[Aka29165]

Hello all,
I am running windows 7. For almost a week now I am facing a problem of "logon service failed" only in administrator account, rest all accounts a running fine.
I tried all the steps in Microsoft support on the subject, including creating a new administrator account. I still can't log onto either of the two accounts. I seem to have lost alll the documents on my desktop.

Is it due to a malware? I am enclosing the OTL log.
Please help.
Thanks.

Attached Files

•  OTL.Txt   80.73KB   154 downloads

Edited by Aka29165, 10 August 2011 - 07:30 AM.

[Advertisements]

Hiya and welcome to GeekstoGo

Sorry for the lateness in the reply, but these forums can get rather busy.

Okay, let me have a look through the log, and I'll reply as soon as I can

eddie

[eddie5659]

Hiya and welcome to GeekstoGo

Sorry for the lateness in the reply, but these forums can get rather busy.

Okay, let me have a look through the log, and I'll reply as soon as I can

eddie

[eddie5659]

Okay, firstly can you post the Extras.txt log? This should be located in the same location as OTL.


Then, can you do the following:


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Download and scan with SUPERAntiSpyware Free for Home Users

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
• Under "Configuration and Preferences", click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
• Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan.
• Click "Next" to start the scan. Please be patient while it scans your computer.
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes".
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Please copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

Please include the MBAM log and SUPERAntiSpyware Scan Log in your next reply

eddie

[Aka29165]

Hi Eddie

I had almost given up on my request for help.....thanks for getting back to me.
First the status of PC...its still the same more or less. One improvement though is that I have upgraded my son's account to Admin status and am able to work through that. But the original admin account where all my documents and settings were stored is still inaccessible.

I am pasting the various logs as u asked.

Thanks again for your help..

OTL

OTL logfile created on: 20-Aug-11 7:00:33 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\AKSHA\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

1.87 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 40.31% Memory free
3.75 Gb Paging File | 2.47 Gb Available in Paging File | 65.88% Paging File free
Paging file location(s): g:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 20.68 Gb Free Space | 42.36% Space Free | Partition Type: NTFS
Drive D: | 43.95 Gb Total Space | 34.22 Gb Free Space | 77.87% Space Free | Partition Type: NTFS
Drive E: | 43.95 Gb Total Space | 42.11 Gb Free Space | 95.81% Space Free | Partition Type: NTFS
Drive F: | 96.15 Gb Total Space | 28.47 Gb Free Space | 29.61% Space Free | Partition Type: NTFS
Drive G: | 78.34 Gb Total Space | 75.99 Gb Free Space | 97.01% Space Free | Partition Type: NTFS
Drive H: | 70.71 Gb Total Space | 39.07 Gb Free Space | 55.25% Space Free | Partition Type: NTFS
Drive I: | 4.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ARVIND | User Name: AKSHAT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-08-17 19:41:11 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-08-10 07:13:14 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\AKSHA\Desktop\OTL.exe
PRC - [2011-08-04 19:53:29 | 000,177,784 | ---- | M] (Solid Documents, LLC) -- C:\Windows\Installer\MSI4583.tmp
PRC - [2011-08-03 01:00:18 | 000,602,112 | ---- | M] (Bitsum Technologies) -- C:\Program Files\Process Lasso\ProcessLasso.exe
PRC - [2011-08-03 00:59:31 | 000,327,168 | ---- | M] (Bitsum Technologies) -- C:\Program Files\Process Lasso\ProcessGovernor.exe
PRC - [2011-07-06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011-05-28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011-05-16 15:28:24 | 000,321,288 | ---- | M] (SXR Software) -- C:\Program Files\SXR Software\StatWin\ExecStat.exe
PRC - [2011-04-18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011-04-18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011-04-14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011-03-28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011-03-16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011-02-25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011-02-10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011-02-08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011-02-08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010-11-20 17:47:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010-09-16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010-04-30 20:17:00 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2009-12-12 04:22:52 | 001,078,632 | ---- | M] (Blue Coat Systems, Inc.) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
PRC - [2009-07-14 06:44:24 | 001,401,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
PRC - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (SafeList) ==========

MOD - [2011-08-10 07:13:14 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\AKSHA\Desktop\OTL.exe
MOD - [2010-11-20 17:25:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011-08-04 19:53:29 | 000,177,784 | ---- | M] (Solid Documents, LLC) [Auto | Running] -- C:\Windows\Installer\MSI4583.tmp -- (SCPDFReadSpool)
SRV - [2011-07-24 13:32:26 | 000,339,336 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\tuEagles\EglSrv.exe -- (tuEaglesService)
SRV - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-06-21 19:58:36 | 008,155,648 | ---- | M] () [Disabled | Stopped] -- H:\Program Files\MySql\MySQL Server 5.5\bin\mysqld.exe -- (MySQL)
SRV - [2011-05-28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011-05-16 15:28:24 | 000,321,288 | ---- | M] (SXR Software) [Auto | Running] -- C:\Program Files\SXR Software\StatWin\ExecStat.exe -- (SW Administration Service)
SRV - [2011-04-24 22:39:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011-04-18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011-03-30 22:27:40 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011-02-08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010-09-16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010-06-25 22:37:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010-04-30 20:17:00 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2009-12-12 04:22:52 | 001,078,632 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
SRV - [2009-07-14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 06:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV - [2011-07-24 13:32:28 | 000,066,952 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\tuEagles\egldrv.sys -- (egldrv)
DRV - [2011-07-06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011-07-06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011-04-14 21:28:30 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011-04-05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011-03-16 18:59:38 | 000,032,672 | ---- | M] (IObit Information Technology) [File_System | Auto | Running] -- C:\Program Files\IObit\Protected Folder\pffilter.sys -- (PfFilter)
DRV - [2011-03-16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011-03-01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011-02-22 08:12:50 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011-02-10 07:53:42 | 000,021,968 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011-02-10 07:53:40 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011-01-19 17:47:12 | 000,022,504 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2011-01-07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010-11-20 18:00:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010-11-20 18:00:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010-11-20 18:00:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010-11-20 15:54:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 15:51:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010-11-20 15:29:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-20 14:44:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010-11-20 14:44:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010-08-25 14:45:28 | 000,395,464 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2010-08-25 14:45:28 | 000,056,208 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hotcore3.sys -- (hotcore3)
DRV - [2010-08-25 14:45:28 | 000,037,080 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2010-07-15 08:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2010-07-15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010-06-25 22:37:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010-06-23 10:24:56 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010-01-11 14:30:32 | 000,164,992 | ---- | M] (Etron) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ETdrv.sys -- (usbet)
DRV - [2009-12-12 04:22:52 | 000,074,088 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\bckd.sys -- (bckd)
DRV - [2009-10-26 16:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009-07-14 05:15:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2008-09-26 12:30:54 | 000,651,264 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2008-07-22 07:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008-06-03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007-04-24 11:33:46 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mgmt.sys -- (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM)
DRV - [2007-04-24 11:33:46 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125obex.sys -- (s125obex)
DRV - [2007-04-24 11:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdm.sys -- (s125mdm)
DRV - [2007-04-24 11:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdfl.sys -- (s125mdfl)
DRV - [2007-04-24 11:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM)
DRV - [2005-02-28 09:49:24 | 000,034,064 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Invoker.sys -- (Invoker)
DRV - [2005-02-28 09:49:24 | 000,033,148 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlexBios.sys -- (FlexBios)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com/?fr=fp-spt_gen
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com/?fr=fp-spt_gen


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1482587846-388736396-4178039007-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/?rd=1
IE - HKU\S-1-5-21-1482587846-388736396-4178039007-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1482587846-388736396-4178039007-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 AB 6F 4A 58 57 CC 01 [binary data]
IE - HKU\S-1-5-21-1482587846-388736396-4178039007-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.in/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.1970.7372\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011-08-09 15:40:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-08-17 19:41:11 | 000,000,000 | ---D | M]

[2011-07-17 17:16:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AKSHA\AppData\Roaming\mozilla\Extensions
[2011-08-15 14:44:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AKSHA\AppData\Roaming\mozilla\Firefox\Profiles\khe0qax7.default\extensions
[2011-07-02 08:05:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-05-01 17:19:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011-07-02 08:05:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\AKSHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KHE0QAX7.DEFAULT\EXTENSIONS\{454867E3-7F62-BD5D-A26D-5D98E7E50FEC}.XPI
[2011-08-17 19:41:11 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010-01-01 13:30:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011-08-15 10:19:13 | 000,436,434 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15019 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ES] C:\Program Files\SXR Software\StatWin\ExecStat.exe (SXR Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-1482587846-388736396-4178039007-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482587846-388736396-4178039007-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1482587846-388736396-4178039007-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.4.22.0.cab (Reg Error: Value error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} http://www.intel.com...did/BoardID.cab (BoardCtl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {A5BE62CA-DE0F-4764-A0CB-4044816DB174} - C:\Program Files\tuEagles\EagleObj.dll ()
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-08-19 15:16:09 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WebCracker 3.0
[2011-08-17 20:06:07 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\Desktop\NDA PAPERS
[2011-08-17 19:20:43 | 000,000,000 | ---D | C] -- C:\HYDRA
[2011-08-17 18:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygwin
[2011-08-17 17:59:49 | 000,000,000 | ---D | C] -- C:\cygwin
[2011-08-16 21:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2011-08-16 21:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2011-08-16 21:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
[2011-08-16 21:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\Cain
[2011-08-15 15:48:56 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brutus AET 2
[2011-08-15 15:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brutus AET 2
[2011-08-14 18:25:07 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\.m2
[2011-08-14 09:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis
[2011-08-14 09:06:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DJ Java Decompiler v.3.11.11.95
[2011-08-14 09:06:02 | 000,000,000 | ---D | C] -- C:\Program Files\decomp
[2011-08-13 20:05:40 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Roaming\skypePM
[2011-08-13 20:04:54 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Roaming\Skype
[2011-08-12 21:14:34 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Roaming\PandoraRecovery
[2011-08-12 21:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Recovery
[2011-08-12 21:07:16 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
[2011-08-12 20:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\restore
[2011-08-12 20:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\arcverify
[2011-08-12 20:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\frestore
[2011-08-12 18:07:49 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Roaming\R-TT
[2011-08-12 18:06:33 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R-Undelete
[2011-08-12 18:06:33 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\Documents\R-TT
[2011-08-12 18:06:30 | 000,000,000 | ---D | C] -- C:\Program Files\R-Undelete
[2011-08-12 17:16:00 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Local\MindGems
[2011-08-12 17:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Folder Size
[2011-08-12 17:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\Folder Size
[2011-08-12 16:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Defrag
[2011-08-12 16:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2011-08-11 17:52:05 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Local\Microsoft Games
[2011-08-11 16:30:40 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011-08-11 16:30:38 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011-08-11 16:30:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011-08-11 16:30:37 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011-08-11 16:30:37 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011-08-11 16:30:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011-08-11 16:23:28 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2011-08-11 16:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2011-08-11 16:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2011-08-11 16:16:50 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011-08-11 16:16:49 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011-08-11 16:15:35 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011-08-11 16:15:35 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011-08-11 16:15:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011-08-11 16:15:34 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011-08-11 16:15:34 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011-08-11 16:15:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011-08-11 16:15:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011-08-11 16:15:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011-08-11 16:15:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011-08-11 16:15:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011-08-11 16:15:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011-08-11 16:15:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011-08-11 16:15:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011-08-11 16:15:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011-08-11 16:15:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011-08-11 16:15:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011-08-11 16:15:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011-08-11 16:15:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011-08-11 16:15:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011-08-11 16:15:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011-08-11 16:15:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011-08-11 16:15:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011-08-11 16:15:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011-08-11 16:15:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011-08-11 16:15:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011-08-11 16:15:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011-08-11 16:15:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011-08-11 16:15:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011-08-11 16:15:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011-08-11 16:15:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011-08-11 16:15:22 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2011-08-11 16:15:22 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2011-08-11 16:15:22 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2011-08-11 16:15:21 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2011-08-11 16:15:21 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011-08-10 18:38:54 | 000,000,000 | -HSD | C] -- C:\Users\AKSHA\Desktop\%APPDATA%
[2011-08-10 17:31:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\%LocalAppData%
[2011-08-10 07:13:07 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\AKSHA\Desktop\OTL.exe
[2011-08-09 18:24:53 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Roaming\Malwarebytes
[2011-08-06 09:37:06 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Local\Yahoo
[2011-08-06 09:37:05 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Roaming\Yahoo!
[2011-08-04 19:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidDocuments
[2011-08-04 19:53:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SolidDocuments
[2011-08-03 20:07:22 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011-08-03 19:43:06 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\Desktop\Akshat
[2011-08-01 21:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
[2011-08-01 21:13:46 | 000,000,000 | ---D | C] -- C:\Program Files\Audiograbber
[2011-07-27 22:48:25 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Roaming\MySQL
[2011-07-27 22:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
[2011-07-27 22:28:12 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MySQL
[2011-07-27 15:24:02 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\Documents\NetBeansProjects
[2011-07-27 15:16:25 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\.netbeans
[2011-07-24 14:12:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Coat K9 Web Protection
[2011-07-24 14:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\Blue Coat K9 Web Protection
[2011-07-24 13:32:26 | 000,000,000 | RHSD | C] -- C:\Program Files\tuEagles
[2011-07-24 12:03:16 | 000,352,256 | ---- | C] (Intel Corporation) -- C:\Windows\System32\ijl15.dll
[2011-07-24 12:03:16 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TABCTL32.OCX
[2011-07-24 12:03:16 | 000,102,400 | ---- | C] (Info-ZIP) -- C:\Windows\System32\unzip3252.dll
[2011-07-24 12:03:16 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB5DB.DLL
[2011-07-24 12:03:11 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2011-07-24 12:03:11 | 000,140,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMDLG32.OCX
[2011-07-24 12:03:11 | 000,081,920 | ---- | C] (Marco Bellinaso) -- C:\Windows\System32\MBMouse.ocx
[2011-07-24 12:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\Hyperdyne Software

========== Files - Modified Within 30 Days ==========

[2011-08-20 06:59:02 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-08-20 06:59:01 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011-08-20 06:53:41 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011-08-20 06:51:42 | 000,000,433 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011-08-20 06:49:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-08-20 06:49:42 | 1507,995,648 | -HS- | M] () -- C:\hiberfil.sys
[2011-08-19 18:37:14 | 000,012,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-08-19 18:37:14 | 000,012,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-08-19 17:34:48 | 128,778,320 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011-08-19 15:15:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011-08-19 15:15:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011-08-18 16:32:20 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011-08-18 15:06:57 | 000,921,654 | ---- | M] () -- C:\Windows\snapshot.bmp
[2011-08-17 18:15:51 | 000,000,598 | ---- | M] () -- C:\Users\Public\Desktop\Cygwin.lnk
[2011-08-15 17:14:21 | 000,002,473 | ---- | M] () -- C:\Users\AKSHA\Desktop\captcha.html
[2011-08-15 14:14:12 | 000,000,000 | ---- | M] () -- C:\Users\AKSHA\Desktop\index.php
[2011-08-15 14:11:05 | 000,001,213 | ---- | M] () -- C:\Users\AKSHA\Desktop\ppp.html
[2011-08-15 10:19:13 | 000,436,434 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011-08-15 08:45:01 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjw.avm
[2011-08-14 09:06:04 | 000,001,793 | ---- | M] () -- C:\Users\Public\Desktop\DJ Java Decompiler 3.11.lnk
[2011-08-13 20:05:54 | 000,065,736 | ---- | M] () -- C:\Users\AKSHA\Documents\Still0003.jpg
[2011-08-13 20:04:46 | 000,002,533 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011-08-12 21:14:29 | 000,001,006 | ---- | M] () -- C:\Users\Public\Desktop\Pandora Recovery.lnk
[2011-08-12 21:07:16 | 000,000,850 | ---- | M] () -- C:\Users\AKSHA\Desktop\PC Inspector File Recovery.lnk
[2011-08-12 18:07:15 | 000,001,029 | ---- | M] () -- C:\Users\AKSHA\Desktop\R-Undelete.lnk
[2011-08-12 17:16:00 | 000,001,000 | ---- | M] () -- C:\Users\AKSHA\Desktop\Folder Size.lnk
[2011-08-12 16:52:22 | 000,001,033 | ---- | M] () -- C:\Users\AKSHA\Desktop\Puran Defrag.lnk
[2011-08-11 16:57:39 | 000,000,017 | ---- | M] () -- C:\Users\AKSHA\AppData\Local\resmon.resmoncfg
[2011-08-11 16:33:42 | 000,353,374 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-08-11 16:33:42 | 000,055,498 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-08-11 16:02:21 | 000,000,632 | RHS- | M] () -- C:\Users\AKSHA\ntuser.pol
[2011-08-10 07:13:14 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\AKSHA\Desktop\OTL.exe
[2011-08-09 20:48:33 | 000,000,000 | ---- | M] () -- C:\Users\AKSHA\AppData\Local\{C583354B-7858-4DA7-A74E-03EFEF392EE1}
[2011-08-09 15:40:00 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011-08-05 17:47:33 | 000,166,556 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011-08-04 19:53:29 | 000,002,685 | ---- | M] () -- C:\Users\Public\Desktop\Solid Converter PDF.lnk
[2011-08-03 21:37:25 | 000,410,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011-08-01 21:13:50 | 000,001,089 | ---- | M] () -- C:\Users\Public\Desktop\Audiograbber.lnk
[2011-07-27 22:45:37 | 000,000,232 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2011-07-27 22:24:13 | 000,104,262 | ---- | M] () -- C:\Users\AKSHA\Desktop\NDA result.pdf
[2011-07-24 14:12:06 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Blue Coat K9 Web Protection Admin.lnk
[2011-07-24 14:09:59 | 000,436,154 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110815-101913.backup
[2011-07-24 14:08:42 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011-07-24 14:08:40 | 000,436,154 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110724-140959.backup
[2011-07-24 13:32:47 | 000,009,522 | ---- | M] () -- C:\Windows\Eleathe.bmp
[2011-07-24 13:23:13 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\Snitch.lnk
[2011-07-22 08:24:43 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011-07-22 08:17:24 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011-07-22 08:16:48 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011-07-22 08:15:41 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011-07-22 08:14:36 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011-07-22 08:13:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

========== Files Created - No Company Name ==========

[2011-08-19 15:15:49 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011-08-19 15:15:49 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011-08-17 18:15:51 | 000,000,598 | ---- | C] () -- C:\Users\Public\Desktop\Cygwin.lnk
[2011-08-15 17:13:12 | 000,002,473 | ---- | C] () -- C:\Users\AKSHA\Desktop\captcha.html
[2011-08-15 14:14:07 | 000,000,000 | ---- | C] () -- C:\Users\AKSHA\Desktop\index.php
[2011-08-15 14:10:05 | 000,001,213 | ---- | C] () -- C:\Users\AKSHA\Desktop\ppp.html
[2011-08-14 09:06:04 | 000,001,793 | ---- | C] () -- C:\Users\Public\Desktop\DJ Java Decompiler 3.11.lnk
[2011-08-13 20:05:54 | 000,065,736 | ---- | C] () -- C:\Users\AKSHA\Documents\Still0003.jpg
[2011-08-12 21:14:29 | 000,001,006 | ---- | C] () -- C:\Users\Public\Desktop\Pandora Recovery.lnk
[2011-08-12 21:07:16 | 000,000,850 | ---- | C] () -- C:\Users\AKSHA\Desktop\PC Inspector File Recovery.lnk
[2011-08-12 18:07:15 | 000,001,029 | ---- | C] () -- C:\Users\AKSHA\Desktop\R-Undelete.lnk
[2011-08-12 17:16:00 | 000,001,000 | ---- | C] () -- C:\Users\AKSHA\Desktop\Folder Size.lnk
[2011-08-12 16:52:22 | 000,001,033 | ---- | C] () -- C:\Users\AKSHA\Desktop\Puran Defrag.lnk
[2011-08-11 16:57:39 | 000,000,017 | ---- | C] () -- C:\Users\AKSHA\AppData\Local\resmon.resmoncfg
[2011-08-09 20:48:33 | 000,000,000 | ---- | C] () -- C:\Users\AKSHA\AppData\Local\{C583354B-7858-4DA7-A74E-03EFEF392EE1}
[2011-08-04 19:53:32 | 000,027,456 | ---- | C] () -- C:\Windows\System32\solidlocalmon.dll
[2011-08-04 19:53:32 | 000,018,752 | ---- | C] () -- C:\Windows\System32\solidlocalui.dll
[2011-08-04 19:53:29 | 000,002,685 | ---- | C] () -- C:\Users\Public\Desktop\Solid Converter PDF.lnk
[2011-08-01 21:13:50 | 000,001,089 | ---- | C] () -- C:\Users\Public\Desktop\Audiograbber.lnk
[2011-07-27 22:45:37 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011-07-27 22:24:13 | 000,104,262 | ---- | C] () -- C:\Users\AKSHA\Desktop\NDA result.pdf
[2011-07-24 14:12:06 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Blue Coat K9 Web Protection Admin.lnk
[2011-07-24 14:08:42 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011-07-24 13:32:47 | 000,009,522 | ---- | C] () -- C:\Windows\Eleathe.bmp
[2011-07-24 12:03:16 | 000,667,648 | ---- | C] () -- C:\Windows\System32\FreeImage.dll
[2011-07-24 12:03:16 | 000,159,744 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011-07-24 12:03:16 | 000,040,448 | ---- | C] () -- C:\Windows\System32\UNACE.DLL
[2011-07-24 12:03:11 | 000,053,248 | ---- | C] () -- C:\Windows\System32\IMAGEPLUSCONTROL_II.OCX
[2011-07-24 12:03:11 | 000,000,842 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snitch.lnk
[2011-07-24 12:03:11 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\Snitch.lnk
[2011-07-19 11:57:03 | 000,000,000 | ---- | C] () -- C:\Users\AKSHA\AppData\Local\{39C1F240-1137-4B98-AFB5-AB96E71A565E}
[2011-07-12 19:03:13 | 000,000,000 | ---- | C] () -- C:\Users\AKSHA\AppData\Local\{61C1C535-F65F-4AA6-9F9E-EBB89CFF9C72}
[2011-06-16 10:36:48 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011-06-16 10:36:48 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011-06-04 18:59:33 | 000,073,728 | ---- | C] () -- C:\Windows\System32\ETCoInst.dll
[2011-03-06 11:38:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011-03-06 11:36:53 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011-02-03 07:25:01 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011-02-03 07:25:00 | 002,336,384 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011-02-03 07:24:59 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011-02-03 07:24:59 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011-02-03 07:24:59 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011-01-29 13:42:21 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2011-01-02 18:49:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-10-13 20:19:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010-06-25 22:33:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009-08-03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009-07-14 10:27:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 10:03:53 | 000,410,680 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009-07-14 07:35:48 | 000,353,374 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009-07-14 07:35:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009-07-14 07:35:48 | 000,055,498 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009-07-14 07:35:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009-07-14 07:35:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009-07-14 07:34:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009-07-14 05:25:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 05:21:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-07-14 05:12:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009-06-11 02:56:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008-06-03 03:35:18 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008-06-03 03:02:02 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008-04-28 21:09:10 | 000,172,033 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008-03-06 00:38:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2004-01-03 07:16:47 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:63238B95
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:F7F48F12
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:7631EA83
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

OTL EXTRAS

OTL Extras logfile created on: 20-Aug-11 7:00:33 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\AKSHA\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

1.87 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 40.31% Memory free
3.75 Gb Paging File | 2.47 Gb Available in Paging File | 65.88% Paging File free
Paging file location(s): g:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 20.68 Gb Free Space | 42.36% Space Free | Partition Type: NTFS
Drive D: | 43.95 Gb Total Space | 34.22 Gb Free Space | 77.87% Space Free | Partition Type: NTFS
Drive E: | 43.95 Gb Total Space | 42.11 Gb Free Space | 95.81% Space Free | Partition Type: NTFS
Drive F: | 96.15 Gb Total Space | 28.47 Gb Free Space | 29.61% Space Free | Partition Type: NTFS
Drive G: | 78.34 Gb Total Space | 75.99 Gb Free Space | 97.01% Space Free | Partition Type: NTFS
Drive H: | 70.71 Gb Total Space | 39.07 Gb Free Space | 55.25% Space Free | Partition Type: NTFS
Drive I: | 4.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ARVIND | User Name: AKSHAT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{090C73E1-BB48-403D-9DFF-A60FD71FF73A}" = MySQL Connector J
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20EAC554-95F9-4926-8D9A-C4FF3EC44C72}" = AVG 2011
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 26
"{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 3.0
"{2DFA85ED-588F-4CE3-A175-29E52C3804A8}}_is1" = Folder Size 1.9.5.0
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{32A3A4F4-B792-11D6-A78A-00B0D0160250}" = Java™ SE Development Kit 6 Update 25
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46552BC3-52B6-404c-9B42-CE536AB719FD}_is1" = Ashampoo Home Designer1.0.0
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EE9A620-46A0-4BCF-82AC-950D2BBED982}" = Belkin Wireless USB Adapter Setup
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{55B1E4FA-F2E0-45DF-9B36-0B30A7949984}" = NWZ-S540 WALKMAN Guide
"{5645FB61-898F-4F59-AF80-52FEF3D63A64}" = HTC Sync
"{56BFAA6E-2BCC-4AED-9233-84731E66B205}" = Solid Converter PDF
"{58C526E3-2BAE-4933-86D0-938F547756D7}_is1" = Visual Search Pony version 7.52
"{5D64323C-288C-4BC4-9D07-D1E9B176D119}" = MySQL Server 5.5
"{5FD88490-011C-4DF1-B886-F298D955171B}" = MySQL Connector Net 6.3.7
"{66F9302D-E145-4375-8C84-54DA2339C483}" = MySQL Connector C 6.0.2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F206B58-E2F7-4A70-ACAC-8E0ABFBC62F6}" = MySQL Connector/ODBC 5.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83BEEC5D-A5C0-4CF0-B398-63CEFA6A6EF5}" = iBall Super-View C8.0 Webcam
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF09748-FCC1-48AB-9A81-21D76903F5C9}" = MySQL Server 5.5
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91D2C605-AD2B-44C8-A0A1-9B116B3C91CB}" = AVG 2011
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2010 Free Advanced
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C59C4A56-8560-4E3B-AA5D-BDCED4F110E7}" = MySQL Documents
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CF3BB92C-1E4D-4CDF-BB97-9786C16649FF}" = Snitch
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{DF6320E3-B716-4FAB-99CD-18AB6A2C3970}" = DJ Java Decompiler v.3.11.11.95
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3ABB4CC-1DC5-4430-BC49-D86AB708A9B8}" = MySQL Workbench 5.2 CE
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED10D0D6-4E12-4EAF-828F-4CB82C05E626}" = MySQL Installer
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F53503A3-41B3-4327-A5C0-B058AB72B90D}" = MySQL Examples and Samples 5.5
"{FD753E57-1F44-41E6-B962-E01D76676206}" = MySQL Connector C++ 1.1.0
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"AllMyNotes Organizer" = AllMyNotes Organizer
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"Ashampoo Internet Accelerator 2_is1" = Ashampoo Internet Accelerator 2
"Ashampoo Snap 3_is1" = Ashampoo Snap 3.50
"Audiograbber" = Audiograbber 1.83 SE
"AVG" = AVG 2011
"Blue Coat K9 Web Protection" = Blue Coat® K9 Web Protection 4.0.296
"Brutus AET 2" = Brutus AET 2
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57
"DiskAnalyzer Pro_is1" = DiskAnalyzer Pro 3.4
"EASEUS Partition Master Professional Edition_is1" = EASEUS Partition Master 7.0.1 Professional
"Extension Changer" = Extension Changer
"FormatFactory" = FormatFactory 2.60
"Free Window Registry Repair" = Free Window Registry Repair
"Garena" = Garena 2010
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GRT Data Recovery_is1" = GRT Data Recovery 2.6
"GRT Recover My File_is1" = GRT Recover My File 2.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MiniTool Power Data Recovery_is1" = MiniTool Power Data Recovery
"Mobile Media Converter_is1" = MIKSOFT Mobile Media Converter
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"MPE" = MyPhoneExplorer
"nbi-nb-base-7.0.0.0.0" = NetBeans IDE 7.0
"PandoraRecovery" = PandoraRecovery (Remove Only)
"Picasa 3" = Picasa 3
"ProcessLasso" = Process Lasso
"PROPLUS" = Microsoft Office Professional Plus 2007
"Protected Folder_is1" = Protected Folder
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.3
"Recuva" = Recuva
"R-Undelete 4.1NSIS" = R-Undelete 4.1
"SMRecorder" = SMRecorder 1.2.0
"SoftOrbits Flash Drive Recovery_is1" = SoftOrbits Flash Drive Recovery 1.3
"StatWin Professional_is1" = StatWin
"Time Stopper3.12" = Time Stopper
"Unlocker" = Unlocker 1.9.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.3
"Web Page Maker_is1" = Web Page Maker V3.21
"WebCracker 4.0" = WebCracker 4.0
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR archiver
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"YouTubeGet_is1" = YouTubeGet 5.9.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04-Apr-11 3:57:20 AM | Computer Name = ARVIND | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files\EASEUS\easeus
partition master 7.0.1 professional edition\bin\x64\WinChkdsk.exe".Error in manifest
or policy file "c:\program files\EASEUS\easeus partition master 7.0.1 professional
edition\bin\x64\Microsoft.VC80.CRT.MANIFEST" on line 11. Component identity found
in manifest does not match the identity of the component requested. Reference is
Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Definition
is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Please
use sxstrace.exe for detailed diagnosis.

Error - 04-Apr-11 3:58:55 AM | Computer Name = ARVIND | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 04-Apr-11 8:18:48 AM | Computer Name = ARVIND | Source = VSS | ID = 8194
Description =

Error - 05-Apr-11 2:58:48 AM | Computer Name = ARVIND | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Users\Arunima\AppData\Roaming\Google.com\Google
Bar\adxloader.dll.Manifest".Error in manifest or policy file "C:\Users\Arunima\AppData\Roaming\Google.com\Google
Bar\adxloader.dll.Manifest" on line 2. The manifest file root element must be assembly.

Error - 05-Apr-11 2:59:49 AM | Computer Name = ARVIND | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files\EASEUS\easeus
partition master 7.0.1 professional edition\bin\x64\WinChkdsk.exe".Error in manifest
or policy file "c:\program files\EASEUS\easeus partition master 7.0.1 professional
edition\bin\x64\Microsoft.VC80.CRT.MANIFEST" on line 11. Component identity found
in manifest does not match the identity of the component requested. Reference is
Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Definition
is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Please
use sxstrace.exe for detailed diagnosis.

Error - 05-Apr-11 3:00:43 AM | Computer Name = ARVIND | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 06-Apr-11 8:17:10 AM | Computer Name = ARVIND | Source = VSS | ID = 8194
Description =

Error - 06-Apr-11 11:30:31 AM | Computer Name = ARVIND | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Users\Arunima\AppData\Roaming\Google.com\Google
Bar\adxloader.dll.Manifest".Error in manifest or policy file "C:\Users\Arunima\AppData\Roaming\Google.com\Google
Bar\adxloader.dll.Manifest" on line 2. The manifest file root element must be assembly.

Error - 06-Apr-11 11:31:43 AM | Computer Name = ARVIND | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files\EASEUS\easeus
partition master 7.0.1 professional edition\bin\x64\WinChkdsk.exe".Error in manifest
or policy file "c:\program files\EASEUS\easeus partition master 7.0.1 professional
edition\bin\x64\Microsoft.VC80.CRT.MANIFEST" on line 11. Component identity found
in manifest does not match the identity of the component requested. Reference is
Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Definition
is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Please
use sxstrace.exe for detailed diagnosis.

Error - 06-Apr-11 11:32:42 AM | Computer Name = ARVIND | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

[ Media Center Events ]
Error - 30-Oct-10 7:01:45 AM | Computer Name = ARVIND | Source = MCUpdate | ID = 0
Description = 4:31:44 PM - Error connecting to the internet. 4:31:44 PM - Unable
to contact server..

Error - 30-Oct-10 7:01:57 AM | Computer Name = ARVIND | Source = MCUpdate | ID = 0
Description = 4:31:50 PM - Error connecting to the internet. 4:31:50 PM - Unable
to contact server..

Error - 07-Nov-10 11:36:24 PM | Computer Name = ARVIND | Source = MCUpdate | ID = 0
Description = 9:06:23 AM - Error connecting to the internet. 9:06:23 AM - Unable
to contact server..

Error - 19-Nov-10 9:19:58 PM | Computer Name = ARVIND | Source = MCUpdate | ID = 0
Description = 6:49:58 AM - Error connecting to the internet. 6:49:58 AM - Unable
to contact server..

Error - 19-Nov-10 10:42:38 PM | Computer Name = ARVIND | Source = MCUpdate | ID = 0
Description = 8:12:37 AM - Error connecting to the internet. 8:12:37 AM - Unable
to contact server..

Error - 13-Dec-10 9:30:40 PM | Computer Name = ARVIND | Source = MCUpdate | ID = 0
Description = 7:00:39 AM - Error connecting to the internet. 7:00:40 AM - Unable
to contact server..

Error - 26-Dec-10 3:47:16 AM | Computer Name = ARVIND | Source = MCUpdate | ID = 0
Description = 1:17:16 PM - Error connecting to the internet. 1:17:16 PM - Unable
to contact server..

Error - 01-Jan-11 2:59:35 AM | Computer Name = ARVIND | Source = MCUpdate | ID = 0
Description = 12:29:32 PM - Error connecting to the internet. 12:29:34 PM - Unable
to contact server..

Error - 12-Jan-11 9:17:00 PM | Computer Name = ARVIND | Source = MCUpdate | ID = 0
Description = 6:47:00 AM - Error connecting to the internet. 6:47:00 AM - Unable
to contact server..

Error - 18-Jan-11 9:24:21 PM | Computer Name = ARVIND | Source = MCUpdate | ID = 0
Description = 6:54:20 AM - Error connecting to the internet. 6:54:20 AM - Unable
to contact server..

[ ODiag Events ]
Error - 27-Apr-11 8:58:26 PM | Computer Name = ARVIND | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 3fft. Error code: N/A

Error - 27-Apr-11 8:59:50 PM | Computer Name = ARVIND | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 3fft. Error code: N/A

Error - 27-Apr-11 9:07:10 PM | Computer Name = ARVIND | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 3fft. Error code: N/A

Error - 27-Apr-11 9:07:14 PM | Computer Name = ARVIND | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 3fft. Error code: N/A

[ OSession Events ]
Error - 13-Apr-11 11:58:17 PM | Computer Name = ARVIND | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 935
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 19-Aug-11 4:51:21 AM | Computer Name = ARVIND | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 19-Aug-11 4:52:09 AM | Computer Name = ARVIND | Source = Service Control Manager | ID = 7023
Description = The Superfetch service terminated with the following error: %%2

Error - 19-Aug-11 4:52:22 AM | Computer Name = ARVIND | Source = ipnathlp | ID = 34001
Description =

Error - 19-Aug-11 5:35:17 AM | Computer Name = ARVIND | Source = ipnathlp | ID = 30005
Description =

Error - 19-Aug-11 9:20:39 PM | Computer Name = ARVIND | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 19-Aug-11 9:21:27 PM | Computer Name = ARVIND | Source = Service Control Manager | ID = 7023
Description = The Superfetch service terminated with the following error: %%2

Error - 19-Aug-11 9:21:38 PM | Computer Name = ARVIND | Source = ipnathlp | ID = 34001
Description =

Error - 19-Aug-11 9:35:11 PM | Computer Name = ARVIND | Source = DCOM | ID = 10005
Description =

Error - 19-Aug-11 9:35:11 PM | Computer Name = ARVIND | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 19-Aug-11 9:35:12 PM | Computer Name = ARVIND | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

[ Windows PowerShell Events ]
Error - 10-Aug-11 8:01:15 AM | Computer Name = ARVIND | Source = PowerShell | ID = 103
Description =

Error - 10-Aug-11 8:03:39 AM | Computer Name = ARVIND | Source = PowerShell | ID = 103
Description =


< End of report >


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7513

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

20-Aug-11 4:57:43 PM
mbam-log-2011-08-20 (16-57-43).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 572273
Time elapsed: 5 hour(s), 8 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\HYDRA\hydra-5.4-win\pw-inspector.exe (PUP.PasswordTool.Hydra) -> Quarantined and deleted successfully.
h:\hack tools\bruteforcer\Client\BFC.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
h:\hack tools\BRUTUS\BrutusA2.exe (HackTool.Brutus) -> Quarantined and deleted successfully.
h:\hack tools\HYDRA\hydra-5.4-win\hydra.exe (PUP.PasswordTool.Hydra) -> Quarantined and deleted successfully.
h:\hack tools\HYDRA\hydra-5.4-win\pw-inspector.exe (PUP.PasswordTool.Hydra) -> Quarantined and deleted successfully.
h:\hack tools\new folder\brutus\NEW\nova pasta\BrutusA2.exe (HackTool.Brutus) -> Quarantined and deleted successfully.

SuperAntispyware

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/20/2011 at 06:28 PM

Application Version : 5.0.1118

Core Rules Database Version : 7585
Trace Rules Database Version: 5397

Scan type : Complete Scan
Total Scan Time : 05:38:56

Operating System Information
Windows 7 Ultimate 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 554
Memory threats detected : 0
Registry items scanned : 37775
Registry threats detected : 0
File items scanned : 219111
File threats detected : 5

Adware.Tracking Cookie
.doubleclick.net [ C:\USERS\AKSHA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\AKSHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KHE0QAX7.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\AKSHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KHE0QAX7.DEFAULT\COOKIES.SQLITE ]
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\ARVIND$@2O7[1].TXT
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\ARVIND$@IN.GETCLICKY[1].TXT

[eddie5659]

Just looking at the results from the MBAM scan, and you have these programs:

c:\HYDRA\hydra-5.4-win\pw-inspector.exe (PUP.PasswordTool.Hydra) -> Quarantined and deleted successfully.
h:\hack tools\bruteforcer\Client\BFC.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
h:\hack tools\BRUTUS\BrutusA2.exe (HackTool.Brutus) -> Quarantined and deleted successfully.
h:\hack tools\HYDRA\hydra-5.4-win\hydra.exe (PUP.PasswordTool.Hydra) -> Quarantined and deleted successfully.
h:\hack tools\HYDRA\hydra-5.4-win\pw-inspector.exe (PUP.PasswordTool.Hydra) -> Quarantined and deleted successfully.
h:\hack tools\new folder\brutus\NEW\nova pasta\BrutusA2.exe (HackTool.Brutus) -> Quarantined and deleted successfully.

Is there any reason why you have brute-force hacking tools on this computer?

[Aka29165]

hi Ediie
actually yes. My son was taking part in an online competition called "digital fortress" which required all competitors to try and hack into their specifically designed websites
Hence the software.

[eddie5659]

Oki doki, thanks for explaining what the files were for. The reason for the question I asked, is that there can be a fine line between the two versions of 'hacking'. These are good links to read about ethical hackers, as I also had a read up on the competition that your son entered:

http://www.abertay.a...ug/ethhaccount/

http://searchsecurit.../ethical-hacker

As you can see, there was a very good reason why I had to ask

Saying that, how did your son get on? I'll also be staying with this thread, so give me a few mins to read the new OTL log, and I'll post soon. Normally I just post when I can, but thought it would be best to reply with the reasoning first


eddie

[eddie5659]

Okay, can you uninstall these via AddRemove Programs:

Advanced SystemCare 4
Protected Folder


Then, do the following:

Download SREng

• Extract it to Desktop and double click SREngLdr.EXE to run it
• Select System Repair from the left pane.
• Click on File Association
• Select all entries that has an Error status click [Repair]
• Refer to this image for an example:
  
  
  
• Close SREng now.

---

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
  O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
  O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
  O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
  O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
  O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - Reg Error: Key error. File not found
  O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
  [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
  @Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:07BF512B
  @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:63238B95
  @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:F7F48F12
  @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:7631EA83
  @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
  SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
  DRV - [2011/03/16 18:59:38 | 000,032,672 | ---- | M] (IObit Information Technology) [File_System | Auto | Stopped] -- C:\Program Files\IObit\Protected Folder\pffilter.sys -- (PfFilter
  :Files
  ipconfig /flushdns /c 
  :Commands 
  [purity] 
  [resethosts] 
  [emptytemp] 
  [EMPTYFLASH] 
  [CREATERESTOREPOINT] 
  [Reboot]

  
  
• Then click the Run Fix button at the top
• Click OK.
• OTL may ask to reboot the machine. Please do so if asked.
  
• The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply

eddie

[Aka29165]

Hi Eddie,

Sorry for the delay.
Removed Advanced System Care and Protected folder as you directed.
Ran SREng without any trouble.
However, OTL custom fix has been hanging up for hours on end
It shows the following in the status bar at the time of hanging, and proceeds no further.

"DRV - [2011/03/16 18:59:38 | 000,032,672 | ---- | M] (IObit Information Technology) [File_System | Auto | Stopped] -- C:\Program Files\IObit\Protected Folder\pffilter.sys -- (PfFilter"

Also have started receiving Hard disk error windows intermittently.
I took a back up as per directions of these but the Diskcheck has shown no errors.
Am confused.
Can you help?

Thanks

[eddie5659]

Hi

At work at the moment, but for the hard disk error's, can you post a screenshot of what you're seeing?

[eddie5659]

Looks like it may be linked to something else I was looking at in the OTL log. When you say you've run a Diskcheck, is that the chkdsk or another program that you have installed?

If its another program, then lets run a chkdsk. Leave the OTL fix for now, and lets try this first:

Click Start and then Run
Type in Chkdsk /r Note the space between k and /
Click Enter ...It will probably ask if you want to do this on the next reboot...click Y


Then reboot manually if it doesn't restart automatically.


It may take a while to do, so grab a drink

Any problems/questions, let me know

eddie

[Aka29165]

Hi,
I am attaching the screenshot of the error message.
I used the windows Chkdsk on C: and it ran its course at the next boot up without any hiccups.
Have managed to empty out D:, E: and F: drives. Formatted and ran windows disk checking tool - no errors reported.
Hope this helps you help me!

Attached Thumbnails

• 

[eddie5659]

Good to see the chdsk seem's to have worked

Can you post a fresh OTL log, as the Iobit needs looking at still, and I want to check something else, to see if it solved the other issue

Only the one log will appear this time

[Aka29165]

Hi Eddie

Here's the OTL log

OTL logfile created on: 24-Aug-11 6:39:18 AM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\AKSHA\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

1.87 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 55.34% Memory free
3.75 Gb Paging File | 2.73 Gb Available in Paging File | 72.97% Paging File free
Paging file location(s): g:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 21.36 Gb Free Space | 43.75% Space Free | Partition Type: NTFS
Drive D: | 43.95 Gb Total Space | 43.85 Gb Free Space | 99.78% Space Free | Partition Type: NTFS
Drive E: | 43.95 Gb Total Space | 43.85 Gb Free Space | 99.78% Space Free | Partition Type: NTFS
Drive F: | 96.15 Gb Total Space | 96.05 Gb Free Space | 99.90% Space Free | Partition Type: NTFS
Drive G: | 78.34 Gb Total Space | 44.16 Gb Free Space | 56.37% Space Free | Partition Type: NTFS
Drive H: | 70.71 Gb Total Space | 39.07 Gb Free Space | 55.25% Space Free | Partition Type: NTFS
Drive J: | 232.82 Gb Total Space | 33.65 Gb Free Space | 14.45% Space Free | Partition Type: NTFS
Drive K: | 232.94 Gb Total Space | 229.89 Gb Free Space | 98.69% Space Free | Partition Type: NTFS

Computer Name: ARVIND | User Name: AKSHAT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-08-20 07:41:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011-08-17 19:41:11 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-08-10 07:13:14 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\AKSHA\Desktop\OTL.exe
PRC - [2011-08-04 19:53:29 | 000,177,784 | ---- | M] (Solid Documents, LLC) -- C:\Windows\Installer\MSI4583.tmp
PRC - [2011-08-03 01:00:18 | 000,602,112 | ---- | M] (Bitsum Technologies) -- C:\Program Files\Process Lasso\ProcessLasso.exe
PRC - [2011-08-03 00:59:31 | 000,327,168 | ---- | M] (Bitsum Technologies) -- C:\Program Files\Process Lasso\ProcessGovernor.exe
PRC - [2011-06-01 22:12:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011-04-18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011-04-18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011-04-14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011-03-28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011-03-16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011-02-25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011-02-10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011-02-08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011-02-08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011-01-25 00:05:36 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2010-11-20 17:47:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010-09-16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2009-12-12 04:22:52 | 001,078,632 | ---- | M] (Blue Coat Systems, Inc.) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
PRC - [2009-07-14 06:44:16 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DFDWiz.exe
PRC - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (SafeList) ==========

MOD - [2011-08-10 07:13:14 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\AKSHA\Desktop\OTL.exe
MOD - [2010-11-20 17:25:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011-08-20 07:41:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011-08-04 19:53:29 | 000,177,784 | ---- | M] (Solid Documents, LLC) [Auto | Running] -- C:\Windows\Installer\MSI4583.tmp -- (SCPDFReadSpool)
SRV - [2011-07-24 13:32:26 | 000,339,336 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\tuEagles\EglSrv.exe -- (tuEaglesService)
SRV - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-06-21 19:58:36 | 008,155,648 | ---- | M] () [Disabled | Stopped] -- H:\Program Files\MySql\MySQL Server 5.5\bin\mysqld.exe -- (MySQL)
SRV - [2011-06-01 22:12:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011-04-24 22:39:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011-04-18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011-03-30 22:27:40 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011-02-08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011-01-25 00:05:36 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010-09-16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010-06-25 22:37:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009-12-12 04:22:52 | 001,078,632 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
SRV - [2009-07-14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 06:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV - [2011-07-24 13:32:28 | 000,066,952 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\tuEagles\egldrv.sys -- (egldrv)
DRV - [2011-07-22 21:57:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011-07-13 03:25:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011-07-06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011-04-14 21:28:30 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011-04-05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011-03-16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011-03-01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011-02-22 08:12:50 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011-02-10 07:53:42 | 000,021,968 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011-02-10 07:53:40 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011-01-19 17:47:12 | 000,022,504 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2011-01-07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010-11-20 18:00:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010-11-20 18:00:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010-11-20 18:00:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010-11-20 15:54:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 15:51:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010-11-20 15:29:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-20 14:44:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010-11-20 14:44:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010-08-25 14:45:28 | 000,395,464 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2010-08-25 14:45:28 | 000,056,208 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hotcore3.sys -- (hotcore3)
DRV - [2010-08-25 14:45:28 | 000,037,080 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2010-07-15 08:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2010-07-15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010-06-25 22:37:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010-06-23 10:24:56 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010-01-11 14:30:32 | 000,164,992 | ---- | M] (Etron) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ETdrv.sys -- (usbet)
DRV - [2009-12-12 04:22:52 | 000,074,088 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\bckd.sys -- (bckd)
DRV - [2009-10-26 16:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009-07-14 05:15:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2008-09-26 12:30:54 | 000,651,264 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2008-07-22 07:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008-06-03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007-04-24 11:33:46 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mgmt.sys -- (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM)
DRV - [2007-04-24 11:33:46 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125obex.sys -- (s125obex)
DRV - [2007-04-24 11:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdm.sys -- (s125mdm)
DRV - [2007-04-24 11:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdfl.sys -- (s125mdfl)
DRV - [2007-04-24 11:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM)
DRV - [2005-02-28 09:49:24 | 000,034,064 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Invoker.sys -- (Invoker)
DRV - [2005-02-28 09:49:24 | 000,033,148 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlexBios.sys -- (FlexBios)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com/?fr=fp-spt_gen
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com/?fr=fp-spt_gen

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 36 DA 83 89 61 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.in/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.1970.7372\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011-08-09 15:40:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-08-17 19:41:11 | 000,000,000 | ---D | M]

[2011-07-17 17:16:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AKSHA\AppData\Roaming\mozilla\Extensions
[2011-08-15 14:44:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AKSHA\AppData\Roaming\mozilla\Firefox\Profiles\khe0qax7.default\extensions
[2011-07-02 08:05:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-05-01 17:19:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011-07-02 08:05:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\AKSHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KHE0QAX7.DEFAULT\EXTENSIONS\{454867E3-7F62-BD5D-A26D-5D98E7E50FEC}.XPI
[2011-08-17 19:41:11 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010-01-01 13:30:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011-08-15 10:19:13 | 000,436,434 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15019 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.4.22.0.cab (Reg Error: Value error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} http://www.intel.com...did/BoardID.cab (BoardCtl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {A5BE62CA-DE0F-4764-A0CB-4044816DB174} - C:\Program Files\tuEagles\EagleObj.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-08-24 06:42:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011-08-24 06:38:03 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\Desktop\OTL
[2011-08-23 17:41:48 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011-08-23 17:05:58 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Roaming\Auslogics
[2011-08-23 17:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2011-08-22 16:20:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
[2011-08-22 16:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\MemeoCommon
[2011-08-22 16:07:35 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Roaming\Memeo
[2011-08-22 16:07:17 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Roaming\Seagate
[2011-08-22 16:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo
[2011-08-22 16:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Memeo
[2011-08-22 16:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Memeo
[2011-08-22 16:02:56 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Roaming\Leadertech
[2011-08-22 13:51:05 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Local\ElevatedDiagnostics
[2011-08-22 07:05:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-08-22 07:00:14 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\Desktop\SRENG
[2011-08-20 07:34:04 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Roaming\SUPERAntiSpyware.com
[2011-08-20 07:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011-08-20 07:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011-08-20 07:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011-08-20 07:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011-08-19 15:16:09 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WebCracker 3.0
[2011-08-17 20:06:07 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\Desktop\NDA PAPERS
[2011-08-17 19:20:43 | 000,000,000 | ---D | C] -- C:\HYDRA
[2011-08-17 18:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygwin
[2011-08-17 17:59:49 | 000,000,000 | ---D | C] -- C:\cygwin
[2011-08-16 21:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2011-08-16 21:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2011-08-16 21:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
[2011-08-16 21:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\Cain
[2011-08-15 15:48:56 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brutus AET 2
[2011-08-15 15:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brutus AET 2
[2011-08-14 18:25:07 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\.m2
[2011-08-14 09:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis
[2011-08-14 09:06:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DJ Java Decompiler v.3.11.11.95
[2011-08-14 09:06:02 | 000,000,000 | ---D | C] -- C:\Program Files\decomp
[2011-08-13 20:05:40 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Roaming\skypePM
[2011-08-13 20:04:54 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Roaming\Skype
[2011-08-12 21:14:34 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Roaming\PandoraRecovery
[2011-08-12 21:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Recovery
[2011-08-12 21:07:16 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
[2011-08-12 20:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\restore
[2011-08-12 20:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\arcverify
[2011-08-12 20:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\frestore
[2011-08-12 18:07:49 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Roaming\R-TT
[2011-08-12 18:06:33 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R-Undelete
[2011-08-12 18:06:33 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\Documents\R-TT
[2011-08-12 18:06:30 | 000,000,000 | ---D | C] -- C:\Program Files\R-Undelete
[2011-08-12 17:16:00 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Local\MindGems
[2011-08-12 17:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Folder Size
[2011-08-12 17:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\Folder Size
[2011-08-12 16:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Defrag
[2011-08-12 16:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2011-08-11 17:52:05 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Local\Microsoft Games
[2011-08-11 16:30:40 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011-08-11 16:30:38 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011-08-11 16:30:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011-08-11 16:30:37 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011-08-11 16:30:37 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011-08-11 16:30:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011-08-11 16:23:28 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2011-08-11 16:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2011-08-11 16:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2011-08-11 16:16:50 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011-08-11 16:16:49 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011-08-11 16:15:35 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011-08-11 16:15:35 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011-08-11 16:15:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011-08-11 16:15:34 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011-08-11 16:15:34 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011-08-11 16:15:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011-08-11 16:15:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011-08-11 16:15:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011-08-11 16:15:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011-08-11 16:15:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011-08-11 16:15:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011-08-11 16:15:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011-08-11 16:15:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011-08-11 16:15:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011-08-11 16:15:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011-08-11 16:15:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011-08-11 16:15:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011-08-11 16:15:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011-08-11 16:15:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011-08-11 16:15:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011-08-11 16:15:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011-08-11 16:15:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011-08-11 16:15:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011-08-11 16:15:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011-08-11 16:15:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011-08-11 16:15:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011-08-11 16:15:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011-08-11 16:15:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011-08-11 16:15:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011-08-11 16:15:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011-08-11 16:15:22 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2011-08-11 16:15:22 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2011-08-11 16:15:22 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2011-08-11 16:15:21 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2011-08-11 16:15:21 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011-08-10 18:38:54 | 000,000,000 | -HSD | C] -- C:\Users\AKSHA\Desktop\%APPDATA%
[2011-08-10 17:31:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\%LocalAppData%
[2011-08-10 07:13:07 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\AKSHA\Desktop\OTL.exe
[2011-08-09 18:24:53 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Roaming\Malwarebytes
[2011-08-06 09:37:06 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Local\Yahoo
[2011-08-06 09:37:05 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Roaming\Yahoo!
[2011-08-04 19:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidDocuments
[2011-08-04 19:53:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SolidDocuments
[2011-08-03 20:07:22 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011-08-03 19:43:06 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\Desktop\Akshat
[2011-08-01 21:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
[2011-08-01 21:13:46 | 000,000,000 | ---D | C] -- C:\Program Files\Audiograbber
[2011-07-27 22:48:25 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Roaming\MySQL
[2011-07-27 22:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
[2011-07-27 22:28:12 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MySQL
[2011-07-27 15:24:02 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\Documents\NetBeansProjects
[2011-07-27 15:16:25 | 000,000,000 | ---D | C] -- C:\Users\AKSHA\.netbeans

========== Files - Modified Within 30 Days ==========

[2011-08-24 06:35:50 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011-08-24 06:31:14 | 000,012,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-08-24 06:31:14 | 000,012,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-08-24 06:24:51 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011-08-24 06:22:48 | 000,000,431 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011-08-24 06:20:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-08-24 06:20:17 | 1507,995,648 | -HS- | M] () -- C:\hiberfil.sys
[2011-08-23 21:59:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-08-23 17:26:34 | 129,351,368 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011-08-23 17:25:51 | 000,175,597 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011-08-23 17:04:52 | 000,001,211 | ---- | M] () -- C:\Users\AKSHA\Desktop\Auslogics BoostSpeed.lnk
[2011-08-23 07:00:01 | 000,096,041 | ---- | M] () -- C:\Users\AKSHA\Desktop\scrnshot.jpg
[2011-08-22 16:20:34 | 000,001,251 | ---- | M] () -- C:\Users\Public\Desktop\Seagate Dashboard.lnk
[2011-08-22 13:08:13 | 000,353,374 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-08-22 13:08:13 | 000,055,498 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-08-21 16:39:24 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011-08-20 22:33:08 | 000,921,654 | ---- | M] () -- C:\Windows\snapshot.bmp
[2011-08-20 07:33:35 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011-08-19 15:15:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011-08-19 15:15:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011-08-18 16:32:20 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011-08-17 18:15:51 | 000,000,598 | ---- | M] () -- C:\Users\Public\Desktop\Cygwin.lnk
[2011-08-15 17:14:21 | 000,002,473 | ---- | M] () -- C:\Users\AKSHA\Desktop\captcha.html
[2011-08-15 14:14:12 | 000,000,000 | ---- | M] () -- C:\Users\AKSHA\Desktop\index.php
[2011-08-15 14:11:05 | 000,001,213 | ---- | M] () -- C:\Users\AKSHA\Desktop\ppp.html
[2011-08-15 10:19:13 | 000,436,434 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011-08-15 08:45:01 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjw.avm
[2011-08-14 09:06:04 | 000,001,793 | ---- | M] () -- C:\Users\Public\Desktop\DJ Java Decompiler 3.11.lnk
[2011-08-13 20:05:54 | 000,065,736 | ---- | M] () -- C:\Users\AKSHA\Documents\Still0003.jpg
[2011-08-13 20:04:46 | 000,002,533 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011-08-12 18:07:15 | 000,001,029 | ---- | M] () -- C:\Users\AKSHA\Desktop\R-Undelete.lnk
[2011-08-12 17:16:00 | 000,001,000 | ---- | M] () -- C:\Users\AKSHA\Desktop\Folder Size.lnk
[2011-08-12 16:52:22 | 000,001,033 | ---- | M] () -- C:\Users\AKSHA\Desktop\Puran Defrag.lnk
[2011-08-11 16:57:39 | 000,000,017 | ---- | M] () -- C:\Users\AKSHA\AppData\Local\resmon.resmoncfg
[2011-08-11 16:02:21 | 000,000,632 | RHS- | M] () -- C:\Users\AKSHA\ntuser.pol
[2011-08-10 07:13:14 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\AKSHA\Desktop\OTL.exe
[2011-08-09 20:48:33 | 000,000,000 | ---- | M] () -- C:\Users\AKSHA\AppData\Local\{C583354B-7858-4DA7-A74E-03EFEF392EE1}
[2011-08-09 15:40:00 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011-08-03 21:37:25 | 000,410,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011-08-01 21:13:50 | 000,001,089 | ---- | M] () -- C:\Users\Public\Desktop\Audiograbber.lnk
[2011-07-27 22:45:37 | 000,000,232 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2011-07-27 22:24:13 | 000,104,262 | ---- | M] () -- C:\Users\AKSHA\Desktop\NDA result.pdf

========== Files Created - No Company Name ==========

[2011-08-23 17:04:52 | 000,001,211 | ---- | C] () -- C:\Users\AKSHA\Desktop\Auslogics BoostSpeed.lnk
[2011-08-23 07:00:01 | 000,096,041 | ---- | C] () -- C:\Users\AKSHA\Desktop\scrnshot.jpg
[2011-08-22 16:20:34 | 000,001,251 | ---- | C] () -- C:\Users\Public\Desktop\Seagate Dashboard.lnk
[2011-08-20 07:33:35 | 000,001,977 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011-08-19 15:15:49 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011-08-19 15:15:49 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011-08-17 18:15:51 | 000,000,598 | ---- | C] () -- C:\Users\Public\Desktop\Cygwin.lnk
[2011-08-15 17:13:12 | 000,002,473 | ---- | C] () -- C:\Users\AKSHA\Desktop\captcha.html
[2011-08-15 14:14:07 | 000,000,000 | ---- | C] () -- C:\Users\AKSHA\Desktop\index.php
[2011-08-15 14:10:05 | 000,001,213 | ---- | C] () -- C:\Users\AKSHA\Desktop\ppp.html
[2011-08-14 09:06:04 | 000,001,793 | ---- | C] () -- C:\Users\Public\Desktop\DJ Java Decompiler 3.11.lnk
[2011-08-13 20:05:54 | 000,065,736 | ---- | C] () -- C:\Users\AKSHA\Documents\Still0003.jpg
[2011-08-12 18:07:15 | 000,001,029 | ---- | C] () -- C:\Users\AKSHA\Desktop\R-Undelete.lnk
[2011-08-12 17:16:00 | 000,001,000 | ---- | C] () -- C:\Users\AKSHA\Desktop\Folder Size.lnk
[2011-08-12 16:52:22 | 000,001,033 | ---- | C] () -- C:\Users\AKSHA\Desktop\Puran Defrag.lnk
[2011-08-11 16:57:39 | 000,000,017 | ---- | C] () -- C:\Users\AKSHA\AppData\Local\resmon.resmoncfg
[2011-08-09 20:48:33 | 000,000,000 | ---- | C] () -- C:\Users\AKSHA\AppData\Local\{C583354B-7858-4DA7-A74E-03EFEF392EE1}
[2011-08-04 19:53:32 | 000,027,456 | ---- | C] () -- C:\Windows\System32\solidlocalmon.dll
[2011-08-04 19:53:32 | 000,018,752 | ---- | C] () -- C:\Windows\System32\solidlocalui.dll
[2011-08-01 21:13:50 | 000,001,089 | ---- | C] () -- C:\Users\Public\Desktop\Audiograbber.lnk
[2011-07-27 22:45:37 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011-07-27 22:24:13 | 000,104,262 | ---- | C] () -- C:\Users\AKSHA\Desktop\NDA result.pdf
[2011-07-24 12:03:16 | 000,667,648 | ---- | C] () -- C:\Windows\System32\FreeImage.dll
[2011-07-24 12:03:16 | 000,159,744 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011-07-24 12:03:16 | 000,040,448 | ---- | C] () -- C:\Windows\System32\UNACE.DLL
[2011-07-19 11:57:03 | 000,000,000 | ---- | C] () -- C:\Users\AKSHA\AppData\Local\{39C1F240-1137-4B98-AFB5-AB96E71A565E}
[2011-07-12 19:03:13 | 000,000,000 | ---- | C] () -- C:\Users\AKSHA\AppData\Local\{61C1C535-F65F-4AA6-9F9E-EBB89CFF9C72}
[2011-06-16 10:36:48 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011-06-16 10:36:48 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011-06-04 18:59:33 | 000,073,728 | ---- | C] () -- C:\Windows\System32\ETCoInst.dll
[2011-03-06 11:38:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011-03-06 11:36:53 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011-02-03 07:25:01 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011-02-03 07:25:00 | 002,336,384 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011-02-03 07:24:59 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011-02-03 07:24:59 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011-02-03 07:24:59 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011-01-29 13:42:21 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2011-01-02 18:49:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-10-13 20:19:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010-06-25 22:33:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009-08-03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009-07-14 10:27:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 10:03:53 | 000,410,680 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009-07-14 07:35:48 | 000,353,374 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009-07-14 07:35:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009-07-14 07:35:48 | 000,055,498 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009-07-14 07:35:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009-07-14 07:35:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009-07-14 07:34:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009-07-14 05:25:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 05:21:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-07-14 05:12:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009-06-11 02:56:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008-06-03 03:35:18 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008-06-03 03:02:02 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008-04-28 21:09:10 | 000,172,033 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008-03-06 00:38:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2004-01-03 07:16:47 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >

[Aka29165]

Hi Eddie,

I had posted the log as u asked some four days ago.
I hope you find time to analyse it soon enough.

Thanks for your time...