Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help remove "websearch.mocaflix" from google chrome [Closed]

Started by Dave_83 , Nov 16 2012 10:56 AM

  • This topic is locked This topic is locked

#1
Dave_83
Posted 16 November 2012 - 10:56 AM

Dave_83

    Member

  • Member
  • PipPip
  • 75 posts
I have this websearch.mocaflix in my google chrome browser whenever i open it, and previously lost all the tabs saved.....I have no idea where this came from, please help me remove this.

Also the problem am facing is, in chrome 'settings > Continue where i left off' is disabled, even after i enable it.
  • 0

Advertisements

#2
godawgs
Posted 16 November 2012 - 12:04 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Dave, :)

Welcome to the Malware Removal Forum.

If you think that the problem is malware related, please go to the Malware and Spyware Cleaning Guide page and download the OTL tool and run the scan and post the logs.

If you don't think your problem is malware related please let me know and post your question in the Web Browsers and E-Mail forum and I will close this topic. The Tech staff have much more knowledge about individual programs than most of the Malware Techs.

Thanks,
godawgs
  • 0

#3
Dave_83
Posted 16 November 2012 - 12:54 PM

Dave_83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Thank you for the reply, Below is the log of OTL

OTL logfile created on: 17-11-2012 00:08:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SHARATH\Downloads\Programs
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

7.98 Gb Total Physical Memory | 5.51 Gb Available Physical Memory | 69.02% Memory free
15.96 Gb Paging File | 12.88 Gb Available in Paging File | 80.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 71.80 Gb Total Space | 8.18 Gb Free Space | 11.39% Space Free | Partition Type: NTFS
Drive D: | 100.01 Gb Total Space | 79.85 Gb Free Space | 79.85% Space Free | Partition Type: NTFS
Drive E: | 100.01 Gb Total Space | 89.30 Gb Free Space | 89.30% Space Free | Partition Type: NTFS
Drive F: | 14.98 Gb Total Space | 1.05 Gb Free Space | 7.01% Space Free | Partition Type: NTFS
Drive H: | 14.44 Gb Total Space | 4.91 Gb Free Space | 34.04% Space Free | Partition Type: FAT32

Computer Name: SHARATH-VAIO | User Name: SHARATH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-11-17 00:04:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SHARATH\Downloads\Programs\OTL.exe
PRC - [2012-11-01 03:45:08 | 001,242,136 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012-10-22 20:24:20 | 001,899,448 | ---- | M] (Bandoo Media Inc) -- C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngrUI.exe
PRC - [2012-07-31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012-07-28 02:21:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-03-19 17:08:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012-01-18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
PRC - [2011-12-16 13:21:12 | 000,246,688 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2011-12-16 13:21:10 | 001,687,968 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe
PRC - [2011-06-23 18:31:28 | 003,380,632 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2011-04-30 05:50:18 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011-03-06 05:12:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2011-03-06 05:12:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2011-02-25 23:16:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011-02-24 02:35:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2011-02-18 23:49:06 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011-02-16 00:17:02 | 002,757,312 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2011-02-15 01:53:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
PRC - [2011-02-02 01:50:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011-02-02 01:50:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011-01-29 18:06:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2010-11-27 13:25:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010-11-27 13:25:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010-09-14 07:02:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010-09-14 07:02:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010-05-25 19:58:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2010-03-10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009-10-01 21:32:04 | 004,584,288 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
PRC - [2008-11-10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2004-01-06 05:57:30 | 000,660,992 | ---- | M] (Think Less Do More Services) -- C:\Program Files (x86)\AvaFind\AvaFind.exe


========== Modules (No Company Name) ==========

MOD - [2012-11-01 03:45:05 | 000,460,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll
MOD - [2012-11-01 03:45:04 | 012,455,448 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
MOD - [2012-11-01 03:45:02 | 004,007,448 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
MOD - [2012-11-01 03:43:47 | 000,587,288 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\libglesv2.dll
MOD - [2012-11-01 03:43:46 | 000,123,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\libegl.dll
MOD - [2012-11-01 03:43:35 | 000,156,712 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avutil-51.dll
MOD - [2012-11-01 03:43:34 | 000,274,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avformat-54.dll
MOD - [2012-11-01 03:43:32 | 002,168,360 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll
MOD - [2012-10-11 16:24:00 | 000,427,520 | ---- | M] () -- c:\Program Files (x86)\MocaFlix\sprotector.dll
MOD - [2012-01-08 19:11:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011-08-13 09:43:54 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0acaaa18864b8ce389d6756876a269bc\IAStorUtil.ni.dll
MOD - [2011-08-13 09:43:54 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e38d1efe292b58ac295f4db70c873016\IAStorCommon.ni.dll
MOD - [2010-11-21 09:19:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
MOD - [2010-11-21 09:18:49 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2010-11-21 09:18:42 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2010-11-21 09:18:30 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll
MOD - [2010-11-21 09:18:25 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2010-11-21 09:18:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2010-11-21 09:18:21 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2010-11-21 09:18:14 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012-02-08 23:00:12 | 000,343,032 | ---- | M] (Nitro PDF Software) [Auto | Stopped] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2011-12-15 11:40:08 | 001,977,224 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV:64bit: - [2011-12-15 11:40:08 | 001,338,264 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV:64bit: - [2011-12-15 11:40:06 | 000,319,384 | R--- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2011-09-26 12:05:14 | 000,405,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Reliance Netconnect+\bin\MonServiceUDisk.exe -- (UDisk Monitor)
SRV:64bit: - [2011-05-20 07:45:44 | 000,549,616 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2011-03-30 21:39:12 | 001,021,112 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2011-02-28 22:59:18 | 000,852,160 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2011-02-19 10:45:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2011-02-19 10:32:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2011-02-15 01:53:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:64bit: - [2011-01-29 18:06:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2011-01-21 00:57:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2010-09-23 06:40:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010-06-29 23:19:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009-07-14 07:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012-10-13 21:33:37 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-07-28 02:21:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-07-13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-03-19 17:08:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012-01-18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Running] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011-12-16 13:21:12 | 000,246,688 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2011-04-30 05:50:18 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011-04-30 05:49:22 | 000,091,296 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011-03-29 11:43:25 | 002,361,344 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011-03-06 05:12:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2011-03-02 09:53:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011-02-25 23:16:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011-02-24 02:35:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2011-02-22 01:25:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2011-02-22 01:25:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2011-02-18 23:49:06 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011-02-02 01:50:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011-02-02 01:50:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011-01-21 00:46:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010-11-27 13:25:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010-09-14 07:02:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010-03-19 02:46:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-03-18 23:49:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010-03-10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-10-01 21:32:04 | 004,584,288 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2009-09-21 20:25:34 | 001,571,336 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service)
SRV - [2009-09-21 20:19:22 | 002,963,960 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe -- (SymSnapService)
SRV - [2009-06-11 02:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008-11-10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005-01-27 18:16:58 | 000,856,064 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Ahead\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-07-26 03:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012-04-19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012-01-31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011-12-23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011-12-16 21:23:01 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2011-06-09 21:20:58 | 000,153,248 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2011-04-30 05:49:36 | 000,288,416 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011-04-30 05:49:36 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011-04-30 05:49:36 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011-04-30 05:49:36 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011-04-30 05:49:36 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011-04-30 05:49:36 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011-04-30 05:49:36 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011-04-30 05:49:34 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011-04-30 05:49:34 | 000,051,872 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2011-03-29 14:44:07 | 000,173,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011-03-29 12:21:30 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011-03-29 11:45:05 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011-03-29 09:27:20 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011-03-11 12:11:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 12:11:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-02-22 20:57:05 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011-02-17 08:36:44 | 000,316,024 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011-02-16 18:20:45 | 002,377,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010-11-21 08:54:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-21 08:53:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010-11-21 08:53:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-21 08:53:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-11-04 10:15:54 | 000,120,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV:64bit: - [2010-10-20 05:04:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010-04-27 01:50:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2010-02-17 23:53:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010-02-17 23:53:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009-11-09 08:58:08 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009-10-01 22:03:40 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2009-09-21 20:40:14 | 000,020,528 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV:64bit: - [2009-09-21 20:26:10 | 000,054,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
DRV:64bit: - [2009-09-21 20:20:42 | 000,170,032 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\symsnap.sys -- (symsnap)
DRV:64bit: - [2009-07-14 07:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 07:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 07:17:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009-07-14 07:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-11 02:05:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009-06-11 02:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-11 02:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-11 02:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-11 02:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-27 03:02:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009-02-13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008-06-27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2011-08-26 15:11:26 | 000,035,256 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys -- (IObitUnlocker)
DRV - [2009-07-14 06:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005-01-27 22:37:28 | 000,027,776 | ---- | M] (Nero AG) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\InCDrm.sys -- (incdrm)
DRV - [2005-01-27 18:08:08 | 000,008,704 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\Windows\SysWow64\drivers\InCDrec.sys -- (InCDrec)
DRV - [2005-01-27 18:08:02 | 000,099,200 | ---- | M] (Nero AG) [File_System | Disabled | Stopped] -- C:\Windows\SysWow64\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005-01-27 18:07:34 | 000,028,928 | ---- | M] (Nero AG) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\InCDpass.sys -- (InCDPass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.mocaflix.com/
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.moc...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.babyl...00000ff45f9effe
IE - HKCU\..\SearchScopes\{5545F46F-FE6C-4DAE-B5FE-57C6EED890C9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{5CBA97C5-0D9F-4ADB-8E76-BCCA34970FDF}: "URL" = http://in.search.yah...f-8&fr=chr-yie9
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{A4C2F101-4697-4122-905C-B2A37BDF7944}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.moc...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
FF - prefs.js..extensions.enabledAddons: {7CEA821D-3DAB-4238-B424-BF7324531750}:0.6
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.22
FF - prefs.js..extensions.enabledAddons: {687578b9-7132-4a7a-80e4-30ee31099e03}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2
FF - prefs.js..keyword.URL: "http://dts.search-re...&o=APN10645&q="
FF - prefs.js..network.proxy.ftp: "192.168.1.3"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "192.168.1.3"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.socks: "192.168.1.3"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "192.168.1.3"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.defaulturl: "http://websearch.moc...ix.com/?l=1&q="
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\WordWeb\WCaptureMoz [2012-03-26 09:19:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012-09-02 20:55:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-10-24 00:46:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-10-24 00:46:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files (x86)\DAP\DAPFireFox [2012-03-02 23:28:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\SHARATH\AppData\Roaming\IDM\idmmzcc5 [2012-04-22 21:18:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\SHARATH\AppData\Roaming\IDM\idmmzcc5 [2012-04-22 21:18:37 | 000,000,000 | ---D | M]

[2012-11-10 20:27:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SHARATH\AppData\Roaming\mozilla\Extensions
[2012-11-10 20:27:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions
[2012-09-02 21:33:53 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012-08-13 16:30:38 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012-11-10 20:27:26 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
[2012-11-08 20:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\staged
[2012-05-02 18:10:48 | 000,265,248 | ---- | M] () (No name found) -- C:\Users\SHARATH\AppData\Roaming\mozilla\firefox\profiles\v9kc916q.default\extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}.xpi
[2012-09-10 21:17:04 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\SHARATH\AppData\Roaming\mozilla\firefox\profiles\v9kc916q.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012-11-10 20:27:22 | 000,002,687 | ---- | M] () -- C:\Users\SHARATH\AppData\Roaming\mozilla\firefox\profiles\v9kc916q.default\searchplugins\Search_Results.xml
[2012-11-08 20:19:50 | 000,000,544 | ---- | M] () -- C:\Users\SHARATH\AppData\Roaming\mozilla\firefox\profiles\v9kc916q.default\searchplugins\WebSearch.xml
[2012-11-10 20:27:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012-11-10 20:27:29 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES (X86)\SEARCH RESULTS TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2011-11-15 22:18:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011-12-09 22:53:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012-09-23 21:01:25 | 000,002,337 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011-11-15 18:14:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012-11-10 20:27:22 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2011-11-15 18:14:17 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://nemrod.se/
CHR - homepage: http://www.searchnu.com/406
CHR - Extension: No name found = C:\Users\SHARATH\AppData\Local\Google\Chrome\User Data\Default\Extensions\igmcemboopcbchcbdefocgmngommpmop\2_0\
CHR - Extension: No name found = C:\Users\SHARATH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\

O1 HOSTS File: ([2012-08-25 20:35:27 | 000,003,182 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 tonec.com
O1 - Hosts: 127.0.0.1 www.tonec.com
O1 - Hosts: 127.0.0.1 registeridm.com
O1 - Hosts: 127.0.0.1 www.registeridm.com
O1 - Hosts: 127.0.0.1 secure.registeridm.com
O1 - Hosts: 127.0.0.1 secure.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 mirror.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 mirror2.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com
O1 - Hosts: 127.0.0.1 192.150.14.69
O1 - Hosts: 127.0.0.1 192.150.18.101
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 192.150.22.40
O1 - Hosts: 127.0.0.1 192.150.8.100
O1 - Hosts: 127.0.0.1 192.150.8.118
O1 - Hosts: 127.0.0.1 209-34-83-73.ood.opsource.net
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 51 more lines...
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media Inc)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media Inc)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SaveAs Class) - {F1B0D0CA-B10B-C092-E7FA-9DF952968F49} - C:\ProgramData\SaveAs\509bc8a8750aa.ocx ()
O2 - BHO: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvaFind] C:\Program Files (x86)\AvaFind\AvaFind.exe (Think Less Do More Services)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngrUI.exe (Bandoo Media Inc)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [InCD] C:\Program Files (x86)\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe (Western Digital)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_4EE56885669B5D07FDBCB4E8D205AE34] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 4
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O8:64bit: - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm ()
O8:64bit: - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aces.gov.in ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: incometaxindiaefiling.gov.in ([]https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B57D2F4-A4D0-4B48-9DE9-E2F847474F0C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE0C6D8B-956B-46E5-AF87-E4D3337C4E08}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media Inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media Inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngr.dll (Bandoo Media Inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\IEBHO.dll (Bandoo Media Inc)
O20 - AppInit_DLLs: (c:\progra~2\mocaflix\sprote~1.dll) - c:\Program Files (x86)\MocaFlix\sprotector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{841b2080-6607-11e1-a568-78843cee444f}\Shell - "" = AutoRun
O33 - MountPoints2\{841b2080-6607-11e1-a568-78843cee444f}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{a915a10c-8653-11e1-9eb2-ccaf78d262a8}\Shell - "" = AutoRun
O33 - MountPoints2\{a915a10c-8653-11e1-9eb2-ccaf78d262a8}\Shell\AutoRun\command - "" = H:\Setup.exe /Auto
O33 - MountPoints2\{c8fc4629-2107-11e2-9d2d-78843cee444f}\Shell - "" = AutoRun
O33 - MountPoints2\{c8fc4629-2107-11e2-9d2d-78843cee444f}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{ddb93eb8-b081-11e1-ac66-78843cee444f}\Shell - "" = AutoRun
O33 - MountPoints2\{ddb93eb8-b081-11e1-ac66-78843cee444f}\Shell\AutoRun\command - "" = I:\Setup.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-11-14 10:10:33 | 000,000,000 | ---D | C] -- C:\Users\SHARATH\Desktop\Megaloblastic anemia - view of red blood cells - PubMed Health_files
[2012-11-13 23:16:18 | 000,000,000 | ---D | C] -- C:\Users\SHARATH\Desktop\presentation
[2012-11-10 20:30:01 | 000,000,000 | ---D | C] -- C:\Users\SHARATH\AppData\Roaming\TFP
[2012-11-10 20:29:41 | 000,000,000 | ---D | C] -- C:\Users\SHARATH\AppData\Local\Torch
[2012-11-10 20:27:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Results Toolbar
[2012-11-10 20:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012-11-10 20:27:02 | 000,000,000 | ---D | C] -- C:\Users\SHARATH\AppData\Local\iLivid
[2012-11-10 20:26:38 | 001,302,424 | ---- | C] (Bandoo Media Inc) -- C:\Users\SHARATH\Desktop\iLividSetup_2.exe
[2012-11-08 20:41:53 | 000,000,000 | ---D | C] -- C:\Users\SHARATH\Desktop\chats pendrive files
[2012-11-08 20:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MocaFlix
[2012-11-08 20:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012-11-08 20:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveAs
[2012-11-08 20:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs
[2012-11-08 20:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012-11-08 20:10:04 | 000,000,000 | ---D | C] -- C:\Users\SHARATH\Desktop\salma folder
[2012-11-03 16:43:07 | 000,000,000 | ---D | C] -- C:\Users\SHARATH\Desktop\infographic
[2012-10-28 20:15:44 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService
[2012-10-27 01:37:57 | 000,000,000 | R--D | C] -- C:\Users\SHARATH\Desktop\watson
[2012-10-24 00:49:04 | 000,000,000 | ---D | C] -- C:\Users\SHARATH\AppData\Local\Apple Computer
[2012-10-24 00:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012-10-24 00:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012-10-22 00:11:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012-10-19 11:25:30 | 000,000,000 | ---D | C] -- C:\Users\SHARATH\AppData\Local\{E751A6D4-E562-4C9F-B4B1-B0F69D2B8421}
[2012-10-19 11:25:30 | 000,000,000 | ---D | C] -- C:\Users\SHARATH\AppData\Local\{B5110AC9-4A87-400A-8CEA-5AF7BC6C6F3C}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-11-17 00:02:40 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-11-17 00:02:39 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-11-17 00:02:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-11-16 22:54:17 | 000,810,566 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-11-16 22:54:17 | 000,687,964 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-11-16 22:54:17 | 000,132,780 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-11-16 21:07:45 | 100,377,007 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012-11-16 21:04:03 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-11-16 21:04:03 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-11-16 20:59:22 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-11-16 20:59:22 | 000,000,410 | -H-- | M] () -- C:\Windows\tasks\OptimizerProUpdaterTask{29A41217-E6FE-4DE2-8FA4-A51B4D21BD46}.job
[2012-11-16 20:56:33 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012-11-16 14:05:16 | 000,168,960 | ---- | M] () -- C:\Users\SHARATH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-11-15 19:42:22 | 000,379,624 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012-11-14 10:11:45 | 000,153,062 | ---- | M] () -- C:\Users\SHARATH\Desktop\AutoimmuneDisorder.jpg
[2012-11-14 10:10:33 | 000,016,727 | ---- | M] () -- C:\Users\SHARATH\Desktop\Megaloblastic anemia - view of red blood cells - PubMed Health.htm
[2012-11-14 10:09:33 | 000,041,464 | ---- | M] () -- C:\Users\SHARATH\Desktop\megaloblastic-anemia.jpg
[2012-11-10 20:29:40 | 000,001,206 | ---- | M] () -- C:\Users\SHARATH\Desktop\Play Free Games.lnk
[2012-11-10 20:29:40 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
[2012-11-10 20:29:40 | 000,001,011 | ---- | M] () -- C:\Users\SHARATH\Application Data\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
[2012-11-10 20:29:40 | 000,001,009 | ---- | M] () -- C:\Users\SHARATH\Desktop\iLivid.lnk
[2012-11-10 20:26:40 | 001,302,424 | ---- | M] (Bandoo Media Inc) -- C:\Users\SHARATH\Desktop\iLividSetup_2.exe
[2012-11-10 16:28:51 | 000,754,831 | ---- | M] () -- C:\Users\SHARATH\Desktop\Pag. 161 - 173 In vitro mutagenesis.1160655442.pdf
[2012-11-06 02:19:19 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012-11-04 18:02:00 | 000,070,616 | ---- | M] () -- C:\Users\SHARATH\Desktop\vitmin-d source.jpg
[2012-11-04 17:56:22 | 001,161,616 | ---- | M] () -- C:\Users\SHARATH\Desktop\fwdvoltagegatedsodiumchannels.zip
[2012-11-04 17:26:28 | 011,801,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-11-03 18:11:43 | 005,247,227 | ---- | M] () -- C:\Users\SHARATH\Desktop\marketingebook.pdf
[2012-11-03 16:49:19 | 001,598,896 | ---- | M] () -- C:\Users\SHARATH\Desktop\2012-11-03_16.19.09[1] - justea office conference wall 2.jpg
[2012-11-03 16:49:04 | 001,545,576 | ---- | M] () -- C:\Users\SHARATH\Desktop\2012-11-03_16.16.13[1] - justeat office conference wall.jpg
[2012-11-03 16:45:57 | 002,851,384 | ---- | M] () -- C:\Users\SHARATH\Desktop\infographic.zip
[2012-11-02 20:31:41 | 000,088,643 | ---- | M] () -- C:\Users\SHARATH\Desktop\dog language.jpg
[2012-11-02 17:24:42 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012-11-01 23:27:23 | 000,018,888 | ---- | M] () -- C:\Users\SHARATH\Desktop\[isoHunt] 100 Hits - Dance Classics (with covers) a DHZ.Inc Release.torrent
[2012-11-01 23:26:48 | 000,026,728 | ---- | M] () -- C:\Users\SHARATH\Desktop\[isoHunt] 100 Hits 90s Dance (with covers) a DHZ.Inc Release.torrent
[2012-10-31 22:13:19 | 000,075,060 | ---- | M] () -- C:\Users\SHARATH\Desktop\wow car.jpg
[2012-10-31 17:14:32 | 000,001,456 | ---- | M] () -- C:\Users\SHARATH\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012-10-31 14:24:56 | 000,053,442 | ---- | M] () -- C:\Users\SHARATH\Desktop\[isoHunt] Ministry Of Sound - Electronic 80s 2 - 2010 [MP3 @ 320](oan).torrent
[2012-10-31 14:22:48 | 000,025,357 | ---- | M] () -- C:\Users\SHARATH\Desktop\[isoHunt] Beatport top 100 May 320KB TBS.torrent
[2012-10-30 01:53:36 | 000,364,538 | ---- | M] () -- C:\Windows\FontData.fdb
[2012-10-30 00:48:39 | 000,229,282 | ---- | M] () -- C:\Users\SHARATH\Desktop\TelephoneBill_556531_897539432.pdf
[2012-10-28 03:00:06 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\RegInOut Scheduled Scan - SHARATH.job
[2012-10-28 00:38:40 | 048,700,832 | ---- | M] () -- C:\Users\SHARATH\Desktop\Watson-J.D.-,-et-al-Molecular-Biology-of-the-Gene-5th-editi.pdf
[2012-10-28 00:10:28 | 003,596,073 | ---- | M] () -- C:\Users\SHARATH\Desktop\Molecular lect 10.06.pdf
[2012-10-27 23:40:45 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012-10-27 12:34:29 | 000,034,906 | ---- | M] () -- C:\Users\SHARATH\Desktop\FORM8A.pdf
[2012-10-25 23:41:59 | 046,030,413 | ---- | M] () -- C:\Users\SHARATH\Desktop\Barfi (2012) - DownloadMing.INFO (128 Kbps).zip
[2012-10-18 23:04:21 | 016,510,636 | ---- | M] () -- C:\Users\SHARATH\Desktop\Edward_Maya_Feat._Vika_Jigulina_-_Desert_Rain_(Edward_Maya_XTD_Club_Version_II).mp3
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-11-14 10:11:45 | 000,153,062 | ---- | C] () -- C:\Users\SHARATH\Desktop\AutoimmuneDisorder.jpg
[2012-11-14 10:10:32 | 000,016,727 | ---- | C] () -- C:\Users\SHARATH\Desktop\Megaloblastic anemia - view of red blood cells - PubMed Health.htm
[2012-11-14 10:09:33 | 000,041,464 | ---- | C] () -- C:\Users\SHARATH\Desktop\megaloblastic-anemia.jpg
[2012-11-10 20:29:40 | 000,001,206 | ---- | C] () -- C:\Users\SHARATH\Desktop\Play Free Games.lnk
[2012-11-10 20:29:40 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
[2012-11-10 20:29:40 | 000,001,017 | ---- | C] () -- C:\Users\SHARATH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
[2012-11-10 20:29:40 | 000,001,011 | ---- | C] () -- C:\Users\SHARATH\Application Data\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
[2012-11-10 20:29:40 | 000,001,009 | ---- | C] () -- C:\Users\SHARATH\Desktop\iLivid.lnk
[2012-11-10 16:28:49 | 000,754,831 | ---- | C] () -- C:\Users\SHARATH\Desktop\Pag. 161 - 173 In vitro mutagenesis.1160655442.pdf
[2012-11-08 20:19:22 | 000,000,410 | -H-- | C] () -- C:\Windows\tasks\OptimizerProUpdaterTask{29A41217-E6FE-4DE2-8FA4-A51B4D21BD46}.job
[2012-11-04 18:02:00 | 000,070,616 | ---- | C] () -- C:\Users\SHARATH\Desktop\vitmin-d source.jpg
[2012-11-04 17:56:21 | 001,161,616 | ---- | C] () -- C:\Users\SHARATH\Desktop\fwdvoltagegatedsodiumchannels.zip
[2012-11-03 18:11:17 | 005,247,227 | ---- | C] () -- C:\Users\SHARATH\Desktop\marketingebook.pdf
[2012-11-03 16:49:19 | 001,598,896 | ---- | C] () -- C:\Users\SHARATH\Desktop\2012-11-03_16.19.09[1] - justea office conference wall 2.jpg
[2012-11-03 16:49:04 | 001,545,576 | ---- | C] () -- C:\Users\SHARATH\Desktop\2012-11-03_16.16.13[1] - justeat office conference wall.jpg
[2012-11-03 16:45:56 | 002,851,384 | ---- | C] () -- C:\Users\SHARATH\Desktop\infographic.zip
[2012-11-02 20:31:40 | 000,088,643 | ---- | C] () -- C:\Users\SHARATH\Desktop\dog language.jpg
[2012-11-02 17:24:42 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012-11-01 23:27:23 | 000,018,888 | ---- | C] () -- C:\Users\SHARATH\Desktop\[isoHunt] 100 Hits - Dance Classics (with covers) a DHZ.Inc Release.torrent
[2012-11-01 23:26:48 | 000,026,728 | ---- | C] () -- C:\Users\SHARATH\Desktop\[isoHunt] 100 Hits 90s Dance (with covers) a DHZ.Inc Release.torrent
[2012-10-31 22:13:15 | 000,075,060 | ---- | C] () -- C:\Users\SHARATH\Desktop\wow car.jpg
[2012-10-31 14:24:56 | 000,053,442 | ---- | C] () -- C:\Users\SHARATH\Desktop\[isoHunt] Ministry Of Sound - Electronic 80s 2 - 2010 [MP3 @ 320](oan).torrent
[2012-10-31 14:22:47 | 000,025,357 | ---- | C] () -- C:\Users\SHARATH\Desktop\[isoHunt] Beatport top 100 May 320KB TBS.torrent
[2012-10-30 23:36:01 | 016,510,636 | ---- | C] () -- C:\Users\SHARATH\Desktop\Edward_Maya_Feat._Vika_Jigulina_-_Desert_Rain_(Edward_Maya_XTD_Club_Version_II).mp3
[2012-10-30 00:48:39 | 000,229,282 | ---- | C] () -- C:\Users\SHARATH\Desktop\TelephoneBill_556531_897539432.pdf
[2012-10-28 00:38:38 | 048,700,832 | ---- | C] () -- C:\Users\SHARATH\Desktop\Watson-J.D.-,-et-al-Molecular-Biology-of-the-Gene-5th-editi.pdf
[2012-10-28 00:10:21 | 003,596,073 | ---- | C] () -- C:\Users\SHARATH\Desktop\Molecular lect 10.06.pdf
[2012-10-27 23:40:45 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012-10-27 12:34:28 | 000,034,906 | ---- | C] () -- C:\Users\SHARATH\Desktop\FORM8A.pdf
[2012-10-25 23:39:00 | 046,030,413 | ---- | C] () -- C:\Users\SHARATH\Desktop\Barfi (2012) - DownloadMing.INFO (128 Kbps).zip
[2012-10-23 00:24:36 | 000,000,334 | ---- | C] () -- C:\Windows\tasks\At1.job
[2012-09-26 15:13:35 | 000,000,027 | ---- | C] () -- C:\Windows\GraphicsDesk.INI
[2012-06-16 13:15:04 | 000,005,894 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp CD Writer.dat
[2012-06-16 13:14:44 | 000,011,030 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2012-06-16 13:14:40 | 001,726,328 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2012-06-16 13:14:40 | 000,015,613 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2012-03-30 07:50:42 | 000,001,456 | ---- | C] () -- C:\Users\SHARATH\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012-03-24 22:23:20 | 000,168,960 | ---- | C] () -- C:\Users\SHARATH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-03-02 23:15:47 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2012-03-02 22:46:32 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012-03-02 22:46:32 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012-03-02 22:46:31 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012-03-02 22:46:31 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012-03-02 22:46:31 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012-03-02 11:58:48 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012-02-03 11:40:56 | 000,093,248 | ---- | C] () -- C:\Windows\SysWow64\TBRepair.dll
[2011-02-11 04:33:27 | 000,771,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009-07-14 10:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010-11-21 08:53:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010-11-21 08:54:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 07:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 08:54:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 07:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012-09-23 22:39:45 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Ableton
[2012-11-15 07:54:50 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\AvaFind Data
[2012-03-03 01:16:28 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\AVG2012
[2012-03-05 11:36:17 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Babylon
[2012-03-31 12:09:44 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012-11-16 21:05:29 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\DMCache
[2012-04-23 11:31:57 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Dropbox
[2012-05-01 20:59:01 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\EasiestSoft
[2012-10-21 19:24:55 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\FileZilla
[2012-03-26 14:06:32 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\GetRightToGo
[2012-09-26 15:13:13 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Hemera
[2012-10-31 14:18:35 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\IDM
[2012-03-02 22:46:15 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\IObit
[2012-09-12 15:50:14 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Nitro PDF
[2012-03-15 00:26:46 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\OpenCandy
[2012-08-06 12:55:32 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\PrimoPDF
[2012-08-25 19:17:49 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012-09-01 00:17:21 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Stardock
[2012-03-31 11:57:42 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\TeamViewer
[2012-03-26 12:55:49 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\TeraCopy
[2012-11-10 20:30:02 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\TFP
[2012-11-04 02:32:32 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\uTorrent
[2012-03-05 11:27:18 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Western Digital
[2012-06-28 13:27:31 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Windows Live Writer
[2012-09-10 15:23:43 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\winman
[2012-05-01 12:00:20 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\ZTEEVDO
[2012-05-01 11:56:16 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\ZTEMTUI

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:A9662AE0

< End of report >
  • 0

#4
godawgs
Posted 16 November 2012 - 06:17 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Dave,

I'm glad you decided to post a log here. You have some nasty Browser Helper Objects and Toolbars. You also have some bad URL's and toolbar files in your IE and Firefox settings. It also appears that your HOSTS file has been hijacked.

We should be able to get it sorted out. :) I want to see what programs the BHO's and Toolbars installed so I will need to see the Extras.txt file that OTL makes with it's first run. And as a preventive measure I want to get a look at your MBR.


Step-1.

When OTL runs the first time it creates a file named Extras.txt. It should be in the same directory you ran OTL from (In this case the C:\Users\SHARATH\Downloads\Programs folder. Please post the contents of that file.


Step-2.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe file to run it. (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click "No"

    Posted Image
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename executable to iexplore.exe and try it again.


Step-3.

Things For Your Next Post:
1. The Extras.txt log
2. The aswMBR log
  • 0

#5
Dave_83
Posted 17 November 2012 - 07:09 AM

Dave_83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Thank you for the reply :)

Attached is the Extras.txt and Scanned log from aswMBR.exe

Attached Files


  • 0

#6
godawgs
Posted 18 November 2012 - 12:47 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Dave, :)

In the future please don't attach logs unless I request it . It makes researching them harder. Just Copy and Paste them into your posts like you did the initial OTL,txt log

Hard-Drive Free Space Advice:
This is from the OTL log you posted:

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 71.80 Gb Total Space | 8.18 Gb Free Space | 11.39% Space Free | Partition Type: NTFS
Drive D: | 100.01 Gb Total Space | 79.85 Gb Free Space | 79.85% Space Free | Partition Type: NTFS
Drive E: | 100.01 Gb Total Space | 89.30 Gb Free Space | 89.30% Space Free | Partition Type: NTFS

This is considered dangerously low. A Hard-Drive requires a bare minimum of 15% available free space to be able to function correctly, but at least 25% is better in my humble opinion.

Disk free space this low may cause problems with any fixes we run. I advise you to uninstall some software you do not need and / or move any documents/files/pictures etc to a form of removable media. This is just my advice as the lack of current Hard-Drive space will be impacting on overall system performance. Plus eventually any type of system maintenance will prove to be problematic.

We need to uninstall an out of date program, some malicious programs and you have a peer to peer program on the computer.

You have the following Peer-to-Peer program(s) installed:

uTorrent

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing. We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.

All programs, folders and files listed below in this color are optional removals, but if you uninstall the program(s) you must delete the folders and files in the corresponding colors. All programs in black are malware or viruses or out of date programs and must be deleted, along with the corresponding folders and files in red.


Step-1.

Malicious program uninstalls and Optional Removals


1. Please click the Start Orb, click Control Panel. Under the Programs heading click Uninstall a program
1. Please click Start > Control Panel > Add/Remove Programs
2. In the list of programs installed, locate the following program(s):

Java™ 6 Update 22 (64-bit)
Java™ 6 Update 22
Babylon toolbar on IE
iLivid
iLivid
uTorrent

3. Click on each program to highlight it and click Change/Remove. (Vista/7 users: right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files (x86)\BabylonToolbar
C:\Users\SHARATH\AppData\Roaming\Babylon
C:\Users\SHARATH\AppData\Local\iLivid
C:\Program Files (x86)\uTorrentControl2
C:\Users\SHARATH\AppData\Roaming\uTorrent

2. Close Windows Explorer.


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[CREATERESTOREPOINT]

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.mocaflix.com/
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.moc...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.babyl...00000ff45f9effe
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.moc...q={searchTerms}
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
FF - prefs.js..keyword.URL: "http://dts.search-re...&o=APN10645&q="
FF - prefs.js..network.proxy.ftp: "192.168.1.3"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "192.168.1.3"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.socks: "192.168.1.3"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "192.168.1.3"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..browser.search.defaulturl: "http://websearch.moc...ix.com/?l=1&q="
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
[2012-11-10 20:27:26 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
[2012-11-10 20:27:22 | 000,002,687 | ---- | M] () -- C:\Users\SHARATH\AppData\Roaming\mozilla\firefox\profiles\v9kc916q.default\searchplugins\Search_Results.xml
[2012-11-10 20:27:29 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES (X86)\SEARCH RESULTS TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2012-09-23 21:01:25 | 000,002,337 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012-11-10 20:27:22 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
O2:64bit: - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media Inc)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media Inc)
O2 - BHO: (SaveAs Class) - {F1B0D0CA-B10B-C092-E7FA-9DF952968F49} - C:\ProgramData\SaveAs\509bc8a8750aa.ocx ()
O2 - BHO: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngrUI.exe (Bandoo Media Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media Inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media Inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngr.dll (Bandoo Media Inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\IEBHO.dll (Bandoo Media Inc)
O33 - MountPoints2\{841b2080-6607-11e1-a568-78843cee444f}\Shell - "" = AutoRun
O33 - MountPoints2\{841b2080-6607-11e1-a568-78843cee444f}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{a915a10c-8653-11e1-9eb2-ccaf78d262a8}\Shell - "" = AutoRun
O33 - MountPoints2\{a915a10c-8653-11e1-9eb2-ccaf78d262a8}\Shell\AutoRun\command - "" = H:\Setup.exe /Auto
O33 - MountPoints2\{c8fc4629-2107-11e2-9d2d-78843cee444f}\Shell - "" = AutoRun
O33 - MountPoints2\{c8fc4629-2107-11e2-9d2d-78843cee444f}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{ddb93eb8-b081-11e1-ac66-78843cee444f}\Shell - "" = AutoRun
O33 - MountPoints2\{ddb93eb8-b081-11e1-ac66-78843cee444f}\Shell\AutoRun\command - "" = I:\Setup.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe
[2012-11-10 20:26:38 | 001,302,424 | ---- | C] (Bandoo Media Inc) -- C:\Users\SHARATH\Desktop\iLividSetup_2.exe
[2012-11-06 02:19:19 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\At1.job

:FILES
ipconfig /flushdns /c

:COMMANDS
[RESETHOSTS]
[EMPTYTEMP]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image button. Post the log it produces in your next reply.


Step-3.

I need a file scanned.

Virustotal File Upload:

To use Virustotal go Here
Posted Image
  • Click the Choose File button in the middle of the screen. This will open a File Upload window.
  • On the File Upload window, in the File name box, type, or copy and paste the following and click Open:
    NOTE.. Only one file per scan

    • C:\Windows\SysWow64\BASSMOD.dll
    .
  • This will put the file in the box on the Virustotal page.
  • Click the Scan it! button.
  • Please be patient while the file is scanned. It may take several minutes.
  • Once the scan results appear, please provide them in your next reply, or copy and paste the Virustotal link(s) (URL) in your next reply.

Step-4.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.
Doubleclick the FSS.exe file to run it. (Vista and 7 users may need to right click the file and click Run as Administrator)
  • Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step-5.

Run RogueKiller

  • Download RogueKiller and save it on your desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop
Please post:

All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again.


Step-6.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the files unless I request it.
1. Let me know how the uninstalls went
2. The OTL fixes log
3. The new OTL.txt log
4. The VirusTotal results or link
5. The Fee.txt log
6. The RKreports.txt log
  • 0

#7
Dave_83
Posted 20 November 2012 - 11:04 AM

Dave_83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Will post the log from here on, won't attached it.

1) Program uninstall went well.

2) The OTL fixes log >>

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Prefs.js: "http://www.searchnu.com/406" removed from browser.startup.homepage
Prefs.js: "http://dts.search-re...&o=APN10645&q=" removed from keyword.URL
Prefs.js: "192.168.1.3" removed from network.proxy.ftp
Prefs.js: 3128 removed from network.proxy.ftp_port
Prefs.js: "192.168.1.3" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
Prefs.js: "192.168.1.3" removed from network.proxy.socks
Prefs.js: 3128 removed from network.proxy.socks_port
Prefs.js: "192.168.1.3" removed from network.proxy.ssl
Prefs.js: 3128 removed from network.proxy.ssl_port
Prefs.js: "http://websearch.moc...ix.com/?l=1&q=" removed from browser.search.defaulturl
Prefs.js: S", "WebSearch" removed from browser.search.order.1,S
Prefs.js: S", "WebSearch" removed from browser.search.defaultenginename,S
Prefs.js: S", "WebSearch" removed from browser.search.selectedEngine,S
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\components folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\searchbar folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\options folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\uwa folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\panels\images folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\panels\default folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\panels\css folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\panels folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\debugbar folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\locale\toolbar folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\locale\lib folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\locale folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\data\weather folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\data\search folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\data folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\content\widgets\net.vmn.www.RadioBeta folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\content\widgets\com.djboxservice.dj.DJBox folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\content\widgets folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\content\modules folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\content\lib folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\content folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f} folder moved successfully.
C:\Users\SHARATH\AppData\Roaming\mozilla\firefox\profiles\v9kc916q.default\searchplugins\Search_Results.xml moved successfully.
C:\PROGRAM FILES (X86)\SEARCH RESULTS TOOLBAR\DATAMNGR\FIREFOXEXTENSION\content folder moved successfully.
C:\PROGRAM FILES (X86)\SEARCH RESULTS TOOLBAR\DATAMNGR\FIREFOXEXTENSION\components folder moved successfully.
C:\PROGRAM FILES (X86)\SEARCH RESULTS TOOLBAR\DATAMNGR\FIREFOXEXTENSION folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}\ deleted successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\BrowserConnection.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
File C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}\ deleted successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\BrowserConnection.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1B0D0CA-B10B-C092-E7FA-9DF952968F49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F1B0D0CA-B10B-C092-E7FA-9DF952968F49}\ deleted successfully.
C:\ProgramData\SaveAs\509bc8a8750aa.ocx moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f34c9277-6577-4dff-b2d7-7d58092f272f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f34c9277-6577-4dff-b2d7-7d58092f272f}\ deleted successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
File C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{f34c9277-6577-4dff-b2d7-7d58092f272f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f34c9277-6577-4dff-b2d7-7d58092f272f}\ not found.
File C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngrUI.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWindowsUpdate deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsNetHood deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveTrack deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoInternetOpenWith deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuMorePrograms deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll deleted successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\datamngr.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll deleted successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\IEBHO.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll deleted successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll deleted successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\IEBHO.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{841b2080-6607-11e1-a568-78843cee444f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{841b2080-6607-11e1-a568-78843cee444f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{841b2080-6607-11e1-a568-78843cee444f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{841b2080-6607-11e1-a568-78843cee444f}\ not found.
File "I:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a915a10c-8653-11e1-9eb2-ccaf78d262a8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a915a10c-8653-11e1-9eb2-ccaf78d262a8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a915a10c-8653-11e1-9eb2-ccaf78d262a8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a915a10c-8653-11e1-9eb2-ccaf78d262a8}\ not found.
File H:\Setup.exe /Auto not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8fc4629-2107-11e2-9d2d-78843cee444f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8fc4629-2107-11e2-9d2d-78843cee444f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8fc4629-2107-11e2-9d2d-78843cee444f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8fc4629-2107-11e2-9d2d-78843cee444f}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddb93eb8-b081-11e1-ac66-78843cee444f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddb93eb8-b081-11e1-ac66-78843cee444f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddb93eb8-b081-11e1-ac66-78843cee444f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddb93eb8-b081-11e1-ac66-78843cee444f}\ not found.
File I:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File I:\AutoRun.exe not found.
C:\Users\SHARATH\Desktop\iLividSetup_2.exe moved successfully.
C:\Windows\Tasks\At1.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\SHARATH\Downloads\Programs\cmd.bat deleted successfully.
C:\Users\SHARATH\Downloads\Programs\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: SHARATH
->Temp folder emptied: 5581557 bytes
->Temporary Internet Files folder emptied: 284411950 bytes
->Java cache emptied: 229221 bytes
->FireFox cache emptied: 94346540 bytes
->Google Chrome cache emptied: 333634094 bytes
->Flash cache emptied: 5180 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6035625 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 325079418 bytes

Total Files Cleaned = 1,001.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11202012_203946

Files\Folders moved on Reboot...
C:\Users\SHARATH\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\SHARATH\AppData\Local\Temp\~DF1628E5EBC94C4B0C.TMP not found!
File\Folder C:\Users\SHARATH\AppData\Local\Temp\~DF661C1E2DC09CA672.TMP not found!
File\Folder C:\Users\SHARATH\AppData\Local\Temp\~DF8D8A26A60358FA0C.TMP not found!
File\Folder C:\Users\SHARATH\AppData\Local\Temp\~DF9F4D12447DEBEEA6.TMP not found!
File\Folder C:\Users\SHARATH\AppData\Local\Temp\~DFA35F755776915BD9.TMP not found!
File\Folder C:\Users\SHARATH\AppData\Local\Temp\~DFB8BA64C2B27DAAB9.TMP not found!
File\Folder C:\Users\SHARATH\AppData\Local\Temp\~DFD82714096727E665.TMP not found!
File\Folder C:\Users\SHARATH\AppData\Local\Temp\~DFDAEBB5A12FF3601E.TMP not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



------------------------------------------------------------------------------------------------------------------------------------------------



3) The new OTL.txt log >>

OTL logfile created on: 20-11-2012 21:01:48 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SHARATH\Downloads\Programs
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

7.98 Gb Total Physical Memory | 5.69 Gb Available Physical Memory | 71.31% Memory free
15.96 Gb Paging File | 13.38 Gb Available in Paging File | 83.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 71.80 Gb Total Space | 2.72 Gb Free Space | 3.79% Space Free | Partition Type: NTFS
Drive D: | 100.01 Gb Total Space | 87.83 Gb Free Space | 87.83% Space Free | Partition Type: NTFS
Drive E: | 100.01 Gb Total Space | 89.30 Gb Free Space | 89.30% Space Free | Partition Type: NTFS
Drive F: | 14.98 Gb Total Space | 1.05 Gb Free Space | 7.01% Space Free | Partition Type: NTFS
Drive K: | 931.48 Gb Total Space | 75.12 Gb Free Space | 8.07% Space Free | Partition Type: NTFS

Computer Name: SHARATH-VAIO | User Name: SHARATH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-11-17 00:04:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SHARATH\Downloads\Programs\OTL.exe
PRC - [2012-11-01 03:45:08 | 001,242,136 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012-09-12 12:17:12 | 000,445,624 | ---- | M] (Sony) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2012-07-31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012-07-28 02:21:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-04-30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2012-03-19 17:08:47 | 007,357,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012-03-19 17:08:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012-03-19 16:59:38 | 000,106,368 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011-12-16 13:21:12 | 000,246,688 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2011-12-16 13:21:10 | 001,687,968 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe
PRC - [2011-06-23 18:31:28 | 003,380,632 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2011-04-30 05:50:18 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011-03-06 05:12:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2011-03-06 05:12:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2011-02-25 23:16:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011-02-24 02:35:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2011-02-18 23:49:06 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011-02-16 00:17:02 | 002,757,312 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2011-02-02 01:50:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011-02-02 01:50:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011-01-29 18:06:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2010-11-27 13:25:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010-11-27 13:25:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010-09-14 07:02:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010-09-14 07:02:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010-05-25 19:58:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2010-03-10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009-10-01 21:32:04 | 004,584,288 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
PRC - [2008-11-10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2004-01-06 05:57:30 | 000,660,992 | ---- | M] (Think Less Do More Services) -- C:\Program Files (x86)\AvaFind\AvaFind.exe


========== Modules (No Company Name) ==========

MOD - [2012-11-01 03:45:05 | 000,460,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll
MOD - [2012-11-01 03:45:04 | 012,455,448 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
MOD - [2012-11-01 03:45:02 | 004,007,448 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
MOD - [2012-11-01 03:43:47 | 000,587,288 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\libglesv2.dll
MOD - [2012-11-01 03:43:46 | 000,123,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\libegl.dll
MOD - [2012-11-01 03:43:35 | 000,156,712 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avutil-51.dll
MOD - [2012-11-01 03:43:34 | 000,274,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avformat-54.dll
MOD - [2012-11-01 03:43:32 | 002,168,360 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll
MOD - [2012-10-11 16:24:00 | 000,427,520 | ---- | M] () -- c:\Program Files (x86)\MocaFlix\sprotector.dll
MOD - [2012-09-28 10:06:06 | 000,594,432 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
MOD - [2012-05-24 11:50:32 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
MOD - [2012-04-30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2012-04-30 11:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2012-01-08 19:11:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011-08-13 09:43:54 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0acaaa18864b8ce389d6756876a269bc\IAStorUtil.ni.dll
MOD - [2011-08-13 09:43:54 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e38d1efe292b58ac295f4db70c873016\IAStorCommon.ni.dll
MOD - [2011-07-07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
MOD - [2010-11-21 09:19:18 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\da5da08245467818759aa44c4eb948e1\System.Web.ni.dll
MOD - [2010-11-21 09:19:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
MOD - [2010-11-21 09:18:49 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2010-11-21 09:18:42 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2010-11-21 09:18:30 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll
MOD - [2010-11-21 09:18:25 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2010-11-21 09:18:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2010-11-21 09:18:21 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2010-11-21 09:18:14 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
MOD - [2010-01-11 16:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012-02-08 23:00:12 | 000,343,032 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2011-12-15 11:40:08 | 001,977,224 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV:64bit: - [2011-12-15 11:40:08 | 001,338,264 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV:64bit: - [2011-12-15 11:40:06 | 000,319,384 | R--- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2011-09-26 12:05:14 | 000,405,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Reliance Netconnect+\bin\MonServiceUDisk.exe -- (UDisk Monitor)
SRV:64bit: - [2011-05-20 07:45:44 | 000,549,616 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2011-03-30 21:39:12 | 001,021,112 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2011-02-28 22:59:18 | 000,852,160 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2011-02-19 10:45:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2011-02-19 10:32:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2011-02-15 01:53:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:64bit: - [2011-01-29 18:06:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Start_Pending] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2011-01-21 00:57:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2010-09-23 06:40:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010-06-29 23:19:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009-07-14 07:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012-10-13 21:33:37 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-07-28 02:21:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-07-13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-03-19 17:08:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012-01-18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011-12-16 13:21:12 | 000,246,688 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2011-04-30 05:50:18 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011-04-30 05:49:22 | 000,091,296 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011-03-29 11:43:25 | 002,361,344 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011-03-06 05:12:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2011-03-02 09:53:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011-02-25 23:16:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011-02-24 02:35:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2011-02-22 01:25:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2011-02-22 01:25:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2011-02-18 23:49:06 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011-02-02 01:50:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011-02-02 01:50:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011-01-21 00:46:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010-11-27 13:25:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010-09-14 07:02:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010-03-19 02:46:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-03-18 23:49:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010-03-10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-10-01 21:32:04 | 004,584,288 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2009-09-21 20:25:34 | 001,571,336 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service)
SRV - [2009-09-21 20:19:22 | 002,963,960 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe -- (SymSnapService)
SRV - [2009-06-11 02:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008-11-10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005-01-27 18:16:58 | 000,856,064 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Ahead\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-07-26 03:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012-04-19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012-01-31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011-12-23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011-12-16 21:23:01 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2011-06-09 21:20:58 | 000,153,248 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2011-04-30 05:49:36 | 000,288,416 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011-04-30 05:49:36 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011-04-30 05:49:36 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011-04-30 05:49:36 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011-04-30 05:49:36 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011-04-30 05:49:36 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011-04-30 05:49:36 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011-04-30 05:49:34 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011-04-30 05:49:34 | 000,051,872 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2011-03-29 14:44:07 | 000,173,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011-03-29 12:21:30 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011-03-29 11:45:05 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011-03-29 09:27:20 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011-03-11 12:11:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 12:11:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-02-22 20:57:05 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011-02-17 08:36:44 | 000,316,024 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011-02-16 18:20:45 | 002,377,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010-11-21 08:54:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-21 08:53:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010-11-21 08:53:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-21 08:53:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-11-04 10:15:54 | 000,120,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV:64bit: - [2010-10-20 05:04:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010-04-27 01:50:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2010-02-17 23:53:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010-02-17 23:53:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009-11-09 08:58:08 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009-10-01 22:03:40 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2009-09-21 20:40:14 | 000,020,528 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV:64bit: - [2009-09-21 20:26:10 | 000,054,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
DRV:64bit: - [2009-09-21 20:20:42 | 000,170,032 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\symsnap.sys -- (symsnap)
DRV:64bit: - [2009-07-14 07:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 07:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 07:17:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009-07-14 07:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-11 02:05:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009-06-11 02:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-11 02:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-11 02:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-11 02:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-27 03:02:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009-02-13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008-06-27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2011-08-26 15:11:26 | 000,035,256 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys -- (IObitUnlocker)
DRV - [2009-07-14 06:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005-01-27 22:37:28 | 000,027,776 | ---- | M] (Nero AG) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\InCDrm.sys -- (incdrm)
DRV - [2005-01-27 18:08:08 | 000,008,704 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\Windows\SysWow64\drivers\InCDrec.sys -- (InCDrec)
DRV - [2005-01-27 18:08:02 | 000,099,200 | ---- | M] (Nero AG) [File_System | Disabled | Stopped] -- C:\Windows\SysWow64\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005-01-27 18:07:34 | 000,028,928 | ---- | M] (Nero AG) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\InCDpass.sys -- (InCDPass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{5545F46F-FE6C-4DAE-B5FE-57C6EED890C9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{5CBA97C5-0D9F-4ADB-8E76-BCCA34970FDF}: "URL" = http://in.search.yah...f-8&fr=chr-yie9
IE - HKCU\..\SearchScopes\{A4C2F101-4697-4122-905C-B2A37BDF7944}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledAddons: {7CEA821D-3DAB-4238-B424-BF7324531750}:0.6
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.22
FF - prefs.js..extensions.enabledAddons: {687578b9-7132-4a7a-80e4-30ee31099e03}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2
FF - prefs.js..network.proxy.ftp: ""
FF - prefs.js..network.proxy.ftp_port: ""
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.socks: ""
FF - prefs.js..network.proxy.socks_port: ""
FF - prefs.js..network.proxy.ssl: ""
FF - prefs.js..network.proxy.ssl_port: ""
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1,: ""
FF - prefs.js..browser.search.defaultenginename,: ""
FF - prefs.js..browser.search.selectedEngine,: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\WordWeb\WCaptureMoz [2012-03-26 09:19:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012-09-02 20:55:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-10-24 00:46:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-10-24 00:46:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files (x86)\DAP\DAPFireFox [2012-03-02 23:28:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\SHARATH\AppData\Roaming\IDM\idmmzcc5 [2012-04-22 21:18:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\SHARATH\AppData\Roaming\IDM\idmmzcc5 [2012-04-22 21:18:37 | 000,000,000 | ---D | M]

[2012-11-10 20:27:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SHARATH\AppData\Roaming\mozilla\Extensions
[2012-11-10 20:27:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions
[2012-09-02 21:33:53 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012-08-13 16:30:38 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012-11-08 20:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\staged
[2012-05-02 18:10:48 | 000,265,248 | ---- | M] () (No name found) -- C:\Users\SHARATH\AppData\Roaming\mozilla\firefox\profiles\v9kc916q.default\extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}.xpi
[2012-09-10 21:17:04 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\SHARATH\AppData\Roaming\mozilla\firefox\profiles\v9kc916q.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012-11-08 20:19:50 | 000,000,544 | ---- | M] () -- C:\Users\SHARATH\AppData\Roaming\mozilla\firefox\profiles\v9kc916q.default\searchplugins\WebSearch.xml
[2012-11-10 20:27:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\SEARCH RESULTS TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2011-11-15 22:18:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011-12-09 22:53:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011-11-15 18:14:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011-11-15 18:14:17 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://nemrod.se/
CHR - homepage: http://www.searchnu.com/406
CHR - Extension: No name found = C:\Users\SHARATH\AppData\Local\Google\Chrome\User Data\Default\Extensions\igmcemboopcbchcbdefocgmngommpmop\2_0\
CHR - Extension: No name found = C:\Users\SHARATH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\

O1 HOSTS File: ([2012-11-20 20:40:30 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvaFind] C:\Program Files (x86)\AvaFind\AvaFind.exe (Think Less Do More Services)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [InCD] C:\Program Files (x86)\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe (Western Digital)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_4EE56885669B5D07FDBCB4E8D205AE34] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 4
O8:64bit: - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm ()
O8:64bit: - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aces.gov.in ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: incometaxindiaefiling.gov.in ([]https in Trusted sites)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B57D2F4-A4D0-4B48-9DE9-E2F847474F0C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE0C6D8B-956B-46E5-AF87-E4D3337C4E08}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\mocaflix\sprote~1.dll) - c:\Program Files (x86)\MocaFlix\sprotector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-08-29 15:39:38 | 000,000,000 | ---D | M] - K:\AUTORUN -- [ NTFS ]
O32 - AutoRun File - [2012-08-29 15:39:58 | 000,000,065 | ---- | M] () - K:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-11-20 20:39:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-11-20 19:49:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012-11-17 18:32:40 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\SHARATH\Desktop\aswMBR.exe
[2012-11-14 10:10:33 | 000,000,000 | ---D | C] -- C:\Users\SHARATH\Desktop\Megaloblastic anemia - view of red blood cells - PubMed Health_files
[2012-11-13 23:16:18 | 000,000,000 | ---D | C] -- C:\Users\SHARATH\Desktop\presentation
[2012-11-10 20:30:01 | 000,000,000 | ---D | C] -- C:\Users\SHARATH\AppData\Roaming\TFP
[2012-11-10 20:29:41 | 000,000,000 | ---D | C] -- C:\Users\SHARATH\AppData\Local\Torch
[2012-11-10 20:27:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Results Toolbar
[2012-11-10 20:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012-11-08 20:41:53 | 000,000,000 | ---D | C] -- C:\Users\SHARATH\Desktop\chats pendrive files
[2012-11-08 20:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MocaFlix
[2012-11-08 20:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012-11-08 20:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveAs
[2012-11-08 20:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs
[2012-11-08 20:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012-11-08 20:10:04 | 000,000,000 | ---D | C] -- C:\Users\SHARATH\Desktop\salma folder
[2012-11-03 16:43:07 | 000,000,000 | ---D | C] -- C:\Users\SHARATH\Desktop\infographic
[2012-10-28 20:15:44 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService
[2012-10-27 01:37:57 | 000,000,000 | R--D | C] -- C:\Users\SHARATH\Desktop\watson
[2012-10-24 00:49:04 | 000,000,000 | ---D | C] -- C:\Users\SHARATH\AppData\Local\Apple Computer
[2012-10-24 00:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012-10-24 00:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012-10-22 00:11:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

========== Files - Modified Within 30 Days ==========

[2012-11-20 21:01:09 | 000,810,566 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-11-20 21:01:09 | 000,687,964 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-11-20 21:01:09 | 000,132,780 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-11-20 21:01:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-11-20 20:56:14 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-11-20 20:56:12 | 000,000,410 | -H-- | M] () -- C:\Windows\tasks\OptimizerProUpdaterTask{29A41217-E6FE-4DE2-8FA4-A51B4D21BD46}.job
[2012-11-20 20:55:56 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012-11-20 20:55:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-11-20 20:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-11-20 20:40:30 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012-11-20 20:03:23 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-11-20 20:03:23 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-11-20 19:43:53 | 100,707,528 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012-11-20 17:44:36 | 000,001,456 | ---- | M] () -- C:\Users\SHARATH\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012-11-20 16:52:45 | 000,108,486 | ---- | M] () -- C:\Users\SHARATH\Desktop\timescity-logo-new-1.zip
[2012-11-20 15:19:37 | 000,163,688 | ---- | M] () -- C:\Users\SHARATH\Desktop\620X300.jpg
[2012-11-20 15:08:20 | 002,519,093 | ---- | M] () -- C:\Users\SHARATH\Desktop\chefs-table.psd
[2012-11-20 15:08:07 | 000,018,274 | ---- | M] () -- C:\Users\SHARATH\Desktop\chefs-table-banner.jpg
[2012-11-20 15:01:19 | 000,026,437 | ---- | M] () -- C:\Users\SHARATH\Desktop\chefs-table.jpg
[2012-11-20 14:56:37 | 000,225,439 | ---- | M] () -- C:\Users\SHARATH\Desktop\screenshot1.png
[2012-11-20 14:54:48 | 000,467,020 | ---- | M] () -- C:\Users\SHARATH\Desktop\One.psd
[2012-11-18 03:51:33 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\RegInOut Scheduled Scan - SHARATH.job
[2012-11-17 18:36:22 | 000,000,512 | ---- | M] () -- C:\Users\SHARATH\Desktop\MBR.dat
[2012-11-17 18:33:02 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\SHARATH\Desktop\aswMBR.exe
[2012-11-16 14:05:16 | 000,168,960 | ---- | M] () -- C:\Users\SHARATH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-11-15 19:42:22 | 000,379,624 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012-11-14 10:11:45 | 000,153,062 | ---- | M] () -- C:\Users\SHARATH\Desktop\AutoimmuneDisorder.jpg
[2012-11-14 10:10:33 | 000,016,727 | ---- | M] () -- C:\Users\SHARATH\Desktop\Megaloblastic anemia - view of red blood cells - PubMed Health.htm
[2012-11-14 10:09:33 | 000,041,464 | ---- | M] () -- C:\Users\SHARATH\Desktop\megaloblastic-anemia.jpg
[2012-11-10 16:28:51 | 000,754,831 | ---- | M] () -- C:\Users\SHARATH\Desktop\Pag. 161 - 173 In vitro mutagenesis.1160655442.pdf
[2012-11-05 17:41:52 | 006,214,848 | ---- | M] () -- C:\Users\SHARATH\Desktop\timescity-logo-new-1.eps
[2012-11-04 18:02:00 | 000,070,616 | ---- | M] () -- C:\Users\SHARATH\Desktop\vitmin-d source.jpg
[2012-11-04 17:56:22 | 001,161,616 | ---- | M] () -- C:\Users\SHARATH\Desktop\fwdvoltagegatedsodiumchannels.zip
[2012-11-04 17:26:28 | 011,801,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-11-03 18:11:43 | 005,247,227 | ---- | M] () -- C:\Users\SHARATH\Desktop\marketingebook.pdf
[2012-11-03 16:49:19 | 001,598,896 | ---- | M] () -- C:\Users\SHARATH\Desktop\2012-11-03_16.19.09[1] - justea office conference wall 2.jpg
[2012-11-03 16:49:04 | 001,545,576 | ---- | M] () -- C:\Users\SHARATH\Desktop\2012-11-03_16.16.13[1] - justeat office conference wall.jpg
[2012-11-03 16:45:57 | 002,851,384 | ---- | M] () -- C:\Users\SHARATH\Desktop\infographic.zip
[2012-11-02 20:31:41 | 000,088,643 | ---- | M] () -- C:\Users\SHARATH\Desktop\dog language.jpg
[2012-11-02 17:24:42 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012-11-01 23:27:23 | 000,018,888 | ---- | M] () -- C:\Users\SHARATH\Desktop\[isoHunt] 100 Hits - Dance Classics (with covers) a DHZ.Inc Release.torrent
[2012-11-01 23:26:48 | 000,026,728 | ---- | M] () -- C:\Users\SHARATH\Desktop\[isoHunt] 100 Hits 90s Dance (with covers) a DHZ.Inc Release.torrent
[2012-10-31 22:13:19 | 000,075,060 | ---- | M] () -- C:\Users\SHARATH\Desktop\wow car.jpg
[2012-10-31 14:24:56 | 000,053,442 | ---- | M] () -- C:\Users\SHARATH\Desktop\[isoHunt] Ministry Of Sound - Electronic 80s 2 - 2010 [MP3 @ 320](oan).torrent
[2012-10-31 14:22:48 | 000,025,357 | ---- | M] () -- C:\Users\SHARATH\Desktop\[isoHunt] Beatport top 100 May 320KB TBS.torrent
[2012-10-30 01:53:36 | 000,364,538 | ---- | M] () -- C:\Windows\FontData.fdb
[2012-10-30 00:48:39 | 000,229,282 | ---- | M] () -- C:\Users\SHARATH\Desktop\TelephoneBill_556531_897539432.pdf
[2012-10-28 00:38:40 | 048,700,832 | ---- | M] () -- C:\Users\SHARATH\Desktop\Watson-J.D.-,-et-al-Molecular-Biology-of-the-Gene-5th-editi.pdf
[2012-10-28 00:10:28 | 003,596,073 | ---- | M] () -- C:\Users\SHARATH\Desktop\Molecular lect 10.06.pdf
[2012-10-27 23:40:45 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012-10-27 12:34:29 | 000,034,906 | ---- | M] () -- C:\Users\SHARATH\Desktop\FORM8A.pdf
[2012-10-25 23:41:59 | 046,030,413 | ---- | M] () -- C:\Users\SHARATH\Desktop\Barfi (2012) - DownloadMing.INFO (128 Kbps).zip

========== Files Created - No Company Name ==========

[2012-11-20 16:53:45 | 006,214,848 | ---- | C] () -- C:\Users\SHARATH\Desktop\timescity-logo-new-1.eps
[2012-11-20 16:52:45 | 000,108,486 | ---- | C] () -- C:\Users\SHARATH\Desktop\timescity-logo-new-1.zip
[2012-11-20 15:19:36 | 000,163,688 | ---- | C] () -- C:\Users\SHARATH\Desktop\620X300.jpg
[2012-11-20 15:08:19 | 002,519,093 | ---- | C] () -- C:\Users\SHARATH\Desktop\chefs-table.psd
[2012-11-20 15:08:07 | 000,018,274 | ---- | C] () -- C:\Users\SHARATH\Desktop\chefs-table-banner.jpg
[2012-11-20 15:01:18 | 000,026,437 | ---- | C] () -- C:\Users\SHARATH\Desktop\chefs-table.jpg
[2012-11-20 14:56:37 | 000,225,439 | ---- | C] () -- C:\Users\SHARATH\Desktop\screenshot1.png
[2012-11-20 14:54:48 | 000,467,020 | ---- | C] () -- C:\Users\SHARATH\Desktop\One.psd
[2012-11-17 18:36:22 | 000,000,512 | ---- | C] () -- C:\Users\SHARATH\Desktop\MBR.dat
[2012-11-14 10:11:45 | 000,153,062 | ---- | C] () -- C:\Users\SHARATH\Desktop\AutoimmuneDisorder.jpg
[2012-11-14 10:10:32 | 000,016,727 | ---- | C] () -- C:\Users\SHARATH\Desktop\Megaloblastic anemia - view of red blood cells - PubMed Health.htm
[2012-11-14 10:09:33 | 000,041,464 | ---- | C] () -- C:\Users\SHARATH\Desktop\megaloblastic-anemia.jpg
[2012-11-10 16:28:49 | 000,754,831 | ---- | C] () -- C:\Users\SHARATH\Desktop\Pag. 161 - 173 In vitro mutagenesis.1160655442.pdf
[2012-11-08 20:19:22 | 000,000,410 | -H-- | C] () -- C:\Windows\tasks\OptimizerProUpdaterTask{29A41217-E6FE-4DE2-8FA4-A51B4D21BD46}.job
[2012-11-04 18:02:00 | 000,070,616 | ---- | C] () -- C:\Users\SHARATH\Desktop\vitmin-d source.jpg
[2012-11-04 17:56:21 | 001,161,616 | ---- | C] () -- C:\Users\SHARATH\Desktop\fwdvoltagegatedsodiumchannels.zip
[2012-11-03 18:11:17 | 005,247,227 | ---- | C] () -- C:\Users\SHARATH\Desktop\marketingebook.pdf
[2012-11-03 16:49:19 | 001,598,896 | ---- | C] () -- C:\Users\SHARATH\Desktop\2012-11-03_16.19.09[1] - justea office conference wall 2.jpg
[2012-11-03 16:49:04 | 001,545,576 | ---- | C] () -- C:\Users\SHARATH\Desktop\2012-11-03_16.16.13[1] - justeat office conference wall.jpg
[2012-11-03 16:45:56 | 002,851,384 | ---- | C] () -- C:\Users\SHARATH\Desktop\infographic.zip
[2012-11-02 20:31:40 | 000,088,643 | ---- | C] () -- C:\Users\SHARATH\Desktop\dog language.jpg
[2012-11-02 17:24:42 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012-11-01 23:27:23 | 000,018,888 | ---- | C] () -- C:\Users\SHARATH\Desktop\[isoHunt] 100 Hits - Dance Classics (with covers) a DHZ.Inc Release.torrent
[2012-11-01 23:26:48 | 000,026,728 | ---- | C] () -- C:\Users\SHARATH\Desktop\[isoHunt] 100 Hits 90s Dance (with covers) a DHZ.Inc Release.torrent
[2012-10-31 22:13:15 | 000,075,060 | ---- | C] () -- C:\Users\SHARATH\Desktop\wow car.jpg
[2012-10-31 14:24:56 | 000,053,442 | ---- | C] () -- C:\Users\SHARATH\Desktop\[isoHunt] Ministry Of Sound - Electronic 80s 2 - 2010 [MP3 @ 320](oan).torrent
[2012-10-31 14:22:47 | 000,025,357 | ---- | C] () -- C:\Users\SHARATH\Desktop\[isoHunt] Beatport top 100 May 320KB TBS.torrent
[2012-10-30 23:36:01 | 016,510,636 | ---- | C] () -- C:\Users\SHARATH\Desktop\Edward_Maya_Feat._Vika_Jigulina_-_Desert_Rain_(Edward_Maya_XTD_Club_Version_II).mp3
[2012-10-30 00:48:39 | 000,229,282 | ---- | C] () -- C:\Users\SHARATH\Desktop\TelephoneBill_556531_897539432.pdf
[2012-10-28 00:38:38 | 048,700,832 | ---- | C] () -- C:\Users\SHARATH\Desktop\Watson-J.D.-,-et-al-Molecular-Biology-of-the-Gene-5th-editi.pdf
[2012-10-28 00:10:21 | 003,596,073 | ---- | C] () -- C:\Users\SHARATH\Desktop\Molecular lect 10.06.pdf
[2012-10-27 23:40:45 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012-10-27 12:34:28 | 000,034,906 | ---- | C] () -- C:\Users\SHARATH\Desktop\FORM8A.pdf
[2012-10-25 23:39:00 | 046,030,413 | ---- | C] () -- C:\Users\SHARATH\Desktop\Barfi (2012) - DownloadMing.INFO (128 Kbps).zip
[2012-09-26 15:13:35 | 000,000,027 | ---- | C] () -- C:\Windows\GraphicsDesk.INI
[2012-06-16 13:15:04 | 000,005,894 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp CD Writer.dat
[2012-06-16 13:14:44 | 000,011,030 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2012-06-16 13:14:40 | 001,726,328 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2012-03-30 07:50:42 | 000,001,456 | ---- | C] () -- C:\Users\SHARATH\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012-03-24 22:23:20 | 000,168,960 | ---- | C] () -- C:\Users\SHARATH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-03-02 23:15:47 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2012-03-02 22:46:32 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012-03-02 22:46:32 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012-03-02 22:46:31 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012-03-02 22:46:31 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012-03-02 22:46:31 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012-03-02 11:58:48 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012-02-03 11:40:56 | 000,093,248 | ---- | C] () -- C:\Windows\SysWow64\TBRepair.dll
[2011-02-11 04:33:27 | 000,771,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009-07-14 10:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010-11-21 08:53:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010-11-21 08:54:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 07:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 08:54:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 07:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012-09-23 22:39:45 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Ableton
[2012-11-20 21:06:52 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\AvaFind Data
[2012-03-03 01:16:28 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\AVG2012
[2012-03-31 12:09:44 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012-11-20 21:06:42 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\DMCache
[2012-04-23 11:31:57 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Dropbox
[2012-05-01 20:59:01 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\EasiestSoft
[2012-11-20 13:10:11 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\FileZilla
[2012-03-26 14:06:32 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\GetRightToGo
[2012-09-26 15:13:13 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Hemera
[2012-10-31 14:18:35 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\IDM
[2012-03-02 22:46:15 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\IObit
[2012-09-12 15:50:14 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Nitro PDF
[2012-03-15 00:26:46 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\OpenCandy
[2012-08-06 12:55:32 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\PrimoPDF
[2012-08-25 19:17:49 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012-09-01 00:17:21 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Stardock
[2012-03-31 11:57:42 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\TeamViewer
[2012-03-26 12:55:49 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\TeraCopy
[2012-11-10 20:30:02 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\TFP
[2012-03-05 11:27:18 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Western Digital
[2012-06-28 13:27:31 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\Windows Live Writer
[2012-09-10 15:23:43 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\winman
[2012-05-01 12:00:20 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\ZTEEVDO
[2012-05-01 11:56:16 | 000,000,000 | ---D | M] -- C:\Users\SHARATH\AppData\Roaming\ZTEMTUI

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:A9662AE0

< End of report >


----------------------------------------------------------------------------------------------------------------------------------------------------------

4) The VirusTotal results or link >>

https://www.virustot...sis/1353430825/


----------------------------------------------------------------------------------------------------------------------------------------------------------


5) The Fee.txt log >>

Farbar Service Scanner Version: 09-11-2012
Ran by SHARATH (administrator) on 20-11-2012 at 22:20:31
Running from "C:\Users\SHARATH\Desktop"
Windows 7 Home Basic Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Disabled. The default start type is Auto.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2010-11-21 08:54] - [2010-11-21 08:54] - 0499712 ____A (Microsoft Corporation) D31DC7A16DEA4A9BAF179F3D6FBDB38C

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2010-11-21 08:54] - [2010-11-21 08:54] - 1924480 ____A (Microsoft Corporation) 509383E505C973ED7534A06B3D19688D

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


----------------------------------------------------------------------------------------------------------------------------------------------------------


6) The RKreports.txt log >>

RogueKiller V8.3.0 [Nov 19 2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : SHARATH [Admin rights]
Mode : Scan -- Date : 11/20/2012 22:33:34

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] notepad.exe -- C:\Windows\notepad.exe -> KILLED [TermProc]
[SUSP PATH] notepad.exe -- C:\Windows\notepad.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 10 ¤¤¤
[TASK][SUSP PATH] OptimizerProUpdaterTask{29A41217-E6FE-4DE2-8FA4-A51B4D21BD46}.job : C:\ProgramData\Premium\OptimizerPro\OptimizerPro.exe -> FOUND
[TASK][SUSP PATH] At1 : C:\Windows\explorrer.exe -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowDownloads (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowVideos (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

ÿ₫1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS543232A7A384 +++++
--- User ---
[MBR] 3bc75b27fce1652c9ff7b05e4f73b13a
[BSP] 8c4dccec5b94ea29c6c90302089e9a50 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 11457 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 23468032 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 23672880 | Size: 73527 Mo
3 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 174257055 | Size: 220156 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_S_11202012_02d2233.txt >>
RKreport[1]_S_11202012_02d2222.txt ; RKreport[2]_S_11202012_02d2233.txt


----------------------------------------------------------------------------------------------------------------------------------------------------------


This is all I have done, awaiting for further as to what needs to be done, Thank you.
  • 0

#8
godawgs
Posted 20 November 2012 - 01:01 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Dave,

There are a lot of services that aren't starting.

Even after uninstalling the programs and the OTL fix which deleted files and cleared a lot of temp folders your free hard drive space on the rootdrive (C:\) dropped from 11.39% in the first OTL scan to 3.79% Space Free in the last OTL scan. Normally after clearing Temp folders and uninstalling programs that percentage goes up, not down.

Have you downloaded a bunch of new files like pictures or music files or videos or additional large PDF files to the computer since the first OTL scan?

We are now dangerously close to Windows not booting up. You need to immediately uninstall programs that you no longer use and delete or move files like pictures, music, videos ect; form the C:\ drive to another one or to removable disks like CD, DVD or USB thuumb drives.

Files like these:

[2012-11-03 16:49:19 | 001,598,896 | ---- | M] () -- C:\Users\SHARATH\Desktop\2012-11-03_16.19.09[1] - justea office conference wall 2.jpg
[2012-11-03 16:49:04 | 001,545,576 | ---- | M] () -- C:\Users\SHARATH\Desktop\2012-11-03_16.16.13[1] - justeat office conference wall.jpg
[2012-11-03 16:45:57 | 002,851,384 | ---- | M] () -- C:\Users\SHARATH\Desktop\infographic.zip
[2012-10-28 00:38:40 | 048,700,832 | ---- | M] () -- C:\Users\SHARATH\Desktop\Watson-J.D.-,-et-al-Molecular-Biology-of-the-Gene-5th-editi.pdf
[2012-10-28 00:10:28 | 003,596,073 | ---- | M] () -- C:\Users\SHARATH\Desktop\Molecular lect 10.06.pdf
[2012-10-25 23:41:59 | 046,030,413 | ---- | M] () -- C:\Users\SHARATH\Desktop\Barfi (2012) - DownloadMing.INFO (128 Kbps).zip
[2012-11-10 16:28:49 | 000,754,831 | ---- | C] () -- C:\Users\SHARATH\Desktop\Pag. 161 - 173 In vitro mutagenesis.1160655442.pdf
[2012-11-04 17:56:21 | 001,161,616 | ---- | C] () -- C:\Users\SHARATH\Desktop\fwdvoltagegatedsodiumchannels.zip
[2012-10-30 23:36:01 | 016,510,636 | ---- | C] () -- C:\Users\SHARATH\Desktop\Edward_Maya_Feat._Vika_Jigulina_-_Desert_Rain_(Edward_Maya_XTD_Club_Version_II).mp3

The number in red is the file size. The part of the line in bold is the file name. You can see how much room these files are taking up. And these are only the files created in the last 30 days.
You need to look in your Documents, Downloads and Pictures folders and move the files you want to keep to another drive or removable source until the Free Space is as close to 25% as you can get it.

I am reluctant to try any more fixes or any new program scans because 3.79% free space I 'm afraid that Windows won't have enough overhead to run them.

Please let me know when we can continue.

Thanks
godawgs
  • 0

#9
Dave_83
Posted 20 November 2012 - 10:57 PM

Dave_83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Hi,

Yes, i have noticed that programs are not working. adobe illustrator and coreldraw X6 stopped working, and it is very important software for me, which i use on daily basis, should i have to reinstall them?

After first OTL scan nothing has been downloaded.

Uninstalled few of the programs now, and these belows are moved.

[2012-11-03 16:49:19 | 001,598,896 | ---- | M] () -- C:\Users\SHARATH\Desktop\2012-11-03_16.19.09[1] - justea office conference wall 2.jpg
[2012-11-03 16:49:04 | 001,545,576 | ---- | M] () -- C:\Users\SHARATH\Desktop\2012-11-03_16.16.13[1] - justeat office conference wall.jpg
[2012-11-03 16:45:57 | 002,851,384 | ---- | M] () -- C:\Users\SHARATH\Desktop\infographic.zip
[2012-10-28 00:38:40 | 048,700,832 | ---- | M] () -- C:\Users\SHARATH\Desktop\Watson-J.D.-,-et-al-Molecular-Biology-of-the-Gene-5th-editi.pdf
[2012-10-28 00:10:28 | 003,596,073 | ---- | M] () -- C:\Users\SHARATH\Desktop\Molecular lect 10.06.pdf
[2012-10-25 23:41:59 | 046,030,413 | ---- | M] () -- C:\Users\SHARATH\Desktop\Barfi (2012) - DownloadMing.INFO (128 Kbps).zip
[2012-11-10 16:28:49 | 000,754,831 | ---- | C] () -- C:\Users\SHARATH\Desktop\Pag. 161 - 173 In vitro mutagenesis.1160655442.pdf
[2012-11-04 17:56:21 | 001,161,616 | ---- | C] () -- C:\Users\SHARATH\Desktop\fwdvoltagegatedsodiumchannels.zip
[2012-10-30 23:36:01 | 016,510,636 | ---- | C] () -- C:\Users\SHARATH\Desktop\Edward_Maya_Feat._Vika_Jigulina_-_Desert_Rain_(Edward_Maya_XTD_Club_Version_II).mp3

After moving files from C drive, checking in my documents, pictures, downloads folders and others....also uninstalling the softwares, the C drive disc space is now 13.3 GB FREE of 71.8 GB

Awaiting for further procedure, thank you :)
  • 0

#10
godawgs
Posted 21 November 2012 - 11:06 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
You're welcome. You shouldn't have to reinstall the programs. But you need to be aware that until you find a way to free up more space on your C:\ drive, the problem isn't gonna get any better.

You are going to need to manually remove some URls from the Chrome browser. At the end of this run please let me know if the problems with Chrome are still there and any other issues you have.


Step-1.

Set your Chrome home page

Open the Chrome browser

  • Click the tools menu icon Posted Image on the browser toolbar.
  • Select Settings and find the Set your home page section.
  • Find the (xhttp://www.searchnu.com/406) entry and change it to another URL, like google. (I have put an x at the beginning of the URL to prevent anyone from clicking on it)
  • Find the (xhttp://nemrod.se/) entry and change it to another URL, like google
  • Close the browser

Step-2.

Re-Run RogueKiller

  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.
  • Next click on the ShortcutsFix

    Posted Image
  • The report has been created on the desktop.
Please post:

All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again.


Step-3.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[CREATERESTOREPOINT]

:OTL
FF - prefs.js..extensions.enabledAddons: {687578b9-7132-4a7a-80e4-30ee31099e03}:3.15.1.0
[2012-09-02 21:33:53 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\SHARATH\AppData\Roaming\mozilla\Firefox\Profiles\v9kc916q.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012-11-08 20:19:50 | 000,000,544 | ---- | M] () -- C:\Users\SHARATH\AppData\Roaming\mozilla\firefox\profiles\v9kc916q.default\searchplugins\WebSearch.xml
[2012-11-10 20:27:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\SEARCH RESULTS TOOLBAR\DATAMNGR\FIREFOXEXTENSION
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.

:FILES
sc start mpsdrv /c

sc config MpsSvc start= auto /c
sc start MpsSvc /c

sc config wscsvc srart= auto /c
sc start wscsvc /c

sc config wuauserv start= auto /c
sc start wuauserv /c

sc config WinDefend start= auto /c
sc start WinDefend /c

:REG
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"= DWORD:1

:COMMANDS
[EMPTYTEMP]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image button. Post the log it produces in your next reply.


Step-4.

Run Farbar Service Scanner

Doubleclick the FSS.exe file to run it. (Vista and 7 users may need to right click the file and click Run as Administrator)
  • Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The RKreport.txt logs
2. The OTL fixes log
3. The new OTL.txt log
4. The FSS.txt log
  • 0

#11
godawgs
Posted 26 November 2012 - 07:58 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#12
godawgs
Posted 26 December 2012 - 11:34 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
User returned.

Hi Dave,

AS it has been over month since anything was done on this, I am gonna need a new set of logs. First we will remove the old copy of OTL and the other tools and get fresh ones.


Step-1.

1. Please re-open Posted Image on your desktop.
  • Be sure all other programs are closed as this step will require a reboot.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
The above process most/all of the tools used and logs created during the cleanup process. After it is finished, OTL will remove itself. This is so that if you are ever infected again you will download the most current copy of the tool.


Step-2.

Posted Image OTL

Download OTL to the Desktop. It is important that it is download to the Desktop. (FireFox users should right click the download link and click "Save File As". On the window that comes up, make sure the download location is the Desktop and click the Save button.)

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

netsvcs
%SYSTEMDRIVE%\*.exe
%systemdrive%\*.js
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
qmgr.dll
services.*
consrv.dll
wshelper.dll
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
C:\Program Files\Common Files\ComObjects\*.* /s
DRIVES
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c


2. Open OTL on the desktop. To do that:
  • Double click on the Posted Image OTL icon to run it. (Vista / 7 Users:Right click on the icon and click Run as Administrator)
    Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Check the box beside Scan All Users at the top of the console
  • Do Not Click the box beside Include 64 bit scans
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt on the desktop. The Extras.txt file will be minimized. These files are also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Step-2.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe file to run it. (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename executable to iexplore.exe and try it again.


Step-3.

Run RogueKiller

  • Download RogueKiller.
  • Click the English Webpage link.
  • Click the 32 bits (x86) download link and save the RogueKiller.exe file to the desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs and close all browsers.
  • Right click the RogueKiller.exe file and click Run as Administrator to run the program.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • Do Not delete anything at this time.
  • The report has been created on the desktop.
Please post:

All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-4.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.
Doubleclick the FSS.exe file to run it. (Vista and 7 users may need to right click the file and click Run as Administrator)
  • Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL.txt log
2. The Extras.txt log
3. The aswMBR log
4. The RKreport.txt log
5. The FSS.txt log
  • 0

#13
godawgs
Posted 31 December 2012 - 09:26 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP