0\db_1\bin\oravssw.exe orcl --> h:\app\lakan\product\11.1.0\db_1\bin\OraVSSW.exe ORCL [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 250288]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-5 116648]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-5-26 136304]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-9-26 40776]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-2 114656]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-10 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 15872]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-4-2 27192]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 98568]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-12-4 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-9-11 1343400]
S4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;h:\app\lakan\product\11.1.0\db_1\bin\extjob.exe orcl --> h:\app\lakan\product\11.1.0\db_1\bin\extjob.exe ORCL [?]
.
=============== File Associations ===============
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\system32\CScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-09-27 13:46:44 388096 ----a-r- c:\users\lakan\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-09-27 13:46:42 -------- d-----w- c:\program files\Trend Micro
2012-09-27 12:19:58 -------- d-----w- c:\users\lakan\appdata\local\{F1D7099D-85A9-4F47-A225-91D90951961B}
2012-09-26 15:31:21 -------- d-----w- c:\program files\ESET
2012-09-26 12:18:42 -------- d-----w- c:\users\lakan\appdata\local\{28661BC1-CDF2-4076-A045-ECA49D8B5A17}
2012-09-26 04:04:06 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-09-26 04:02:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-26 04:01:54 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-09-26 04:01:46 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-09-26 03:56:50 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-26 00:17:51 -------- d-----w- c:\users\lakan\appdata\local\{DC258928-40C9-4361-B9BF-4D580F424A0E}
2012-09-25 20:20:21 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-09-25 20:20:17 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2012-09-25 20:20:17 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2012-09-25 12:17:12 -------- d-----w- c:\users\lakan\appdata\local\{9BD88E91-55D7-410A-8FFD-4B82B5A025DD}
2012-09-25 06:09:44 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{27c1283c-352d-4e37-bbeb-93ed94bc6474}\mpengine.dll
2012-09-24 21:32:50 -------- d-----w- c:\users\lakan\appdata\local\{8B08F169-7085-4B8B-8212-20E620D682A2}
2012-09-24 04:43:41 -------- d-----w- c:\users\lakan\appdata\local\{A9880FDD-AB5B-4BE0-9760-DD3D2C0DE95F}
2012-09-24 02:51:04 -------- d-----w- c:\users\lakan\appdata\local\{5071D630-9B55-4606-B274-E6B1DBA4985E}
2012-09-23 02:50:03 -------- d-----w- c:\users\lakan\appdata\local\{53E75FDD-BBE5-45C3-A4D9-05ABF7F85BA8}
2012-09-22 14:49:34 -------- d-----w- c:\users\lakan\appdata\local\{FA0CA1C8-9C2B-4F59-BCEC-E818754493C6}
2012-09-22 02:48:54 -------- d-----w- c:\users\lakan\appdata\local\{DB088A14-CC5F-46C1-88CD-CAB62DF52411}
2012-09-21 11:57:38 -------- d-----w- c:\users\lakan\appdata\local\{1DEB873E-5101-48E1-B95B-BAED6A74E05F}
2012-09-20 21:12:36 -------- d-----w- c:\users\lakan\appdata\local\{728B41D5-6B8B-4DA7-87E8-BEE90A0FD09C}
2012-09-20 05:50:28 -------- d-----w- c:\users\lakan\appdata\local\GameHouse
2012-09-20 05:50:23 -------- d-----w- c:\programdata\Trymedia
2012-09-20 05:47:06 -------- d-----w- c:\windows\Bejeweled 3
2012-09-20 05:47:06 -------- d-----w- c:\program files\Bejeweled 3
2012-09-20 04:34:27 -------- d-----w- c:\program files\PDF to Word
2012-09-20 03:55:41 -------- d-----w- c:\program files\ScanSoft
2012-09-20 02:16:51 -------- d-----w- c:\users\lakan\appdata\local\{3CE7AAD3-6021-4EE3-8D60-74B91F31FA80}
2012-09-19 14:16:15 -------- d-----w- c:\users\lakan\appdata\local\{C6CD25D0-4358-4E20-A3AE-1E3CFAAB8467}
2012-09-19 02:15:45 -------- d-----w- c:\users\lakan\appdata\local\{D29EF494-7D71-4476-8B87-5532760A1F6B}
2012-09-18 13:28:20 -------- d-----w- c:\users\lakan\appdata\local\{03A762B1-FF0F-4527-B93F-B2D9EBA8EBBC}
2012-09-18 11:53:36 -------- d-----w- c:\programdata\Bitstream
2012-09-18 08:16:25 -------- d-----w- c:\programdata\Protexis
2012-09-18 06:06:06 -------- d-----w- c:\program files\gs
2012-09-18 06:05:43 -------- d-----w- c:\program files\common files\Corel
2012-09-18 06:04:51 -------- d-----w- c:\program files\common files\Protexis
2012-09-18 06:04:42 -------- d-----w- c:\programdata\Corel
2012-09-18 06:00:03 -------- d-----w- c:\program files\Corel
2012-09-18 05:52:32 -------- d-----w- c:\programdata\CorelDRAW Graphics Suite X6
2012-09-18 01:27:45 -------- d-----w- c:\users\lakan\appdata\local\{33AC30E8-3843-4707-804E-E8E4E04524AC}
2012-09-17 12:36:49 -------- d-----w- c:\users\lakan\appdata\local\{5C5FA807-0309-45B8-B56E-98115C06FEA6}
2012-09-17 00:36:21 -------- d-----w- c:\users\lakan\appdata\local\{BAEABFC8-4261-42B1-8C05-D4CE14C958FF}
2012-09-17 00:33:56 6516280 ----a-w- c:\program files\AVAST Softwa
2012-09-16 09:35:36 -------- d-----w- c:\users\lakan\appdata\local\{B5B76B17-187A-4CDD-8E63-8979A2C9060E}
2012-09-16 06:21:24 -------- d-----w- c:\program files\ASIO4ALL v2
2012-09-15 21:40:08 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-15 21:40:08 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-15 21:40:04 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-15 21:40:04 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-15 21:40:04 1306992 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-15 21:40:01 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-15 21:35:10 -------- d-----w- c:\users\lakan\appdata\local\{07CFBD84-C57F-4C36-B855-07A9A7F64F79}
2012-09-11 01:04:41 -------- d-----w- c:\users\lakan\appdata\local\{AF73488F-BB4E-4E60-A25B-F413BBC6D61E}
2012-09-11 00:27:04 -------- d-----w- c:\users\lakan\appdata\local\{43D6E6B3-1F38-457B-AD35-052DCF4E8080}
2012-09-10 22:06:08 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-09-10 22:05:23 -------- d-----w- c:\windows\system32\Wat
2012-09-10 22:02:43 22400 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-09-10 21:25:27 -------- d-----w- c:\users\lakan\appdata\roaming\IObit
2012-09-10 21:25:14 -------- d-----w- c:\program files\IObit
2012-09-10 12:26:40 -------- d-----w- c:\users\lakan\appdata\local\{72682504-BA9F-4BD8-8AD0-BDFDF42A19BF}
2012-09-10 00:24:26 -------- d-----w- c:\users\lakan\appdata\local\{3BE88001-00F6-44F3-8B11-9A10FBD49B1B}
2012-09-09 11:02:13 -------- d-----w- c:\users\lakan\appdata\local\{359E1E21-2154-4BBA-A3C6-6D75653C206E}
2012-09-09 00:15:12 -------- d-----w- c:\program files\Guitar FX BOX 2.6
2012-09-08 23:01:45 -------- d-----w- c:\users\lakan\appdata\local\{B038E991-D687-426A-8E66-A082DA093F50}
2012-09-08 09:10:26 -------- d-----w- c:\users\lakan\appdata\local\{FEEAC1EC-8871-4FBA-A9B1-5AA638517DDA}
2012-09-07 21:16:19 -------- d-----w- c:\users\lakan\appdata\local\{8014560E-4850-42DC-907C-01D3D6A7500F}
2012-09-07 08:38:33 -------- d-----w- c:\users\lakan\appdata\local\{2474120D-EE4D-4796-894F-98BD9BCA735B}
2012-09-07 00:58:05 -------- d-----w- c:\users\lakan\appdata\local\{20041314-9F36-4540-9489-4FB3898A21AF}
2012-09-06 12:57:20 -------- d-----w- c:\users\lakan\appdata\local\{C86997B0-9D45-4D55-98D7-A3CE4B66619D}
2012-09-06 00:56:54 -------- d-----w- c:\users\lakan\appdata\local\{AFFED6E0-8737-4FF9-81D0-280764EFCFBC}
2012-09-05 12:56:17 -------- d-----w- c:\users\lakan\appdata\local\{822C55A5-9204-4473-AD83-34240961FCD9}
2012-09-05 00:23:38 -------- d-----w- c:\users\lakan\appdata\local\{022B1D7B-93F6-4C6D-8AA4-6C3483BDF578}
2012-09-04 11:09:01 -------- d-----w- c:\users\lakan\appdata\local\{5DCE402A-F917-41DC-8DAF-72487159DDEE}
2012-09-03 23:08:38 -------- d-----w- c:\users\lakan\appdata\local\{D46FFC5C-68EC-4724-BA13-D622E1C5E466}
2012-09-03 11:08:01 -------- d-----w- c:\users\lakan\appdata\local\{BFE4F78A-70E8-482E-AB16-6D30A7E0FCA0}
2012-09-02 23:07:35 -------- d-----w- c:\users\lakan\appdata\local\{6CEB1404-25B7-4C61-BA69-91747861D02D}
2012-09-02 12:09:35 -------- d-----w- c:\users\lakan\appdata\local\{3B8B345A-AC77-4E36-B8BB-6809C745627D}
2012-09-01 23:27:13 -------- d-----w- c:\users\lakan\appdata\local\{F6735926-CBB4-45A6-9EA3-6EA845072A82}
2012-09-01 22:53:24 -------- d-----w- c:\windows\XSxS
2012-09-01 22:53:24 -------- d-----w- c:\users\lakan\appdata\local\Xenocode
2012-09-01 22:53:24 -------- d-----w- c:\program files\Xenocode
2012-09-01 22:51:00 -------- d-----w- c:\program files\Steinberg
2012-09-01 22:51:00 -------- d-----w- c:\program files\Guitar FX BOX 3
2012-09-01 13:15:34 -------- d-----w- c:\users\lakan\appdata\roaming\Gatling Gears
2012-09-01 11:26:53 -------- d-----w- c:\users\lakan\appdata\local\{735901DC-8014-4A77-8B7E-0FF5D6086BE5}
2012-09-01 01:19:26 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-31 23:26:25 -------- d-----w- c:\users\lakan\appdata\local\{8DB038BC-F80C-448C-A496-8F0051091EF6}
2012-08-31 11:25:58 -------- d-----w- c:\users\lakan\appdata\local\{C54B2462-BE31-4E91-81F6-17A29C901101}
2012-08-30 09:29:20 -------- d-----w- c:\users\lakan\appdata\local\{3E9BC404-C105-46FA-B506-3F41BF8F4407}
2012-08-29 21:29:07 -------- d-----w- c:\users\lakan\appdata\local\{FA28EBAC-3CD4-4580-AB89-EAC42AA42F78}
2012-08-29 00:32:19 -------- d-----w- c:\users\lakan\appdata\local\Nikon
2012-08-29 00:30:42 57344 ----a-r- c:\users\lakan\appdata\roaming\microsoft\installer\{87441a59-5e64-4096-a170-14efe67200c3}\ARPPRODUCTICON.exe
2012-08-29 00:29:36 -------- d-----w- c:\program files\common files\Nikon
2012-08-29 00:28:37 -------- d-----w- c:\program files\Nikon
2012-08-29 00:19:02 -------- d-----w- c:\users\lakan\appdata\local\{5231FF74-93F6-4B09-9995-C6EB3D00D538}
.
==================== Find3M ====================
.
2012-09-21 12:05:09 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-21 12:05:09 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-07 09:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-01 01:19:14 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-01 01:19:14 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-29 00:28:58 106496 ----a-w- c:\windows\system32\ATL71.DLL
2012-08-24 07:05:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13:14 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13:14 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
2012-07-19 12:34:25 1409 ----a-w- c:\windows\QTFont.for
2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 09:13:40 405144 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-07-06 19:23:23 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 21:14:34 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14:34 102912 ----a-w- c:\windows\system32\browser.dll
.
============= FINISH: 0:24:49.90 ===============

I'm really worried now.
I appreciate all the help you can give.
Please help me!!!!

BC AdBot (Login to Remove)

 


#2 lakan_309

lakan_309
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 27 September 2012 - 11:44 PM

I need help really bad.The other my computer and my external hdd was all clear (no viruses or whatever issues, at least that is what I thought it was) When I needed to use my external hdd again I found out that all my files have been turned into shortcuts with that extension .lnk. I'm using Avast free anti virus which detected this and it recommended that I shut it into its virus chest which I did. Apparently there's more and now I cannot see my files/data in my external hdd although it shows that the space it used to occupy is still the same.

I'm scanning my laptop with eset online scanner as I'm typing this message.The scan has been going on since last night. In the external hdd I found this RECYCLER FOLDER which was not there before yesterday. There is some .exe file in it which is now gone because of the previous antivirus recommendation that I followed. However there are other things detected by Malwarebytes which I also used last night. I think my external hdd still contains the data but I cant see it anywhere. I know that it is there because the space that used to be occupied did not change. I hope I can recover all of the data in my hdd.

The other issues detected by avast are WIN32 SALITY(there is a file which I don't recall I ever saw in the hdd called F:\jliix.exe) and INF:AutoRun-AW[wrm]. I also found this Win3:Dorkbot-BH[trj]. It had this F:\RECYCLER\e5188982.exe with it or it was found in there.
Eset Online scanner is not yet done but I'm seeing a lot of other threats it has already detecte
.

Here are the things you asked for:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Lakan at 0:18:21 on 2012-09-28
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3003.1372 [GMT 8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spybot - Search and Destroy *Enabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Ignatu Software\SmartPower\SmartPower.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\DllHost.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Recuva\recuva.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
F:\rcsetup143\recuva.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lakan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\micros~3\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\program files\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Shutdown_Manager]
uRun: [Facebook Update] "c:\users\lakan\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ScanSoft PDF Converter 3.0-reminder] "c:\program files\scansoft\pdf converter 3.0\ereg\ereg.exe" -r "c:\programdata\scansoft\pdf converter\3\ereg\ereg.ini"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-system: EnableInstallerDetection = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\program files\micros~3\office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\lakan\appdata\roaming\dvdvideosoftiehelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\lakan\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\program files\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
Trusted Zone: emirates.com\groupworld
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 121.1.3.82 121.1.3.20
TCP: Interfaces\{66EAD72B-87A5-4160-9171-34674204816C} : DhcpNameServer = 121.1.3.82 121.1.3.20
TCP: Interfaces\{66EAD72B-87A5-4160-9171-34674204816C}\27F67656 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{66EAD72B-87A5-4160-9171-34674204816C}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{66EAD72B-87A5-4160-9171-34674204816C}\D455E49434940514C402C4942425142595 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{66EAD72B-87A5-4160-9171-34674204816C}\D484F4E4 : DhcpNameServer = 121.1.3.82 121.1.3.20
TCP: Interfaces\{66EAD72B-87A5-4160-9171-34674204816C}\D4F62696C65675966496D283463333 : DhcpNameServer = 192.168.1.1 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\micros~3\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\lakan\appdata\roaming\mozilla\firefox\profiles\jt11skm7.default\
FF - prefs.js: browser.startup.homepage - hxxps://ekgrpapplications.emirates.com/Careersonlineapps/WEB_GN/PersonalDetails.aspx
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\program files\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\lakan\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-4-21 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-4-21 355632]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-28 63960]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-9-11 913792]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe [2009-3-2 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-4-21 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-4-21 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-8-24 44808]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-23 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-26 676936]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\oo software\defrag\oodag.exe [2011-11-17 2489680]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-9-26 1074720]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-9-26 1358360]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2012-9-26 166528]
R2 SmartPower;SmartPower;c:\program files\ignatu software\smartpower\SmartPower.exe [2012-4-24 28160]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-2 22856]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-5 116648]
S2 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;h:\app\lakan\product\11.1.0\db_1\bin\tnslsnr --> h:\app\lakan\product\11.1.0\db_1\bin\TNSLSNR [?]
S2 OracleServiceORCL;OracleServiceORCL;h:\app\lakan\product\11.1.0\db_1\bin\oracle.exe orcl --> h:\app\lakan\product\11.1.0\db_1\bin\ORACLE.EXE ORCL [?]
S2 OracleVssWriterORCL;Oracle ORCL VSS Writer Service;h:\app\lakan\product\11.1.0\db_1\bin\oravssw.exe orcl --> h:\app\lakan\product\11.1.0\db_1\bin\OraVSSW.exe ORCL [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 250288]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-5 116648]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-5-26 136304]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-9-26 40776]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-2 114656]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-10 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 15872]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-4-2 27192]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 98568]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-12-4 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-9-11 1343400]
S4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;h:\app\lakan\product\11.1.0\db_1\bin\extjob.exe orcl --> h:\app\lakan\product\11.1.0\db_1\bin\extjob.exe ORCL [?]
.
=============== File Associations ===============
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\system32\CScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-09-27 13:46:44 388096 ----a-r- c:\users\lakan\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-09-27 13:46:42 -------- d-----w- c:\program files\Trend Micro
2012-09-27 12:19:58 -------- d-----w- c:\users\lakan\appdata\local\{F1D7099D-85A9-4F47-A225-91D90951961B}
2012-09-26 15:31:21 -------- d-----w- c:\program files\ESET
2012-09-26 12:18:42 -------- d-----w- c:\users\lakan\appdata\local\{28661BC1-CDF2-4076-A045-ECA49D8B5A17}
2012-09-26 04:04:06 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-09-26 04:02:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-26 04:01:54 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-09-26 04:01:46 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-09-26 03:56:50 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-26 00:17:51 -------- d-----w- c:\users\lakan\appdata\local\{DC258928-40C9-4361-B9BF-4D580F424A0E}
2012-09-25 20:20:21 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-09-25 20:20:17 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2012-09-25 20:20:17 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2012-09-25 12:17:12 -------- d-----w- c:\users\lakan\appdata\local\{9BD88E91-55D7-410A-8FFD-4B82B5A025DD}
2012-09-25 06:09:44 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{27c1283c-352d-4e37-bbeb-93ed94bc6474}\mpengine.dll
2012-09-24 21:32:50 -------- d-----w- c:\users\lakan\appdata\local\{8B08F169-7085-4B8B-8212-20E620D682A2}
2012-09-24 04:43:41 -------- d-----w- c:\users\lakan\appdata\local\{A9880FDD-AB5B-4BE0-9760-DD3D2C0DE95F}
2012-09-24 02:51:04 -------- d-----w- c:\users\lakan\appdata\local\{5071D630-9B55-4606-B274-E6B1DBA4985E}
2012-09-23 02:50:03 -------- d-----w- c:\users\lakan\appdata\local\{53E75FDD-BBE5-45C3-A4D9-05ABF7F85BA8}
2012-09-22 14:49:34 -------- d-----w- c:\users\lakan\appdata\local\{FA0CA1C8-9C2B-4F59-BCEC-E818754493C6}
2012-09-22 02:48:54 -------- d-----w- c:\users\lakan\appdata\local\{DB088A14-CC5F-46C1-88CD-CAB62DF52411}
2012-09-21 11:57:38 -------- d-----w- c:\users\lakan\appdata\local\{1DEB873E-5101-48E1-B95B-BAED6A74E05F}
2012-09-20 21:12:36 -------- d-----w- c:\users\lakan\appdata\local\{728B41D5-6B8B-4DA7-87E8-BEE90A0FD09C}
2012-09-20 05:50:28 -------- d-----w- c:\users\lakan\appdata\local\GameHouse
2012-09-20 05:50:23 -------- d-----w- c:\programdata\Trymedia
2012-09-20 05:47:06 -------- d-----w- c:\windows\Bejeweled 3
2012-09-20 05:47:06 -------- d-----w- c:\program files\Bejeweled 3
2012-09-20 04:34:27 -------- d-----w- c:\program files\PDF to Word
2012-09-20 03:55:41 -------- d-----w- c:\program files\ScanSoft
2012-09-20 02:16:51 -------- d-----w- c:\users\lakan\appdata\local\{3CE7AAD3-6021-4EE3-8D60-74B91F31FA80}
2012-09-19 14:16:15 -------- d-----w- c:\users\lakan\appdata\local\{C6CD25D0-4358-4E20-A3AE-1E3CFAAB8467}
2012-09-19 02:15:45 -------- d-----w- c:\users\lakan\appdata\local\{D29EF494-7D71-4476-8B87-5532760A1F6B}
2012-09-18 13:28:20 -------- d-----w- c:\users\lakan\appdata\local\{03A762B1-FF0F-4527-B93F-B2D9EBA8EBBC}
2012-09-18 11:53:36 -------- d-----w- c:\programdata\Bitstream
2012-09-18 08:16:25 -------- d-----w- c:\programdata\Protexis
2012-09-18 06:06:06 -------- d-----w- c:\program files\gs
2012-09-18 06:05:43 -------- d-----w- c:\program files\common files\Corel
2012-09-18 06:04:51 -------- d-----w- c:\program files\common files\Protexis
2012-09-18 06:04:42 -------- d-----w- c:\programdata\Corel
2012-09-18 06:00:03 -------- d-----w- c:\program files\Corel
2012-09-18 05:52:32 -------- d-----w- c:\programdata\CorelDRAW Graphics Suite X6
2012-09-18 01:27:45 -------- d-----w- c:\users\lakan\appdata\local\{33AC30E8-3843-4707-804E-E8E4E04524AC}
2012-09-17 12:36:49 -------- d-----w- c:\users\lakan\appdata\local\{5C5FA807-0309-45B8-B56E-98115C06FEA6}
2012-09-17 00:36:21 -------- d-----w- c:\users\lakan\appdata\local\{BAEABFC8-4261-42B1-8C05-D4CE14C958FF}
2012-09-17 00:33:56 6516280 ----a-w- c:\program files\AVAST Softwa
2012-09-16 09:35:36 -------- d-----w- c:\users\lakan\appdata\local\{B5B76B17-187A-4CDD-8E63-8979A2C9060E}
2012-09-16 06:21:24 -------- d-----w- c:\program files\ASIO4ALL v2
2012-09-15 21:40:08 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-15 21:40:08 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-15 21:40:04 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-15 21:40:04 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-15 21:40:04 1306992 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-15 21:40:01 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-15 21:35:10 -------- d-----w- c:\users\lakan\appdata\local\{07CFBD84-C57F-4C36-B855-07A9A7F64F79}
2012-09-11 01:04:41 -------- d-----w- c:\users\lakan\appdata\local\{AF73488F-BB4E-4E60-A25B-F413BBC6D61E}
2012-09-11 00:27:04 -------- d-----w- c:\users\lakan\appdata\local\{43D6E6B3-1F38-457B-AD35-052DCF4E8080}
2012-09-10 22:06:08 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-09-10 22:05:23 -------- d-----w- c:\windows\system32\Wat
2012-09-10 22:02:43 22400 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-09-10 21:25:27 -------- d-----w- c:\users\lakan\appdata\roaming\IObit
2012-09-10 21:25:14 -------- d-----w- c:\program files\IObit
2012-09-10 12:26:40 -------- d-----w- c:\users\lakan\appdata\local\{72682504-BA9F-4BD8-8AD0-BDFDF42A19BF}
2012-09-10 00:24:26 -------- d-----w- c:\users\lakan\appdata\local\{3BE88001-00F6-44F3-8B11-9A10FBD49B1B}
2012-09-09 11:02:13 -------- d-----w- c:\users\lakan\appdata\local\{359E1E21-2154-4BBA-A3C6-6D75653C206E}
2012-09-09 00:15:12 -------- d-----w- c:\program files\Guitar FX BOX 2.6
2012-09-08 23:01:45 -------- d-----w- c:\users\lakan\appdata\local\{B038E991-D687-426A-8E66-A082DA093F50}
2012-09-08 09:10:26 -------- d-----w- c:\users\lakan\appdata\local\{FEEAC1EC-8871-4FBA-A9B1-5AA638517DDA}
2012-09-07 21:16:19 -------- d-----w- c:\users\lakan\appdata\local\{8014560E-4850-42DC-907C-01D3D6A7500F}
2012-09-07 08:38:33 -------- d-----w- c:\users\lakan\appdata\local\{2474120D-EE4D-4796-894F-98BD9BCA735B}
2012-09-07 00:58:05 -------- d-----w- c:\users\lakan\appdata\local\{20041314-9F36-4540-9489-4FB3898A21AF}
2012-09-06 12:57:20 -------- d-----w- c:\users\lakan\appdata\local\{C86997B0-9D45-4D55-98D7-A3CE4B66619D}
2012-09-06 00:56:54 -------- d-----w- c:\users\lakan\appdata\local\{AFFED6E0-8737-4FF9-81D0-280764EFCFBC}
2012-09-05 12:56:17 -------- d-----w- c:\users\lakan\appdata\local\{822C55A5-9204-4473-AD83-34240961FCD9}
2012-09-05 00:23:38 -------- d-----w- c:\users\lakan\appdata\local\{022B1D7B-93F6-4C6D-8AA4-6C3483BDF578}
2012-09-04 11:09:01 -------- d-----w- c:\users\lakan\appdata\local\{5DCE402A-F917-41DC-8DAF-72487159DDEE}
2012-09-03 23:08:38 -------- d-----w- c:\users\lakan\appdata\local\{D46FFC5C-68EC-4724-BA13-D622E1C5E466}
2012-09-03 11:08:01 -------- d-----w- c:\users\lakan\appdata\local\{BFE4F78A-70E8-482E-AB16-6D30A7E0FCA0}
2012-09-02 23:07:35 -------- d-----w- c:\users\lakan\appdata\local\{6CEB1404-25B7-4C61-BA69-91747861D02D}
2012-09-02 12:09:35 -------- d-----w- c:\users\lakan\appdata\local\{3B8B345A-AC77-4E36-B8BB-6809C745627D}
2012-09-01 23:27:13 -------- d-----w- c:\users\lakan\appdata\local\{F6735926-CBB4-45A6-9EA3-6EA845072A82}
2012-09-01 22:53:24 -------- d-----w- c:\windows\XSxS
2012-09-01 22:53:24 -------- d-----w- c:\users\lakan\appdata\local\Xenocode
2012-09-01 22:53:24 -------- d-----w- c:\program files\Xenocode
2012-09-01 22:51:00 -------- d-----w- c:\program files\Steinberg
2012-09-01 22:51:00 -------- d-----w- c:\program files\Guitar FX BOX 3
2012-09-01 13:15:34 -------- d-----w- c:\users\lakan\appdata\roaming\Gatling Gears
2012-09-01 11:26:53 -------- d-----w- c:\users\lakan\appdata\local\{735901DC-8014-4A77-8B7E-0FF5D6086BE5}
2012-09-01 01:19:26 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-31 23:26:25 -------- d-----w- c:\users\lakan\appdata\local\{8DB038BC-F80C-448C-A496-8F0051091EF6}
2012-08-31 11:25:58 -------- d-----w- c:\users\lakan\appdata\local\{C54B2462-BE31-4E91-81F6-17A29C901101}
2012-08-30 09:29:20 -------- d-----w- c:\users\lakan\appdata\local\{3E9BC404-C105-46FA-B506-3F41BF8F4407}
2012-08-29 21:29:07 -------- d-----w- c:\users\lakan\appdata\local\{FA28EBAC-3CD4-4580-AB89-EAC42AA42F78}
2012-08-29 00:32:19 -------- d-----w- c:\users\lakan\appdata\local\Nikon
2012-08-29 00:30:42 57344 ----a-r- c:\users\lakan\appdata\roaming\microsoft\installer\{87441a59-5e64-4096-a170-14efe67200c3}\ARPPRODUCTICON.exe
2012-08-29 00:29:36 -------- d-----w- c:\program files\common files\Nikon
2012-08-29 00:28:37 -------- d-----w- c:\program files\Nikon
2012-08-29 00:19:02 -------- d-----w- c:\users\lakan\appdata\local\{5231FF74-93F6-4B09-9995-C6EB3D00D538}
.
==================== Find3M ====================
.
2012-09-21 12:05:09 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-21 12:05:09 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-07 09:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-01 01:19:14 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-01 01:19:14 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-29 00:28:58 106496 ----a-w- c:\windows\system32\ATL71.DLL
2012-08-24 07:05:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13:14 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13:14 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
2012-07-19 12:34:25 1409 ----a-w- c:\windows\QTFont.for
2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 09:13:40 405144 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-07-06 19:23:23 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 21:14:34 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14:34 102912 ----a-w- c:\windows\system32\browser.dll
.
============= FINISH: 0:24:49.90 ===============

I'm really worried now.
I appreciate all the help you can give.
Please help me!!!!

Attached Files


Edited by nasdaq, 29 September 2012 - 08:16 AM.
Duplicate posts - merged.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:34 PM

Posted 29 September 2012 - 09:10 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Some people have had success with this tool and fix.

http://en.kioskea.net/faq/8734-files-on-flash-drive-changed-to-shortcuts

If at any time you need instructions on how to procees please ask.

p.s.
Please do not create a new topic. Answer in this one.

#4 lakan_309

lakan_309
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 29 September 2012 - 05:59 PM

Hi Nasdaq!
Autorun Exterminator wont run. Am I supposed to click some kind of button to get it running? All I can see is that it didnt detect any autorun.inf and it didnt delete any either. I also didnt see it perform a scan or anything like that.Since I didnt see any autorun.inf, I went on with the procedure regarding the cmd. When I enter the command "attrib..." in cmd it just says acces denied. Here is what it says:


F:\>attrib -h -r -s /s /d f:\*.*
Access denied - F:\app\Lakan\product\11.1.0\db_1\192.168.1.2_orcl\sysman\emd\upl
oad\hsperfdata_BADONG-PC$
Access denied - F:\System Volume Information


What Am I doing wrong? I have followed all the instructions except printing the topic.

I forgot to mention that Im using a Lacie external hard drive. The files remain hidden. Im guessing this means that the External hdd is still infected.

Thank you for helping me nasdaq.

Im really hoping that I could recover the files in my external hdd.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:34 PM

Posted 30 September 2012 - 08:17 AM

This Sality virus is one of the worst infection one can get. Read about it.
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Virus%3aWin32%2fSality.AT

Before we continue please run this tool.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please post the logs for my review.

#6 lakan_309

lakan_309
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 03 October 2012 - 07:47 AM

Hi!

Here is the combofix log you asked for:


ComboFix 12-10-02.02 - Lakan 10/03/2012 20:14:36.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3003.1904 [GMT 8:00]
Running from: c:\users\Lakan\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spybot - Search and Destroy *Enabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
---- Previous Run -------
.
c:\users\Lakan\Documents\~WRL0003.tmp
c:\users\Lakan\Documents\~WRL2286.tmp
c:\windows\Install\Keys.ini
c:\windows\Install\Loader.exe
c:\windows\Install\msxml4-KB973685-enu.exe
c:\windows\Install\Read me.txt
c:\windows\Install\START7.cmd
c:\windows\Install\Tweaks.reg
c:\windows\Install\windows-kb890830-v4.2.exe
c:\windows\Install\Windows6.1-KB2533552-x86.msu
c:\windows\Install\Windows6.1-KB2618444-x86.msu
c:\windows\Install\Windows6.1-KB2618451-x86.msu
c:\windows\Install\Windows6.1-KB2619339-x86.msu
c:\windows\Install\Windows6.1-KB2620712-x86.msu
c:\windows\Install\Windows6.1-KB2633171-x86.msu
c:\windows\Install\Windows6.1-KB2639417-x86.msu
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-03 to 2012-10-03 )))))))))))))))))))))))))))))))
.
.
2012-10-03 12:26 . 2012-10-03 12:26 -------- d-----w- c:\users\Lakan\AppData\Local\temp
2012-10-03 12:26 . 2012-10-03 12:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-03 12:26 . 2012-10-03 12:26 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-10-02 21:21 . 2012-10-02 21:21 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE3F2E33-5BD1-451D-83E5-3F5FD199DBB8}\offreg.dll
2012-10-02 21:16 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE3F2E33-5BD1-451D-83E5-3F5FD199DBB8}\mpengine.dll
2012-09-29 15:49 . 2012-09-29 15:49 -------- d-----w- c:\program files\AutorunRemover
2012-09-29 05:22 . 2012-09-29 05:22 -------- d-----w- c:\programdata\Kaspersky Lab
2012-09-28 22:35 . 2012-09-28 22:35 -------- d-----w- c:\users\Lakan\AppData\Roaming\SpeedyPC Software
2012-09-28 22:35 . 2012-09-28 22:35 -------- d-----w- c:\users\Lakan\AppData\Roaming\DriverCure
2012-09-28 22:34 . 2012-09-28 23:15 -------- d-----w- c:\programdata\SpeedyPC Software
2012-09-27 15:11 . 2012-09-27 16:58 -------- d-----w- c:\program files\Recuva
2012-09-27 13:46 . 2012-09-27 13:46 388096 ----a-r- c:\users\Lakan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-27 13:46 . 2012-09-27 13:46 -------- d-----w- c:\program files\Trend Micro
2012-09-26 15:31 . 2012-09-26 15:31 -------- d-----w- c:\program files\ESET
2012-09-26 04:02 . 2012-09-26 16:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-26 04:01 . 2009-01-25 05:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-09-26 04:01 . 2012-09-26 04:02 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-09-26 03:56 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-25 20:20 . 2012-09-25 20:20 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-09-25 20:20 . 2012-09-25 20:20 157272 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2012-09-25 20:20 . 2012-09-25 20:20 96224 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2012-09-20 05:50 . 2012-09-20 05:50 -------- d-----w- c:\users\Lakan\AppData\Local\GameHouse
2012-09-20 05:50 . 2012-09-20 05:50 -------- d-----w- c:\programdata\Trymedia
2012-09-20 05:47 . 2012-09-20 05:47 -------- d-----w- c:\program files\Bejeweled 3
2012-09-20 05:47 . 2012-09-20 05:47 -------- d-----w- c:\windows\Bejeweled 3
2012-09-20 04:34 . 2012-09-20 04:34 -------- d-----w- c:\program files\PDF to Word
2012-09-20 03:56 . 2012-09-20 03:56 -------- d-----w- c:\programdata\InstallShield
2012-09-20 03:55 . 2012-09-20 05:49 -------- d-----w- c:\program files\ScanSoft
2012-09-18 11:53 . 2012-09-18 11:53 -------- d-----w- c:\programdata\Bitstream
2012-09-18 08:16 . 2012-09-18 08:25 -------- d-----w- c:\users\Lakan\AppData\Roaming\Corel
2012-09-18 08:16 . 2012-09-18 08:16 -------- d-----w- c:\programdata\Protexis
2012-09-18 06:06 . 2012-09-18 06:06 -------- d-----w- c:\program files\Microsoft SDKs
2012-09-18 06:06 . 2012-09-18 06:07 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-09-18 06:06 . 2012-09-18 06:06 -------- d-----w- c:\program files\gs
2012-09-18 06:05 . 2012-09-18 06:05 -------- d-----w- c:\program files\Common Files\Corel
2012-09-18 06:04 . 2012-09-18 06:04 -------- d-----w- c:\program files\Common Files\Protexis
2012-09-18 06:04 . 2012-09-18 12:09 -------- d-----w- c:\programdata\Corel
2012-09-18 06:00 . 2012-09-18 06:00 -------- d-----w- c:\program files\Corel
2012-09-17 00:33 . 2012-08-23 21:23 6516280 ----a-w- c:\program files\AVAST Softwa
2012-09-16 06:21 . 2012-09-16 06:21 -------- d-----w- c:\program files\ASIO4ALL v2
2012-09-15 21:40 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-15 21:40 . 2012-07-04 19:41 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-15 21:40 . 2012-08-22 17:05 1306992 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-15 21:40 . 2012-08-22 17:05 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-15 21:40 . 2012-08-22 17:05 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-15 21:40 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-10 22:06 . 2012-09-10 22:06 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-09-10 22:05 . 2012-09-10 22:05 -------- d-----w- c:\windows\system32\Wat
2012-09-10 22:02 . 2012-07-23 07:59 22400 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-09-10 21:25 . 2012-09-15 21:57 -------- d-----w- c:\users\Lakan\AppData\Roaming\IObit
2012-09-10 21:25 . 2012-09-10 21:25 -------- d-----w- c:\program files\IObit
2012-09-09 00:15 . 2012-09-09 00:15 -------- d-----w- c:\program files\Guitar FX BOX 2.6
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 12:05 . 2012-04-01 16:28 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-21 12:05 . 2012-04-01 16:28 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-07 09:04 . 2012-04-01 17:03 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-01 01:19 . 2012-09-01 01:19 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-01 01:19 . 2012-07-23 06:07 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-01 01:19 . 2012-04-01 16:29 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-29 00:30 . 2012-08-29 00:30 57344 ----a-r- c:\users\Lakan\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2012-08-29 00:28 . 2012-04-01 16:38 106496 ----a-w- c:\windows\system32\ATL71.DLL
2012-08-21 09:13 . 2012-04-21 10:57 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-04-21 10:57 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-04-21 10:57 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-04-21 10:57 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2012-04-21 10:57 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-04-21 10:57 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-04-21 10:57 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-04-21 10:57 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-05 23:44 . 2012-06-26 15:03 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-08-05 22:35 . 2012-06-26 15:03 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-08-05 22:35 . 2012-06-28 05:53 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-07-26 15:54 . 2012-04-25 07:51 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-07-26 15:42 . 2012-04-25 07:51 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-07-26 15:39 . 2012-04-25 07:51 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-07-19 12:34 . 2012-07-19 12:34 1409 ----a-w- c:\windows\QTFont.for
2012-07-18 17:47 . 2012-08-15 05:00 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-15 07:17 . 2012-06-26 15:03 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-07-15 07:16 . 2012-04-25 07:51 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-07-12 09:13 . 2012-08-12 02:24 405144 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-07-06 19:23 . 2012-08-15 21:58 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-09-25 20:20 . 2012-04-01 16:49 260576 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-12-07 . F2A64580740492A5964C82B0B213002A . 2498560 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
[-] 2011-12-11 . B26009693A366319530847332C010E99 . 2641920 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[-] 2011-12-11 . B26009693A366319530847332C010E99 . 2641920 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[7] 2011-12-11 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
.
[-] 2011-12-07 . 0A4CD1129D364D938B7BC579B6C0E183 . 565760 . . [6.1.7600.16385] . . c:\windows\regedit.exe
[7] 2009-07-14 . 8A4883F5E7AC37444F23279239553878 . 398336 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Lakan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Lakan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Lakan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Lakan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-22 6591800]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-23 495708]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-14 282624]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-08-30 3904536]
"AutoRunExterminator"="c:\users\Lakan\Desktop\AutoRunExterminator-1.8\AutoRunExterminator.exe" [2010-05-13 47104]
"AutorunRemover.exe"="c:\program files\AutorunRemover\AutorunRemover.exe" [2012-08-17 1899008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableInstallerDetection"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoAutorun"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;h:\app\Lakan\product\11.1.0\db_1\BIN\TNSLSNR [x]
R2 OracleServiceORCL;OracleServiceORCL;h:\app\lakan\product\11.1.0\db_1\bin\ORACLE.EXE ORCL [x]
R2 OracleVssWriterORCL;Oracle ORCL VSS Writer Service;h:\app\Lakan\product\11.1.0\db_1\bin\OraVSSW.exe ORCL [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [x]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [x]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [x]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [x]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;h:\app\lakan\product\11.1.0\db_1\Bin\extjob.exe ORCL [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 SmartPower;SmartPower;c:\program files\Ignatu Software\SmartPower\SmartPower.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 12:05]
.
2012-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 20:08]
.
2012-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 20:08]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files\MICROS~3\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Lakan\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Lakan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\program files\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: emirates.com\groupworld
TCP: DhcpNameServer = 121.1.3.82 121.1.3.20
FF - ProfilePath - c:\users\Lakan\AppData\Roaming\Mozilla\Firefox\Profiles\jt11skm7.default\
FF - prefs.js: browser.startup.homepage - hxxps://ekgrpapplications.emirates.com/Careersonlineapps/WEB_GN/PersonalDetails.aspx
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
HKCU-Run-Shutdown_Manager - (no file)
HKCU-Run-Facebook Update - c:\users\Lakan\AppData\Local\Facebook\Update\FacebookUpdate.exe
HKLM-Run-ScanSoft PDF Converter 3.0-reminder - c:\program files\ScanSoft\PDF Converter 3.0\Ereg\Ereg.exe
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\OracleOraDb11g_home1TNSListener]
"ImagePath"="h:\app\Lakan\product\11.1.0\db_1\BIN\TNSLSNR "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-03 20:37:09
ComboFix-quarantined-files.txt 2012-10-03 12:37
.
Pre-Run: 24,161,267,712 bytes free
Post-Run: 24,065,646,592 bytes free
.
- - End Of File - - F3054B19DA3C142686704D175452A40B

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:34 PM

Posted 03 October 2012 - 12:50 PM

Download USBNoRisk to your Desktop and run it by double-clicking the program's icon
- wait a couple of seconds for initial scan to be done
- connect all of the USB storage devices to the PC, one at a time, and keep each one connected at least for 10 seconds
- if there are more USB storage devices to scan, please take a note about the order in which these were connected
- after all the devices are scanned, choose "Save log" option from right-click menu on Monitor tab. That will open the log in Notepad. Please copy/paste the log in your next post.

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC, e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras, memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

Please post the log for my review.

#8 lakan_309

lakan_309
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 03 October 2012 - 04:41 PM

This morning I checked on my external hdd. It now has the hidden files shown. Still Im worried that it is still infected.

Here is the log you asked for.

USBNoRisk 2.7 (28 December 2010) by bobby

Started at 10/4/2012 5:24:35 AM

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {3eb86c95-7c71-11e1-8062-806e6f6e6963}
D: {3eb86c96-7c71-11e1-8062-806e6f6e6963}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 3eb86c95-7c71-11e1-8062-806e6f6e6963
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 3eb86c96-7c71-11e1-8062-806e6f6e6963
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 10/4/2012 5:25:06 AM

Scanning for connected USB mass storage...
----------------------------------------
F: {e6bd0876-7c19-11e1-82ae-00247e802d57}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No Autorun.inf files found on F:
No mountpoint found for F:
Sanitized mountpoint for e6bd0876-7c19-11e1-82ae-00247e802d57
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
----------------------------------------

.lnk/.pif/.com/.scr files found on drive F:
========================================



New device connected at 10/4/2012 5:28:34 AM

Scanning for connected USB mass storage...
----------------------------------------
I: {d05e478c-ed88-11e1-b920-00247e802d57}
Added I:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on I:
----------------------------------------
No Autorun.inf files found on I:
Sanitized mountpoint for d05e478c-ed88-11e1-b920-00247e802d57
----------------------------------------

No Desktop.ini files found on I:
----------------------------------------

No mimics found on drive I:
----------------------------------------

.lnk/.pif/.com/.scr files found on drive I:
========================================



New device connected at 10/4/2012 5:30:43 AM

Scanning for connected USB mass storage...
----------------------------------------
H: {dbd5e7c2-7f55-11e1-ab9b-00247e802d57}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
No Autorun.inf files found on H:
Sanitized mountpoint for dbd5e7c2-7f55-11e1-ab9b-00247e802d57
----------------------------------------

No Desktop.ini files found on H:
----------------------------------------

No mimics found on drive H:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive H:
========================================

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:34 PM

Posted 04 October 2012 - 08:26 AM

It now has the hidden files shown

Are the files hidden or can you see them?

Execute this scan.

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    activex
    msconfig
    %SYSTEMDRIVE%\*.
    %PROGRAMFILES%\*.exe
    %LOCALAPPDATA%\*.exe
    %windir%\Installer\*.*
    %windir%\system32\tasks\*.*
    %systemroot%\Fonts\*.exe
    %systemroot%\*. /mp /s
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    regedit.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy [b](Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

#10 lakan_309

lakan_309
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 04 October 2012 - 06:10 PM

I can see my files now. The .lnk extension is gone and I can open my files too. I'm not so sure if all my files are here but at least the most important ones are.

Is "CREATERESTOREPOINT" included in what I have to copy-paste to proceed with the scan?

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:34 PM

Posted 05 October 2012 - 08:00 AM

Yes, it will create a restore point.

#12 lakan_309

lakan_309
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 05 October 2012 - 05:07 PM

Hi!

Sorry it took me a while to post what you asked for but here it is.


OTL logfile created on: 10/6/2012 5:40:41 AM - Run 1
OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Lakan\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 64.56% Memory free
5.86 Gb Paging File | 4.36 Gb Available in Paging File | 74.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.66 Gb Total Space | 21.83 Gb Free Space | 22.36% Space Free | Partition Type: NTFS
Drive D: | 135.23 Gb Total Space | 84.48 Gb Free Space | 62.47% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 119.54 Gb Free Space | 40.10% Space Free | Partition Type: NTFS

Computer Name: BADONG-PC | User Name: Lakan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Lakan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Program Files\Ignatu Software\SmartPower\SmartPower.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Users\Lakan\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Lakan\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Lakan\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll ()
MOD - C:\Users\Lakan\AppData\Local\Google\Chrome\Application\21.0.1180.89\libglesv2.dll ()
MOD - C:\Users\Lakan\AppData\Local\Google\Chrome\Application\21.0.1180.89\libegl.dll ()
MOD - C:\Users\Lakan\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll ()
MOD - C:\Users\Lakan\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll ()
MOD - C:\Users\Lakan\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll ()
MOD - C:\Program Files\Yahoo!\Messenger\yui.dll ()
MOD - C:\Program Files\Yahoo!\Messenger\pcre.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()


========== Services (SafeList) ==========

SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (OracleVssWriterORCL) -- H:\app\Lakan\product\11.1.0\db_1\bin\OraVSSW.exe ORCL File not found
SRV - (OracleServiceORCL) -- h:\app\lakan\product\11.1.0\db_1\bin\ORACLE.EXE ORCL File not found
SRV - (OracleOraDb11g_home1TNSListener) -- H:\app\Lakan\product\11.1.0\db_1\BIN\TNSLSNR File not found
SRV - (OracleJobSchedulerORCL) -- h:\app\lakan\product\11.1.0\db_1\Bin\extjob.exe ORCL File not found
SRV - (OracleDBConsoleorcl) -- H:\app\Lakan\product\11.1.0\db_1\bin\nmesrvc.exe File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdvancedSystemCareService5) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (SmartPower) -- C:\Program Files\Ignatu Software\SmartPower\SmartPower.exe ()
SRV - (OODefragAgent) -- C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (catchme) -- C:\Users\Lakan\AppData\Local\Temp\catchme.sys File not found
DRV - (a4x36ktq) -- File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (s115mgmt) -- C:\Windows\System32\drivers\s115mgmt.sys (MCCI Corporation)
DRV - (s115obex) -- C:\Windows\System32\drivers\s115obex.sys (MCCI Corporation)
DRV - (s115mdm) -- C:\Windows\System32\drivers\s115mdm.sys (MCCI Corporation)
DRV - (s115mdfl) -- C:\Windows\System32\drivers\s115mdfl.sys (MCCI Corporation)
DRV - (s115bus) -- C:\Windows\System32\drivers\s115bus.sys (MCCI Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 53 5B 2D 38 C4 83 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://ekgrpapplications.emirates.com/Careersonlineapps/WEB_GN/PersonalDetails.aspx"
FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Lakan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files\WordWeb\WCaptureMoz [2012/04/02 00:46:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/24 05:24:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/26 04:20:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/04/02 00:49:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lakan\AppData\Roaming\Mozilla\Extensions
[2012/09/26 04:20:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lakan\AppData\Roaming\Mozilla\Firefox\Profiles\jt11skm7.default\extensions
[2012/04/02 02:48:31 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Lakan\AppData\Roaming\Mozilla\Firefox\Profiles\jt11skm7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/09/26 04:20:28 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Lakan\AppData\Roaming\Mozilla\Firefox\Profiles\jt11skm7.default\extensions\testpilot@labs.mozilla.com.xpi
[2012/06/24 20:08:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/26 04:20:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/08/24 05:24:18 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/09/26 04:20:21 | 000,260,576 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/26 04:20:18 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/26 04:20:18 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google English (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lakan\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lakan\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lakan\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_95.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\Program Files\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\Program Files\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Lakan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Lakan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Lakan\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Gmail = C:\Users\Lakan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/03 20:26:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF 03 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Lakan\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lakan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: emirates.com ([groupworld] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 121.1.3.82 121.1.3.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66EAD72B-87A5-4160-9171-34674204816C}: DhcpNameServer = 121.1.3.82 121.1.3.20
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/05/13 14:53:30 | 000,047,104 | ---- | M] (Inside Core) - F:\AutoRunExterminator.exe -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/10/05 06:09:28 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{10B7D8AB-97B5-4AC5-8833-911F844C23F3}
[2012/10/05 05:18:48 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\Lakan\Desktop\OTL.exe
[2012/10/04 05:23:18 | 000,000,000 | ---D | C] -- C:\USBNoRisk
[2012/10/04 05:21:15 | 000,446,976 | ---- | C] (MyCity) -- C:\Users\Lakan\Desktop\usbnorisk.exe
[2012/10/03 20:37:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/03 20:37:23 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\temp
[2012/10/03 20:26:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/03 05:24:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/03 05:24:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/03 05:24:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/03 05:21:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/03 05:20:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/03 05:12:06 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{9BC1486B-2F19-4379-BC73-A52D3D97BF52}
[2012/10/02 04:30:05 | 004,759,935 | R--- | C] (Swearware) -- C:\Users\Lakan\Desktop\ComboFix.exe
[2012/10/01 21:48:27 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{5C1DC565-602B-485E-9F75-0A374E385CF6}
[2012/10/01 08:42:33 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{2DB04CB1-2394-49B5-B54F-5A8B19F5B859}
[2012/09/30 17:58:14 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{E937EDF3-38D3-41A9-B90F-9DC813DBA7A9}
[2012/09/29 23:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutorunRemover
[2012/09/29 23:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\AutorunRemover
[2012/09/29 22:47:52 | 000,000,000 | ---D | C] -- C:\Users\Lakan\Desktop\AutoRunExterminator-1.8
[2012/09/29 20:46:16 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{8C053346-C00A-4730-B7F2-C20801DC3190}
[2012/09/29 13:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/09/29 08:45:50 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{65288F5F-5D14-4909-9263-E5EAADCAD6D8}
[2012/09/29 06:35:21 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Roaming\SpeedyPC Software
[2012/09/29 06:35:21 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Roaming\DriverCure
[2012/09/29 06:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/09/28 20:45:23 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{229C037E-48B6-46AA-B337-DCFD0189706B}
[2012/09/28 00:16:32 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Lakan\Desktop\dds.com
[2012/09/27 23:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2012/09/27 23:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012/09/27 21:46:44 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/09/27 21:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/09/27 20:19:58 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{F1D7099D-85A9-4F47-A225-91D90951961B}
[2012/09/26 23:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/26 20:18:42 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{28661BC1-CDF2-4076-A045-ECA49D8B5A17}
[2012/09/26 12:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/09/26 12:02:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012/09/26 12:01:54 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2012/09/26 12:01:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2012/09/26 11:56:50 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2012/09/26 08:17:51 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{DC258928-40C9-4361-B9BF-4D580F424A0E}
[2012/09/25 20:17:12 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{9BD88E91-55D7-410A-8FFD-4B82B5A025DD}
[2012/09/25 05:32:50 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{8B08F169-7085-4B8B-8212-20E620D682A2}
[2012/09/24 18:28:29 | 000,000,000 | ---D | C] -- C:\Users\Lakan\Desktop\voters word
[2012/09/24 12:43:41 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{A9880FDD-AB5B-4BE0-9760-DD3D2C0DE95F}
[2012/09/24 10:51:04 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{5071D630-9B55-4606-B274-E6B1DBA4985E}
[2012/09/23 10:50:03 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{53E75FDD-BBE5-45C3-A4D9-05ABF7F85BA8}
[2012/09/23 05:28:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/23 05:28:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/23 05:28:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/23 05:28:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/23 05:28:06 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/23 05:28:04 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/23 05:28:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/23 05:28:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/22 22:49:34 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{FA0CA1C8-9C2B-4F59-BCEC-E818754493C6}
[2012/09/22 18:29:18 | 000,000,000 | ---D | C] -- C:\Users\Lakan\Desktop\Selected Pictures
[2012/09/22 10:48:54 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{DB088A14-CC5F-46C1-88CD-CAB62DF52411}
[2012/09/21 19:57:38 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{1DEB873E-5101-48E1-B95B-BAED6A74E05F}
[2012/09/21 05:12:36 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{728B41D5-6B8B-4DA7-87E8-BEE90A0FD09C}
[2012/09/20 13:50:28 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\GameHouse
[2012/09/20 13:50:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2012/09/20 13:47:43 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bejeweled 3
[2012/09/20 13:47:06 | 000,000,000 | ---D | C] -- C:\Windows\Bejeweled 3
[2012/09/20 13:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\Bejeweled 3
[2012/09/20 13:17:33 | 000,000,000 | ---D | C] -- C:\Users\Lakan\Documents\voters list
[2012/09/20 12:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF to Word
[2012/09/20 12:34:27 | 000,000,000 | ---D | C] -- C:\Users\Lakan\Documents\Quick-PDF PDF to Word
[2012/09/20 12:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\PDF to Word
[2012/09/20 11:56:07 | 000,000,000 | ---D | C] -- C:\Users\Lakan\Documents\ScanSoft PDF Converter 3.0
[2012/09/20 11:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2012/09/20 11:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSoft
[2012/09/20 10:16:51 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{3CE7AAD3-6021-4EE3-8D60-74B91F31FA80}
[2012/09/19 22:16:15 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{C6CD25D0-4358-4E20-A3AE-1E3CFAAB8467}
[2012/09/19 10:15:45 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{D29EF494-7D71-4476-8B87-5532760A1F6B}
[2012/09/18 21:28:20 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{03A762B1-FF0F-4527-B93F-B2D9EBA8EBBC}
[2012/09/18 19:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitstream
[2012/09/18 16:25:42 | 000,000,000 | ---D | C] -- C:\Users\Lakan\Documents\My Palettes
[2012/09/18 16:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis
[2012/09/18 16:16:25 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Roaming\Corel
[2012/09/18 14:08:47 | 000,000,000 | ---D | C] -- C:\Users\Lakan\Documents\Corel
[2012/09/18 14:08:35 | 000,000,000 | ---D | C] -- C:\Users\Lakan\Documents\Visual Studio 2008
[2012/09/18 14:06:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2012/09/18 14:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2012/09/18 14:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\gs
[2012/09/18 14:05:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2012/09/18 14:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
[2012/09/18 14:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2012/09/18 14:02:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel
[2012/09/18 14:00:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6
[2012/09/18 14:00:03 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2012/09/18 13:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\CorelDRAW Graphics Suite X6
[2012/09/18 09:27:45 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{33AC30E8-3843-4707-804E-E8E4E04524AC}
[2012/09/17 20:36:49 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{5C5FA807-0309-45B8-B56E-98115C06FEA6}
[2012/09/17 08:36:21 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{BAEABFC8-4261-42B1-8C05-D4CE14C958FF}
[2012/09/17 08:33:56 | 006,516,280 | ---- | C] (AVAST Software) -- C:\Program Files\AVAST Softwa
[2012/09/16 17:35:36 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{B5B76B17-187A-4CDD-8E63-8979A2C9060E}
[2012/09/16 14:21:24 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2012/09/16 14:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2
[2012/09/16 05:40:08 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012/09/16 05:40:04 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/09/16 05:40:04 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/09/16 05:40:01 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/09/16 05:35:10 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{07CFBD84-C57F-4C36-B855-07A9A7F64F79}
[2012/09/11 09:04:41 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{AF73488F-BB4E-4E60-A25B-F413BBC6D61E}
[2012/09/11 08:27:04 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{43D6E6B3-1F38-457B-AD35-052DCF4E8080}
[2012/09/11 06:06:08 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/09/11 06:05:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2012/09/11 06:02:43 | 000,022,400 | ---- | C] (IObit) -- C:\Windows\System32\RegistryDefragBootTime.exe
[2012/09/11 05:25:27 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Roaming\IObit
[2012/09/11 05:25:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5
[2012/09/11 05:25:14 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/09/10 20:26:40 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{72682504-BA9F-4BD8-8AD0-BDFDF42A19BF}
[2012/09/10 08:24:26 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{3BE88001-00F6-44F3-8B11-9A10FBD49B1B}
[2012/09/09 19:02:13 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{359E1E21-2154-4BBA-A3C6-6D75653C206E}
[2012/09/09 08:15:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar FX BOX 2.6
[2012/09/09 08:15:12 | 000,000,000 | ---D | C] -- C:\Program Files\Guitar FX BOX 2.6
[2012/09/09 07:01:45 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{B038E991-D687-426A-8E66-A082DA093F50}
[2012/09/08 17:10:26 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{FEEAC1EC-8871-4FBA-A9B1-5AA638517DDA}
[2012/09/08 05:16:19 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{8014560E-4850-42DC-907C-01D3D6A7500F}
[2012/09/07 16:38:33 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{2474120D-EE4D-4796-894F-98BD9BCA735B}
[2012/09/07 08:58:05 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{20041314-9F36-4540-9489-4FB3898A21AF}
[2012/09/06 20:57:20 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{C86997B0-9D45-4D55-98D7-A3CE4B66619D}
[2012/09/06 08:56:54 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{AFFED6E0-8737-4FF9-81D0-280764EFCFBC}

========== Files - Modified Within 30 Days ==========

[2012/10/06 05:24:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/06 05:24:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/06 05:13:53 | 000,672,174 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/06 05:13:53 | 000,126,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/06 05:12:37 | 000,026,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/06 05:12:37 | 000,026,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/06 05:05:39 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012/10/06 05:05:33 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/06 05:03:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/06 05:02:56 | 000,507,843 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2012/10/05 05:18:52 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Lakan\Desktop\OTL.exe
[2012/10/04 08:05:18 | 000,001,238 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2012/10/04 05:21:21 | 000,446,976 | ---- | M] (MyCity) -- C:\Users\Lakan\Desktop\usbnorisk.exe
[2012/10/03 20:26:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/03 05:20:36 | 004,759,935 | R--- | M] (Swearware) -- C:\Users\Lakan\Desktop\ComboFix.exe
[2012/09/29 23:49:25 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AutorunRemover.lnk
[2012/09/29 22:32:26 | 000,017,028 | ---- | M] () -- C:\Users\Lakan\Desktop\AutoRunExterminator-1.8.zip
[2012/09/28 00:16:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Lakan\Desktop\dds.com
[2012/09/27 23:11:39 | 000,001,803 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012/09/27 21:46:44 | 000,002,963 | ---- | M] () -- C:\Users\Lakan\Desktop\HiJackThis.lnk
[2012/09/26 15:32:38 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/26 12:02:01 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012/09/24 12:39:22 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/09/24 12:39:20 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/09/21 20:05:09 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/09/21 20:05:09 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/09/20 13:47:43 | 000,001,880 | ---- | M] () -- C:\Users\Lakan\Desktop\Bejeweled 3.lnk
[2012/09/20 12:34:31 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\PDF to Word.lnk
[2012/09/20 12:34:31 | 000,000,063 | ---- | M] () -- C:\Users\Public\Desktop\Purchase PDF to Word.url
[2012/09/19 13:30:52 | 000,001,440 | ---- | M] () -- C:\Users\Lakan\AppData\Local\recently-used.xbel
[2012/09/19 05:20:28 | 000,483,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/18 14:05:29 | 000,002,267 | ---- | M] () -- C:\Users\Public\Desktop\Bitstream Font Navigator.lnk
[2012/09/18 14:03:02 | 000,002,313 | ---- | M] () -- C:\Users\Public\Desktop\Corel CONNECT X6.lnk
[2012/09/18 14:02:53 | 000,002,621 | ---- | M] () -- C:\Users\Public\Desktop\Corel CAPTURE X6.lnk
[2012/09/18 14:02:45 | 000,002,629 | ---- | M] () -- C:\Users\Public\Desktop\Corel PHOTO-PAINT X6.lnk
[2012/09/18 14:02:28 | 000,002,613 | ---- | M] () -- C:\Users\Public\Desktop\CorelDRAW X6.lnk
[2012/09/18 10:29:00 | 000,159,744 | ---- | M] () -- C:\Users\Lakan\Documents\GENERICA DISCOUNT CARD.pub
[2012/09/17 17:27:36 | 000,046,924 | ---- | M] () -- C:\Users\Lakan\Documents\DATELINE 09-15-12.rtf
[2012/09/17 17:27:36 | 000,000,162 | -H-- | M] () -- C:\Users\Lakan\Documents\~$TELINE 09-15-12.rtf
[2012/09/16 14:21:24 | 000,001,104 | ---- | M] () -- C:\Users\Lakan\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2012/09/11 05:25:27 | 000,001,238 | ---- | M] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2012/09/11 05:25:27 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
[2012/09/09 08:15:13 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\Guitar FX BOX 2.6.LNK
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/10/04 08:05:18 | 000,001,238 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2012/10/03 05:24:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/03 05:24:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/03 05:24:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/03 05:24:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/03 05:24:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/29 23:49:25 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\AutorunRemover.lnk
[2012/09/29 22:32:26 | 000,017,028 | ---- | C] () -- C:\Users\Lakan\Desktop\AutoRunExterminator-1.8.zip
[2012/09/27 23:11:39 | 000,001,803 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012/09/27 21:46:44 | 000,002,963 | ---- | C] () -- C:\Users\Lakan\Desktop\HiJackThis.lnk
[2012/09/26 12:02:01 | 000,002,139 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012/09/26 12:02:01 | 000,002,127 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012/09/20 13:47:43 | 000,001,880 | ---- | C] () -- C:\Users\Lakan\Desktop\Bejeweled 3.lnk
[2012/09/20 12:34:31 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\PDF to Word.lnk
[2012/09/20 12:34:31 | 000,000,063 | ---- | C] () -- C:\Users\Public\Desktop\Purchase PDF to Word.url
[2012/09/19 13:30:52 | 000,001,440 | ---- | C] () -- C:\Users\Lakan\AppData\Local\recently-used.xbel
[2012/09/18 14:10:25 | 000,002,629 | ---- | C] () -- C:\Users\Public\Desktop\Corel PHOTO-PAINT X6.lnk
[2012/09/18 14:10:25 | 000,002,621 | ---- | C] () -- C:\Users\Public\Desktop\Corel CAPTURE X6.lnk
[2012/09/18 14:10:25 | 000,002,613 | ---- | C] () -- C:\Users\Public\Desktop\CorelDRAW X6.lnk
[2012/09/18 14:10:25 | 000,002,313 | ---- | C] () -- C:\Users\Public\Desktop\Corel CONNECT X6.lnk
[2012/09/18 14:10:25 | 000,002,267 | ---- | C] () -- C:\Users\Public\Desktop\Bitstream Font Navigator.lnk
[2012/09/17 17:27:36 | 000,046,924 | ---- | C] () -- C:\Users\Lakan\Documents\DATELINE 09-15-12.rtf
[2012/09/17 17:27:36 | 000,000,162 | -H-- | C] () -- C:\Users\Lakan\Documents\~$TELINE 09-15-12.rtf
[2012/09/16 14:21:24 | 000,001,104 | ---- | C] () -- C:\Users\Lakan\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2012/09/11 16:00:01 | 000,159,744 | ---- | C] () -- C:\Users\Lakan\Documents\GENERICA DISCOUNT CARD.pub
[2012/09/11 05:25:27 | 000,001,238 | ---- | C] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2012/09/11 05:25:27 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
[2012/09/09 08:15:13 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\Guitar FX BOX 2.6.LNK
[2012/09/07 06:28:15 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2012/08/29 08:43:11 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2012/08/29 08:29:11 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Plug-In Settings
[2012/08/29 08:29:11 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Plants
[2012/08/29 08:29:11 | 000,000,268 | RH-- | C] () -- C:\Users\Lakan\AppData\Roaming\Pick Bass
[2012/08/29 08:29:11 | 000,000,268 | RH-- | C] () -- C:\Users\Lakan\AppData\Roaming\Pianos and Keyboards
[2012/08/29 08:29:11 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012/08/29 08:29:11 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012/08/29 08:29:11 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Receipts
[2012/08/29 08:29:11 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Quartz Composer
[2012/08/29 08:29:10 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Planets
[2012/08/29 08:29:10 | 000,000,268 | RH-- | C] () -- C:\Users\Lakan\AppData\Roaming\Piano Med
[2012/08/29 08:29:10 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012/08/29 08:29:10 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Profiles
[2012/07/24 14:03:20 | 000,186,460 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/04/04 20:33:30 | 000,488,448 | ---- | C] () -- C:\Windows\System32\apdfprintmon.dll
[2012/04/04 20:04:45 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2012/04/02 00:46:39 | 002,212,608 | ---- | C] () -- C:\Windows\System32\wweb32.dll
[2012/04/02 00:38:57 | 000,271,264 | ---- | C] () -- C:\Windows\System32\vbrun100.dll
[2012/04/02 00:38:57 | 000,210,944 | ---- | C] () -- C:\Windows\System32\msvcrt10.dll
[2012/04/02 00:29:53 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/04/02 00:29:51 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/04/02 00:29:51 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/04/02 00:29:51 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/12/05 03:25:52 | 000,421,376 | ---- | C] () -- C:\Windows\System32\W7TRunOnce.exe
[2011/12/04 23:14:44 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2011/02/11 23:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 23:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 23:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 22:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/02/11 22:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/11/21 05:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010/11/21 05:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== ZeroAccess Check ==========

[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2011/08/05 14:40:19 | 000,613,376 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2011/08/05 14:38:59 | 000,349,184 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/04/02 01:33:15 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\Chikka Messenger
[2012/09/11 06:03:07 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\DAEMON Tools Lite
[2012/04/02 00:40:29 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\doctor
[2012/09/29 06:35:21 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\DriverCure
[2012/07/24 08:01:30 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\Dropbox
[2012/08/12 10:27:10 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\DVDVideoSoft
[2012/08/12 10:27:21 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/09/11 14:44:57 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\EssentialPIM
[2012/07/26 13:48:14 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\EurekaLog
[2012/04/25 13:56:14 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\Foxit Software
[2012/09/01 21:15:34 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\Gatling Gears
[2012/04/14 20:53:07 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\Groovedown
[2012/06/04 00:28:07 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\gtk-2.0
[2012/09/16 05:57:10 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\IObit
[2012/08/29 08:32:19 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\Nikon
[2012/04/02 00:40:27 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\Notepad++
[2012/08/25 00:30:39 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\PhotoScape
[2012/04/07 19:19:20 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\Pixlromatic
[2012/04/04 20:11:56 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\PrimoPDF
[2012/06/20 17:30:57 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\SendSpace
[2012/09/04 15:43:48 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\Smilebox
[2012/09/29 06:35:21 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\SpeedyPC Software
[2012/04/07 14:19:42 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\Stardock
[2012/04/02 02:57:13 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\Synaptics
[2012/08/23 11:10:30 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\TypingMaster7
[2012/04/02 00:40:31 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\URSoft
[2012/10/05 05:13:35 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\uTorrent
[2012/04/02 21:11:52 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\VS Revo Group

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2012/10/03 20:37:32 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012/09/11 09:00:38 | 000,000,000 | ---D | M] -- C:\Boot
[2009/07/14 12:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012/04/02 01:24:09 | 000,000,000 | ---D | M] -- C:\Intel
[2012/04/02 01:33:34 | 000,000,000 | ---D | M] -- C:\logs
[2012/08/09 15:43:05 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009/07/14 10:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/09/29 23:49:24 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/09/29 13:22:47 | 000,000,000 | ---D | M] -- C:\ProgramData
[2012/10/03 20:37:28 | 000,000,000 | ---D | M] -- C:\Qoobox
[2012/04/02 00:26:08 | 000,000,000 | ---D | M] -- C:\Recovery
[2012/04/02 04:06:38 | 000,000,000 | ---D | M] -- C:\SwSetup
[2012/10/06 05:45:06 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/05/31 19:52:25 | 000,000,000 | ---D | M] -- C:\TEMP
[2012/10/04 05:45:30 | 000,000,000 | ---D | M] -- C:\USBNoRisk
[2012/04/06 17:03:24 | 000,000,000 | R--D | M] -- C:\Users
[2012/10/05 05:07:57 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %windir%\Installer\*.* >
[2012/07/23 14:07:19 | 000,461,312 | ---- | M] () -- C:\Windows\Installer\11096f1.msi
[2012/06/20 12:20:48 | 003,109,376 | ---- | M] () -- C:\Windows\Installer\1146809.msi
[2012/04/27 16:56:37 | 002,863,104 | ---- | M] () -- C:\Windows\Installer\118d015.msi
[2012/04/27 16:56:36 | 000,650,240 | ---- | M] () -- C:\Windows\Installer\118d01b.msi
[2012/04/27 16:56:39 | 001,800,704 | ---- | M] () -- C:\Windows\Installer\118d021.msi
[2012/04/27 16:56:44 | 001,802,240 | ---- | M] () -- C:\Windows\Installer\118d027.msi
[2012/04/27 16:56:58 | 001,804,800 | ---- | M] () -- C:\Windows\Installer\118d02d.msi
[2012/04/27 16:56:59 | 002,115,584 | ---- | M] () -- C:\Windows\Installer\118d033.msi
[2012/04/27 16:57:01 | 000,663,040 | ---- | M] () -- C:\Windows\Installer\118d039.msi
[2012/04/27 16:57:00 | 000,667,648 | ---- | M] () -- C:\Windows\Installer\118d03f.msi
[2012/04/27 16:57:00 | 000,656,896 | ---- | M] () -- C:\Windows\Installer\118d045.msi
[2012/04/27 16:57:00 | 000,650,240 | ---- | M] () -- C:\Windows\Installer\118d04b.msi
[2012/04/27 16:57:02 | 001,800,704 | ---- | M] () -- C:\Windows\Installer\118d051.msi
[2012/04/27 16:57:05 | 002,413,568 | ---- | M] () -- C:\Windows\Installer\118d057.msi
[2012/04/27 16:57:07 | 001,813,504 | ---- | M] () -- C:\Windows\Installer\118d05e.msi
[2012/04/27 16:57:07 | 000,650,240 | ---- | M] () -- C:\Windows\Installer\118d064.msi
[2012/04/27 16:57:09 | 001,810,944 | ---- | M] () -- C:\Windows\Installer\118d06a.msi
[2012/04/27 16:57:13 | 001,819,648 | ---- | M] () -- C:\Windows\Installer\118d070.msi
[2012/04/27 16:57:42 | 024,809,472 | ---- | M] () -- C:\Windows\Installer\118d078.msi
[2012/04/25 11:23:58 | 038,233,600 | ---- | M] () -- C:\Windows\Installer\123afb7.msi
[2012/04/07 19:20:20 | 000,032,256 | ---- | M] () -- C:\Windows\Installer\14e48f8.msi
[2012/03/15 17:11:26 | 001,989,632 | R--- | M] () -- C:\Windows\Installer\150e675.msp
[2012/03/15 17:11:30 | 066,812,928 | R--- | M] () -- C:\Windows\Installer\150e68e.msp
[2012/03/15 17:12:04 | 004,968,960 | R--- | M] () -- C:\Windows\Installer\150e6a7.msp
[2011/12/15 17:40:40 | 023,374,336 | R--- | M] () -- C:\Windows\Installer\150e6bf.msp
[2012/03/15 17:09:50 | 017,165,312 | R--- | M] () -- C:\Windows\Installer\150e6de.msp
[2012/01/19 17:37:24 | 008,999,936 | R--- | M] () -- C:\Windows\Installer\150e6eb.msp
[2012/04/23 14:32:14 | 003,460,096 | R--- | M] () -- C:\Windows\Installer\150e702.msp
[2012/01/22 14:09:26 | 001,700,352 | R--- | M] () -- C:\Windows\Installer\1569b92.msp
[2009/07/12 16:16:26 | 000,223,232 | ---- | M] () -- C:\Windows\Installer\162a50.msi
[2012/07/28 09:47:34 | 013,123,584 | R--- | M] () -- C:\Windows\Installer\169c489.msp
[2012/07/24 20:54:47 | 019,337,216 | ---- | M] () -- C:\Windows\Installer\19a3a51.msi
[2010/05/15 08:32:12 | 006,393,856 | ---- | M] () -- C:\Windows\Installer\1a6ddad.msi
[2012/04/24 21:40:08 | 000,746,496 | ---- | M] () -- C:\Windows\Installer\1a6ddb1.msi
[2012/05/31 01:47:20 | 020,403,200 | ---- | M] () -- C:\Windows\Installer\252603.msi
[2012/04/05 17:23:32 | 002,358,784 | ---- | M] () -- C:\Windows\Installer\252628.msi
[2012/05/24 18:34:48 | 009,547,776 | ---- | M] () -- C:\Windows\Installer\25262e.msi
[2012/04/05 17:27:02 | 002,323,456 | ---- | M] () -- C:\Windows\Installer\252634.msi
[2012/06/07 23:19:02 | 051,514,368 | ---- | M] () -- C:\Windows\Installer\252638.msi
[2011/04/29 03:28:46 | 011,056,128 | R--- | M] () -- C:\Windows\Installer\25ce3f.msp
[2011/04/29 03:28:12 | 016,972,800 | R--- | M] () -- C:\Windows\Installer\25ce4a.msp
[2011/10/16 18:38:36 | 100,966,912 | R--- | M] () -- C:\Windows\Installer\2670023.msp
[2012/03/21 09:57:52 | 001,591,808 | R--- | M] () -- C:\Windows\Installer\267003b.msp
[2012/03/21 09:58:06 | 000,133,120 | R--- | M] () -- C:\Windows\Installer\2670043.msp
[2011/10/27 02:46:00 | 011,580,928 | R--- | M] () -- C:\Windows\Installer\267005a.msp
[2011/10/27 02:49:42 | 010,427,392 | R--- | M] () -- C:\Windows\Installer\267006c.msp
[2011/10/27 02:49:36 | 016,245,760 | R--- | M] () -- C:\Windows\Installer\267007f.msp
[2011/10/27 02:47:50 | 010,328,064 | R--- | M] () -- C:\Windows\Installer\2670091.msp
[2011/10/27 02:46:54 | 001,833,472 | R--- | M] () -- C:\Windows\Installer\26700a8.msp
[2011/10/27 02:51:34 | 016,885,760 | R--- | M] () -- C:\Windows\Installer\26700c9.msp
[2011/10/27 02:51:46 | 000,592,896 | R--- | M] () -- C:\Windows\Installer\26700d1.msp
[2011/10/27 02:46:12 | 000,794,112 | R--- | M] () -- C:\Windows\Installer\26700e8.msp
[2012/02/17 07:50:50 | 001,236,480 | R--- | M] () -- C:\Windows\Installer\26700fe.msp
[2011/07/21 16:41:08 | 008,413,696 | R--- | M] () -- C:\Windows\Installer\2670115.msp
[2012/04/01 20:27:20 | 003,463,168 | R--- | M] () -- C:\Windows\Installer\267012c.msp
[2011/10/27 03:23:36 | 000,925,696 | R--- | M] () -- C:\Windows\Installer\2670135.msp
[2011/10/27 03:23:32 | 008,821,760 | R--- | M] () -- C:\Windows\Installer\267014c.msp
[2011/07/21 16:45:00 | 003,809,792 | R--- | M] () -- C:\Windows\Installer\2670163.msp
[2011/06/20 03:28:52 | 018,457,088 | R--- | M] () -- C:\Windows\Installer\267017c.msp
[2011/10/16 18:28:16 | 001,138,688 | R--- | M] () -- C:\Windows\Installer\2670193.msp
[2011/07/21 16:34:34 | 003,456,000 | R--- | M] () -- C:\Windows\Installer\26701ac.msp
[2011/07/21 16:36:40 | 066,808,320 | R--- | M] () -- C:\Windows\Installer\26701c5.msp
[2011/06/20 03:33:20 | 000,407,552 | R--- | M] () -- C:\Windows\Installer\26701dc.msp
[2012/03/07 19:03:14 | 023,710,208 | R--- | M] () -- C:\Windows\Installer\267020d.msp
[2012/03/07 19:01:28 | 001,907,712 | R--- | M] () -- C:\Windows\Installer\2670217.msp
[2012/02/09 11:27:42 | 000,206,848 | R--- | M] () -- C:\Windows\Installer\267022e.msp
[2012/01/05 10:21:26 | 004,964,864 | R--- | M] () -- C:\Windows\Installer\2670247.msp
[2011/07/21 16:43:06 | 000,027,648 | R--- | M] () -- C:\Windows\Installer\267025d.msp
[2011/10/27 02:45:40 | 066,426,368 | R--- | M] () -- C:\Windows\Installer\2670275.msp
[2011/11/18 22:52:34 | 009,183,232 | R--- | M] () -- C:\Windows\Installer\267028f.msp
[2012/04/26 20:34:32 | 002,118,144 | ---- | M] () -- C:\Windows\Installer\26721a.msi
[2011/12/26 09:06:20 | 005,115,392 | R--- | M] () -- C:\Windows\Installer\2a20af.msp
[2011/10/26 19:38:54 | 002,830,848 | R--- | M] () -- C:\Windows\Installer\2a20c5.msp
[2012/04/02 01:32:17 | 000,020,480 | ---- | M] () -- C:\Windows\Installer\2a222b.mst
[2011/11/22 03:07:36 | 017,191,936 | ---- | M] () -- C:\Windows\Installer\2a222c.msp
[2005/04/11 23:47:44 | 003,443,712 | ---- | M] () -- C:\Windows\Installer\30e1778.msi
[2012/07/19 20:42:26 | 019,361,792 | R--- | M] () -- C:\Windows\Installer\30e17d9.msp
[2012/07/19 20:47:55 | 000,021,504 | ---- | M] () -- C:\Windows\Installer\30e1832.msi
[2012/09/17 05:19:23 | 000,025,600 | ---- | M] () -- C:\Windows\Installer\34ea46.msi
[2012/04/07 14:19:33 | 000,273,920 | ---- | M] () -- C:\Windows\Installer\3bec38.msi
[2012/04/04 21:32:41 | 016,613,376 | R--- | M] () -- C:\Windows\Installer\40247f.msp
[2011/11/22 03:07:36 | 017,191,936 | R--- | M] () -- C:\Windows\Installer\439d5.msp
[2012/05/25 11:25:16 | 023,771,136 | R--- | M] () -- C:\Windows\Installer\549a7.msp
[2012/07/04 07:59:50 | 000,261,120 | R--- | M] () -- C:\Windows\Installer\5d7cd.msp
[2012/07/04 07:58:24 | 006,163,456 | R--- | M] () -- C:\Windows\Installer\5d7e5.msp
[2012/07/04 08:01:26 | 009,082,368 | R--- | M] () -- C:\Windows\Installer\5d7fc.msp
[2012/07/04 08:09:58 | 001,284,096 | R--- | M] () -- C:\Windows\Installer\5d813.msp
[2012/07/04 08:12:56 | 004,772,352 | R--- | M] () -- C:\Windows\Installer\5d82b.msp
[2012/07/04 08:04:30 | 001,292,288 | R--- | M] () -- C:\Windows\Installer\5d835.msp
[2012/07/19 02:45:30 | 003,464,704 | R--- | M] () -- C:\Windows\Installer\5d84c.msp
[2012/09/27 20:41:36 | 001,402,880 | ---- | M] () -- C:\Windows\Installer\600e28.msi
[2011/03/04 13:28:44 | 023,081,472 | R--- | M] () -- C:\Windows\Installer\60578.msp
[2011/04/29 00:26:42 | 003,994,624 | R--- | M] () -- C:\Windows\Installer\60626.msp
[2011/04/29 00:27:46 | 014,467,072 | R--- | M] () -- C:\Windows\Installer\60637.msp
[2011/04/29 00:33:30 | 425,345,024 | R--- | M] () -- C:\Windows\Installer\607ac.msp
[2011/04/29 00:27:58 | 000,608,768 | R--- | M] () -- C:\Windows\Installer\607b3.msp
[2011/04/29 00:34:24 | 011,155,456 | R--- | M] () -- C:\Windows\Installer\607bc.msp
[2012/08/29 22:39:12 | 003,463,680 | R--- | M] () -- C:\Windows\Installer\6bba7f.msp
[2012/04/22 22:37:42 | 001,182,720 | R--- | M] () -- C:\Windows\Installer\7304b.msp
[2012/03/15 13:43:28 | 004,216,320 | R--- | M] () -- C:\Windows\Installer\73054.msp
[2012/05/17 02:58:50 | 003,462,144 | R--- | M] () -- C:\Windows\Installer\7306a.msp
[2012/04/02 02:12:13 | 024,054,272 | ---- | M] () -- C:\Windows\Installer\75011.msi
[2011/04/07 10:43:30 | 123,313,664 | R--- | M] () -- C:\Windows\Installer\75020.msp
[2012/09/01 09:17:16 | 000,877,056 | ---- | M] () -- C:\Windows\Installer\7672b1.msi
[2012/09/01 09:19:47 | 000,179,200 | ---- | M] () -- C:\Windows\Installer\7672c1.msi
[2012/06/20 02:06:38 | 001,839,104 | R--- | M] () -- C:\Windows\Installer\7d0297.msp
[2012/06/25 17:02:18 | 002,460,672 | ---- | M] () -- C:\Windows\Installer\7d029f.msi
[2012/04/05 01:54:48 | 008,301,056 | R--- | M] () -- C:\Windows\Installer\7d02b7.msp
[2012/04/05 01:56:02 | 002,820,096 | R--- | M] () -- C:\Windows\Installer\7d02ce.msp
[2012/06/20 02:00:10 | 003,461,120 | R--- | M] () -- C:\Windows\Installer\7d02e5.msp
[2012/06/20 01:29:46 | 005,262,848 | R--- | M] () -- C:\Windows\Installer\7d02ff.msp
[2011/06/07 04:45:15 | 002,318,848 | ---- | M] () -- C:\Windows\Installer\864b1.msi
[2012/01/04 01:44:25 | 015,929,344 | R--- | M] () -- C:\Windows\Installer\864b2.msp
[2012/04/02 00:56:55 | 005,476,352 | ---- | M] () -- C:\Windows\Installer\864b6.msi
[2012/04/02 00:55:14 | 009,433,088 | ---- | M] () -- C:\Windows\Installer\864ba.msi
[2012/04/02 00:55:20 | 004,426,240 | R--- | M] () -- C:\Windows\Installer\864c9.msp
[2012/04/02 00:55:36 | 007,710,720 | ---- | M] () -- C:\Windows\Installer\864cd.msi
[2012/04/02 00:55:41 | 002,932,224 | R--- | M] () -- C:\Windows\Installer\864e1.msp
[2012/04/02 00:55:57 | 004,680,704 | ---- | M] () -- C:\Windows\Installer\864e5.msi
[2012/04/02 00:56:02 | 002,343,936 | ---- | M] () -- C:\Windows\Installer\864e9.msi
[2012/04/02 00:56:08 | 001,850,368 | ---- | M] () -- C:\Windows\Installer\864ed.msi
[2012/04/02 00:56:12 | 000,147,968 | ---- | M] () -- C:\Windows\Installer\864f1.msi
[2012/04/02 00:56:16 | 000,429,056 | ---- | M] () -- C:\Windows\Installer\864f5.msi
[2012/04/02 00:56:21 | 000,136,704 | R--- | M] () -- C:\Windows\Installer\864fa.msp
[2012/04/02 00:56:27 | 004,004,864 | ---- | M] () -- C:\Windows\Installer\864fe.msi
[2012/04/02 00:56:32 | 001,139,712 | R--- | M] () -- C:\Windows\Installer\8650a.msp
[2012/04/02 00:57:00 | 002,310,656 | ---- | M] () -- C:\Windows\Installer\8650e.msi
[2012/04/02 00:57:04 | 000,715,264 | R--- | M] () -- C:\Windows\Installer\86516.msp
[2012/04/02 00:57:11 | 008,332,288 | ---- | M] () -- C:\Windows\Installer\8651a.msi
[2012/04/02 00:57:17 | 003,312,128 | R--- | M] () -- C:\Windows\Installer\86536.msp
[2012/04/02 00:57:32 | 022,647,296 | ---- | M] () -- C:\Windows\Installer\8653b.msi
[2012/04/02 00:57:37 | 005,535,744 | R--- | M] () -- C:\Windows\Installer\8654e.msp
[2012/04/02 00:57:46 | 003,664,384 | ---- | M] () -- C:\Windows\Installer\86553.msi
[2012/04/02 00:57:51 | 000,070,144 | ---- | M] () -- C:\Windows\Installer\86557.msi
[2012/04/02 00:57:56 | 000,038,912 | R--- | M] () -- C:\Windows\Installer\8655c.msp
[2012/04/02 00:58:06 | 013,850,624 | ---- | M] () -- C:\Windows\Installer\86560.msi
[2012/04/02 00:58:12 | 005,868,544 | R--- | M] () -- C:\Windows\Installer\86577.msp
[2012/04/02 00:58:20 | 008,313,856 | ---- | M] () -- C:\Windows\Installer\8657b.msi
[2012/04/02 00:58:29 | 002,957,312 | R--- | M] () -- C:\Windows\Installer\86595.msp
[2012/04/02 00:58:36 | 001,819,136 | ---- | M] () -- C:\Windows\Installer\86599.msi
[2012/04/02 00:58:53 | 034,193,408 | ---- | M] () -- C:\Windows\Installer\8659d.msi
[2012/04/02 00:59:06 | 014,624,256 | R--- | M] () -- C:\Windows\Installer\865c8.msp
[2012/04/02 00:59:15 | 011,846,656 | ---- | M] () -- C:\Windows\Installer\865cd.msi
[2012/04/02 00:59:20 | 003,734,016 | R--- | M] () -- C:\Windows\Installer\865d6.msp
[2012/04/02 00:59:38 | 012,348,416 | ---- | M] () -- C:\Windows\Installer\865dc.msi
[2012/04/02 00:55:24 | 000,067,072 | ---- | M] () -- C:\Windows\Installer\865e0.msi
[2012/04/02 00:55:29 | 000,029,184 | R--- | M] () -- C:\Windows\Installer\865e6.msp
[2012/04/02 00:55:47 | 001,492,992 | ---- | M] () -- C:\Windows\Installer\865ea.msi
[2012/04/02 00:55:51 | 000,625,664 | R--- | M] () -- C:\Windows\Installer\865f3.msp
[2012/04/02 00:59:41 | 001,070,592 | ---- | M] () -- C:\Windows\Installer\865f7.msi
[2012/04/02 00:59:47 | 000,468,480 | R--- | M] () -- C:\Windows\Installer\86601.msp
[2012/04/02 01:00:00 | 006,661,632 | ---- | M] () -- C:\Windows\Installer\86606.msi
[2012/04/02 01:00:06 | 005,124,096 | R--- | M] () -- C:\Windows\Installer\86610.msp
[2012/04/02 01:00:12 | 003,410,944 | ---- | M] () -- C:\Windows\Installer\86615.msi
[2012/04/02 01:00:17 | 000,635,904 | R--- | M] () -- C:\Windows\Installer\8661b.msp
[2012/04/02 01:00:26 | 004,175,360 | ---- | M] () -- C:\Windows\Installer\8661f.msi
[2012/04/02 01:00:30 | 000,509,952 | R--- | M] () -- C:\Windows\Installer\86624.msp
[2012/04/02 01:00:42 | 004,250,112 | ---- | M] () -- C:\Windows\Installer\86629.msi
[2012/04/02 01:00:51 | 002,146,304 | R--- | M] () -- C:\Windows\Installer\86634.msp
[2012/04/02 01:00:55 | 000,153,600 | ---- | M] () -- C:\Windows\Installer\86639.msi
[2012/04/02 01:01:00 | 000,060,416 | R--- | M] () -- C:\Windows\Installer\8663e.msp
[2012/04/25 13:56:53 | 018,042,880 | ---- | M] () -- C:\Windows\Installer\90ab03.msi
[2012/04/27 01:42:59 | 005,196,800 | ---- | M] () -- C:\Windows\Installer\b0c411.msi
[2009/07/12 02:35:00 | 002,736,640 | ---- | M] () -- C:\Windows\Installer\b83aa7.msi
[2012/08/29 08:28:57 | 025,483,776 | ---- | M] () -- C:\Windows\Installer\b83aae.msi
[2012/08/29 08:30:25 | 026,845,360 | ---- | M] () -- C:\Windows\Installer\b83abb.msi
[2012/08/29 08:31:13 | 012,856,320 | ---- | M] () -- C:\Windows\Installer\b83ac2.msi
[2012/04/23 18:40:24 | 004,460,544 | ---- | M] () -- C:\Windows\Installer\bd60be.msi
[2012/04/05 04:34:07 | 012,938,752 | ---- | M] () -- C:\Windows\Installer\c15d39.msi
[2008/08/08 14:11:02 | 000,232,960 | ---- | M] () -- C:\Windows\Installer\c37631.msi
[2011/09/17 12:50:24 | 001,085,952 | ---- | M] () -- C:\Windows\Installer\c4bc4.msi
[2010/04/16 04:45:06 | 000,847,872 | ---- | M] () -- C:\Windows\Installer\c4bd6.msi
[2010/04/16 04:28:47 | 000,752,128 | ---- | M] () -- C:\Windows\Installer\c4bdc.msi
[2011/12/04 08:12:25 | 002,434,048 | ---- | M] () -- C:\Windows\Installer\c4bee.msi
[2011/10/23 19:07:38 | 001,433,600 | ---- | M] () -- C:\Windows\Installer\c4bf3.msi
[2011/10/23 19:07:59 | 000,647,168 | ---- | M] () -- C:\Windows\Installer\c4bf7.msi
[2011/11/08 18:22:20 | 017,562,112 | ---- | M] () -- C:\Windows\Installer\c4c0e.msi
[2011/11/18 04:38:26 | 000,039,936 | ---- | M] () -- C:\Windows\Installer\c4c14.msi
[2012/04/02 00:35:03 | 023,622,656 | R--- | M] () -- C:\Windows\Installer\c4c1b.msp
[2011/09/30 03:34:07 | 000,495,616 | ---- | M] () -- C:\Windows\Installer\c4c21.msi
[2011/09/30 03:38:18 | 000,227,328 | ---- | M] () -- C:\Windows\Installer\c4c27.msi
[2011/09/30 03:41:38 | 000,188,416 | ---- | M] () -- C:\Windows\Installer\c4c2f.msi
[2005/09/23 11:48:26 | 001,886,720 | ---- | M] () -- C:\Windows\Installer\c4c35.msi
[2011/10/24 19:43:44 | 026,820,096 | ---- | M] () -- C:\Windows\Installer\c4c4d.msi
[2011/04/06 19:12:40 | 006,169,600 | ---- | M] () -- C:\Windows\Installer\c4c53.msi
[2009/07/21 03:11:12 | 002,459,648 | ---- | M] () -- C:\Windows\Installer\c4c5a.msi
[2012/02/28 04:56:58 | 001,697,792 | ---- | M] () -- C:\Windows\Installer\fee70c.msi
[2012/02/28 06:12:56 | 001,343,488 | ---- | M] () -- C:\Windows\Installer\fee712.msi
[2012/02/28 04:55:46 | 001,494,016 | ---- | M] () -- C:\Windows\Installer\fee718.msi
[2012/02/28 05:33:24 | 002,040,832 | ---- | M] () -- C:\Windows\Installer\fee71e.msi
[2012/02/28 06:03:32 | 001,528,832 | ---- | M] () -- C:\Windows\Installer\fee724.msi
[2012/02/28 04:39:28 | 001,426,432 | ---- | M] () -- C:\Windows\Installer\fee72a.msi
[2012/02/28 05:09:52 | 001,687,552 | ---- | M] () -- C:\Windows\Installer\fee730.msi
[2012/02/28 06:23:44 | 001,844,224 | ---- | M] () -- C:\Windows\Installer\fee736.msi
[2012/02/28 05:26:50 | 001,251,840 | ---- | M] () -- C:\Windows\Installer\fee73c.msi
[2012/02/28 05:41:30 | 001,237,504 | ---- | M] () -- C:\Windows\Installer\fee742.msi
[2012/02/28 06:08:08 | 004,044,288 | ---- | M] () -- C:\Windows\Installer\fee748.msi
[2012/02/29 08:44:48 | 001,669,632 | ---- | M] () -- C:\Windows\Installer\fee74e.msi
[2012/02/28 04:56:48 | 004,572,672 | ---- | M] () -- C:\Windows\Installer\fee754.msi
[2012/02/28 04:46:24 | 001,308,672 | ---- | M] () -- C:\Windows\Installer\fee75a.msi
[2012/02/28 05:47:34 | 001,574,400 | ---- | M] () -- C:\Windows\Installer\fee760.msi
[2012/02/28 06:17:12 | 002,455,552 | ---- | M] () -- C:\Windows\Installer\fee766.msi
[2012/02/28 06:25:04 | 001,415,680 | ---- | M] () -- C:\Windows\Installer\fee76c.msi
[2012/02/28 04:44:36 | 001,915,904 | ---- | M] () -- C:\Windows\Installer\fee772.msi
[2012/02/28 04:07:30 | 004,855,296 | ---- | M] () -- C:\Windows\Installer\fee77a.msi
[2012/02/28 04:07:30 | 002,807,296 | ---- | M] () -- C:\Windows\Installer\fee781.msi
[2012/02/28 05:53:46 | 001,254,400 | ---- | M] () -- C:\Windows\Installer\fee787.msi
[2012/02/28 04:40:08 | 012,037,120 | ---- | M] () -- C:\Windows\Installer\fee78d.msi
[2012/02/28 04:07:26 | 000,572,928 | ---- | M] () -- C:\Windows\Installer\fee79a.msi
[2012/02/28 04:07:26 | 003,990,528 | ---- | M] () -- C:\Windows\Installer\fee7b5.msi
[2012/04/02 01:31:17 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{05BFB060-4F22-4710-B0A2-2801A1B606C5}.SchedServiceConfig.rmi
[2012/06/19 21:04:48 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}.SchedServiceConfig.rmi
[26 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

< %windir%\system32\tasks\*.* >
[2012/09/21 20:05:12 | 000,003,768 | ---- | M] () -- C:\Windows\system32\tasks\Adobe Flash Player Updater
[2012/09/11 05:39:25 | 000,003,160 | ---- | M] () -- C:\Windows\system32\tasks\ASC5_AutoClean
[2012/09/11 05:39:26 | 000,003,348 | ---- | M] () -- C:\Windows\system32\tasks\ASC5_AutoUpdate
[2012/09/24 12:39:23 | 000,003,924 | ---- | M] () -- C:\Windows\system32\tasks\avast! Emergency Update
[2012/09/17 05:19:31 | 000,003,628 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore
[2012/09/17 05:19:32 | 000,003,880 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA
[2012/04/17 00:44:29 | 000,002,986 | ---- | M] () -- C:\Windows\system32\tasks\{0A40FC70-27EA-4398-9177-7B97C28E3F70}
[2012/09/02 06:54:21 | 000,003,384 | ---- | M] () -- C:\Windows\system32\tasks\{0B542090-CF62-4087-B37F-345098D78BAC}
[2012/05/12 03:11:13 | 000,003,136 | ---- | M] () -- C:\Windows\system32\tasks\{1A2AEEB7-C44F-471E-83A5-5609A3D021BA}
[2012/04/02 04:03:26 | 000,003,124 | ---- | M] () -- C:\Windows\system32\tasks\{245440E9-2397-43A0-9F87-AE913FC50015}
[2012/04/17 00:46:32 | 000,002,986 | ---- | M] () -- C:\Windows\system32\tasks\{45C65F9A-979C-4F44-A7CE-A0F17C8588AD}
[2012/05/12 03:42:38 | 000,003,442 | ---- | M] () -- C:\Windows\system32\tasks\{8E9D6399-8C63-4DDE-9D86-777706D226DA}
[2012/04/02 04:05:57 | 000,003,124 | ---- | M] () -- C:\Windows\system32\tasks\{8FAA5809-12B6-49D4-998B-BC236106C2CD}
[2012/09/02 06:54:20 | 000,003,384 | ---- | M] () -- C:\Windows\system32\tasks\{A502302F-D467-49F9-B604-7DEEBFAAFD8C}
[2012/04/17 00:44:55 | 000,002,986 | ---- | M] () -- C:\Windows\system32\tasks\{A80EBC2F-1092-4169-BAFA-8FB4FCD1626D}
[2012/04/17 00:46:24 | 000,002,986 | ---- | M] () -- C:\Windows\system32\tasks\{B59F94E0-58C4-42B1-9F9E-AA53A0854A95}

< %systemroot%\Fonts\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2011/12/12 00:51:11 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/21 05:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/12/12 01:53:34 | 002,641,920 | ---- | M] (Microsoft Corporation) MD5=B26009693A366319530847332C010E99 -- C:\Windows\explorer.exe
[2011/12/12 01:53:34 | 002,641,920 | ---- | M] (Microsoft Corporation) MD5=B26009693A366319530847332C010E99 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2012/08/30 14:11:18 | 003,694,616 | ---- | M] (Safer-Networking Ltd.) MD5=F285BBA4744BA4CCF351E415464D4B6B -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe

< MD5 for: REGEDIT.EXE >
[2011/12/07 10:19:06 | 000,565,760 | ---- | M] (Microsoft Corporation) MD5=0A4CD1129D364D938B7BC579B6C0E183 -- C:\Windows\regedit.exe
[2009/07/14 09:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe

< MD5 for: SVCHOST.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011/12/04 22:56:09 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=A91A288C91F9D9F1CFA4FAA9893C4D55 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25b\svchost.exe
[2011/12/04 22:56:09 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\erdnt\cache\svchost.exe
[2011/12/04 22:56:09 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\System32\svchost.exe
[2011/12/04 22:56:09 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/21 05:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010/11/21 05:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/21 05:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/21 05:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2011/12/04 23:46:58 | 000,287,232 | ---- | M] (Microsoft Corporation) MD5=7295110E1BF93885D29480D29D967E0F -- C:\Windows\erdnt\cache\winlogon.exe
[2011/12/04 23:46:58 | 000,287,232 | ---- | M] (Microsoft Corporation) MD5=7295110E1BF93885D29480D29D967E0F -- C:\Windows\System32\winlogon.exe
[2011/12/04 23:46:58 | 000,287,232 | ---- | M] (Microsoft Corporation) MD5=7295110E1BF93885D29480D29D967E0F -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.21820_none_72453a854c5ce5ad\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >
[2009/07/14 12:53:46 | 000,032,572 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 12:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012/04/05 04:08:25 | 000,000,880 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/04/05 04:08:25 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/07/22 21:49:49 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: BADONG-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B No Media
Volume 1 G DVD-ROM 0 B No Media
Volume 2 C NTFS Partition 97 GB Healthy System
Volume 3 D NTFS Partition 135 GB Healthy
Volume 4 F LaCie NTFS Partition 298 GB Healthy

========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:C25DC0ED
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:302A9871

< End of report >

#13 lakan_309

lakan_309
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 05 October 2012 - 05:11 PM

Here is the Extras.txt.


OTL Extras logfile created on: 10/6/2012 5:40:41 AM - Run 1
OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Lakan\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 64.56% Memory free
5.86 Gb Paging File | 4.36 Gb Available in Paging File | 74.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.66 Gb Total Space | 21.83 Gb Free Space | 22.36% Space Free | Partition Type: NTFS
Drive D: | 135.23 Gb Total Space | 84.48 Gb Free Space | 62.47% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 119.54 Gb Free Space | 40.10% Space Free | Partition Type: NTFS

Computer Name: BADONG-PC | User Name: Lakan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [takeownership] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
"AntiSpywareOverride" = 0
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 3

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CEED115-85ED-43E9-9F4E-297D3F4C9539}" = rport=137 | protocol=17 | dir=out | app=system |
"{0DAAB6B0-FB85-40DF-88CA-31AF0282FF5F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{100F03CE-5592-48D0-A54F-16551FE0E569}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1881DA57-E7D2-4106-8503-0A4C433203B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1EBE0014-57D4-4686-BE27-A56579479797}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{26A7B4FC-96BC-4CAC-BB72-F409E72CE773}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{28DE46DA-84D1-4C65-B0C2-18B24B8776D2}" = rport=445 | protocol=6 | dir=out | app=system |
"{2E7B21E6-7095-4C6A-93AC-A32BB77BDB6A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{2F18E41C-330B-4140-AE06-6D7B6184C72E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{33E36472-E5A9-4C2C-A4DF-BDFA2C556BD0}" = lport=137 | protocol=17 | dir=in | app=system |
"{3F6A1AE5-2B7E-4565-AD6E-CBA802353F65}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{45AEE92A-50A4-4A61-874B-7094A0090FE7}" = lport=138 | protocol=17 | dir=in | app=system |
"{4C696251-7970-4425-A87D-80BFC6A0F06D}" = rport=138 | protocol=17 | dir=out | app=system |
"{59BEB9FB-AC75-4C81-A91F-0A6AB7CC3EC2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{61EF5EEF-8748-4623-94A7-F8063F988F24}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6B28A592-8CDA-40F1-9277-C72B82CDF181}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{752065EF-2870-4C99-8751-31E896FB5486}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{873C4B0F-9B39-4CFD-85FA-39FAE0F5B3D0}" = lport=139 | protocol=6 | dir=in | app=system |
"{8B9FF3EB-C156-45CA-AF63-B46D1723C1A6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8F0889F8-7604-4AC4-9C7A-567DAA04CB75}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8F9F0FF7-96A2-4735-9F80-0D952C6D308A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9703FB81-1032-4C17-BFDA-138251E33250}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A4191F38-97F4-45EA-A7C6-533E0DEBAE92}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A4F9DD1E-9ECB-4239-81DD-7DD0E4CBC126}" = rport=139 | protocol=6 | dir=out | app=system |
"{A8192545-95E3-4AD3-BC35-F63A17B1DCAA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B2B3725C-FDC5-4A45-A86D-2A5740B2FCEF}" = rport=2869 | protocol=6 | dir=out | app=system |
"{BB13E2F1-66BF-4649-B823-2206EDFA4553}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BC0CFA53-6219-41B6-B1FF-EEC4666AD866}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C3321A2C-463C-42EB-83FB-2A143CC9B500}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C4EB477B-1A76-4322-8E8C-FFCFC5B0CD02}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C728CDA6-E733-4F96-A389-7826BF2AEAA0}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D9729937-CD40-4BF2-97C0-F2969CCA1DEA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DE23DC86-2CD9-44E1-B717-24ABB2AA2CA9}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FCEC3601-2522-4104-93F5-1860523AAAF5}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07F8E3A9-D2A3-4811-AD89-1A7BCBB32F00}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{1E8D0C4F-0F9D-40D1-B0E6-0D0D238A25C0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1FDEA8CA-0911-4DB8-BC78-18599448B244}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{222131A4-8F3A-4654-A3BA-90498E0B6BE6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{2B77CEA1-B568-419F-A29D-AC3E5765AFAD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{429FA209-68B1-4109-B2E2-1B8C8A15F1B9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{42C6BA29-839F-433A-BCCF-CB65B1BBDC06}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{49E0E85B-0F83-42B0-A1BA-DC09AEE02F07}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{53DA3BD1-0A7B-4AAE-808A-C2B4F4D712C3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5BE2FA81-055F-4757-BACC-083F6D26857E}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{5E503CE6-E9F9-45E2-B4D8-8318202B8040}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{5F4B2529-F61C-47F2-B941-7F792B08C011}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6A04A4D4-14AC-43FD-B690-9386D20DA188}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6D836789-3C06-46D7-8043-5F7E049C0E7C}" = protocol=6 | dir=out | app=system |
"{767D9F77-66EA-4F79-9732-D3DF7B3D0309}" = protocol=17 | dir=in | app=c:\users\lakan\appdata\local\google\chrome\application\chrome.exe |
"{7BEBD304-DD48-4446-BB3C-58E20545B25C}" = protocol=6 | dir=in | app=c:\users\lakan\appdata\local\google\chrome\application\chrome.exe |
"{7DA55CF2-A4E5-4E07-A307-DE98E6B1DD93}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{808A8AEE-1452-472C-9DB8-B86D6A27A11F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{84904615-9480-4E3E-9131-2DA272FFC9FD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{87445641-5357-4812-8C7A-B3756A6F6303}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{98634BFF-5C26-4683-93C4-E72B84944018}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9A94719E-6723-4056-AA5F-1CB205F99987}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A016EAA3-E4C7-4697-978A-B2F43A674073}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A2266250-73BB-4753-A759-0430337AA11A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A53DCE21-E232-4ABC-9339-875900E10AD6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A76BD8F4-0BD2-464D-B6A4-6374FD1F9CFA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A9E45627-BF6E-4E0C-BD93-E377B1ED17AC}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{AB0064D3-757F-4CFD-9DE7-50071745488D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AE91B050-4777-4AFE-8911-15DB8910F922}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B3E40DC4-D453-4815-A1BB-354BC303AE18}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{BFF8F83E-DD42-4612-8081-9B911136FCD0}" = protocol=6 | dir=in | app=c:\users\lakan\appdata\roaming\dropbox\bin\dropbox.exe |
"{C702D1B6-3CCB-4C9A-9FC3-82A958E61EE9}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C7E627F3-87F6-4D13-8AB3-D4F37CE35F4F}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{CC76D393-3ECF-4D1A-B14C-DC0341E8137F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{D1845E42-98CB-4FA0-B6AE-6EA2C715734B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DDC024AE-6DB8-4CAA-A171-52774658FD44}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{DF9C8048-9802-44ED-AB30-5E0FB239EEC3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EB58DE09-1A40-4D90-8CC8-DF2E876F46A2}" = dir=in | app=c:\users\lakan\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{F30A6652-D44E-4E78-936A-55E6464D3627}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD051D18-F251-4A44-998F-05F28C6D681B}" = protocol=17 | dir=in | app=c:\users\lakan\appdata\roaming\dropbox\bin\dropbox.exe |
"{FD7610EB-6AE6-4962-9858-B5A337D51F6B}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"TCP Query User{5086B611-53B6-4D6E-84FD-C0472E45DA1C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{7362BD96-CD8E-4B88-9AF3-AB74C9FEDDD2}C:\users\lakan\appdata\local\temp\orainstall2012-05-18_06-46-08am\jdk\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\lakan\appdata\local\temp\orainstall2012-05-18_06-46-08am\jdk\jre\bin\javaw.exe |
"TCP Query User{A13E6561-6CC1-472F-A04A-05A1D7D00044}H:\app\lakan\product\11.1.0\db_1\jdk\jre\bin\java.exe" = protocol=6 | dir=in | app=h:\app\lakan\product\11.1.0\db_1\jdk\jre\bin\java.exe |
"TCP Query User{A3729F01-5E55-474A-8ED7-DD421EEA29D1}C:\program files\spybot - search & destroy 2\sdfiles.exe" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy 2\sdfiles.exe |
"TCP Query User{B6315439-C288-46DC-AAAD-DC9C01C1610C}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{BE2641AE-5132-41B3-A009-9C0B68CC201B}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{C3D27C66-01F7-475E-B117-F238F33C5921}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{D1B75629-2D9A-435C-8497-56CDFB2E90E8}D:\gatling gears\game\gatlinggears\gatlinggears.exe" = protocol=6 | dir=in | app=d:\gatling gears\game\gatlinggears\gatlinggears.exe |
"TCP Query User{E03A7297-5331-4C20-A95A-98B02E3297FA}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{E33BCBE3-5081-4FA1-A42F-5D51FE4B60F7}D:\gatling gears\game\gatlinggears\gatlinggears.exe" = protocol=6 | dir=in | app=d:\gatling gears\game\gatlinggears\gatlinggears.exe |
"UDP Query User{02D7349E-3280-47CF-8A31-3DC427E107A0}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{2DFB3B2C-ED13-4D9F-91F5-DA76E0E85572}C:\program files\spybot - search & destroy 2\sdfiles.exe" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy 2\sdfiles.exe |
"UDP Query User{4FD33F23-D6FE-49FD-85CA-8508EA626CD5}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{99C421E1-F56A-4C62-AA9C-B0643813FA92}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{9CF81729-C33E-4876-AB2F-74074D3B2E3F}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{9D4E7EFC-F081-4C82-9EF5-8BC6A9F6E407}C:\users\lakan\appdata\local\temp\orainstall2012-05-18_06-46-08am\jdk\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\lakan\appdata\local\temp\orainstall2012-05-18_06-46-08am\jdk\jre\bin\javaw.exe |
"UDP Query User{A444A84B-4FF7-4198-8778-F336715262F2}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{B4DD932D-6AC6-4B58-A424-83D7B474D5B2}H:\app\lakan\product\11.1.0\db_1\jdk\jre\bin\java.exe" = protocol=17 | dir=in | app=h:\app\lakan\product\11.1.0\db_1\jdk\jre\bin\java.exe |
"UDP Query User{F0AD6507-05D7-431E-8CC2-64E001BD25FF}D:\gatling gears\game\gatlinggears\gatlinggears.exe" = protocol=17 | dir=in | app=d:\gatling gears\game\gatlinggears\gatlinggears.exe |
"UDP Query User{FF31879B-7DB4-4D35-BAF4-3A1B4C96C4EC}D:\gatling gears\game\gatlinggears\gatlinggears.exe" = protocol=17 | dir=in | app=d:\gatling gears\game\gatlinggears\gatlinggears.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"_{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822}" = CorelDRAW Graphics Suite X6
"_{B92076C0-C5FE-4DB1-AA8D-855430CDF098}" = Corel Graphics - Windows Shell Extension
"{0084B0C3-F376-42E3-804A-885D249282BD}" = CorelDRAW Graphics Suite X6 - IPM
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C93D216-E9C1-4089-807F-D2E10ED1630E}" = CorelDRAW Graphics Suite X6 - EN
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23170F69-40C1-2701-0925-000001000000}" = 7-Zip 9.25
"{24CD85A3-6562-4C24-8257-27826C7CF7FE}" = O&O Defrag Professional
"{25D69CEE-3EE2-47FD-9A0E-5013240EC953}" = CorelDRAW Graphics Suite X6 - Common
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.2.3446
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{318FF3D7-0C40-483B-AF92-AF36416B0AC6}" = CorelDRAW Graphics Suite X6 - Writing Tools
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41A63ADA-088B-1C2D-43B3-E4087FE79881}" = Pixlr-o-matic
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C1C6DF-ADD5-4FD3-99EB-E6EE020ABA7E}" = Microsoft Camera Codec Pack
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D6E6D53-49DD-43D2-843B-E725D402D43C}" = Your Uninstaller! Pro 7.3.2011.02 Multilanguage
"{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822}" = CorelDRAW Graphics Suite X6 - Setup Files
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{579CA850-B2C3-43F3-A3F6-3A0AE42E8225}" = CorelDRAW Graphics Suite X6 - FontNav
"{603C6570-2BA1-4FC6-8735-7EFA6D1F6F61}" = CorelDRAW Graphics Suite X6 - Custom Data
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62BEC144-7029-4BF4-B3F2-FA231FB9F84B}" = CorelDRAW Graphics Suite X6 - Redist
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.9
"{67E4EF06-E0D6-42E0-A2BA-67199B0143FB}_is1" = Windows Media Player Plus! 1.1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6F53FB68-6620-423E-B7CD-B8205655B421}" = CorelDRAW Graphics Suite X6 - PHOTO-PAINT
"{709D0207-B1F8-4ADC-BB2F-CDBE2367A475}_is1" = TweakMe!
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74FA94F1-9566-4252-9372-E7EAFFEFE209}" = CorelDRAW Graphics Suite X6 - Capture
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A2FF332-E4F6-4D87-9EBD-EDFF1216490F}" = CorelDRAW Graphics Suite X6 - Filters
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7CCD75BD-5528-4FE1-90D2-392D661A2BF1}" = CorelDRAW Graphics Suite X6 - VSTA
"{7F9F6864-8CAB-440C-AF44-030D0135666D}" = CorelDRAW Graphics Suite X6
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{879E2460-18F9-48F2-B736-4E814A699504}" = CorelDRAW Graphics Suite X6 - VBA
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0070-0000-0000-4000000FF1CE}" = Microsoft Visual Basic for Applications 7.1 (x86)
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9507C52B-E482-4914-85A6-D4786ADD3512}" = Foxit Reader
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Touch Pad Driver
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B92076C0-C5FE-4DB1-AA8D-855430CDF098}" = Corel Graphics - Windows Shell Extension
"{BAB89D31-4C55-472B-8909-6CBE2CC276B1}" = Microsoft Visual Basic for Applications 7.1 (x86) English
"{BBD363AA-3F9E-4569-8A52-D1DEECCF5121}" = SoundPackager
"{C5262276-0075-498B-B80F-7D997482E4DB}" = CorelDRAW Graphics Suite X6 - Draw
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D34598D1-07B8-4EB6-AD9A-DBDF58FFC19F}" = Adobe Shockwave Player 11.6
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4A17D31-2F7B-4682-AD57-467021452909}" = CorelDRAW Graphics Suite X6 - Photozoom Plugin
"{D4EFC6B7-3DA5-400D-9682-9BE287A5440E}" = CorelDRAW Graphics Suite X6 - Connect
"{D7E7F159-6E3A-47ED-A939-FDA257503D3A}" = Shutdown Scheduler
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{DDFEB503-D662-4224-82C9-37A5698FDC25}" = CorelDRAW Graphics Suite X6 - VideoBrowser
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6CBC979-E613-49E6-A37B-3C342DE35235}_is1" = PDF to Word
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"ASIO4ALL" = ASIO4ALL
"Autorun Virus Remover_is1" = Autorun Virus Remover 3.2
"avast" = avast! Free Antivirus
"Bejeweled 31.0" = Bejeweled 3
"BurnAware Free_is1" = BurnAware Free 4.2
"CDisplay_is1" = CDisplay 1.8
"DAEMON Tools Lite" = DAEMON Tools Lite
"EPSON Printer and Utilities" = EPSON Printer Software
"ESET Online Scanner" = ESET Online Scanner v3
"EssentialPIM" = EssentialPIM
"Free Studio_is1" = Free Studio version 5.6.3.706
"GIMP-2_is1" = GIMP 2.8.0
"Guitar FX BOX 2.6" = Guitar FX BOX 2.6
"KaraFun Player_is1" = KaraFun Player
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.0.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 16.0 (x86 en-US)" = Mozilla Firefox 16.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PhotoScape" = PhotoScape
"Pixlromatic" = Pixlr-o-matic
"Recuva" = Recuva
"SoundPackager" = SoundPackager
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 DeLuXe Edition (32 Bit)
"WordWeb" = WordWeb
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Chikka Messenger" = Chikka Messenger
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/4/2012 5:10:39 PM | Computer Name = Badong-PC | Source = SmartPower | ID = 0
Description = SmartPower configuration specifies Hibernate as the target power state,
but Hibernate is not enabled on this machine. SmartPower will not alter the power
state of this machine until the configuration is corrected.

Error - 10/4/2012 9:40:25 PM | Computer Name = Badong-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/4/2012 9:41:13 PM | Computer Name = Badong-PC | Source = SmartPower | ID = 0
Description = SmartPower configuration specifies Hibernate as the target power state,
but Hibernate is not enabled on this machine. SmartPower will not alter the power
state of this machine until the configuration is corrected.

Error - 10/4/2012 11:44:17 PM | Computer Name = Badong-PC | Source = SmartPower | ID = 0
Description = SmartPower configuration specifies Hibernate as the target power state,
but Hibernate is not enabled on this machine. SmartPower will not alter the power
state of this machine until the configuration is corrected.

Error - 10/4/2012 11:44:24 PM | Computer Name = Badong-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/5/2012 9:27:13 AM | Computer Name = Badong-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/5/2012 9:27:53 AM | Computer Name = Badong-PC | Source = SmartPower | ID = 0
Description = SmartPower configuration specifies Hibernate as the target power state,
but Hibernate is not enabled on this machine. SmartPower will not alter the power
state of this machine until the configuration is corrected.

Error - 10/5/2012 5:04:44 PM | Computer Name = Badong-PC | Source = SDFSSvc.exe | ID = 0
Description =

Error - 10/5/2012 5:05:12 PM | Computer Name = Badong-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/5/2012 5:05:48 PM | Computer Name = Badong-PC | Source = SmartPower | ID = 0
Description = SmartPower configuration specifies Hibernate as the target power state,
but Hibernate is not enabled on this machine. SmartPower will not alter the power
state of this machine until the configuration is corrected.

[ Media Center Events ]
Error - 7/26/2012 10:37:59 AM | Computer Name = Badong-PC | Source = MCUpdate | ID = 0
Description = 10:37:59 PM - Error connecting to the internet. 10:37:59 PM - Unable
to contact server..

Error - 7/26/2012 10:38:13 AM | Computer Name = Badong-PC | Source = MCUpdate | ID = 0
Description = 10:38:05 PM - Error connecting to the internet. 10:38:05 PM - Unable
to contact server..

Error - 7/31/2012 8:02:38 AM | Computer Name = Badong-PC | Source = MCUpdate | ID = 0
Description = 8:02:31 PM - Error connecting to the internet. 8:02:31 PM - Unable
to contact server..

Error - 8/5/2012 4:52:49 PM | Computer Name = Badong-PC | Source = MCUpdate | ID = 0
Description = 4:52:49 AM - Failed to retrieve Directory (Error: The remote name
could not be resolved: 'data.tvdownload.microsoft.com')

Error - 8/5/2012 4:54:40 PM | Computer Name = Badong-PC | Source = MCUpdate | ID = 0
Description = 4:54:34 AM - Error connecting to the internet. 4:54:34 AM - Unable
to contact server..

Error - 8/9/2012 3:50:26 AM | Computer Name = Badong-PC | Source = MCUpdate | ID = 0
Description = 3:50:21 PM - Error connecting to the internet. 3:50:21 PM - Unable
to contact server..

Error - 8/12/2012 10:38:01 PM | Computer Name = Badong-PC | Source = MCUpdate | ID = 0
Description = 10:37:53 AM - Error connecting to the internet. 10:37:53 AM - Unable
to contact server..

Error - 8/12/2012 11:40:09 PM | Computer Name = Badong-PC | Source = MCUpdate | ID = 0
Description = 11:40:08 AM - Error connecting to the internet. 11:40:08 AM - Unable
to contact server..

Error - 8/13/2012 3:14:04 AM | Computer Name = Badong-PC | Source = MCUpdate | ID = 0
Description = 3:14:03 PM - Error connecting to the internet. 3:14:03 PM - Unable
to contact server..

Error - 8/13/2012 4:14:12 AM | Computer Name = Badong-PC | Source = MCUpdate | ID = 0
Description = 4:14:11 PM - Error connecting to the internet. 4:14:11 PM - Unable
to contact server..

[ System Events ]
Error - 7/18/2012 6:22:24 PM | Computer Name = Badong-PC | Source = Service Control Manager | ID = 7000
Description = The Oracle ORCL VSS Writer Service service failed to start due to
the following error: %%2

Error - 7/19/2012 7:48:58 AM | Computer Name = Badong-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 7/19/2012 7:48:58 AM | Computer Name = Badong-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 7/19/2012 7:48:58 AM | Computer Name = Badong-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 7/19/2012 7:48:58 AM | Computer Name = Badong-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 7/19/2012 7:48:58 AM | Computer Name = Badong-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 7/19/2012 7:48:58 AM | Computer Name = Badong-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 7/19/2012 7:48:58 AM | Computer Name = Badong-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 7/19/2012 7:48:58 AM | Computer Name = Badong-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 7/19/2012 7:48:58 AM | Computer Name = Badong-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.


< End of report >

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:34 PM

Posted 06 October 2012 - 07:59 AM

Please remove the current version of OTL.exe we have indentified some technical issue with that version.

Refer to my instructions in post No 9. Download the version now available.

When you run it it will be reported as
OTL by OldTimer - Version 3.2.69.2 which has been used and tested.

Post the log.

#15 lakan_309

lakan_309
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 07 October 2012 - 04:27 PM

New otl log:


OTL logfile created on: 10/8/2012 5:14:29 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lakan\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 58.84% Memory free
5.86 Gb Paging File | 4.32 Gb Available in Paging File | 73.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.66 Gb Total Space | 20.49 Gb Free Space | 20.99% Space Free | Partition Type: NTFS
Drive D: | 135.23 Gb Total Space | 84.48 Gb Free Space | 62.47% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 119.54 Gb Free Space | 40.10% Space Free | Partition Type: NTFS
Drive I: | 14.90 Gb Total Space | 11.80 Gb Free Space | 79.21% Space Free | Partition Type: FAT32

Computer Name: BADONG-PC | User Name: Lakan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Lakan\Downloads\NoAutorunwin32bin11225zip\NoAutorun.exe (http://sf.net/projects/noautorun/)
PRC - C:\Users\Lakan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Program Files\Ignatu Software\SmartPower\SmartPower.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Users\Lakan\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Lakan\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll ()
MOD - C:\Users\Lakan\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll ()
MOD - C:\Users\Lakan\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll ()
MOD - C:\Users\Lakan\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll ()
MOD - C:\Program Files\Yahoo!\Messenger\yui.dll ()
MOD - C:\Program Files\Yahoo!\Messenger\pcre.dll ()
MOD - C:\Program Files\Notepad++\NppShell_04.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()


========== Services (SafeList) ==========

SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (OracleVssWriterORCL) -- H:\app\Lakan\product\11.1.0\db_1\bin\OraVSSW.exe ORCL File not found
SRV - (OracleServiceORCL) -- h:\app\lakan\product\11.1.0\db_1\bin\ORACLE.EXE ORCL File not found
SRV - (OracleOraDb11g_home1TNSListener) -- H:\app\Lakan\product\11.1.0\db_1\BIN\TNSLSNR File not found
SRV - (OracleJobSchedulerORCL) -- h:\app\lakan\product\11.1.0\db_1\Bin\extjob.exe ORCL File not found
SRV - (OracleDBConsoleorcl) -- H:\app\Lakan\product\11.1.0\db_1\bin\nmesrvc.exe File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdvancedSystemCareService5) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (SmartPower) -- C:\Program Files\Ignatu Software\SmartPower\SmartPower.exe ()
SRV - (OODefragAgent) -- C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (catchme) -- C:\Users\Lakan\AppData\Local\Temp\catchme.sys File not found
DRV - (alfhvszx) -- File not found
DRV - (SMR311) -- C:\Windows\System32\drivers\SMR311.SYS (Symantec Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (s115mgmt) -- C:\Windows\System32\drivers\s115mgmt.sys (MCCI Corporation)
DRV - (s115obex) -- C:\Windows\System32\drivers\s115obex.sys (MCCI Corporation)
DRV - (s115mdm) -- C:\Windows\System32\drivers\s115mdm.sys (MCCI Corporation)
DRV - (s115mdfl) -- C:\Windows\System32\drivers\s115mdfl.sys (MCCI Corporation)
DRV - (s115bus) -- C:\Windows\System32\drivers\s115bus.sys (MCCI Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 53 5B 2D 38 C4 83 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://ekgrpapplications.emirates.com/Careersonlineapps/WEB_GN/PersonalDetails.aspx"
FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466
FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:16.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Lakan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files\WordWeb\WCaptureMoz [2012/04/02 00:46:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/24 05:24:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/26 04:20:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/04/02 00:49:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lakan\AppData\Roaming\Mozilla\Extensions
[2012/09/26 04:20:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lakan\AppData\Roaming\Mozilla\Firefox\Profiles\jt11skm7.default\extensions
[2012/04/02 02:48:31 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Lakan\AppData\Roaming\Mozilla\Firefox\Profiles\jt11skm7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/09/26 04:20:28 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Lakan\AppData\Roaming\Mozilla\Firefox\Profiles\jt11skm7.default\extensions\testpilot@labs.mozilla.com.xpi
[2012/06/24 20:08:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/26 04:20:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/09/26 04:20:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/08/24 05:24:18 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/09/26 04:20:21 | 000,260,576 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/26 04:20:18 | 000,001,607 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2012/09/26 04:20:18 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/26 04:20:18 | 000,001,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2012/09/26 04:20:18 | 000,003,590 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012/09/26 04:20:18 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/09/26 04:20:18 | 000,001,391 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2012/09/26 04:20:18 | 000,001,309 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google English (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lakan\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lakan\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lakan\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_95.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\Program Files\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\Program Files\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Lakan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Lakan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Lakan\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Gmail = C:\Users\Lakan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/03 20:26:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [Remove32] C:\Windows\Temp\Remove32.exe RemoveBootFlow File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF 03 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 124
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Lakan\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lakan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: emirates.com ([groupworld] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 121.1.3.82 121.1.3.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66EAD72B-87A5-4160-9171-34674204816C}: DhcpNameServer = 121.1.3.82 121.1.3.20
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk F:\
O32 - AutoRun File - [2012/10/07 21:54:00 | 000,000,000 | RHS- | M] () - I:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/10/08 05:17:19 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/10/07 20:48:42 | 000,097,440 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SMR311.SYS
[2012/10/07 19:25:31 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\NPE
[2012/10/07 19:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/10/07 19:12:04 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{146460BB-010C-4985-9604-69FE97DF6EDC}
[2012/10/07 01:20:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lakan\Desktop\OTL.exe
[2012/10/06 19:11:26 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{5D2294D8-6C42-419E-9691-CD44F3439A65}
[2012/10/05 06:09:28 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{10B7D8AB-97B5-4AC5-8833-911F844C23F3}
[2012/10/04 05:23:18 | 000,000,000 | ---D | C] -- C:\USBNoRisk
[2012/10/03 20:37:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/03 20:37:23 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\temp
[2012/10/03 20:26:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/03 05:24:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/03 05:24:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/03 05:24:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/03 05:21:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/03 05:20:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/03 05:12:06 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{9BC1486B-2F19-4379-BC73-A52D3D97BF52}
[2012/10/02 04:30:05 | 004,759,935 | R--- | C] (Swearware) -- C:\Users\Lakan\Desktop\ComboFix.exe
[2012/10/01 21:48:27 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{5C1DC565-602B-485E-9F75-0A374E385CF6}
[2012/10/01 08:42:33 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{2DB04CB1-2394-49B5-B54F-5A8B19F5B859}
[2012/09/30 17:58:14 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{E937EDF3-38D3-41A9-B90F-9DC813DBA7A9}
[2012/09/29 23:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutorunRemover
[2012/09/29 23:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\AutorunRemover
[2012/09/29 22:47:52 | 000,000,000 | ---D | C] -- C:\Users\Lakan\Desktop\AutoRunExterminator-1.8
[2012/09/29 20:46:16 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{8C053346-C00A-4730-B7F2-C20801DC3190}
[2012/09/29 13:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/09/29 08:45:50 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{65288F5F-5D14-4909-9263-E5EAADCAD6D8}
[2012/09/29 06:35:21 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Roaming\SpeedyPC Software
[2012/09/29 06:35:21 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Roaming\DriverCure
[2012/09/29 06:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/09/28 20:45:23 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{229C037E-48B6-46AA-B337-DCFD0189706B}
[2012/09/28 00:16:32 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Lakan\Desktop\dds.com
[2012/09/27 23:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2012/09/27 23:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012/09/27 21:46:44 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/09/27 21:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/09/27 20:19:58 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{F1D7099D-85A9-4F47-A225-91D90951961B}
[2012/09/26 23:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/26 20:18:42 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{28661BC1-CDF2-4076-A045-ECA49D8B5A17}
[2012/09/26 12:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/09/26 12:02:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012/09/26 12:01:54 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2012/09/26 12:01:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2012/09/26 11:56:50 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2012/09/26 08:17:51 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{DC258928-40C9-4361-B9BF-4D580F424A0E}
[2012/09/25 20:17:12 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{9BD88E91-55D7-410A-8FFD-4B82B5A025DD}
[2012/09/25 05:32:50 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{8B08F169-7085-4B8B-8212-20E620D682A2}
[2012/09/24 18:28:29 | 000,000,000 | ---D | C] -- C:\Users\Lakan\Desktop\voters word
[2012/09/24 12:43:41 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{A9880FDD-AB5B-4BE0-9760-DD3D2C0DE95F}
[2012/09/24 10:51:04 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{5071D630-9B55-4606-B274-E6B1DBA4985E}
[2012/09/23 10:50:03 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{53E75FDD-BBE5-45C3-A4D9-05ABF7F85BA8}
[2012/09/23 05:28:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/23 05:28:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/23 05:28:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/23 05:28:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/23 05:28:06 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/23 05:28:04 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/23 05:28:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/23 05:28:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/22 22:49:34 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{FA0CA1C8-9C2B-4F59-BCEC-E818754493C6}
[2012/09/22 18:29:18 | 000,000,000 | ---D | C] -- C:\Users\Lakan\Desktop\Selected Pictures
[2012/09/22 10:48:54 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{DB088A14-CC5F-46C1-88CD-CAB62DF52411}
[2012/09/21 19:57:38 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{1DEB873E-5101-48E1-B95B-BAED6A74E05F}
[2012/09/21 05:12:36 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{728B41D5-6B8B-4DA7-87E8-BEE90A0FD09C}
[2012/09/20 13:50:28 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\GameHouse
[2012/09/20 13:50:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2012/09/20 13:47:43 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bejeweled 3
[2012/09/20 13:47:06 | 000,000,000 | ---D | C] -- C:\Windows\Bejeweled 3
[2012/09/20 13:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\Bejeweled 3
[2012/09/20 13:17:33 | 000,000,000 | ---D | C] -- C:\Users\Lakan\Documents\voters list
[2012/09/20 12:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF to Word
[2012/09/20 12:34:27 | 000,000,000 | ---D | C] -- C:\Users\Lakan\Documents\Quick-PDF PDF to Word
[2012/09/20 12:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\PDF to Word
[2012/09/20 11:56:07 | 000,000,000 | ---D | C] -- C:\Users\Lakan\Documents\ScanSoft PDF Converter 3.0
[2012/09/20 11:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2012/09/20 11:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSoft
[2012/09/20 10:16:51 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{3CE7AAD3-6021-4EE3-8D60-74B91F31FA80}
[2012/09/19 22:16:15 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{C6CD25D0-4358-4E20-A3AE-1E3CFAAB8467}
[2012/09/19 10:15:45 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{D29EF494-7D71-4476-8B87-5532760A1F6B}
[2012/09/18 21:28:20 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{03A762B1-FF0F-4527-B93F-B2D9EBA8EBBC}
[2012/09/18 19:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitstream
[2012/09/18 16:25:42 | 000,000,000 | ---D | C] -- C:\Users\Lakan\Documents\My Palettes
[2012/09/18 16:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis
[2012/09/18 16:16:25 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Roaming\Corel
[2012/09/18 14:08:47 | 000,000,000 | ---D | C] -- C:\Users\Lakan\Documents\Corel
[2012/09/18 14:08:35 | 000,000,000 | ---D | C] -- C:\Users\Lakan\Documents\Visual Studio 2008
[2012/09/18 14:06:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2012/09/18 14:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2012/09/18 14:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\gs
[2012/09/18 14:05:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2012/09/18 14:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
[2012/09/18 14:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2012/09/18 14:02:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel
[2012/09/18 14:00:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6
[2012/09/18 14:00:03 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2012/09/18 13:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\CorelDRAW Graphics Suite X6
[2012/09/18 09:27:45 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{33AC30E8-3843-4707-804E-E8E4E04524AC}
[2012/09/17 20:36:49 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{5C5FA807-0309-45B8-B56E-98115C06FEA6}
[2012/09/17 08:36:21 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{BAEABFC8-4261-42B1-8C05-D4CE14C958FF}
[2012/09/17 08:33:56 | 006,516,280 | ---- | C] (AVAST Software) -- C:\Program Files\AVAST Softwa
[2012/09/16 17:35:36 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{B5B76B17-187A-4CDD-8E63-8979A2C9060E}
[2012/09/16 14:21:24 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2012/09/16 14:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2
[2012/09/16 05:40:08 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012/09/16 05:40:04 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/09/16 05:40:04 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/09/16 05:40:01 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/09/16 05:35:10 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{07CFBD84-C57F-4C36-B855-07A9A7F64F79}
[2012/09/11 09:04:41 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{AF73488F-BB4E-4E60-A25B-F413BBC6D61E}
[2012/09/11 08:27:04 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{43D6E6B3-1F38-457B-AD35-052DCF4E8080}
[2012/09/11 06:06:08 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/09/11 06:05:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2012/09/11 06:02:43 | 000,022,400 | ---- | C] (IObit) -- C:\Windows\System32\RegistryDefragBootTime.exe
[2012/09/11 05:25:27 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Roaming\IObit
[2012/09/11 05:25:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5
[2012/09/11 05:25:14 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/09/10 20:26:40 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{72682504-BA9F-4BD8-8AD0-BDFDF42A19BF}
[2012/09/10 08:24:26 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{3BE88001-00F6-44F3-8B11-9A10FBD49B1B}
[2012/09/09 19:02:13 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{359E1E21-2154-4BBA-A3C6-6D75653C206E}
[2012/09/09 07:01:45 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{B038E991-D687-426A-8E66-A082DA093F50}
[2012/09/08 17:10:26 | 000,000,000 | ---D | C] -- C:\Users\Lakan\AppData\Local\{FEEAC1EC-8871-4FBA-A9B1-5AA638517DDA}

========== Files - Modified Within 30 Days ==========

[2012/10/08 05:19:19 | 000,000,005 | ---- | M] () -- C:\Users\Lakan\AppData\Roaming\mbam.context.scan
[2012/10/08 05:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/08 04:24:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/07 22:45:58 | 000,672,174 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/07 22:45:58 | 000,126,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/07 20:48:44 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\SMR311.dat
[2012/10/07 20:48:42 | 000,097,440 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SMR311.SYS
[2012/10/07 20:47:56 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/07 20:40:28 | 000,026,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/07 20:40:28 | 000,026,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/07 20:33:22 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012/10/07 20:31:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/07 20:31:04 | 000,514,223 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2012/10/07 19:51:32 | 000,132,597 | ---- | M] () -- C:\Users\Lakan\Desktop\Flash_Disinfector.exe
[2012/10/07 01:20:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lakan\Desktop\OTL.exe
[2012/10/06 06:56:16 | 000,439,591 | ---- | M] () -- C:\Users\Lakan\Desktop\Who may bear firearms (election).pdf
[2012/10/06 06:54:25 | 000,281,356 | ---- | M] () -- C:\Users\Lakan\Desktop\BATAS PAMBANSA BILANG 881 Omnibus Election Code.pdf
[2012/10/06 06:52:11 | 000,216,147 | ---- | M] () -- C:\Users\Lakan\Desktop\1987-Philippine-Constitution.pdf
[2012/10/04 08:05:18 | 000,001,238 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2012/10/03 20:26:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/03 05:20:36 | 004,759,935 | R--- | M] (Swearware) -- C:\Users\Lakan\Desktop\ComboFix.exe
[2012/09/29 23:49:25 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AutorunRemover.lnk
[2012/09/28 00:16:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Lakan\Desktop\dds.com
[2012/09/27 23:11:39 | 000,001,803 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012/09/27 21:46:44 | 000,002,963 | ---- | M] () -- C:\Users\Lakan\Desktop\HiJackThis.lnk
[2012/09/26 15:32:38 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/26 12:02:01 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012/09/24 12:39:22 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/09/24 12:39:20 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/09/21 20:05:09 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/09/21 20:05:09 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/09/20 13:47:43 | 000,001,880 | ---- | M] () -- C:\Users\Lakan\Desktop\Bejeweled 3.lnk
[2012/09/20 12:34:31 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\PDF to Word.lnk
[2012/09/20 12:34:31 | 000,000,063 | ---- | M] () -- C:\Users\Public\Desktop\Purchase PDF to Word.url
[2012/09/19 13:30:52 | 000,001,440 | ---- | M] () -- C:\Users\Lakan\AppData\Local\recently-used.xbel
[2012/09/19 05:20:28 | 000,483,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/18 14:05:29 | 000,002,267 | ---- | M] () -- C:\Users\Public\Desktop\Bitstream Font Navigator.lnk
[2012/09/18 14:03:02 | 000,002,313 | ---- | M] () -- C:\Users\Public\Desktop\Corel CONNECT X6.lnk
[2012/09/18 14:02:53 | 000,002,621 | ---- | M] () -- C:\Users\Public\Desktop\Corel CAPTURE X6.lnk
[2012/09/18 14:02:45 | 000,002,629 | ---- | M] () -- C:\Users\Public\Desktop\Corel PHOTO-PAINT X6.lnk
[2012/09/18 14:02:28 | 000,002,613 | ---- | M] () -- C:\Users\Public\Desktop\CorelDRAW X6.lnk
[2012/09/18 10:29:00 | 000,159,744 | ---- | M] () -- C:\Users\Lakan\Documents\GENERICA DISCOUNT CARD.pub
[2012/09/17 17:27:36 | 000,046,924 | ---- | M] () -- C:\Users\Lakan\Documents\DATELINE 09-15-12.rtf
[2012/09/16 14:21:24 | 000,001,104 | ---- | M] () -- C:\Users\Lakan\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2012/09/11 05:25:27 | 000,001,238 | ---- | M] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2012/09/11 05:25:27 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk

========== Files Created - No Company Name ==========

[2012/10/08 05:18:10 | 000,000,005 | ---- | C] () -- C:\Users\Lakan\AppData\Roaming\mbam.context.scan
[2012/10/07 20:48:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\SMR311.dat
[2012/10/07 19:51:05 | 000,132,597 | ---- | C] () -- C:\Users\Lakan\Desktop\Flash_Disinfector.exe
[2012/10/06 06:56:38 | 000,439,591 | ---- | C] () -- C:\Users\Lakan\Desktop\Who may bear firearms (election).pdf
[2012/10/06 06:54:47 | 000,281,356 | ---- | C] () -- C:\Users\Lakan\Desktop\BATAS PAMBANSA BILANG 881 Omnibus Election Code.pdf
[2012/10/06 06:52:35 | 000,216,147 | ---- | C] () -- C:\Users\Lakan\Desktop\1987-Philippine-Constitution.pdf
[2012/10/04 08:05:18 | 000,001,238 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2012/10/03 05:24:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/03 05:24:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/03 05:24:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/03 05:24:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/03 05:24:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/29 23:49:25 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\AutorunRemover.lnk
[2012/09/27 23:11:39 | 000,001,803 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012/09/27 21:46:44 | 000,002,963 | ---- | C] () -- C:\Users\Lakan\Desktop\HiJackThis.lnk
[2012/09/26 12:02:01 | 000,002,139 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012/09/26 12:02:01 | 000,002,127 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012/09/20 13:47:43 | 000,001,880 | ---- | C] () -- C:\Users\Lakan\Desktop\Bejeweled 3.lnk
[2012/09/20 12:34:31 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\PDF to Word.lnk
[2012/09/20 12:34:31 | 000,000,063 | ---- | C] () -- C:\Users\Public\Desktop\Purchase PDF to Word.url
[2012/09/19 13:30:52 | 000,001,440 | ---- | C] () -- C:\Users\Lakan\AppData\Local\recently-used.xbel
[2012/09/18 14:10:25 | 000,002,629 | ---- | C] () -- C:\Users\Public\Desktop\Corel PHOTO-PAINT X6.lnk
[2012/09/18 14:10:25 | 000,002,621 | ---- | C] () -- C:\Users\Public\Desktop\Corel CAPTURE X6.lnk
[2012/09/18 14:10:25 | 000,002,613 | ---- | C] () -- C:\Users\Public\Desktop\CorelDRAW X6.lnk
[2012/09/18 14:10:25 | 000,002,313 | ---- | C] () -- C:\Users\Public\Desktop\Corel CONNECT X6.lnk
[2012/09/18 14:10:25 | 000,002,267 | ---- | C] () -- C:\Users\Public\Desktop\Bitstream Font Navigator.lnk
[2012/09/17 17:27:36 | 000,046,924 | ---- | C] () -- C:\Users\Lakan\Documents\DATELINE 09-15-12.rtf
[2012/09/16 14:21:24 | 000,001,104 | ---- | C] () -- C:\Users\Lakan\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2012/09/11 16:00:01 | 000,159,744 | ---- | C] () -- C:\Users\Lakan\Documents\GENERICA DISCOUNT CARD.pub
[2012/09/11 05:25:27 | 000,001,238 | ---- | C] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2012/09/11 05:25:27 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
[2012/08/29 08:43:11 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2012/08/29 08:29:11 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Plug-In Settings
[2012/08/29 08:29:11 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Plants
[2012/08/29 08:29:11 | 000,000,268 | RH-- | C] () -- C:\Users\Lakan\AppData\Roaming\Pick Bass
[2012/08/29 08:29:11 | 000,000,268 | RH-- | C] () -- C:\Users\Lakan\AppData\Roaming\Pianos and Keyboards
[2012/08/29 08:29:11 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012/08/29 08:29:11 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012/08/29 08:29:11 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Receipts
[2012/08/29 08:29:11 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Quartz Composer
[2012/08/29 08:29:10 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Planets
[2012/08/29 08:29:10 | 000,000,268 | RH-- | C] () -- C:\Users\Lakan\AppData\Roaming\Piano Med
[2012/08/29 08:29:10 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012/08/29 08:29:10 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Profiles
[2012/07/24 14:03:20 | 000,186,460 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/04/04 20:33:30 | 000,488,448 | ---- | C] () -- C:\Windows\System32\apdfprintmon.dll
[2012/04/04 20:04:45 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2012/04/02 00:46:39 | 002,212,608 | ---- | C] () -- C:\Windows\System32\wweb32.dll
[2012/04/02 00:38:57 | 000,271,264 | ---- | C] () -- C:\Windows\System32\vbrun100.dll
[2012/04/02 00:38:57 | 000,210,944 | ---- | C] () -- C:\Windows\System32\msvcrt10.dll
[2012/04/02 00:29:53 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/04/02 00:29:51 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/04/02 00:29:51 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/04/02 00:29:51 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/12/05 03:25:52 | 000,421,376 | ---- | C] () -- C:\Windows\System32\W7TRunOnce.exe
[2011/12/04 23:14:44 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2011/02/11 23:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 23:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 23:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 22:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/02/11 22:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/11/21 05:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010/11/21 05:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== ZeroAccess Check ==========

[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2011/08/05 14:40:19 | 000,613,376 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2011/08/05 14:38:59 | 000,349,184 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/04/02 01:33:15 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\Chikka Messenger
[2012/09/11 06:03:07 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\DAEMON Tools Lite
[2012/04/02 00:40:29 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\doctor
[2012/09/29 06:35:21 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\DriverCure
[2012/07/24 08:01:30 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\Dropbox
[2012/08/12 10:27:10 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\DVDVideoSoft
[2012/08/12 10:27:21 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/09/11 14:44:57 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\EssentialPIM
[2012/07/26 13:48:14 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\EurekaLog
[2012/04/25 13:56:14 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\Foxit Software
[2012/09/01 21:15:34 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\Gatling Gears
[2012/04/14 20:53:07 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\Groovedown
[2012/06/04 00:28:07 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\gtk-2.0
[2012/09/16 05:57:10 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\IObit
[2012/08/29 08:32:19 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\Nikon
[2012/04/02 00:40:27 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\Notepad++
[2012/08/25 00:30:39 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\PhotoScape
[2012/04/07 19:19:20 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\Pixlromatic
[2012/04/04 20:11:56 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\PrimoPDF
[2012/06/20 17:30:57 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\SendSpace
[2012/09/04 15:43:48 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\Smilebox
[2012/09/29 06:35:21 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\SpeedyPC Software
[2012/04/07 14:19:42 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\Stardock
[2012/04/02 02:57:13 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\Synaptics
[2012/08/23 11:10:30 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\TypingMaster7
[2012/04/02 00:40:31 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\URSoft
[2012/10/08 03:13:46 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\uTorrent
[2012/04/02 21:11:52 | 000,000,000 | ---D | M] -- C:\Users\Lakan\AppData\Roaming\VS Revo Group

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2012/10/03 20:37:32 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012/09/11 09:00:38 | 000,000,000 | ---D | M] -- C:\Boot
[2009/07/14 12:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012/04/02 01:24:09 | 000,000,000 | ---D | M] -- C:\Intel
[2012/04/02 01:33:34 | 000,000,000 | ---D | M] -- C:\logs
[2012/08/09 15:43:05 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009/07/14 10:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/10/07 22:54:23 | 000,000,000 | ---D | M] -- C:\Program Files
[2012/10/07 20:48:49 | 000,000,000 | ---D | M] -- C:\ProgramData
[2012/10/03 20:37:28 | 000,000,000 | ---D | M] -- C:\Qoobox
[2012/04/02 00:26:08 | 000,000,000 | ---D | M] -- C:\Recovery
[2012/04/02 04:06:38 | 000,000,000 | ---D | M] -- C:\SwSetup
[2012/10/08 05:17:57 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/05/31 19:52:25 | 000,000,000 | ---D | M] -- C:\TEMP
[2012/10/04 05:45:30 | 000,000,000 | ---D | M] -- C:\USBNoRisk
[2012/04/06 17:03:24 | 000,000,000 | R--D | M] -- C:\Users
[2012/10/08 03:13:34 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %windir%\Installer\*.* >
[2012/07/23 14:07:19 | 000,461,312 | ---- | M] () -- C:\Windows\Installer\11096f1.msi
[2012/06/20 12:20:48 | 003,109,376 | ---- | M] () -- C:\Windows\Installer\1146809.msi
[2012/04/27 16:56:37 | 002,863,104 | ---- | M] () -- C:\Windows\Installer\118d015.msi
[2012/04/27 16:56:36 | 000,650,240 | ---- | M] () -- C:\Windows\Installer\118d01b.msi
[2012/04/27 16:56:39 | 001,800,704 | ---- | M] () -- C:\Windows\Installer\118d021.msi
[2012/04/27 16:56:44 | 001,802,240 | ---- | M] () -- C:\Windows\Installer\118d027.msi
[2012/04/27 16:56:58 | 001,804,800 | ---- | M] () -- C:\Windows\Installer\118d02d.msi
[2012/04/27 16:56:59 | 002,115,584 | ---- | M] () -- C:\Windows\Installer\118d033.msi
[2012/04/27 16:57:01 | 000,663,040 | ---- | M] () -- C:\Windows\Installer\118d039.msi
[2012/04/27 16:57:00 | 000,667,648 | ---- | M] () -- C:\Windows\Installer\118d03f.msi
[2012/04/27 16:57:00 | 000,656,896 | ---- | M] () -- C:\Windows\Installer\118d045.msi
[2012/04/27 16:57:00 | 000,650,240 | ---- | M] () -- C:\Windows\Installer\118d04b.msi
[2012/04/27 16:57:02 | 001,800,704 | ---- | M] () -- C:\Windows\Installer\118d051.msi
[2012/04/27 16:57:05 | 002,413,568 | ---- | M] () -- C:\Windows\Installer\118d057.msi
[2012/04/27 16:57:07 | 001,813,504 | ---- | M] () -- C:\Windows\Installer\118d05e.msi
[2012/04/27 16:57:07 | 000,650,240 | ---- | M] () -- C:\Windows\Installer\118d064.msi
[2012/04/27 16:57:09 | 001,810,944 | ---- | M] () -- C:\Windows\Installer\118d06a.msi
[2012/04/27 16:57:13 | 001,819,648 | ---- | M] () -- C:\Windows\Installer\118d070.msi
[2012/04/27 16:57:42 | 024,809,472 | ---- | M] () -- C:\Windows\Installer\118d078.msi
[2012/04/25 11:23:58 | 038,233,600 | ---- | M] () -- C:\Windows\Installer\123afb7.msi
[2012/04/07 19:20:20 | 000,032,256 | ---- | M] () -- C:\Windows\Installer\14e48f8.msi
[2012/03/15 17:11:26 | 001,989,632 | R--- | M] () -- C:\Windows\Installer\150e675.msp
[2012/03/15 17:11:30 | 066,812,928 | R--- | M] () -- C:\Windows\Installer\150e68e.msp
[2012/03/15 17:12:04 | 004,968,960 | R--- | M] () -- C:\Windows\Installer\150e6a7.msp
[2011/12/15 17:40:40 | 023,374,336 | R--- | M] () -- C:\Windows\Installer\150e6bf.msp
[2012/03/15 17:09:50 | 017,165,312 | R--- | M] () -- C:\Windows\Installer\150e6de.msp
[2012/01/19 17:37:24 | 008,999,936 | R--- | M] () -- C:\Windows\Installer\150e6eb.msp
[2012/04/23 14:32:14 | 003,460,096 | R--- | M] () -- C:\Windows\Installer\150e702.msp
[2012/01/22 14:09:26 | 001,700,352 | R--- | M] () -- C:\Windows\Installer\1569b92.msp
[2009/07/12 16:16:26 | 000,223,232 | ---- | M] () -- C:\Windows\Installer\162a50.msi
[2012/07/28 09:47:34 | 013,123,584 | R--- | M] () -- C:\Windows\Installer\169c489.msp
[2012/07/24 20:54:47 | 019,337,216 | ---- | M] () -- C:\Windows\Installer\19a3a51.msi
[2010/05/15 08:32:12 | 006,393,856 | ---- | M] () -- C:\Windows\Installer\1a6ddad.msi
[2012/04/24 21:40:08 | 000,746,496 | ---- | M] () -- C:\Windows\Installer\1a6ddb1.msi
[2012/05/31 01:47:20 | 020,403,200 | ---- | M] () -- C:\Windows\Installer\252603.msi
[2012/04/05 17:23:32 | 002,358,784 | ---- | M] () -- C:\Windows\Installer\252628.msi
[2012/05/24 18:34:48 | 009,547,776 | ---- | M] () -- C:\Windows\Installer\25262e.msi
[2012/04/05 17:27:02 | 002,323,456 | ---- | M] () -- C:\Windows\Installer\252634.msi
[2012/06/07 23:19:02 | 051,514,368 | ---- | M] () -- C:\Windows\Installer\252638.msi
[2011/04/29 03:28:46 | 011,056,128 | R--- | M] () -- C:\Windows\Installer\25ce3f.msp
[2011/04/29 03:28:12 | 016,972,800 | R--- | M] () -- C:\Windows\Installer\25ce4a.msp
[2011/10/16 18:38:36 | 100,966,912 | R--- | M] () -- C:\Windows\Installer\2670023.msp
[2012/03/21 09:57:52 | 001,591,808 | R--- | M] () -- C:\Windows\Installer\267003b.msp
[2012/03/21 09:58:06 | 000,133,120 | R--- | M] () -- C:\Windows\Installer\2670043.msp
[2011/10/27 02:46:00 | 011,580,928 | R--- | M] () -- C:\Windows\Installer\267005a.msp
[2011/10/27 02:49:42 | 010,427,392 | R--- | M] () -- C:\Windows\Installer\267006c.msp
[2011/10/27 02:49:36 | 016,245,760 | R--- | M] () -- C:\Windows\Installer\267007f.msp
[2011/10/27 02:47:50 | 010,328,064 | R--- | M] () -- C:\Windows\Installer\2670091.msp
[2011/10/27 02:46:54 | 001,833,472 | R--- | M] () -- C:\Windows\Installer\26700a8.msp
[2011/10/27 02:51:34 | 016,885,760 | R--- | M] () -- C:\Windows\Installer\26700c9.msp
[2011/10/27 02:51:46 | 000,592,896 | R--- | M] () -- C:\Windows\Installer\26700d1.msp
[2011/10/27 02:46:12 | 000,794,112 | R--- | M] () -- C:\Windows\Installer\26700e8.msp
[2012/02/17 07:50:50 | 001,236,480 | R--- | M] () -- C:\Windows\Installer\26700fe.msp
[2011/07/21 16:41:08 | 008,413,696 | R--- | M] () -- C:\Windows\Installer\2670115.msp
[2012/04/01 20:27:20 | 003,463,168 | R--- | M] () -- C:\Windows\Installer\267012c.msp
[2011/10/27 03:23:36 | 000,925,696 | R--- | M] () -- C:\Windows\Installer\2670135.msp
[2011/10/27 03:23:32 | 008,821,760 | R--- | M] () -- C:\Windows\Installer\267014c.msp
[2011/07/21 16:45:00 | 003,809,792 | R--- | M] () -- C:\Windows\Installer\2670163.msp
[2011/06/20 03:28:52 | 018,457,088 | R--- | M] () -- C:\Windows\Installer\267017c.msp
[2011/10/16 18:28:16 | 001,138,688 | R--- | M] () -- C:\Windows\Installer\2670193.msp
[2011/07/21 16:34:34 | 003,456,000 | R--- | M] () -- C:\Windows\Installer\26701ac.msp
[2011/07/21 16:36:40 | 066,808,320 | R--- | M] () -- C:\Windows\Installer\26701c5.msp
[2011/06/20 03:33:20 | 000,407,552 | R--- | M] () -- C:\Windows\Installer\26701dc.msp
[2012/03/07 19:03:14 | 023,710,208 | R--- | M] () -- C:\Windows\Installer\267020d.msp
[2012/03/07 19:01:28 | 001,907,712 | R--- | M] () -- C:\Windows\Installer\2670217.msp
[2012/02/09 11:27:42 | 000,206,848 | R--- | M] () -- C:\Windows\Installer\267022e.msp
[2012/01/05 10:21:26 | 004,964,864 | R--- | M] () -- C:\Windows\Installer\2670247.msp
[2011/07/21 16:43:06 | 000,027,648 | R--- | M] () -- C:\Windows\Installer\267025d.msp
[2011/10/27 02:45:40 | 066,426,368 | R--- | M] () -- C:\Windows\Installer\2670275.msp
[2011/11/18 22:52:34 | 009,183,232 | R--- | M] () -- C:\Windows\Installer\267028f.msp
[2012/04/26 20:34:32 | 002,118,144 | ---- | M] () -- C:\Windows\Installer\26721a.msi
[2011/12/26 09:06:20 | 005,115,392 | R--- | M] () -- C:\Windows\Installer\2a20af.msp
[2011/10/26 19:38:54 | 002,830,848 | R--- | M] () -- C:\Windows\Installer\2a20c5.msp
[2012/04/02 01:32:17 | 000,020,480 | ---- | M] () -- C:\Windows\Installer\2a222b.mst
[2011/11/22 03:07:36 | 017,191,936 | ---- | M] () -- C:\Windows\Installer\2a222c.msp
[2005/04/11 23:47:44 | 003,443,712 | ---- | M] () -- C:\Windows\Installer\30e1778.msi
[2012/07/19 20:42:26 | 019,361,792 | R--- | M] () -- C:\Windows\Installer\30e17d9.msp
[2012/07/19 20:47:55 | 000,021,504 | ---- | M] () -- C:\Windows\Installer\30e1832.msi
[2012/09/17 05:19:23 | 000,025,600 | ---- | M] () -- C:\Windows\Installer\34ea46.msi
[2012/04/07 14:19:33 | 000,273,920 | ---- | M] () -- C:\Windows\Installer\3bec38.msi
[2012/04/04 21:32:41 | 016,613,376 | R--- | M] () -- C:\Windows\Installer\40247f.msp
[2011/11/22 03:07:36 | 017,191,936 | R--- | M] () -- C:\Windows\Installer\439d5.msp
[2012/05/25 11:25:16 | 023,771,136 | R--- | M] () -- C:\Windows\Installer\549a7.msp
[2012/07/04 07:59:50 | 000,261,120 | R--- | M] () -- C:\Windows\Installer\5d7cd.msp
[2012/07/04 07:58:24 | 006,163,456 | R--- | M] () -- C:\Windows\Installer\5d7e5.msp
[2012/07/04 08:01:26 | 009,082,368 | R--- | M] () -- C:\Windows\Installer\5d7fc.msp
[2012/07/04 08:09:58 | 001,284,096 | R--- | M] () -- C:\Windows\Installer\5d813.msp
[2012/07/04 08:12:56 | 004,772,352 | R--- | M] () -- C:\Windows\Installer\5d82b.msp
[2012/07/04 08:04:30 | 001,292,288 | R--- | M] () -- C:\Windows\Installer\5d835.msp
[2012/07/19 02:45:30 | 003,464,704 | R--- | M] () -- C:\Windows\Installer\5d84c.msp
[2012/09/27 20:41:36 | 001,402,880 | ---- | M] () -- C:\Windows\Installer\600e28.msi
[2011/03/04 13:28:44 | 023,081,472 | R--- | M] () -- C:\Windows\Installer\60578.msp
[2011/04/29 00:26:42 | 003,994,624 | R--- | M] () -- C:\Windows\Installer\60626.msp
[2011/04/29 00:27:46 | 014,467,072 | R--- | M] () -- C:\Windows\Installer\60637.msp
[2011/04/29 00:33:30 | 425,345,024 | R--- | M] () -- C:\Windows\Installer\607ac.msp
[2011/04/29 00:27:58 | 000,608,768 | R--- | M] () -- C:\Windows\Installer\607b3.msp
[2011/04/29 00:34:24 | 011,155,456 | R--- | M] () -- C:\Windows\Installer\607bc.msp
[2012/08/29 22:39:12 | 003,463,680 | R--- | M] () -- C:\Windows\Installer\6bba7f.msp
[2012/04/22 22:37:42 | 001,182,720 | R--- | M] () -- C:\Windows\Installer\7304b.msp
[2012/03/15 13:43:28 | 004,216,320 | R--- | M] () -- C:\Windows\Installer\73054.msp
[2012/05/17 02:58:50 | 003,462,144 | R--- | M] () -- C:\Windows\Installer\7306a.msp
[2012/04/02 02:12:13 | 024,054,272 | ---- | M] () -- C:\Windows\Installer\75011.msi
[2011/04/07 10:43:30 | 123,313,664 | R--- | M] () -- C:\Windows\Installer\75020.msp
[2012/09/01 09:17:16 | 000,877,056 | ---- | M] () -- C:\Windows\Installer\7672b1.msi
[2012/09/01 09:19:47 | 000,179,200 | ---- | M] () -- C:\Windows\Installer\7672c1.msi
[2012/06/20 02:06:38 | 001,839,104 | R--- | M] () -- C:\Windows\Installer\7d0297.msp
[2012/06/25 17:02:18 | 002,460,672 | ---- | M] () -- C:\Windows\Installer\7d029f.msi
[2012/04/05 01:54:48 | 008,301,056 | R--- | M] () -- C:\Windows\Installer\7d02b7.msp
[2012/04/05 01:56:02 | 002,820,096 | R--- | M] () -- C:\Windows\Installer\7d02ce.msp
[2012/06/20 02:00:10 | 003,461,120 | R--- | M] () -- C:\Windows\Installer\7d02e5.msp
[2012/06/20 01:29:46 | 005,262,848 | R--- | M] () -- C:\Windows\Installer\7d02ff.msp
[2011/06/07 04:45:15 | 002,318,848 | ---- | M] () -- C:\Windows\Installer\864b1.msi
[2012/01/04 01:44:25 | 015,929,344 | R--- | M] () -- C:\Windows\Installer\864b2.msp
[2012/04/02 00:56:55 | 005,476,352 | ---- | M] () -- C:\Windows\Installer\864b6.msi
[2012/04/02 00:55:14 | 009,433,088 | ---- | M] () -- C:\Windows\Installer\864ba.msi
[2012/04/02 00:55:20 | 004,426,240 | R--- | M] () -- C:\Windows\Installer\864c9.msp
[2012/04/02 00:55:36 | 007,710,720 | ---- | M] () -- C:\Windows\Installer\864cd.msi
[2012/04/02 00:55:41 | 002,932,224 | R--- | M] () -- C:\Windows\Installer\864e1.msp
[2012/04/02 00:55:57 | 004,680,704 | ---- | M] () -- C:\Windows\Installer\864e5.msi
[2012/04/02 00:56:02 | 002,343,936 | ---- | M] () -- C:\Windows\Installer\864e9.msi
[2012/04/02 00:56:08 | 001,850,368 | ---- | M] () -- C:\Windows\Installer\864ed.msi
[2012/04/02 00:56:12 | 000,147,968 | ---- | M] () -- C:\Windows\Installer\864f1.msi
[2012/04/02 00:56:16 | 000,429,056 | ---- | M] () -- C:\Windows\Installer\864f5.msi
[2012/04/02 00:56:21 | 000,136,704 | R--- | M] () -- C:\Windows\Installer\864fa.msp
[2012/04/02 00:56:27 | 004,004,864 | ---- | M] () -- C:\Windows\Installer\864fe.msi
[2012/04/02 00:56:32 | 001,139,712 | R--- | M] () -- C:\Windows\Installer\8650a.msp
[2012/04/02 00:57:00 | 002,310,656 | ---- | M] () -- C:\Windows\Installer\8650e.msi
[2012/04/02 00:57:04 | 000,715,264 | R--- | M] () -- C:\Windows\Installer\86516.msp
[2012/04/02 00:57:11 | 008,332,288 | ---- | M] () -- C:\Windows\Installer\8651a.msi
[2012/04/02 00:57:17 | 003,312,128 | R--- | M] () -- C:\Windows\Installer\86536.msp
[2012/04/02 00:57:32 | 022,647,296 | ---- | M] () -- C:\Windows\Installer\8653b.msi
[2012/04/02 00:57:37 | 005,535,744 | R--- | M] () -- C:\Windows\Installer\8654e.msp
[2012/04/02 00:57:46 | 003,664,384 | ---- | M] () -- C:\Windows\Installer\86553.msi
[2012/04/02 00:57:51 | 000,070,144 | ---- | M] () -- C:\Windows\Installer\86557.msi
[2012/04/02 00:57:56 | 000,038,912 | R--- | M] () -- C:\Windows\Installer\8655c.msp
[2012/04/02 00:58:06 | 013,850,624 | ---- | M] () -- C:\Windows\Installer\86560.msi
[2012/04/02 00:58:12 | 005,868,544 | R--- | M] () -- C:\Windows\Installer\86577.msp
[2012/04/02 00:58:20 | 008,313,856 | ---- | M] () -- C:\Windows\Installer\8657b.msi
[2012/04/02 00:58:29 | 002,957,312 | R--- | M] () -- C:\Windows\Installer\86595.msp
[2012/04/02 00:58:36 | 001,819,136 | ---- | M] () -- C:\Windows\Installer\86599.msi
[2012/04/02 00:58:53 | 034,193,408 | ---- | M] () -- C:\Windows\Installer\8659d.msi
[2012/04/02 00:59:06 | 014,624,256 | R--- | M] () -- C:\Windows\Installer\865c8.msp
[2012/04/02 00:59:15 | 011,846,656 | ---- | M] () -- C:\Windows\Installer\865cd.msi
[2012/04/02 00:59:20 | 003,734,016 | R--- | M] () -- C:\Windows\Installer\865d6.msp
[2012/04/02 00:59:38 | 012,348,416 | ---- | M] () -- C:\Windows\Installer\865dc.msi
[2012/04/02 00:55:24 | 000,067,072 | ---- | M] () -- C:\Windows\Installer\865e0.msi
[2012/04/02 00:55:29 | 000,029,184 | R--- | M] () -- C:\Windows\Installer\865e6.msp
[2012/04/02 00:55:47 | 001,492,992 | ---- | M] () -- C:\Windows\Installer\865ea.msi
[2012/04/02 00:55:51 | 000,625,664 | R--- | M] () -- C:\Windows\Installer\865f3.msp
[2012/04/02 00:59:41 | 001,070,592 | ---- | M] () -- C:\Windows\Installer\865f7.msi
[2012/04/02 00:59:47 | 000,468,480 | R--- | M] () -- C:\Windows\Installer\86601.msp
[2012/04/02 01:00:00 | 006,661,632 | ---- | M] () -- C:\Windows\Installer\86606.msi
[2012/04/02 01:00:06 | 005,124,096 | R--- | M] () -- C:\Windows\Installer\86610.msp
[2012/04/02 01:00:12 | 003,410,944 | ---- | M] () -- C:\Windows\Installer\86615.msi
[2012/04/02 01:00:17 | 000,635,904 | R--- | M] () -- C:\Windows\Installer\8661b.msp
[2012/04/02 01:00:26 | 004,175,360 | ---- | M] () -- C:\Windows\Installer\8661f.msi
[2012/04/02 01:00:30 | 000,509,952 | R--- | M] () -- C:\Windows\Installer\86624.msp
[2012/04/02 01:00:42 | 004,250,112 | ---- | M] () -- C:\Windows\Installer\86629.msi
[2012/04/02 01:00:51 | 002,146,304 | R--- | M] () -- C:\Windows\Installer\86634.msp
[2012/04/02 01:00:55 | 000,153,600 | ---- | M] () -- C:\Windows\Installer\86639.msi
[2012/04/02 01:01:00 | 000,060,416 | R--- | M] () -- C:\Windows\Installer\8663e.msp
[2012/04/25 13:56:53 | 018,042,880 | ---- | M] () -- C:\Windows\Installer\90ab03.msi
[2012/04/27 01:42:59 | 005,196,800 | ---- | M] () -- C:\Windows\Installer\b0c411.msi
[2009/07/12 02:35:00 | 002,736,640 | ---- | M] () -- C:\Windows\Installer\b83aa7.msi
[2012/08/29 08:28:57 | 025,483,776 | ---- | M] () -- C:\Windows\Installer\b83aae.msi
[2012/08/29 08:30:25 | 026,845,360 | ---- | M] () -- C:\Windows\Installer\b83abb.msi
[2012/08/29 08:31:13 | 012,856,320 | ---- | M] () -- C:\Windows\Installer\b83ac2.msi
[2012/04/23 18:40:24 | 004,460,544 | ---- | M] () -- C:\Windows\Installer\bd60be.msi
[2012/04/05 04:34:07 | 012,938,752 | ---- | M] () -- C:\Windows\Installer\c15d39.msi
[2008/08/08 14:11:02 | 000,232,960 | ---- | M] () -- C:\Windows\Installer\c37631.msi
[2011/09/17 12:50:24 | 001,085,952 | ---- | M] () -- C:\Windows\Installer\c4bc4.msi
[2010/04/16 04:45:06 | 000,847,872 | ---- | M] () -- C:\Windows\Installer\c4bd6.msi
[2010/04/16 04:28:47 | 000,752,128 | ---- | M] () -- C:\Windows\Installer\c4bdc.msi
[2011/12/04 08:12:25 | 002,434,048 | ---- | M] () -- C:\Windows\Installer\c4bee.msi
[2011/10/23 19:07:38 | 001,433,600 | ---- | M] () -- C:\Windows\Installer\c4bf3.msi
[2011/10/23 19:07:59 | 000,647,168 | ---- | M] () -- C:\Windows\Installer\c4bf7.msi
[2011/11/08 18:22:20 | 017,562,112 | ---- | M] () -- C:\Windows\Installer\c4c0e.msi
[2011/11/18 04:38:26 | 000,039,936 | ---- | M] () -- C:\Windows\Installer\c4c14.msi
[2012/04/02 00:35:03 | 023,622,656 | R--- | M] () -- C:\Windows\Installer\c4c1b.msp
[2011/09/30 03:34:07 | 000,495,616 | ---- | M] () -- C:\Windows\Installer\c4c21.msi
[2011/09/30 03:38:18 | 000,227,328 | ---- | M] () -- C:\Windows\Installer\c4c27.msi
[2011/09/30 03:41:38 | 000,188,416 | ---- | M] () -- C:\Windows\Installer\c4c2f.msi
[2005/09/23 11:48:26 | 001,886,720 | ---- | M] () -- C:\Windows\Installer\c4c35.msi
[2011/10/24 19:43:44 | 026,820,096 | ---- | M] () -- C:\Windows\Installer\c4c4d.msi
[2011/04/06 19:12:40 | 006,169,600 | ---- | M] () -- C:\Windows\Installer\c4c53.msi
[2009/07/21 03:11:12 | 002,459,648 | ---- | M] () -- C:\Windows\Installer\c4c5a.msi
[2012/02/28 04:56:58 | 001,697,792 | ---- | M] () -- C:\Windows\Installer\fee70c.msi
[2012/02/28 06:12:56 | 001,343,488 | ---- | M] () -- C:\Windows\Installer\fee712.msi
[2012/02/28 04:55:46 | 001,494,016 | ---- | M] () -- C:\Windows\Installer\fee718.msi
[2012/02/28 05:33:24 | 002,040,832 | ---- | M] () -- C:\Windows\Installer\fee71e.msi
[2012/02/28 06:03:32 | 001,528,832 | ---- | M] () -- C:\Windows\Installer\fee724.msi
[2012/02/28 04:39:28 | 001,426,432 | ---- | M] () -- C:\Windows\Installer\fee72a.msi
[2012/02/28 05:09:52 | 001,687,552 | ---- | M] () -- C:\Windows\Installer\fee730.msi
[2012/02/28 06:23:44 | 001,844,224 | ---- | M] () -- C:\Windows\Installer\fee736.msi
[2012/02/28 05:26:50 | 001,251,840 | ---- | M] () -- C:\Windows\Installer\fee73c.msi
[2012/02/28 05:41:30 | 001,237,504 | ---- | M] () -- C:\Windows\Installer\fee742.msi
[2012/02/28 06:08:08 | 004,044,288 | ---- | M] () -- C:\Windows\Installer\fee748.msi
[2012/02/29 08:44:48 | 001,669,632 | ---- | M] () -- C:\Windows\Installer\fee74e.msi
[2012/02/28 04:56:48 | 004,572,672 | ---- | M] () -- C:\Windows\Installer\fee754.msi
[2012/02/28 04:46:24 | 001,308,672 | ---- | M] () -- C:\Windows\Installer\fee75a.msi
[2012/02/28 05:47:34 | 001,574,400 | ---- | M] () -- C:\Windows\Installer\fee760.msi
[2012/02/28 06:17:12 | 002,455,552 | ---- | M] () -- C:\Windows\Installer\fee766.msi
[2012/02/28 06:25:04 | 001,415,680 | ---- | M] () -- C:\Windows\Installer\fee76c.msi
[2012/02/28 04:44:36 | 001,915,904 | ---- | M] () -- C:\Windows\Installer\fee772.msi
[2012/02/28 04:07:30 | 004,855,296 | ---- | M] () -- C:\Windows\Installer\fee77a.msi
[2012/02/28 04:07:30 | 002,807,296 | ---- | M] () -- C:\Windows\Installer\fee781.msi
[2012/02/28 05:53:46 | 001,254,400 | ---- | M] () -- C:\Windows\Installer\fee787.msi
[2012/02/28 04:40:08 | 012,037,120 | ---- | M] () -- C:\Windows\Installer\fee78d.msi
[2012/02/28 04:07:26 | 000,572,928 | ---- | M] () -- C:\Windows\Installer\fee79a.msi
[2012/02/28 04:07:26 | 003,990,528 | ---- | M] () -- C:\Windows\Installer\fee7b5.msi
[2012/04/02 01:31:17 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{05BFB060-4F22-4710-B0A2-2801A1B606C5}.SchedServiceConfig.rmi
[2012/06/19 21:04:48 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}.SchedServiceConfig.rmi
[26 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

< %windir%\system32\tasks\*.* >
[2012/09/21 20:05:12 | 000,003,768 | ---- | M] () -- C:\Windows\system32\tasks\Adobe Flash Player Updater
[2012/09/11 05:39:25 | 000,003,160 | ---- | M] () -- C:\Windows\system32\tasks\ASC5_AutoClean
[2012/09/11 05:39:26 | 000,003,348 | ---- | M] () -- C:\Windows\system32\tasks\ASC5_AutoUpdate
[2012/09/24 12:39:23 | 000,003,924 | ---- | M] () -- C:\Windows\system32\tasks\avast! Emergency Update
[2012/09/17 05:19:31 | 000,003,628 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore
[2012/09/17 05:19:32 | 000,003,880 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA
[2012/10/07 22:15:15 | 000,003,106 | ---- | M] () -- C:\Windows\system32\tasks\NoAutorun
[2012/04/17 00:44:29 | 000,002,986 | ---- | M] () -- C:\Windows\system32\tasks\{0A40FC70-27EA-4398-9177-7B97C28E3F70}
[2012/09/02 06:54:21 | 000,003,384 | ---- | M] () -- C:\Windows\system32\tasks\{0B542090-CF62-4087-B37F-345098D78BAC}
[2012/05/12 03:11:13 | 000,003,136 | ---- | M] () -- C:\Windows\system32\tasks\{1A2AEEB7-C44F-471E-83A5-5609A3D021BA}
[2012/04/02 04:03:26 | 000,003,124 | ---- | M] () -- C:\Windows\system32\tasks\{245440E9-2397-43A0-9F87-AE913FC50015}
[2012/04/17 00:46:32 | 000,002,986 | ---- | M] () -- C:\Windows\system32\tasks\{45C65F9A-979C-4F44-A7CE-A0F17C8588AD}
[2012/05/12 03:42:38 | 000,003,442 | ---- | M] () -- C:\Windows\system32\tasks\{8E9D6399-8C63-4DDE-9D86-777706D226DA}
[2012/04/02 04:05:57 | 000,003,124 | ---- | M] () -- C:\Windows\system32\tasks\{8FAA5809-12B6-49D4-998B-BC236106C2CD}
[2012/09/02 06:54:20 | 000,003,384 | ---- | M] () -- C:\Windows\system32\tasks\{A502302F-D467-49F9-B604-7DEEBFAAFD8C}
[2012/04/17 00:44:55 | 000,002,986 | ---- | M] () -- C:\Windows\system32\tasks\{A80EBC2F-1092-4169-BAFA-8FB4FCD1626D}
[2012/04/17 00:46:24 | 000,002,986 | ---- | M] () -- C:\Windows\system32\tasks\{B59F94E0-58C4-42B1-9F9E-AA53A0854A95}
[2012/10/07 21:23:54 | 000,003,136 | ---- | M] () -- C:\Windows\system32\tasks\{F29303E3-A011-4EDA-9572-196816CA04D0}

< %systemroot%\Fonts\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2011/12/12 00:51:11 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/21 05:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/12/12 01:53:34 | 002,641,920 | ---- | M] (Microsoft Corporation) MD5=B26009693A366319530847332C010E99 -- C:\Windows\explorer.exe
[2011/12/12 01:53:34 | 002,641,920 | ---- | M] (Microsoft Corporation) MD5=B26009693A366319530847332C010E99 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2012/08/30 14:11:18 | 003,694,616 | ---- | M] (Safer-Networking Ltd.) MD5=F285BBA4744BA4CCF351E415464D4B6B -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe

< MD5 for: REGEDIT.EXE >
[2011/12/07 10:19:06 | 000,565,760 | ---- | M] (Microsoft Corporation) MD5=0A4CD1129D364D938B7BC579B6C0E183 -- C:\Windows\regedit.exe
[2009/07/14 09:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe

< MD5 for: SVCHOST.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011/12/04 22:56:09 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=A91A288C91F9D9F1CFA4FAA9893C4D55 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25b\svchost.exe
[2011/12/04 22:56:09 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\erdnt\cache\svchost.exe
[2011/12/04 22:56:09 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\System32\svchost.exe
[2011/12/04 22:56:09 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/21 05:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010/11/21 05:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/21 05:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/21 05:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2011/12/04 23:46:58 | 000,287,232 | ---- | M] (Microsoft Corporation) MD5=7295110E1BF93885D29480D29D967E0F -- C:\Windows\erdnt\cache\winlogon.exe
[2011/12/04 23:46:58 | 000,287,232 | ---- | M] (Microsoft Corporation) MD5=7295110E1BF93885D29480D29D967E0F -- C:\Windows\System32\winlogon.exe
[2011/12/04 23:46:58 | 000,287,232 | ---- | M] (Microsoft Corporation) MD5=7295110E1BF93885D29480D29D967E0F -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.21820_none_72453a854c5ce5ad\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >
[2009/07/14 12:53:46 | 000,032,572 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 12:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012/04/05 04:08:25 | 000,000,880 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/04/05 04:08:25 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/07/22 21:49:49 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: BADONG-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B No Media
Volume 1 G DVD-ROM 0 B No Media
Volume 2 C NTFS Partition 97 GB Healthy System
Volume 3 D NTFS Partition 135 GB Healthy
Volume 4 I FAT32 Removable 14 GB Healthy
Volume 5 F LaCie NTFS Partition 298 GB Healthy

========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:C25DC0ED
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:302A9871

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users