Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PUP.ToolbarDownloader: Checking to See if Clean [Solved]

Started by nehac , Jun 12 2012 01:33 PM

  • This topic is locked This topic is locked

#1
nehac
Posted 12 June 2012 - 01:33 PM

nehac

    Member

  • Member
  • PipPip
  • 78 posts
Hi,
On the weekend I downloaded a program called Stanza, which I used and un-installed the same day. Today when running Malwarebytes the following item was found:
SoftonicDownloader_for_stanza-desktop.exe (PUP.ToolbarDownloader)

This was successfully deleted. I am just wondering if my computer is safe and clean now.

Thank you in advance.

OTL logfile created on: 12/06/2012 3:13:31 PM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Neha\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.94 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 57.14% Memory free
6.08 Gb Paging File | 4.77 Gb Available in Paging File | 78.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 45.96 Gb Free Space | 33.07% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.93 Gb Free Space | 49.30% Space Free | Partition Type: NTFS

Computer Name: NEHA-PC | User Name: Neha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/12 15:10:23 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Neha\Desktop\OTL.exe
PRC - [2012/06/11 13:39:21 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
PRC - [2012/06/07 21:26:22 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/05/20 12:01:18 | 001,652,568 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/05/20 12:01:18 | 000,931,672 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/03/06 20:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/03/06 20:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/09/06 13:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 13:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007/12/05 07:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/11 13:39:20 | 009,459,912 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_257.dll
MOD - [2012/06/07 21:26:21 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/05/28 16:45:43 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
MOD - [2012/05/10 14:55:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 14:41:08 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 14:40:10 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll
MOD - [2012/05/10 14:39:54 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll
MOD - [2012/05/10 14:38:54 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012/05/10 14:38:40 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012/05/10 14:38:36 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c466fbf8e50c7c11b2fa994707124290\PresentationFramework.ni.dll
MOD - [2012/05/10 14:32:30 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b4ade6954a61a7626858c123dc951ba6\PresentationCore.ni.dll
MOD - [2012/05/10 14:31:08 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/10 14:30:58 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 14:30:41 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/11/10 17:11:00 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/11 13:39:21 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/07 21:26:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/20 12:01:18 | 000,931,672 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/03/06 20:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 07:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/05/31 11:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 11:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Neha\Downloads\WinFlash.sys -- (WINFLASH)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\B7E9.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Neha\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/05/28 16:45:42 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys -- (RapportIaso)
DRV - [2012/05/20 12:01:38 | 000,164,152 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/05/20 12:01:38 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/05/20 12:01:38 | 000,056,248 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/03/06 20:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 20:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 20:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 20:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 20:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 20:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/12/15 13:05:08 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/04/05 17:35:20 | 000,221,784 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw)
DRV - [2011/04/05 17:35:20 | 000,094,040 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/04/05 17:35:20 | 000,078,936 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (SbTis)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/02/04 11:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2009/09/03 10:50:10 | 000,007,040 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\FNETURPX.SYS -- (FNETURPX)
DRV - [2009/09/03 10:50:06 | 000,017,792 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FNETTBOH.SYS -- (FNETTBOH)
DRV - [2009/07/14 18:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/19 02:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/10/29 05:40:28 | 001,062,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/08/09 19:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/04/19 14:13:00 | 000,131,368 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2006/11/29 18:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/01 19:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {60CCD3CB-7FD5-48D8-B14B-F1F3D51B859E}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{60CCD3CB-7FD5-48D8-B14B-F1F3D51B859E}: "URL" = http://search.aol.co...ionType=msie70a
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DACA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://tbsearch.ask....s}&locale=en_US
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DACA
IE - HKCU\..\SearchScopes\{D2107E96-119D-427F-9ADF-1AA1D2F3A1D4}: "URL" = http://search.aol.co...ionType=msie70a
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://ca.search.yah...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Plasmoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo"
FF - prefs.js..browser.search.defaulturl: "http://plasmoo.com/i...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.8.0.8
FF - prefs.js..extensions.enabledItems: [email protected]:2.8.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}:7.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Neha\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/03/09 14:28:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/07 21:26:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/21 13:02:35 | 000,000,000 | ---D | M]

[2008/06/19 19:42:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Neha\AppData\Roaming\Mozilla\Extensions
[2012/05/19 22:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions
[2012/03/29 14:51:45 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012/02/18 22:49:50 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\[email protected]
[2012/05/19 22:58:41 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\[email protected]
[2012/01/03 19:36:32 | 000,000,000 | ---D | M] (SpeedFox) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\jid1-uabu5A9hduqzCw@jetpack
[2011/09/22 11:48:21 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\[email protected]
[2009/03/13 18:47:14 | 000,001,632 | ---- | M] () -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\searchplugins\live-search.xml
[2011/04/28 19:42:58 | 000,001,975 | ---- | M] () -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\searchplugins\plasmoo.xml
[2012/03/16 21:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/09 14:28:41 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2012/01/05 18:55:57 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\NEHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJ9FTYCQ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/06/07 21:26:22 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/06 21:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/10/06 21:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/05/02 20:08:50 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/01/29 09:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/02 20:08:50 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/02 20:08:50 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/05/02 20:08:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/05/02 20:08:50 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U3 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Neha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Neha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Users\Neha\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Users\Neha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/12/24 23:50:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Neha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A83CB25-9719-4FAF-9CFB-04D587A3997E}: DhcpNameServer = 205.188.146.145
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/12 15:10:19 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Neha\Desktop\OTL.exe
[2012/06/12 14:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/12 14:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/12 14:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/12 13:44:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/06/12 11:43:59 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{5E3D5804-70A4-4DA8-92A7-950E0C394588}
[2012/06/12 11:43:56 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{7A35663F-C8FE-4CD6-B281-4E11473D8B20}
[2012/06/11 17:58:39 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\Macromedia
[2012/06/11 11:42:47 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{957C1CB0-92C4-449E-AF60-4D43836F9F0A}
[2012/06/11 11:42:40 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{83A43235-C135-42DA-946C-4077310BF759}
[2012/06/10 04:48:18 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{7B86856B-DCB3-4F10-AE05-11876775AC05}
[2012/06/10 04:48:16 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{D3DA8407-D5A5-445E-BBB2-9BD6D5EC47B3}
[2012/06/09 14:24:24 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{8A210DFA-BA78-4AB7-B932-DBB4C70C22E5}
[2012/06/09 14:24:22 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{E0B25819-CBCF-4C23-BFC0-C56F8FEA7B9D}
[2012/06/08 16:41:18 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{B2E14687-61F5-49F5-8098-E4618360EE85}
[2012/06/08 16:41:11 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{DED46F59-FFC6-4929-8907-55677E22012D}
[2012/06/07 11:13:37 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{C54880F8-816C-4E21-8C80-CAA91E4F3071}
[2012/06/07 11:13:33 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{3D83BEAF-40D7-43C7-B8F6-D0DF4B05DE1F}
[2012/06/06 17:00:29 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{5834C136-4787-4EE6-80C6-993AF8D6727F}
[2012/06/06 17:00:27 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{CA0C13D9-2825-423D-8FE2-1C735E7821E8}
[2012/06/05 11:41:38 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{C171FFA9-9E96-4510-9683-73CF7D6B5A7C}
[2012/06/05 11:41:36 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{BC198B53-3608-4B6F-9D3F-76C37B75ABEE}
[2012/06/04 22:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour Print Services
[2012/06/04 22:05:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour Print Services
[2012/06/04 21:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stanza
[2012/06/04 12:23:58 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{49B38809-3E84-4F89-ACD7-2E6DC8750D7F}
[2012/06/04 12:23:51 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{C4A30D1E-4E1E-413E-A920-3EF1157ADF69}
[2012/06/03 14:39:50 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{98ACE8AD-705A-4A07-9BD7-DF2D891DB91A}
[2012/06/03 14:39:39 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{F7BC8DAF-00FC-457F-B797-51F0139FB04C}
[2012/05/31 11:42:57 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{E5504BBB-8E0C-4587-ADAD-622BA37D8816}
[2012/05/31 11:42:53 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{5138933D-E6E0-4562-8B7D-B9B38D2BAE4A}
[2012/05/30 06:58:24 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{F891425A-A7E9-4DD2-93D1-9A3C52B54C5C}
[2012/05/30 06:58:20 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{6C93F471-82D7-4019-A142-F7852D4E5A85}
[2012/05/28 11:42:07 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{D096871A-7CEE-4844-B026-E93D3F5407EC}
[2012/05/28 11:41:41 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{53EC1580-1810-42A5-9F7B-7728D61E41D5}
[2012/05/27 10:46:36 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{1A9BBDEF-EBEF-42B7-BA7A-D5F95602A3B5}
[2012/05/27 10:46:33 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{38E74845-5612-443D-8D3A-F210F4D083D3}
[2012/05/26 14:27:39 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{132982DD-9735-4583-9A84-2F92C3C0AC0E}
[2012/05/26 14:27:37 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{EDEECE6E-6AE6-4AB4-9350-A403640DAD02}
[2012/05/23 11:40:44 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{DCCA3D2A-5862-44C8-B9B0-74D55E49C475}
[2012/05/23 11:40:42 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{36A31B77-5A56-4F8F-B655-2CB25117701A}
[2012/05/22 16:50:17 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{63F7B1B9-7C32-4F45-92C4-3F6823AFEDA9}
[2012/05/22 16:50:14 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{C810D099-687E-4EE5-A3A2-4A78788976DD}
[2012/05/21 13:02:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/21 13:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/05/21 11:20:30 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{DD29147F-7A8A-47D6-8E67-D49C86A3B8A9}
[2012/05/21 11:20:24 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{E11C882B-E5AB-4C2E-8CF5-0797485EE7DD}
[2012/05/20 12:01:38 | 000,056,248 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2012/05/20 09:36:10 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{6020E1F5-B0E0-43F8-BE12-385C882F8966}
[2012/05/20 09:36:04 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{D16936BC-0FB2-4820-B490-AD6F143EB420}
[2012/05/19 08:09:21 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{9AB49916-7146-4942-BBB2-0250A3104555}
[2012/05/17 11:40:48 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{B1038154-1189-43C6-A75C-F95F10F9025A}
[2012/05/17 11:40:45 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{7BC14FE5-8DFE-428C-8725-222674BC3F6C}
[2012/05/16 12:38:25 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{CCB1C747-5317-4104-AC44-EF050DC5CF62}
[2012/05/16 12:38:23 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{378445B2-2A42-4EF2-B99F-4206027D3A52}
[2012/05/15 18:09:40 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{06152423-9206-4D8A-8AC9-A97C64FECBC9}
[2012/05/15 18:09:38 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{4D70E105-4E05-4F58-B0D9-6DEEDA2550E0}
[2012/05/14 11:44:18 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{31520083-AFFB-44D4-A4AA-68D9D8E0F3C0}
[2012/05/14 11:44:08 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{4418446C-8700-43A2-93C6-2D058B7B125C}

========== Files - Modified Within 30 Days ==========

[2012/06/12 15:10:23 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Neha\Desktop\OTL.exe
[2012/06/12 15:10:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/06/12 15:04:07 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/12 15:04:07 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/12 15:04:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/12 15:02:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/12 15:02:21 | 3152,535,552 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/12 15:01:17 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/06/12 14:35:44 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/12 14:28:56 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/12 14:27:30 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/06/12 14:07:45 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/10 12:02:31 | 000,611,664 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/10 12:02:31 | 000,109,112 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/30 13:22:02 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/05/30 13:19:54 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/30 06:55:37 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/05/29 13:17:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012/05/20 12:01:38 | 000,056,248 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2012/05/16 11:51:54 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

========== Files Created - No Company Name ==========

[2012/06/12 14:07:45 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/29 11:47:17 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2011/12/24 23:34:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/24 23:34:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/24 23:34:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/24 23:34:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/24 23:34:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/16 21:11:54 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/05/20 12:25:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== LOP Check ==========

[2011/09/24 14:36:19 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\Costco Photo Viewer CA-EN
[2011/05/28 15:53:21 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\DVDVideoSoftIEHelpers
[2009/03/20 14:56:49 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\gtk-2.0
[2009/03/20 16:56:38 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\Jasc
[2010/12/11 17:47:52 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\PCDr
[2011/05/15 21:47:18 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\QFX Software
[2012/02/25 00:02:58 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\Research In Motion
[2008/11/11 14:09:03 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\Template
[2011/12/24 22:25:02 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\Visan
[2011/10/19 19:54:56 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\Windows Live Writer
[2012/05/29 13:17:00 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012/05/30 06:55:37 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/06/12 15:01:19 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/12 14:27:30 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\School:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\Other:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\OneNote Notebooks:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\Goldie's Folder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Desktop\Goldie Pics:Roxio EMC Stream
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:3AEA6AF9

< End of report >
  • 0

Advertisements

#2
Render
Posted 12 June 2012 - 01:48 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo!

PUP classification stands for Potentially Unwanted Program. PUP detections should never be a cause for concern as PUP's are not malicious in action.

Besides this "problem", do you have any other issues that point at malware?
  • 0

#3
nehac
Posted 12 June 2012 - 02:18 PM

nehac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Sorry, was not aware that is what PUP stood for. Thank you for the information
Besides this issue, my computer has been getting "...Stopped Responding" (after starting the computer and when the programs are loading) during boot up, and same message when initially loading firefox.

Edited by nehac, 12 June 2012 - 02:18 PM.

  • 0

#4
Render
Posted 12 June 2012 - 02:21 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
    Note: If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here

How to add an attachment to a new topic or reply
  • 0

#5
nehac
Posted 12 June 2012 - 05:03 PM

nehac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-12 16:32:11
-----------------------------
16:32:11.428 OS Version: Windows 6.0.6002 Service Pack 2
16:32:11.429 Number of processors: 1 586 0x4F02
16:32:11.431 ComputerName: NEHA-PC UserName: Neha
16:32:13.353 Initialize success
16:32:17.439 AVAST engine defs: 12061200
16:32:47.724 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
16:32:47.728 Disk 0 Vendor: SAMSUNG_ JF10 Size: 152587MB BusType: 6
16:32:47.764 Disk 0 MBR read successfully
16:32:47.767 Disk 0 MBR scan
16:32:47.771 Disk 0 Windows VISTA default MBR code
16:32:47.774 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
16:32:47.789 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 98304
16:32:47.807 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 142298 MB offset 21069824
16:32:47.816 Disk 0 scanning sectors +312496128
16:32:47.883 Disk 0 scanning C:\Windows\system32\drivers
16:33:00.130 Service scanning
16:33:22.567 Modules scanning
16:33:35.352 Disk 0 trace - called modules:
16:33:35.729 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys tcpip.sys NETIO.SYS
16:33:35.736 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x882a28e0]
16:33:35.745 3 CLASSPNP.SYS[8072a8b3] -> nt!IofCallDriver -> [0x86517158]
16:33:35.752 5 acpi.sys[8060f6bc] -> nt!IofCallDriver -> \Device\0000005f[0x864ffc90]
16:33:36.322 AVAST engine scan C:\Windows
16:33:41.266 AVAST engine scan C:\Windows\system32
16:36:17.717 AVAST engine scan C:\Windows\system32\drivers
16:36:31.647 AVAST engine scan C:\Users\Neha
16:50:48.104 AVAST engine scan C:\ProgramData
16:59:19.441 Scan finished successfully
17:21:10.477 Disk 0 MBR has been saved successfully to "C:\Users\Neha\Desktop\MBR.dat"
17:21:10.485 The log file has been saved successfully to "C:\Users\Neha\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   565bytes   88 downloads

  • 0

#6
Render
Posted 13 June 2012 - 05:14 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#7
nehac
Posted 14 June 2012 - 09:35 PM

nehac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Hi,
As in the message sent the program found threats yesterday (uploading the log). As it did not finish running yesterday I completed it today with no threats found.
The log is from yesterday which includes the threats and the zip is from the complete scan today

Attached Files


  • 0

#8
Render
Posted 15 June 2012 - 04:21 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Looks good. Those trojans are in Norton's quarantine. You no longer use Norton so I will remove remnants of it. And there is one false positive detection.

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

    :OTL
FF - prefs.js..browser.search.defaultenginename: "Plasmoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo"
FF - prefs.js..browser.search.defaulturl: "http://plasmoo.com/index.htm?SearchMashine=true&amp;q={searchTerms}"
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
  	
:Files
C:\Documents and Settings\All Users\Symantec
ipconfig /flushdns /c
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:Reg

:Commands
[resethosts]
[emptytemp]
[reboot]
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#9
nehac
Posted 15 June 2012 - 10:33 AM

nehac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Edit: Can you please help me remove Stanza. I have unistalled it from my computer however the folder appears of the program is still showing up in the Startup menu (no uninstall link and can not delete...)

Here is the log which opened at reboot
All processes killed
========== OTL ==========
Prefs.js: "Plasmoo" removed from browser.search.defaultenginename
Prefs.js: "Plasmoo" removed from browser.search.defaultthis.engineName
Prefs.js: "http://plasmoo.com/i...={searchTerms}" removed from browser.search.defaulturl
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0ED80000 folder moved successfully.
C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine folder moved successfully.
C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5 folder moved successfully.
C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition folder moved successfully.
C:\Documents and Settings\All Users\Symantec\LiveUpdate folder moved successfully.
C:\Documents and Settings\All Users\Symantec folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Neha\Desktop\cmd.bat deleted successfully.
C:\Users\Neha\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Neha\Desktop\cmd.bat deleted successfully.
C:\Users\Neha\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Neha\Desktop\cmd.bat deleted successfully.
C:\Users\Neha\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Neha\Desktop\cmd.bat deleted successfully.
C:\Users\Neha\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Neha\Desktop\cmd.bat deleted successfully.
C:\Users\Neha\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Goldie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 33 bytes

User: Neha
->Temp folder emptied: 22234652 bytes
->Temporary Internet Files folder emptied: 42650256 bytes
->Java cache emptied: 2418470 bytes
->FireFox cache emptied: 668357725 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 61337 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24310323 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 725.00 mb


OTL by OldTimer - Version 3.2.48.0 log created on 06152012_121635

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Log 2

OTL logfile created on: 15/06/2012 12:35:49 PM - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Neha\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.94 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 54.60% Memory free
6.07 Gb Paging File | 4.76 Gb Available in Paging File | 78.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 48.75 Gb Free Space | 35.08% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.93 Gb Free Space | 49.30% Space Free | Partition Type: NTFS

Computer Name: NEHA-PC | User Name: Neha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/12 15:10:23 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Neha\Desktop\OTL.exe
PRC - [2012/05/20 12:01:18 | 001,652,568 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/05/20 12:01:18 | 000,931,672 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/03/06 20:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/03/06 20:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/09/06 13:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 13:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/01/13 07:20:00 | 000,041,296 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6\waol.exe
PRC - [2011/01/13 07:19:58 | 000,045,392 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6\shellmon.exe
PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\aol\1200518764\ee\aolupdates.exe
PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\aol\1200518764\ee\aolsoftware.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/12/05 07:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/13 13:42:39 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/13 13:42:24 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/13 13:42:04 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/13 13:41:36 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/28 16:45:43 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
MOD - [2012/05/10 14:55:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 14:41:08 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 14:38:54 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012/05/10 14:38:40 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012/05/10 14:31:08 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/10 14:30:58 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 14:30:41 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/11/10 17:11:00 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/13 07:20:01 | 000,048,640 | ---- | M] () -- C:\Program Files\AOL Desktop 9.6\zlib.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/11 13:39:21 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/07 21:26:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/20 12:01:18 | 000,931,672 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/03/06 20:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 07:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/05/31 11:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 11:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Neha\Downloads\WinFlash.sys -- (WINFLASH)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\B7E9.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Neha\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/05/20 12:01:38 | 000,164,152 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/05/20 12:01:38 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/05/20 12:01:38 | 000,056,248 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/03/06 20:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 20:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 20:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 20:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 20:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 20:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/12/15 13:05:08 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/04/05 17:35:20 | 000,221,784 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw)
DRV - [2011/04/05 17:35:20 | 000,094,040 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/04/05 17:35:20 | 000,078,936 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (SbTis)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/02/04 11:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2009/09/03 10:50:10 | 000,007,040 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\FNETURPX.SYS -- (FNETURPX)
DRV - [2009/09/03 10:50:06 | 000,017,792 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FNETTBOH.SYS -- (FNETTBOH)
DRV - [2009/07/14 18:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/19 02:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/10/29 05:40:28 | 001,062,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/08/09 19:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/04/19 14:13:00 | 000,131,368 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2006/11/29 18:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/01 19:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {60CCD3CB-7FD5-48D8-B14B-F1F3D51B859E}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{60CCD3CB-7FD5-48D8-B14B-F1F3D51B859E}: "URL" = http://search.aol.co...ionType=msie70a
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DACA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://tbsearch.ask....s}&locale=en_US
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DACA
IE - HKCU\..\SearchScopes\{D2107E96-119D-427F-9ADF-1AA1D2F3A1D4}: "URL" = http://search.aol.co...ionType=msie70a
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://ca.search.yah...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.8.0.8
FF - prefs.js..extensions.enabledItems: [email protected]:2.8.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}:7.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Neha\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/03/09 14:28:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/07 21:26:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/21 13:02:35 | 000,000,000 | ---D | M]

[2008/06/19 19:42:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Neha\AppData\Roaming\Mozilla\Extensions
[2012/05/19 22:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions
[2012/03/29 14:51:45 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012/02/18 22:49:50 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\[email protected]
[2012/05/19 22:58:41 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\[email protected]
[2012/01/03 19:36:32 | 000,000,000 | ---D | M] (SpeedFox) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\jid1-uabu5A9hduqzCw@jetpack
[2011/09/22 11:48:21 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\[email protected]
[2009/03/13 18:47:14 | 000,001,632 | ---- | M] () -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\searchplugins\live-search.xml
[2011/04/28 19:42:58 | 000,001,975 | ---- | M] () -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\searchplugins\plasmoo.xml
[2012/03/16 21:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/09 14:28:41 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2012/01/05 18:55:57 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\NEHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJ9FTYCQ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/06/07 21:26:22 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/06 21:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/10/06 21:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/05/02 20:08:50 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/01/29 09:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/02 20:08:50 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/02 20:08:50 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/05/02 20:08:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/05/02 20:08:50 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U3 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Neha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Neha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Users\Neha\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Users\Neha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/15 12:16:42 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL Desktop 9.6\AOL.EXE (AOL Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Neha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A83CB25-9719-4FAF-9CFB-04D587A3997E}: DhcpNameServer = 205.188.146.145
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/15 12:16:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/15 11:44:24 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{15EF6B3F-F820-474C-A7E7-D2976CF3BED0}
[2012/06/14 09:05:53 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{936D4494-C1C4-4DC5-BD69-FD850E0AF989}
[2012/06/14 09:05:48 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{AC02759B-269F-4CC6-BD4D-A852F3415655}
[2012/06/13 14:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/06/12 16:30:15 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Neha\Desktop\aswMBR.exe
[2012/06/12 15:10:19 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Neha\Desktop\OTL.exe
[2012/06/12 14:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/12 14:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/12 14:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/12 11:43:59 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{5E3D5804-70A4-4DA8-92A7-950E0C394588}
[2012/06/12 11:43:56 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{7A35663F-C8FE-4CD6-B281-4E11473D8B20}
[2012/06/11 17:58:39 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\Macromedia
[2012/06/11 11:42:47 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{957C1CB0-92C4-449E-AF60-4D43836F9F0A}
[2012/06/11 11:42:40 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{83A43235-C135-42DA-946C-4077310BF759}
[2012/06/10 04:48:18 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{7B86856B-DCB3-4F10-AE05-11876775AC05}
[2012/06/10 04:48:16 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{D3DA8407-D5A5-445E-BBB2-9BD6D5EC47B3}
[2012/06/09 14:24:24 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{8A210DFA-BA78-4AB7-B932-DBB4C70C22E5}
[2012/06/09 14:24:22 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{E0B25819-CBCF-4C23-BFC0-C56F8FEA7B9D}
[2012/06/08 16:41:18 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{B2E14687-61F5-49F5-8098-E4618360EE85}
[2012/06/08 16:41:11 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{DED46F59-FFC6-4929-8907-55677E22012D}
[2012/06/07 11:13:37 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{C54880F8-816C-4E21-8C80-CAA91E4F3071}
[2012/06/07 11:13:33 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{3D83BEAF-40D7-43C7-B8F6-D0DF4B05DE1F}
[2012/06/06 17:00:29 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{5834C136-4787-4EE6-80C6-993AF8D6727F}
[2012/06/06 17:00:27 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{CA0C13D9-2825-423D-8FE2-1C735E7821E8}
[2012/06/05 11:41:38 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{C171FFA9-9E96-4510-9683-73CF7D6B5A7C}
[2012/06/05 11:41:36 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{BC198B53-3608-4B6F-9D3F-76C37B75ABEE}
[2012/06/04 22:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour Print Services
[2012/06/04 22:05:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour Print Services
[2012/06/04 21:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stanza
[2012/06/04 12:23:58 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{49B38809-3E84-4F89-ACD7-2E6DC8750D7F}
[2012/06/04 12:23:51 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{C4A30D1E-4E1E-413E-A920-3EF1157ADF69}
[2012/06/03 14:39:50 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{98ACE8AD-705A-4A07-9BD7-DF2D891DB91A}
[2012/06/03 14:39:39 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{F7BC8DAF-00FC-457F-B797-51F0139FB04C}
[2012/05/31 11:42:57 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{E5504BBB-8E0C-4587-ADAD-622BA37D8816}
[2012/05/31 11:42:53 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{5138933D-E6E0-4562-8B7D-B9B38D2BAE4A}
[2012/05/30 06:58:24 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{F891425A-A7E9-4DD2-93D1-9A3C52B54C5C}
[2012/05/30 06:58:20 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{6C93F471-82D7-4019-A142-F7852D4E5A85}
[2012/05/28 11:42:07 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{D096871A-7CEE-4844-B026-E93D3F5407EC}
[2012/05/28 11:41:41 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{53EC1580-1810-42A5-9F7B-7728D61E41D5}
[2012/05/27 10:46:36 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{1A9BBDEF-EBEF-42B7-BA7A-D5F95602A3B5}
[2012/05/27 10:46:33 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{38E74845-5612-443D-8D3A-F210F4D083D3}
[2012/05/26 14:27:39 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{132982DD-9735-4583-9A84-2F92C3C0AC0E}
[2012/05/26 14:27:37 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{EDEECE6E-6AE6-4AB4-9350-A403640DAD02}
[2012/05/23 11:40:44 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{DCCA3D2A-5862-44C8-B9B0-74D55E49C475}
[2012/05/23 11:40:42 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{36A31B77-5A56-4F8F-B655-2CB25117701A}
[2012/05/22 16:50:17 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{63F7B1B9-7C32-4F45-92C4-3F6823AFEDA9}
[2012/05/22 16:50:14 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{C810D099-687E-4EE5-A3A2-4A78788976DD}
[2012/05/21 13:02:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/21 13:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/05/21 11:20:30 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{DD29147F-7A8A-47D6-8E67-D49C86A3B8A9}
[2012/05/21 11:20:24 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{E11C882B-E5AB-4C2E-8CF5-0797485EE7DD}
[2012/05/20 12:01:38 | 000,056,248 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2012/05/20 09:36:10 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{6020E1F5-B0E0-43F8-BE12-385C882F8966}
[2012/05/20 09:36:04 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{D16936BC-0FB2-4820-B490-AD6F143EB420}
[2012/05/19 08:09:21 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{9AB49916-7146-4942-BBB2-0250A3104555}
[2012/05/17 11:40:48 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{B1038154-1189-43C6-A75C-F95F10F9025A}
[2012/05/17 11:40:45 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{7BC14FE5-8DFE-428C-8725-222674BC3F6C}

========== Files - Modified Within 30 Days ==========

[2012/06/15 12:35:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/15 12:29:32 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/15 12:29:24 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/15 12:27:56 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/15 12:27:56 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/15 12:27:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/15 12:27:18 | 3152,535,552 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/15 12:26:19 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/06/15 12:16:42 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/06/15 12:10:05 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/06/15 11:41:58 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/06/14 23:35:14 | 000,000,965 | ---- | M] () -- C:\Users\Neha\Desktop\avptool_sysinfo - Shortcut.lnk
[2012/06/13 13:39:00 | 000,430,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/13 12:50:52 | 000,598,756 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/13 12:50:52 | 000,104,770 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/13 12:47:29 | 137,395,112 | ---- | M] () -- C:\Users\Neha\Desktop\setup_11.0.0.1245.x01_2012_06_13_08_47.exe
[2012/06/12 19:03:11 | 000,000,565 | ---- | M] () -- C:\Users\Neha\Desktop\MBR.zip
[2012/06/12 17:21:10 | 000,000,512 | ---- | M] () -- C:\Users\Neha\Desktop\MBR.dat
[2012/06/12 16:30:39 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Neha\Desktop\aswMBR.exe
[2012/06/12 15:10:23 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Neha\Desktop\OTL.exe
[2012/06/12 14:07:45 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/30 13:22:02 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/05/30 13:19:54 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/30 06:55:37 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/05/29 13:17:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012/05/20 12:01:38 | 000,056,248 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys

========== Files Created - No Company Name ==========

[2012/06/14 23:35:14 | 000,000,965 | ---- | C] () -- C:\Users\Neha\Desktop\avptool_sysinfo - Shortcut.lnk
[2012/06/13 12:40:11 | 137,395,112 | ---- | C] () -- C:\Users\Neha\Desktop\setup_11.0.0.1245.x01_2012_06_13_08_47.exe
[2012/06/12 19:03:11 | 000,000,565 | ---- | C] () -- C:\Users\Neha\Desktop\MBR.zip
[2012/06/12 17:21:10 | 000,000,512 | ---- | C] () -- C:\Users\Neha\Desktop\MBR.dat
[2012/06/12 14:07:45 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/29 11:47:17 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2011/12/24 23:34:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/24 23:34:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/24 23:34:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/24 23:34:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/24 23:34:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/16 21:11:54 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/05/20 12:25:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== LOP Check ==========

[2011/09/24 14:36:19 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\Costco Photo Viewer CA-EN
[2011/05/28 15:53:21 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\DVDVideoSoftIEHelpers
[2009/03/20 14:56:49 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\gtk-2.0
[2009/03/20 16:56:38 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\Jasc
[2010/12/11 17:47:52 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\PCDr
[2011/05/15 21:47:18 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\QFX Software
[2012/02/25 00:02:58 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\Research In Motion
[2008/11/11 14:09:03 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\Template
[2011/12/24 22:25:02 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\Visan
[2011/10/19 19:54:56 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\Windows Live Writer
[2012/05/29 13:17:00 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012/05/30 06:55:37 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/06/15 12:26:20 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/15 11:41:58 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\School:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\Other:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\OneNote Notebooks:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\Goldie's Folder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Desktop\Goldie Pics:Roxio EMC Stream
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:3AEA6AF9

< End of report >

Edited by nehac, 15 June 2012 - 11:40 AM.

  • 0

#10
Render
Posted 17 June 2012 - 04:32 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Sorry for the delay.

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

    :OTL
  	
:Files
[2012/06/04 21:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stanza
ipconfig /flushdns /c
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:Reg

:Commands
[emptytemp]
[reboot]
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

Advertisements

#11
nehac
Posted 17 June 2012 - 06:38 PM

nehac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
That's okay :)

All processes killed
========== OTL ==========
========== FILES ==========
Invalid Switch: 04 21:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stanza
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Neha\Desktop\cmd.bat deleted successfully.
C:\Users\Neha\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Neha\Desktop\cmd.bat deleted successfully.
C:\Users\Neha\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Neha\Desktop\cmd.bat deleted successfully.
C:\Users\Neha\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Neha\Desktop\cmd.bat deleted successfully.
C:\Users\Neha\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Neha\Desktop\cmd.bat deleted successfully.
C:\Users\Neha\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Goldie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Neha
->Temp folder emptied: 90076 bytes
->Temporary Internet Files folder emptied: 36070461 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 126910728 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3877 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13070 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 75257158 bytes

Total Files Cleaned = 227.00 mb


OTL by OldTimer - Version 3.2.48.0 log created on 06172012_202930

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

OTL logfile created on: 17/06/2012 8:38:59 PM - Run 3
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Neha\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.94 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 61.22% Memory free
6.07 Gb Paging File | 5.05 Gb Available in Paging File | 83.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 58.64 Gb Free Space | 42.20% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.93 Gb Free Space | 49.30% Space Free | Partition Type: NTFS

Computer Name: NEHA-PC | User Name: Neha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/17 20:33:31 | 014,935,896 | ---- | M] (Trusteer Ltd.) -- C:\ProgramData\Trusteer\Rapport\store\tmp\dn_0000048c_000068c0\RapportSetup-Full.exe
PRC - [2012/06/12 15:10:23 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Neha\Desktop\OTL.exe
PRC - [2012/03/06 20:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/03/06 20:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/09/06 13:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 13:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/01/13 07:20:00 | 000,041,296 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6\waol.exe
PRC - [2011/01/13 07:19:58 | 000,045,392 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6\shellmon.exe
PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\aol\1200518764\ee\aolsoftware.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007/12/05 07:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/13 13:42:39 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/13 13:42:24 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/13 13:42:04 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/13 13:41:36 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/10 14:55:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 14:41:08 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 14:38:54 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012/05/10 14:38:40 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012/05/10 14:31:08 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/10 14:30:58 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 14:30:41 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/13 07:20:01 | 000,048,640 | ---- | M] () -- C:\Program Files\AOL Desktop 9.6\zlib.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/16 14:49:36 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/11 13:39:21 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/08 21:42:12 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/03/06 20:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 07:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/05/31 11:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 11:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Neha\Downloads\WinFlash.sys -- (WINFLASH)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\B7E9.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Neha\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/06/08 21:42:30 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/06/08 21:42:28 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/06/08 21:42:28 | 000,065,720 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/05/28 16:45:42 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys -- (RapportIaso)
DRV - [2012/03/06 20:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 20:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 20:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 20:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 20:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 20:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/12/15 13:05:08 | 000,228,208 | ---- | M] () [Kernel | Disabled | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/04/05 17:35:20 | 000,221,784 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw)
DRV - [2011/04/05 17:35:20 | 000,094,040 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/04/05 17:35:20 | 000,078,936 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (SbTis)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/02/04 11:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2009/09/03 10:50:10 | 000,007,040 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\FNETURPX.SYS -- (FNETURPX)
DRV - [2009/09/03 10:50:06 | 000,017,792 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FNETTBOH.SYS -- (FNETTBOH)
DRV - [2009/07/14 18:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/19 02:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/10/29 05:40:28 | 001,062,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/08/09 19:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/04/19 14:13:00 | 000,131,368 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2006/11/29 18:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/01 19:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {60CCD3CB-7FD5-48D8-B14B-F1F3D51B859E}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{60CCD3CB-7FD5-48D8-B14B-F1F3D51B859E}: "URL" = http://search.aol.co...ionType=msie70a
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DACA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://tbsearch.ask....s}&locale=en_US
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DACA
IE - HKCU\..\SearchScopes\{D2107E96-119D-427F-9ADF-1AA1D2F3A1D4}: "URL" = http://search.aol.co...ionType=msie70a
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://ca.search.yah...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.8.0.8
FF - prefs.js..extensions.enabledItems: [email protected]:2.8.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}:7.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Neha\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/03/09 14:28:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/16 14:49:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/21 13:02:35 | 000,000,000 | ---D | M]

[2008/06/19 19:42:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Neha\AppData\Roaming\Mozilla\Extensions
[2012/05/19 22:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions
[2012/03/29 14:51:45 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012/02/18 22:49:50 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\[email protected]
[2012/05/19 22:58:41 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\[email protected]
[2012/01/03 19:36:32 | 000,000,000 | ---D | M] (SpeedFox) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\jid1-uabu5A9hduqzCw@jetpack
[2011/09/22 11:48:21 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\[email protected]
[2009/03/13 18:47:14 | 000,001,632 | ---- | M] () -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\searchplugins\live-search.xml
[2011/04/28 19:42:58 | 000,001,975 | ---- | M] () -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\searchplugins\plasmoo.xml
[2012/03/16 21:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/09 14:28:41 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2012/01/05 18:55:57 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\NEHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJ9FTYCQ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/06/16 14:49:37 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/06 21:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/10/06 21:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/05/02 20:08:50 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/01/29 09:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/02 20:08:50 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/02 20:08:50 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/05/02 20:08:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/05/02 20:08:50 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U3 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Neha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Neha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Users\Neha\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Users\Neha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/15 12:16:42 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL Desktop 9.6\AOL.EXE (AOL Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Neha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A83CB25-9719-4FAF-9CFB-04D587A3997E}: DhcpNameServer = 205.188.146.145
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/17 11:33:32 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{F471FD55-A777-471E-868A-06BB00C7FEF6}
[2012/06/15 12:16:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/15 11:44:24 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{15EF6B3F-F820-474C-A7E7-D2976CF3BED0}
[2012/06/14 09:05:53 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{936D4494-C1C4-4DC5-BD69-FD850E0AF989}
[2012/06/14 09:05:48 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{AC02759B-269F-4CC6-BD4D-A852F3415655}
[2012/06/13 14:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/06/12 16:30:15 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Neha\Desktop\aswMBR.exe
[2012/06/12 15:10:19 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Neha\Desktop\OTL.exe
[2012/06/12 14:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/12 14:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/12 14:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/12 11:43:59 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{5E3D5804-70A4-4DA8-92A7-950E0C394588}
[2012/06/12 11:43:56 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{7A35663F-C8FE-4CD6-B281-4E11473D8B20}
[2012/06/11 17:58:39 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\Macromedia
[2012/06/11 11:42:47 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{957C1CB0-92C4-449E-AF60-4D43836F9F0A}
[2012/06/11 11:42:40 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{83A43235-C135-42DA-946C-4077310BF759}
[2012/06/10 04:48:18 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{7B86856B-DCB3-4F10-AE05-11876775AC05}
[2012/06/10 04:48:16 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{D3DA8407-D5A5-445E-BBB2-9BD6D5EC47B3}
[2012/06/09 14:24:24 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{8A210DFA-BA78-4AB7-B932-DBB4C70C22E5}
[2012/06/09 14:24:22 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{E0B25819-CBCF-4C23-BFC0-C56F8FEA7B9D}
[2012/06/08 21:42:28 | 000,065,720 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2012/06/08 16:41:18 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{B2E14687-61F5-49F5-8098-E4618360EE85}
[2012/06/08 16:41:11 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{DED46F59-FFC6-4929-8907-55677E22012D}
[2012/06/07 11:13:37 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{C54880F8-816C-4E21-8C80-CAA91E4F3071}
[2012/06/07 11:13:33 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{3D83BEAF-40D7-43C7-B8F6-D0DF4B05DE1F}
[2012/06/06 17:00:29 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{5834C136-4787-4EE6-80C6-993AF8D6727F}
[2012/06/06 17:00:27 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{CA0C13D9-2825-423D-8FE2-1C735E7821E8}
[2012/06/05 11:41:38 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{C171FFA9-9E96-4510-9683-73CF7D6B5A7C}
[2012/06/05 11:41:36 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{BC198B53-3608-4B6F-9D3F-76C37B75ABEE}
[2012/06/04 22:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour Print Services
[2012/06/04 22:05:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour Print Services
[2012/06/04 12:23:58 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{49B38809-3E84-4F89-ACD7-2E6DC8750D7F}
[2012/06/04 12:23:51 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{C4A30D1E-4E1E-413E-A920-3EF1157ADF69}
[2012/06/03 14:39:50 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{98ACE8AD-705A-4A07-9BD7-DF2D891DB91A}
[2012/06/03 14:39:39 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{F7BC8DAF-00FC-457F-B797-51F0139FB04C}
[2012/05/31 11:42:57 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{E5504BBB-8E0C-4587-ADAD-622BA37D8816}
[2012/05/31 11:42:53 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{5138933D-E6E0-4562-8B7D-B9B38D2BAE4A}
[2012/05/30 06:58:24 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{F891425A-A7E9-4DD2-93D1-9A3C52B54C5C}
[2012/05/30 06:58:20 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{6C93F471-82D7-4019-A142-F7852D4E5A85}
[2012/05/28 11:42:07 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{D096871A-7CEE-4844-B026-E93D3F5407EC}
[2012/05/28 11:41:41 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{53EC1580-1810-42A5-9F7B-7728D61E41D5}
[2012/05/27 10:46:36 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{1A9BBDEF-EBEF-42B7-BA7A-D5F95602A3B5}
[2012/05/27 10:46:33 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{38E74845-5612-443D-8D3A-F210F4D083D3}
[2012/05/26 14:27:39 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{132982DD-9735-4583-9A84-2F92C3C0AC0E}
[2012/05/26 14:27:37 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{EDEECE6E-6AE6-4AB4-9350-A403640DAD02}
[2012/05/23 11:40:44 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{DCCA3D2A-5862-44C8-B9B0-74D55E49C475}
[2012/05/23 11:40:42 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{36A31B77-5A56-4F8F-B655-2CB25117701A}
[2012/05/22 16:50:17 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{63F7B1B9-7C32-4F45-92C4-3F6823AFEDA9}
[2012/05/22 16:50:14 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{C810D099-687E-4EE5-A3A2-4A78788976DD}
[2012/05/21 13:02:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/21 13:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/05/21 11:20:30 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{DD29147F-7A8A-47D6-8E67-D49C86A3B8A9}
[2012/05/21 11:20:24 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{E11C882B-E5AB-4C2E-8CF5-0797485EE7DD}
[2012/05/20 09:36:10 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{6020E1F5-B0E0-43F8-BE12-385C882F8966}
[2012/05/20 09:36:04 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{D16936BC-0FB2-4820-B490-AD6F143EB420}
[2012/05/19 08:09:21 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{9AB49916-7146-4942-BBB2-0250A3104555}

========== Files - Modified Within 30 Days ==========

[2012/06/17 20:35:49 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/17 20:34:11 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/17 20:34:09 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/17 20:34:08 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/17 20:34:02 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/06/17 20:33:38 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/06/17 20:33:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/17 20:33:20 | 3152,535,552 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/17 20:32:20 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/06/17 19:28:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/17 12:58:25 | 000,031,498 | ---- | M] () -- C:\Users\Neha\AppData\Roaming\wklnhst.dat
[2012/06/15 14:13:59 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/06/15 12:16:42 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/06/14 23:35:14 | 000,000,965 | ---- | M] () -- C:\Users\Neha\Desktop\avptool_sysinfo - Shortcut.lnk
[2012/06/13 13:39:00 | 000,430,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/13 12:50:52 | 000,598,756 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/13 12:50:52 | 000,104,770 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/13 12:47:29 | 137,395,112 | ---- | M] () -- C:\Users\Neha\Desktop\setup_11.0.0.1245.x01_2012_06_13_08_47.exe
[2012/06/12 19:03:11 | 000,000,565 | ---- | M] () -- C:\Users\Neha\Desktop\MBR.zip
[2012/06/12 17:21:10 | 000,000,512 | ---- | M] () -- C:\Users\Neha\Desktop\MBR.dat
[2012/06/12 16:30:39 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Neha\Desktop\aswMBR.exe
[2012/06/12 15:10:23 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Neha\Desktop\OTL.exe
[2012/06/12 14:07:45 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/08 21:42:28 | 000,065,720 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2012/05/30 13:19:54 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/30 06:55:37 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/05/29 13:17:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job

========== Files Created - No Company Name ==========

[2012/06/14 23:35:14 | 000,000,965 | ---- | C] () -- C:\Users\Neha\Desktop\avptool_sysinfo - Shortcut.lnk
[2012/06/13 12:40:11 | 137,395,112 | ---- | C] () -- C:\Users\Neha\Desktop\setup_11.0.0.1245.x01_2012_06_13_08_47.exe
[2012/06/12 19:03:11 | 000,000,565 | ---- | C] () -- C:\Users\Neha\Desktop\MBR.zip
[2012/06/12 17:21:10 | 000,000,512 | ---- | C] () -- C:\Users\Neha\Desktop\MBR.dat
[2012/06/12 14:07:45 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/29 11:47:17 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2011/12/24 23:34:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/24 23:34:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/24 23:34:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/24 23:34:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/24 23:34:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/16 21:11:54 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/05/20 12:25:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== LOP Check ==========

[2011/09/24 14:36:19 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\Costco Photo Viewer CA-EN
[2011/05/28 15:53:21 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\DVDVideoSoftIEHelpers
[2009/03/20 14:56:49 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\gtk-2.0
[2009/03/20 16:56:38 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\Jasc
[2010/12/11 17:47:52 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\PCDr
[2011/05/15 21:47:18 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\QFX Software
[2012/02/25 00:02:58 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\Research In Motion
[2008/11/11 14:09:03 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\Template
[2011/12/24 22:25:02 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\Visan
[2011/10/19 19:54:56 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\Windows Live Writer
[2012/05/29 13:17:00 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012/05/30 06:55:37 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/06/17 20:32:21 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/17 20:33:38 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\School:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\Other:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\OneNote Notebooks:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\Goldie's Folder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Desktop\Goldie Pics:Roxio EMC Stream
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:3AEA6AF9

< End of report >

Edited by nehac, 17 June 2012 - 06:55 PM.

  • 0

#12
Render
Posted 18 June 2012 - 08:48 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Ups... Wrong syntax. Sorry about that. Please repeat it like this:

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

    :OTL
[2012/06/04 21:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stanza
  	
:Files
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stanza
ipconfig /flushdns /c
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:Reg

:Commands
[emptytemp]
[reboot]
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#13
nehac
Posted 18 June 2012 - 10:13 AM

nehac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
As it was not deleted before, I tried again and was able to manually delete Stanza

All processes killed
========== OTL ==========
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stanza\ not found.
========== FILES ==========
File\Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stanza not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Neha\Desktop\cmd.bat deleted successfully.
C:\Users\Neha\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Neha\Desktop\cmd.bat deleted successfully.
C:\Users\Neha\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Neha\Desktop\cmd.bat deleted successfully.
C:\Users\Neha\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Neha\Desktop\cmd.bat deleted successfully.
C:\Users\Neha\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Neha\Desktop\cmd.bat deleted successfully.
C:\Users\Neha\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Goldie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Neha
->Temp folder emptied: 103597 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 74929536 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 688 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13070 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1654 bytes

Total Files Cleaned = 72.00 mb


OTL by OldTimer - Version 3.2.48.0 log created on 06182012_120442

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

OTL logfile created on: 18/06/2012 12:13:28 PM - Run 4
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Neha\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.94 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 49.86% Memory free
6.07 Gb Paging File | 4.66 Gb Available in Paging File | 76.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 57.94 Gb Free Space | 41.70% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.93 Gb Free Space | 49.30% Space Free | Partition Type: NTFS

Computer Name: NEHA-PC | User Name: Neha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/16 14:49:37 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/06/12 15:10:23 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Neha\Desktop\OTL.exe
PRC - [2012/06/08 21:42:12 | 001,668,952 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/06/08 21:42:12 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/03/06 20:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/03/06 20:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/09/06 13:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 13:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/01/13 07:20:00 | 000,041,296 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6\waol.exe
PRC - [2011/01/13 07:19:58 | 000,045,392 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6\shellmon.exe
PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\aol\1200518764\ee\aolsoftware.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007/12/05 07:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/16 14:49:36 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/13 13:42:39 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/13 13:42:24 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/13 13:42:04 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/13 13:41:36 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/28 16:45:43 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
MOD - [2012/05/10 14:55:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 14:41:08 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 14:38:54 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012/05/10 14:38:40 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012/05/10 14:31:08 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/10 14:30:58 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 14:30:41 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012/02/01 14:43:10 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/13 07:20:01 | 000,048,640 | ---- | M] () -- C:\Program Files\AOL Desktop 9.6\zlib.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/16 14:49:36 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/11 13:39:21 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/08 21:42:12 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/03/06 20:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 07:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/05/31 11:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 11:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Neha\Downloads\WinFlash.sys -- (WINFLASH)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\B7E9.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Neha\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/06/08 21:42:30 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/06/08 21:42:28 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/06/08 21:42:28 | 000,065,720 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/05/28 16:45:42 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys -- (RapportIaso)
DRV - [2012/03/06 20:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 20:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 20:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 20:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 20:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 20:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/12/15 13:05:08 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/04/05 17:35:20 | 000,221,784 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw)
DRV - [2011/04/05 17:35:20 | 000,094,040 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/04/05 17:35:20 | 000,078,936 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (SbTis)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/02/04 11:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2009/09/03 10:50:10 | 000,007,040 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\FNETURPX.SYS -- (FNETURPX)
DRV - [2009/09/03 10:50:06 | 000,017,792 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FNETTBOH.SYS -- (FNETTBOH)
DRV - [2009/07/14 18:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/19 02:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/10/29 05:40:28 | 001,062,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/08/09 19:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/04/19 14:13:00 | 000,131,368 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2006/11/29 18:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/01 19:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {60CCD3CB-7FD5-48D8-B14B-F1F3D51B859E}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{60CCD3CB-7FD5-48D8-B14B-F1F3D51B859E}: "URL" = http://search.aol.co...ionType=msie70a
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DACA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://tbsearch.ask....s}&locale=en_US
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DACA
IE - HKCU\..\SearchScopes\{D2107E96-119D-427F-9ADF-1AA1D2F3A1D4}: "URL" = http://search.aol.co...ionType=msie70a
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://ca.search.yah...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.8.0.8
FF - prefs.js..extensions.enabledItems: [email protected]:2.8.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}:7.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Neha\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/03/09 14:28:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/16 14:49:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/21 13:02:35 | 000,000,000 | ---D | M]

[2008/06/19 19:42:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Neha\AppData\Roaming\Mozilla\Extensions
[2012/05/19 22:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions
[2012/03/29 14:51:45 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012/02/18 22:49:50 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\[email protected]
[2012/05/19 22:58:41 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\[email protected]
[2012/01/03 19:36:32 | 000,000,000 | ---D | M] (SpeedFox) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\jid1-uabu5A9hduqzCw@jetpack
[2011/09/22 11:48:21 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\[email protected]
[2009/03/13 18:47:14 | 000,001,632 | ---- | M] () -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\searchplugins\live-search.xml
[2011/04/28 19:42:58 | 000,001,975 | ---- | M] () -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\searchplugins\plasmoo.xml
[2012/03/16 21:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/09 14:28:41 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2012/01/05 18:55:57 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\NEHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PJ9FTYCQ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/06/16 14:49:37 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/06 21:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/10/06 21:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/05/02 20:08:50 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/01/29 09:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/02 20:08:50 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/02 20:08:50 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/05/02 20:08:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/05/02 20:08:50 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U3 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Neha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Neha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Users\Neha\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Users\Neha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/15 12:16:42 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL Desktop 9.6\AOL.EXE (AOL Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Neha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A83CB25-9719-4FAF-9CFB-04D587A3997E}: DhcpNameServer = 205.188.146.145
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/18 12:01:13 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{29BDBEA0-3742-45D1-85B2-7E5342B3224A}
[2012/06/17 11:33:32 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{F471FD55-A777-471E-868A-06BB00C7FEF6}
[2012/06/15 12:16:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/15 11:44:24 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{15EF6B3F-F820-474C-A7E7-D2976CF3BED0}
[2012/06/14 09:05:53 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{936D4494-C1C4-4DC5-BD69-FD850E0AF989}
[2012/06/14 09:05:48 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{AC02759B-269F-4CC6-BD4D-A852F3415655}
[2012/06/13 14:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/06/12 16:30:15 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Neha\Desktop\aswMBR.exe
[2012/06/12 15:10:19 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Neha\Desktop\OTL.exe
[2012/06/12 14:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/12 14:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/12 14:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/12 11:43:59 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{5E3D5804-70A4-4DA8-92A7-950E0C394588}
[2012/06/12 11:43:56 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{7A35663F-C8FE-4CD6-B281-4E11473D8B20}
[2012/06/11 17:58:39 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\Macromedia
[2012/06/11 11:42:47 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{957C1CB0-92C4-449E-AF60-4D43836F9F0A}
[2012/06/11 11:42:40 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{83A43235-C135-42DA-946C-4077310BF759}
[2012/06/10 04:48:18 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{7B86856B-DCB3-4F10-AE05-11876775AC05}
[2012/06/10 04:48:16 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{D3DA8407-D5A5-445E-BBB2-9BD6D5EC47B3}
[2012/06/09 14:24:24 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{8A210DFA-BA78-4AB7-B932-DBB4C70C22E5}
[2012/06/09 14:24:22 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{E0B25819-CBCF-4C23-BFC0-C56F8FEA7B9D}
[2012/06/08 21:42:28 | 000,065,720 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2012/06/08 16:41:18 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{B2E14687-61F5-49F5-8098-E4618360EE85}
[2012/06/08 16:41:11 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{DED46F59-FFC6-4929-8907-55677E22012D}
[2012/06/07 11:13:37 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{C54880F8-816C-4E21-8C80-CAA91E4F3071}
[2012/06/07 11:13:33 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{3D83BEAF-40D7-43C7-B8F6-D0DF4B05DE1F}
[2012/06/06 17:00:29 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{5834C136-4787-4EE6-80C6-993AF8D6727F}
[2012/06/06 17:00:27 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{CA0C13D9-2825-423D-8FE2-1C735E7821E8}
[2012/06/05 11:41:38 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{C171FFA9-9E96-4510-9683-73CF7D6B5A7C}
[2012/06/05 11:41:36 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{BC198B53-3608-4B6F-9D3F-76C37B75ABEE}
[2012/06/04 22:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour Print Services
[2012/06/04 22:05:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour Print Services
[2012/06/04 12:23:58 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{49B38809-3E84-4F89-ACD7-2E6DC8750D7F}
[2012/06/04 12:23:51 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{C4A30D1E-4E1E-413E-A920-3EF1157ADF69}
[2012/06/03 14:39:50 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{98ACE8AD-705A-4A07-9BD7-DF2D891DB91A}
[2012/06/03 14:39:39 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{F7BC8DAF-00FC-457F-B797-51F0139FB04C}
[2012/05/31 11:42:57 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{E5504BBB-8E0C-4587-ADAD-622BA37D8816}
[2012/05/31 11:42:53 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{5138933D-E6E0-4562-8B7D-B9B38D2BAE4A}
[2012/05/30 06:58:24 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{F891425A-A7E9-4DD2-93D1-9A3C52B54C5C}
[2012/05/30 06:58:20 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{6C93F471-82D7-4019-A142-F7852D4E5A85}
[2012/05/28 11:42:07 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{D096871A-7CEE-4844-B026-E93D3F5407EC}
[2012/05/28 11:41:41 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{53EC1580-1810-42A5-9F7B-7728D61E41D5}
[2012/05/27 10:46:36 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{1A9BBDEF-EBEF-42B7-BA7A-D5F95602A3B5}
[2012/05/27 10:46:33 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{38E74845-5612-443D-8D3A-F210F4D083D3}
[2012/05/26 14:27:39 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{132982DD-9735-4583-9A84-2F92C3C0AC0E}
[2012/05/26 14:27:37 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{EDEECE6E-6AE6-4AB4-9350-A403640DAD02}
[2012/05/23 11:40:44 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{DCCA3D2A-5862-44C8-B9B0-74D55E49C475}
[2012/05/23 11:40:42 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{36A31B77-5A56-4F8F-B655-2CB25117701A}
[2012/05/22 16:50:17 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{63F7B1B9-7C32-4F45-92C4-3F6823AFEDA9}
[2012/05/22 16:50:14 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{C810D099-687E-4EE5-A3A2-4A78788976DD}
[2012/05/21 13:02:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/21 13:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/05/21 11:20:30 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{DD29147F-7A8A-47D6-8E67-D49C86A3B8A9}
[2012/05/21 11:20:24 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{E11C882B-E5AB-4C2E-8CF5-0797485EE7DD}
[2012/05/20 09:36:10 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{6020E1F5-B0E0-43F8-BE12-385C882F8966}
[2012/05/20 09:36:04 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{D16936BC-0FB2-4820-B490-AD6F143EB420}

========== Files - Modified Within 30 Days ==========

[2012/06/18 12:34:33 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/06/18 12:29:11 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/18 12:09:29 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/18 12:09:09 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/18 12:09:09 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/18 12:08:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/18 12:08:32 | 3152,535,552 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/18 12:07:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/06/17 21:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/17 20:33:38 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/06/17 12:58:25 | 000,031,498 | ---- | M] () -- C:\Users\Neha\AppData\Roaming\wklnhst.dat
[2012/06/15 14:13:59 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/06/15 12:16:42 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/06/14 23:35:14 | 000,000,965 | ---- | M] () -- C:\Users\Neha\Desktop\avptool_sysinfo - Shortcut.lnk
[2012/06/13 13:39:00 | 000,430,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/13 12:50:52 | 000,598,756 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/13 12:50:52 | 000,104,770 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/13 12:47:29 | 137,395,112 | ---- | M] () -- C:\Users\Neha\Desktop\setup_11.0.0.1245.x01_2012_06_13_08_47.exe
[2012/06/12 19:03:11 | 000,000,565 | ---- | M] () -- C:\Users\Neha\Desktop\MBR.zip
[2012/06/12 17:21:10 | 000,000,512 | ---- | M] () -- C:\Users\Neha\Desktop\MBR.dat
[2012/06/12 16:30:39 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Neha\Desktop\aswMBR.exe
[2012/06/12 15:10:23 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Neha\Desktop\OTL.exe
[2012/06/12 14:07:45 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/08 21:42:28 | 000,065,720 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2012/05/30 13:19:54 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/30 06:55:37 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/05/29 13:17:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job

========== Files Created - No Company Name ==========

[2012/06/14 23:35:14 | 000,000,965 | ---- | C] () -- C:\Users\Neha\Desktop\avptool_sysinfo - Shortcut.lnk
[2012/06/13 12:40:11 | 137,395,112 | ---- | C] () -- C:\Users\Neha\Desktop\setup_11.0.0.1245.x01_2012_06_13_08_47.exe
[2012/06/12 19:03:11 | 000,000,565 | ---- | C] () -- C:\Users\Neha\Desktop\MBR.zip
[2012/06/12 17:21:10 | 000,000,512 | ---- | C] () -- C:\Users\Neha\Desktop\MBR.dat
[2012/06/12 14:07:45 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/29 11:47:17 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2011/12/24 23:34:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/24 23:34:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/24 23:34:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/24 23:34:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/24 23:34:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/16 21:11:54 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/05/20 12:25:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== LOP Check ==========

[2011/09/24 14:36:19 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\Costco Photo Viewer CA-EN
[2011/05/28 15:53:21 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\DVDVideoSoftIEHelpers
[2009/03/20 14:56:49 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\gtk-2.0
[2009/03/20 16:56:38 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\Jasc
[2010/12/11 17:47:52 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\PCDr
[2011/05/15 21:47:18 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\QFX Software
[2012/02/25 00:02:58 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\Research In Motion
[2008/11/11 14:09:03 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\Template
[2011/12/24 22:25:02 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\Visan
[2011/10/19 19:54:56 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\Windows Live Writer
[2012/05/29 13:17:00 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012/05/30 06:55:37 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/06/18 12:07:32 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/17 20:33:38 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\School:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\Other:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\OneNote Notebooks:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\Goldie's Folder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Desktop\Goldie Pics:Roxio EMC Stream
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:3AEA6AF9

< End of report >

Edited by nehac, 18 June 2012 - 10:37 AM.

  • 0

#14
Render
Posted 18 June 2012 - 01:04 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. So you removed Stanza folder from startup manually?

Any problems still evident?
  • 0

#15
nehac
Posted 18 June 2012 - 01:16 PM

nehac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Yes I was able to delete it.
No problems at the moment
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP