Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Laptop (was) Infected with Privacy Protection virus/malware


  • Please log in to reply

#1
nehac

nehac

    Member

  • Member
  • PipPip
  • 78 posts
Hi, on Sunday my sister was watching videos on the laptop when suddenly the browser closed and a virus/spyware scanner opened supposedly scanning for issues. I came in a noticed it seemed fishy as it was not something we had installed. It blocked the computer from accessing the net and all.

After searching for solutions on my desktop, I managed to follow steps and was able to remove the program. After this ran a virus scan and updated the programs on the laptop.

Just want to make sure that it is fully cleaned now, and whether or not there may still be vulnerabilities.

Below is the OTL Log:
OTL logfile created on: 23/11/2011 6:52:31 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Neha\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.68 Gb Available Physical Memory | 34.04% Memory free
4.21 Gb Paging File | 2.66 Gb Available in Paging File | 63.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.74 Gb Total Space | 89.70 Gb Free Space | 65.60% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 5.23 Gb Free Space | 53.54% Space Free | Partition Type: NTFS

Computer Name: NEHA-PC | User Name: Neha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/23 18:51:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Neha\Desktop\OTL.exe
PRC - [2011/11/20 23:22:14 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/11/05 02:10:39 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/07/04 06:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 01:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/05/13 16:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/05/04 04:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/05/04 04:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/05/04 04:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/05/04 04:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/03/04 00:05:24 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2008/02/22 17:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/01/20 21:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/21 10:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/13 13:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/13 13:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/07/27 16:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/20 16:57:41 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/05 02:10:39 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/22 12:50:03 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011/10/22 12:49:43 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/22 12:49:20 | 000,223,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\5d71f5ae06ea0338fa4e266ac77cf988\VistaBridgeLibrary.ni.dll
MOD - [2011/10/22 12:49:19 | 001,523,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\700cb2f214cccc84461b0fdbce7f7716\DellDock.ni.exe
MOD - [2011/10/22 12:49:15 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\83f44b2d5e196db1d3c90d140a22af59\MyDock.Util.ni.dll
MOD - [2011/10/22 12:49:09 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011/10/22 12:21:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/22 11:53:14 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/22 11:52:23 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/22 11:51:51 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/22 11:48:28 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/22 11:47:43 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/02/04 16:57:38 | 000,913,408 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2008/05/16 07:16:24 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2008/08/13 09:10:37 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/13 13:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 06:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 06:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 06:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 06:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 06:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/07/04 06:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2008/05/04 04:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/06 02:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/03/04 00:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2008/03/04 00:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2008/01/20 21:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/11/12 06:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/06 11:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 11:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 11:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sympatico.msn.ca/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.ca [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.live.ca [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sympatico.msn.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.ca [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.live.ca [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=WLEM&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.bing.com/...TDF&PC=WLEM&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/08/09 15:50:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/20 23:23:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/20 23:47:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/20 23:24:05 | 000,000,000 | ---D | M]

[2008/08/23 20:23:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Neha\AppData\Roaming\Mozilla\Extensions
[2011/11/20 17:23:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\bd8ek5km.default\extensions
[2011/10/29 19:10:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\bd8ek5km.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/10/26 19:29:10 | 000,001,832 | ---- | M] () -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\bd8ek5km.default\searchplugins\bing.xml
[2011/11/20 23:47:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/20 23:42:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\NEHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BD8EK5KM.DEFAULT\EXTENSIONS\{6614D11D-D21D-B211-AE23-815234E1EBB5}.XPI
() (No name found) -- C:\USERS\NEHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BD8EK5KM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/11/05 02:10:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/20 23:42:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/04 22:44:20 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/11/04 22:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 22:44:20 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/11/04 22:44:20 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/11/04 22:44:20 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Users\Neha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E08DF09-B3A1-420F-878E-C4AE240E1D34}: DhcpNameServer = 205.188.146.145
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/23 18:50:26 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Neha\Desktop\OTL.exe
[2011/11/23 18:44:23 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{99A75BB5-1E9A-4F02-8FAB-F1272E22E4E1}
[2011/11/23 18:43:54 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{10C974C0-AB3F-4615-8AFC-746F353F3C71}
[2011/11/22 20:43:20 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{B92B74C2-AA3A-49A6-873D-947CA051E8C2}
[2011/11/22 20:42:43 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{EBD3818E-7641-418F-B972-C933621DBC0F}
[2011/11/21 20:25:05 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{8C4C034D-F989-49D1-AFBB-00BC86E4C385}
[2011/11/21 20:25:01 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{7E2378EB-40DC-4945-97C4-71CE1684AB5C}
[2011/11/20 23:36:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/20 23:34:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/20 23:34:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/20 23:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/11/20 23:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/11/20 23:22:21 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2011/11/20 23:16:34 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{FF5E5DED-B09F-4CAB-BD06-D8B7B5CEE115}
[2011/11/20 23:16:13 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{C7E8A321-6410-46CB-B7CA-D2FADA2560A7}
[2011/11/20 18:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/20 18:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/11/20 17:16:40 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/11/20 17:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/11/20 17:03:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/11/20 16:44:30 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/11/20 16:33:26 | 000,000,000 | ---D | C] -- C:\Users\Neha\Desktop\Programs
[2011/11/20 16:30:18 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{02CBD278-F392-4DAF-AC02-81B61EC8BD84}
[2011/11/20 16:30:16 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{23CF7E9B-980D-4BA8-86BC-8AB01587C187}
[2011/11/20 15:17:34 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\Secunia PSI
[2011/11/20 15:17:24 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/11/20 15:15:07 | 001,754,456 | ---- | C] (Secunia) -- C:\Users\Neha\Desktop\PSISetup.exe
[2011/11/20 14:59:48 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Roaming\Malwarebytes
[2011/11/20 14:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/20 14:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/20 14:59:41 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/20 14:59:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/20 12:02:06 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{A1AE7217-A918-4674-B636-72C017160F93}
[2011/11/19 20:27:30 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{62292BFC-C379-477A-AD1E-5C527B1444A1}
[2011/11/19 20:27:26 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{9538D7E4-DC0F-41BE-961A-704BB774EA35}
[2011/11/19 10:11:52 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{9B54EFBA-4C4E-4D40-AFCF-60DE26D26EE7}
[2011/11/19 10:11:41 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{D5CF2684-D7AD-4C90-B7EB-64079194386E}
[2011/11/18 17:42:27 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{6A0077C9-79AD-48BC-B4D1-F7329B4A5EBB}
[2011/11/17 17:16:01 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{630108D3-9D49-42B5-AF90-8640933C3BB8}
[2011/11/17 17:15:58 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{39D42745-D5D9-45F0-B535-47CDE24AFBED}
[2011/11/16 20:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/11/16 20:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/11/16 20:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/11/16 20:55:55 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\HP
[2011/11/16 20:54:58 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{167642EA-35B9-4D25-AAEF-3F4B86D58E16}
[2011/11/16 20:54:34 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{14F1AE07-0F5F-43DC-9676-3C23DA71E1F5}
[2011/11/14 20:55:24 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{DDF82348-1685-4B66-BF79-5CC56A5EE1E9}
[2011/11/14 20:55:18 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{4ECE417F-A510-441A-941B-9FA728105AB6}
[2011/11/14 14:54:16 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{C2789DB1-C253-4376-AC24-27D0789D109D}
[2011/11/13 14:41:40 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{F156BD2D-7D89-4BB5-84FC-428A4293DA3A}
[2011/11/13 12:53:13 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{76AF2590-BFA2-48D9-9790-4AC97C027B85}
[2011/11/02 08:52:27 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{C9A4FF3F-FDF3-4254-8102-BDE801B68A57}
[2011/11/02 08:52:16 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{E77A61FF-8ABA-438C-959C-F0197837D33F}
[2011/10/30 11:13:44 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{B2AB12E5-DC85-40E8-B495-34838AC6D03A}
[2011/10/30 11:13:37 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{FC8A69ED-5E93-4033-A608-4D052CEE7E71}
[2011/10/29 19:10:27 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{A1DC2122-7A28-4985-8DFA-A9FE28EAA64D}
[2011/10/24 19:47:13 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{37978215-267D-4890-8D2F-143200F6A819}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Neha\Documents\*.tmp files -> C:\Users\Neha\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/23 18:51:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Neha\Desktop\OTL.exe
[2011/11/23 18:47:50 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/23 18:47:50 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/23 18:44:27 | 000,004,332 | ---- | M] () -- C:\Users\Neha\Documents\cc_20111123_184422.reg
[2011/11/23 18:41:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/23 18:41:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/23 18:41:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/23 18:41:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/22 22:27:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/20 23:53:45 | 000,001,314 | ---- | M] () -- C:\Users\Neha\Documents\cc_20111120_235339.reg
[2011/11/20 23:53:16 | 000,034,052 | ---- | M] () -- C:\Users\Neha\Documents\cc_20111120_235307.reg
[2011/11/20 23:47:59 | 000,000,872 | ---- | M] () -- C:\Users\Neha\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/20 23:47:59 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/20 23:36:10 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/20 23:22:22 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2011/11/20 18:07:48 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/20 17:31:10 | 000,000,945 | ---- | M] () -- C:\Users\Neha\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/20 17:09:41 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/11/20 17:09:40 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/11/20 17:09:39 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/11/20 17:09:02 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/11/20 15:15:11 | 001,754,456 | ---- | M] (Secunia) -- C:\Users\Neha\Desktop\PSISetup.exe
[2011/11/20 14:59:44 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/13 14:43:43 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Neha\Documents\*.tmp files -> C:\Users\Neha\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/23 18:44:25 | 000,004,332 | ---- | C] () -- C:\Users\Neha\Documents\cc_20111123_184422.reg
[2011/11/20 23:53:42 | 000,001,314 | ---- | C] () -- C:\Users\Neha\Documents\cc_20111120_235339.reg
[2011/11/20 23:53:11 | 000,034,052 | ---- | C] () -- C:\Users\Neha\Documents\cc_20111120_235307.reg
[2011/11/20 23:36:10 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/20 18:07:48 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/20 17:09:41 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/11/20 17:09:40 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/11/20 17:09:02 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/11/20 15:17:25 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2011/11/20 14:59:44 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/20 19:27:02 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/20 19:27:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/07 17:14:51 | 000,000,680 | ---- | C] () -- C:\Users\Neha\AppData\Local\d3d9caps.dat
[2008/11/02 18:15:56 | 000,003,584 | ---- | C] () -- C:\Users\Neha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/26 19:05:54 | 000,000,170 | ---- | C] () -- C:\Users\Neha\AppData\Roaming\wklnhst.dat
[2008/08/23 20:32:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/20 16:50:31 | 000,008,248 | ---- | C] () -- C:\Users\Neha\AppData\Local\en.ini
[2008/08/13 11:36:26 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/08/13 11:36:26 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/08/13 11:36:26 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/08/13 11:36:26 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/08/13 11:36:26 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/08/13 11:36:22 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/08/13 09:00:56 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/08/13 09:00:55 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/08/13 08:56:25 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/02/03 18:37:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,395,232 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,609,196 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,108,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2009/02/14 19:48:09 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\DataSafeOnline
[2010/05/06 19:00:10 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\NVD
[2008/11/19 17:05:02 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\OpenOffice.org
[2011/05/27 22:06:55 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\PCDr
[2011/11/21 00:00:17 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\SoftGrid Client
[2008/10/26 19:05:55 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\Template
[2010/05/06 18:59:49 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\TP
[2011/11/23 18:41:21 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

If you haven't already you shold let Avast run a boot time scan:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
(Text version of the log is at C:\ProgramData\Alwil Software\Avast5\report\aswboot.txt if you want to copy and paste it into a reply)

Ron
  • 0

#3
nehac

nehac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Here are the logs that were asked for.
MalwareBytes:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8235

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

24/11/2011 8:33:27 PM
mbam-log-2011-11-24 (20-33-26).txt

Scan type: Quick scan
Objects scanned: 166507
Time elapsed: 5 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Combofix:
ComboFix 11-11-24.01 - Neha 24/11/2011 20:44:26.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.2037.943 [GMT -5:00]
Running from: c:\users\Neha\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Neha\Documents\~WRL0003.tmp
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2011-10-25 to 2011-11-25 )))))))))))))))))))))))))))))))
.
.
2011-11-25 01:25 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 01:25 . 2011-11-25 01:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-25 01:15 . 2011-11-25 01:15 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EBC426FA-7A3E-48B3-80E0-95D447BEB700}\offreg.dll
2011-11-23 02:51 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EBC426FA-7A3E-48B3-80E0-95D447BEB700}\mpengine.dll
2011-11-21 04:34 . 2011-11-21 04:34 -------- d-----w- c:\program files\iPod
2011-11-21 04:34 . 2011-11-21 04:36 -------- d-----w- c:\program files\iTunes
2011-11-21 04:24 . 2011-11-21 04:24 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2011-11-21 04:23 . 2011-11-21 04:23 -------- d-----w- c:\program files\Common Files\xing shared
2011-11-21 04:22 . 2011-11-21 04:22 150696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2011-11-21 04:22 . 2011-11-21 04:22 108544 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2011-11-20 22:16 . 2011-11-20 22:16 -------- d-----w- c:\windows\Sun
2011-11-20 22:03 . 2011-11-20 22:03 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-11-20 21:44 . 2011-11-20 21:44 -------- d-----w- c:\windows\en
2011-11-20 21:37 . 2009-09-04 22:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-11-20 21:37 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-11-20 21:37 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-11-20 20:17 . 2011-11-20 20:17 -------- d-----w- c:\users\Neha\AppData\Local\Secunia PSI
2011-11-20 20:17 . 2011-11-20 20:17 -------- d-----w- c:\program files\Secunia
2011-11-20 19:59 . 2011-11-20 19:59 -------- d-----w- c:\users\Neha\AppData\Roaming\Malwarebytes
2011-11-20 19:59 . 2011-11-20 19:59 -------- d-----w- c:\programdata\Malwarebytes
2011-11-17 01:59 . 2010-11-17 02:10 527208 ------w- c:\windows\system32\HPDiscoPM9311.dll
2011-11-17 01:56 . 2011-11-17 01:56 -------- d-----w- c:\programdata\HP
2011-11-17 01:56 . 2011-11-17 01:56 -------- d-----w- c:\program files\HP
2011-11-17 01:55 . 2011-11-17 01:55 -------- d-----w- c:\users\Neha\AppData\Local\HP
2011-11-12 15:31 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-12 15:31 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-12 15:31 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-10-30 16:12 . 2011-11-05 07:10 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2011-10-30 16:12 . 2011-11-05 07:10 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-10-30 16:12 . 2011-11-05 07:10 125912 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2011-10-30 16:12 . 2011-11-05 03:20 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-10-30 16:12 . 2011-11-05 03:20 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-10-30 16:12 . 2011-11-05 07:10 924632 ----a-w- c:\program files\Mozilla Firefox\firefox.exe
2011-10-30 16:12 . 2011-11-05 07:10 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-10-30 16:12 . 2011-11-05 07:10 269272 ----a-w- c:\program files\Mozilla Firefox\freebl3.dll
2011-10-29 15:18 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 04:42 . 2010-05-02 04:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-21 04:38 . 2011-05-28 23:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-21 04:22 . 2008-08-13 13:55 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-11-21 04:22 . 2008-08-13 13:55 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-20 21:38 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-09-06 13:30 . 2011-10-15 14:23 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 03:05 . 2011-08-31 03:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-11-05 07:10 . 2011-10-30 16:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-04 4363504]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-13 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-16 3444736]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-13 29744]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-11-21 296056]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Neha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-8-13 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-08-13 14:10 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-17 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-17 135664]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-10-14 994360]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-10-14 399416]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-17 19:26]
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-17 19:26]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://sympatico.msn.ca/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 205.188.146.145
FF - ProfilePath - c:\users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\bd8ek5km.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-24 20:52
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Neha\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,35,35,fa,03,ae,b7,f9,4d,81,8d,c2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,35,35,fa,03,ae,b7,f9,4d,81,8d,c2,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-11-24 20:54:43
ComboFix-quarantined-files.txt 2011-11-25 01:54
.
Pre-Run: 97,215,377,408 bytes free
Post-Run: 97,161,089,024 bytes free
.
- - End Of File - - 7621032E3CF86910EC51E61E51D224ED


TDSSKiller:
21:01:05.0403 2204 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
21:01:05.0926 2204 ============================================================
21:01:05.0926 2204 Current date / time: 2011/11/24 21:01:05.0926
21:01:05.0926 2204 SystemInfo:
21:01:05.0926 2204
21:01:05.0926 2204 OS Version: 6.0.6002 ServicePack: 2.0
21:01:05.0926 2204 Product type: Workstation
21:01:05.0926 2204 ComputerName: NEHA-PC
21:01:05.0927 2204 UserName: Neha
21:01:05.0927 2204 Windows directory: C:\Windows
21:01:05.0927 2204 System windows directory: C:\Windows
21:01:05.0927 2204 Processor architecture: Intel x86
21:01:05.0927 2204 Number of processors: 2
21:01:05.0927 2204 Page size: 0x1000
21:01:05.0927 2204 Boot type: Normal boot
21:01:05.0927 2204 ============================================================
21:01:06.0565 2204 Initialize success
21:01:15.0093 5144 ============================================================
21:01:15.0093 5144 Scan started
21:01:15.0093 5144 Mode: Manual;
21:01:15.0093 5144 ============================================================
21:01:15.0710 5144 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:01:15.0726 5144 ACPI - ok
21:01:15.0985 5144 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:01:15.0989 5144 adp94xx - ok
21:01:16.0233 5144 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:01:16.0237 5144 adpahci - ok
21:01:16.0292 5144 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:01:16.0294 5144 adpu160m - ok
21:01:16.0378 5144 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:01:16.0380 5144 adpu320 - ok
21:01:16.0531 5144 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:01:16.0545 5144 AFD - ok
21:01:16.0617 5144 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:01:16.0619 5144 agp440 - ok
21:01:16.0673 5144 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:01:16.0675 5144 aic78xx - ok
21:01:16.0846 5144 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:01:16.0847 5144 aliide - ok
21:01:16.0901 5144 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:01:16.0902 5144 amdagp - ok
21:01:16.0976 5144 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:01:16.0977 5144 amdide - ok
21:01:17.0022 5144 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:01:17.0023 5144 AmdK7 - ok
21:01:17.0042 5144 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:01:17.0043 5144 AmdK8 - ok
21:01:17.0138 5144 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
21:01:17.0140 5144 ApfiltrService - ok
21:01:17.0242 5144 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:01:17.0243 5144 arc - ok
21:01:17.0342 5144 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:01:17.0343 5144 arcsas - ok
21:01:17.0416 5144 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\Windows\system32\drivers\aswFsBlk.sys
21:01:17.0417 5144 aswFsBlk - ok
21:01:17.0557 5144 aswMonFlt (ff83c93aeee8b0cf4b464ca667a67acd) C:\Windows\system32\drivers\aswMonFlt.sys
21:01:17.0558 5144 aswMonFlt - ok
21:01:17.0612 5144 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\Windows\system32\drivers\aswRdr.sys
21:01:17.0613 5144 aswRdr - ok
21:01:17.0722 5144 aswSnx (17230708a2028cd995656df455f2e303) C:\Windows\system32\drivers\aswSnx.sys
21:01:17.0728 5144 aswSnx - ok
21:01:17.0767 5144 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\Windows\system32\drivers\aswSP.sys
21:01:17.0771 5144 aswSP - ok
21:01:17.0833 5144 aswTdi (984cfce2168286c2511695c2f9621475) C:\Windows\system32\drivers\aswTdi.sys
21:01:17.0835 5144 aswTdi - ok
21:01:17.0898 5144 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:01:17.0899 5144 AsyncMac - ok
21:01:18.0058 5144 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:01:18.0068 5144 atapi - ok
21:01:18.0125 5144 BCM42RLY - ok
21:01:18.0397 5144 BCM43XX (abd543e555bc0453bf52664936df4dcd) C:\Windows\system32\DRIVERS\bcmwl6.sys
21:01:18.0409 5144 BCM43XX - ok
21:01:18.0484 5144 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:01:18.0485 5144 Beep - ok
21:01:18.0562 5144 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:01:18.0563 5144 blbdrive - ok
21:01:18.0637 5144 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:01:18.0639 5144 bowser - ok
21:01:18.0685 5144 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:01:18.0685 5144 BrFiltLo - ok
21:01:18.0718 5144 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:01:18.0719 5144 BrFiltUp - ok
21:01:18.0770 5144 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:01:18.0771 5144 Brserid - ok
21:01:18.0810 5144 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:01:18.0810 5144 BrSerWdm - ok
21:01:18.0927 5144 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:01:18.0927 5144 BrUsbMdm - ok
21:01:19.0087 5144 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:01:19.0088 5144 BrUsbSer - ok
21:01:19.0150 5144 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:01:19.0151 5144 BTHMODEM - ok
21:01:19.0284 5144 catchme - ok
21:01:19.0322 5144 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:01:19.0340 5144 cdfs - ok
21:01:19.0405 5144 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:01:19.0406 5144 cdrom - ok
21:01:19.0518 5144 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:01:19.0520 5144 circlass - ok
21:01:19.0658 5144 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:01:19.0666 5144 CLFS - ok
21:01:19.0744 5144 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:01:19.0746 5144 CmBatt - ok
21:01:19.0850 5144 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:01:19.0852 5144 cmdide - ok
21:01:19.0955 5144 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:01:19.0966 5144 Compbatt - ok
21:01:19.0995 5144 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:01:19.0997 5144 crcdisk - ok
21:01:20.0034 5144 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:01:20.0035 5144 Crusoe - ok
21:01:20.0219 5144 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:01:20.0223 5144 DfsC - ok
21:01:20.0341 5144 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:01:20.0347 5144 disk - ok
21:01:20.0467 5144 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:01:20.0468 5144 drmkaud - ok
21:01:20.0638 5144 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:01:20.0656 5144 DXGKrnl - ok
21:01:20.0797 5144 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
21:01:20.0800 5144 e1express - ok
21:01:20.0909 5144 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:01:20.0911 5144 E1G60 - ok
21:01:21.0040 5144 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:01:21.0046 5144 Ecache - ok
21:01:21.0170 5144 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:01:21.0174 5144 elxstor - ok
21:01:21.0249 5144 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:01:21.0250 5144 ErrDev - ok
21:01:21.0390 5144 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:01:21.0419 5144 exfat - ok
21:01:21.0451 5144 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:01:21.0457 5144 fastfat - ok
21:01:21.0491 5144 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:01:21.0493 5144 fdc - ok
21:01:21.0543 5144 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:01:21.0547 5144 FileInfo - ok
21:01:21.0573 5144 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:01:21.0575 5144 Filetrace - ok
21:01:21.0607 5144 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:01:21.0609 5144 flpydisk - ok
21:01:21.0753 5144 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:01:21.0767 5144 FltMgr - ok
21:01:21.0871 5144 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
21:01:21.0872 5144 fssfltr - ok
21:01:21.0942 5144 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:01:21.0944 5144 Fs_Rec - ok
21:01:21.0992 5144 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:01:21.0993 5144 gagp30kx - ok
21:01:22.0139 5144 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:01:22.0141 5144 GEARAspiWDM - ok
21:01:22.0307 5144 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:01:22.0326 5144 HdAudAddService - ok
21:01:22.0514 5144 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:01:22.0522 5144 HDAudBus - ok
21:01:22.0637 5144 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:01:22.0638 5144 HidBth - ok
21:01:22.0695 5144 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:01:22.0697 5144 HidIr - ok
21:01:22.0747 5144 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
21:01:22.0748 5144 HidUsb - ok
21:01:22.0817 5144 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:01:22.0818 5144 HpCISSs - ok
21:01:23.0172 5144 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:01:23.0183 5144 HSF_DPV - ok
21:01:23.0506 5144 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:01:23.0509 5144 HSXHWAZL - ok
21:01:23.0701 5144 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
21:01:23.0707 5144 HTTP - ok
21:01:23.0884 5144 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:01:23.0886 5144 i2omp - ok
21:01:23.0970 5144 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:01:23.0974 5144 i8042prt - ok
21:01:24.0103 5144 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
21:01:24.0105 5144 iaStor - ok
21:01:24.0250 5144 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:01:24.0252 5144 iaStorV - ok
21:01:24.0685 5144 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:01:24.0700 5144 igfx - ok
21:01:24.0746 5144 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:01:24.0748 5144 iirsp - ok
21:01:24.0831 5144 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
21:01:24.0833 5144 IntcHdmiAddService - ok
21:01:24.0855 5144 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
21:01:24.0856 5144 intelide - ok
21:01:24.0898 5144 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:01:24.0899 5144 intelppm - ok
21:01:24.0954 5144 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:01:24.0956 5144 IpFilterDriver - ok
21:01:24.0975 5144 IpInIp - ok
21:01:25.0044 5144 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:01:25.0045 5144 IPMIDRV - ok
21:01:25.0109 5144 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:01:25.0132 5144 IPNAT - ok
21:01:25.0172 5144 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:01:25.0173 5144 IRENUM - ok
21:01:25.0210 5144 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:01:25.0212 5144 isapnp - ok
21:01:25.0315 5144 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:01:25.0318 5144 iScsiPrt - ok
21:01:25.0422 5144 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:01:25.0424 5144 iteatapi - ok
21:01:25.0531 5144 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:01:25.0533 5144 iteraid - ok
21:01:25.0624 5144 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:01:25.0626 5144 kbdclass - ok
21:01:25.0703 5144 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
21:01:25.0704 5144 kbdhid - ok
21:01:25.0858 5144 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
21:01:25.0872 5144 KSecDD - ok
21:01:25.0969 5144 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:01:25.0972 5144 lltdio - ok
21:01:26.0025 5144 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:01:26.0026 5144 LSI_FC - ok
21:01:26.0055 5144 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:01:26.0056 5144 LSI_SAS - ok
21:01:26.0137 5144 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:01:26.0138 5144 LSI_SCSI - ok
21:01:26.0176 5144 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:01:26.0193 5144 luafv - ok
21:01:26.0236 5144 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:01:26.0237 5144 mdmxsdk - ok
21:01:26.0278 5144 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:01:26.0279 5144 megasas - ok
21:01:26.0443 5144 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:01:26.0446 5144 MegaSR - ok
21:01:26.0502 5144 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:01:26.0503 5144 Modem - ok
21:01:26.0547 5144 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:01:26.0548 5144 monitor - ok
21:01:26.0575 5144 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:01:26.0590 5144 mouclass - ok
21:01:26.0623 5144 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:01:26.0624 5144 mouhid - ok
21:01:26.0674 5144 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:01:26.0689 5144 MountMgr - ok
21:01:26.0727 5144 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:01:26.0728 5144 mpio - ok
21:01:26.0830 5144 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:01:26.0840 5144 mpsdrv - ok
21:01:26.0881 5144 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:01:26.0882 5144 Mraid35x - ok
21:01:26.0955 5144 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:01:26.0976 5144 MRxDAV - ok
21:01:27.0016 5144 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:01:27.0021 5144 mrxsmb - ok
21:01:27.0083 5144 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:01:27.0104 5144 mrxsmb10 - ok
21:01:27.0137 5144 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:01:27.0141 5144 mrxsmb20 - ok
21:01:27.0175 5144 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
21:01:27.0176 5144 msahci - ok
21:01:27.0233 5144 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:01:27.0235 5144 msdsm - ok
21:01:27.0433 5144 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:01:27.0450 5144 Msfs - ok
21:01:27.0495 5144 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:01:27.0497 5144 msisadrv - ok
21:01:27.0565 5144 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:01:27.0567 5144 MSKSSRV - ok
21:01:27.0611 5144 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:01:27.0633 5144 MSPCLOCK - ok
21:01:27.0704 5144 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:01:27.0706 5144 MSPQM - ok
21:01:27.0793 5144 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:01:27.0813 5144 MsRPC - ok
21:01:27.0842 5144 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:01:27.0845 5144 mssmbios - ok
21:01:27.0889 5144 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:01:27.0906 5144 MSTEE - ok
21:01:27.0923 5144 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:01:27.0926 5144 Mup - ok
21:01:28.0033 5144 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:01:28.0051 5144 NativeWifiP - ok
21:01:28.0197 5144 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:01:28.0204 5144 NDIS - ok
21:01:28.0240 5144 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:01:28.0242 5144 NdisTapi - ok
21:01:28.0262 5144 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:01:28.0264 5144 Ndisuio - ok
21:01:28.0344 5144 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:01:28.0360 5144 NdisWan - ok
21:01:28.0389 5144 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:01:28.0392 5144 NDProxy - ok
21:01:28.0416 5144 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:01:28.0419 5144 NetBIOS - ok
21:01:28.0495 5144 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:01:28.0501 5144 netbt - ok
21:01:28.0568 5144 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:01:28.0570 5144 nfrd960 - ok
21:01:28.0659 5144 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:01:28.0662 5144 Npfs - ok
21:01:28.0703 5144 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:01:28.0705 5144 nsiproxy - ok
21:01:29.0011 5144 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:01:29.0051 5144 Ntfs - ok
21:01:29.0077 5144 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:01:29.0079 5144 ntrigdigi - ok
21:01:29.0211 5144 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:01:29.0214 5144 Null - ok
21:01:29.0258 5144 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:01:29.0260 5144 nvraid - ok
21:01:29.0383 5144 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:01:29.0385 5144 nvstor - ok
21:01:29.0567 5144 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:01:29.0569 5144 nv_agp - ok
21:01:29.0621 5144 NwlnkFlt - ok
21:01:29.0643 5144 NwlnkFwd - ok
21:01:29.0706 5144 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
21:01:29.0710 5144 OEM02Dev - ok
21:01:29.0769 5144 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
21:01:29.0771 5144 OEM02Vfx - ok
21:01:29.0859 5144 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:01:29.0862 5144 ohci1394 - ok
21:01:29.0931 5144 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:01:29.0933 5144 Parport - ok
21:01:30.0002 5144 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:01:30.0005 5144 partmgr - ok
21:01:30.0051 5144 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:01:30.0052 5144 Parvdm - ok
21:01:30.0241 5144 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:01:30.0247 5144 pci - ok
21:01:30.0330 5144 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
21:01:30.0358 5144 pciide - ok
21:01:30.0437 5144 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:01:30.0440 5144 pcmcia - ok
21:01:30.0519 5144 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:01:30.0543 5144 PEAUTH - ok
21:01:30.0645 5144 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:01:30.0648 5144 PptpMiniport - ok
21:01:30.0682 5144 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:01:30.0684 5144 Processor - ok
21:01:30.0902 5144 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:01:30.0906 5144 PSched - ok
21:01:30.0970 5144 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
21:01:30.0972 5144 PSI - ok
21:01:31.0072 5144 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
21:01:31.0074 5144 PxHelp20 - ok
21:01:31.0166 5144 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:01:31.0180 5144 ql2300 - ok
21:01:31.0233 5144 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:01:31.0235 5144 ql40xx - ok
21:01:31.0329 5144 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:01:31.0354 5144 QWAVEdrv - ok
21:01:31.0659 5144 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
21:01:31.0681 5144 R300 - ok
21:01:31.0734 5144 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:01:31.0746 5144 RasAcd - ok
21:01:31.0794 5144 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:01:31.0798 5144 Rasl2tp - ok
21:01:31.0873 5144 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:01:31.0889 5144 RasPppoe - ok
21:01:31.0989 5144 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:01:32.0018 5144 RasSstp - ok
21:01:32.0100 5144 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:01:32.0106 5144 rdbss - ok
21:01:32.0135 5144 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:01:32.0136 5144 RDPCDD - ok
21:01:32.0240 5144 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:01:32.0242 5144 rdpdr - ok
21:01:32.0259 5144 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:01:32.0260 5144 RDPENCDD - ok
21:01:32.0397 5144 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:01:32.0421 5144 RDPWD - ok
21:01:32.0519 5144 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
21:01:32.0521 5144 rimmptsk - ok
21:01:32.0546 5144 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
21:01:32.0547 5144 rimsptsk - ok
21:01:32.0564 5144 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
21:01:32.0566 5144 rismxdp - ok
21:01:32.0638 5144 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:01:32.0640 5144 rspndr - ok
21:01:32.0688 5144 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:01:32.0690 5144 sbp2port - ok
21:01:32.0736 5144 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
21:01:32.0764 5144 sdbus - ok
21:01:32.0795 5144 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:01:32.0797 5144 secdrv - ok
21:01:32.0842 5144 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:01:32.0844 5144 Serenum - ok
21:01:32.0883 5144 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:01:32.0885 5144 Serial - ok
21:01:32.0942 5144 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:01:32.0949 5144 sermouse - ok
21:01:33.0016 5144 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
21:01:33.0017 5144 sffdisk - ok
21:01:33.0193 5144 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:01:33.0194 5144 sffp_mmc - ok
21:01:33.0254 5144 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
21:01:33.0255 5144 sffp_sd - ok
21:01:33.0350 5144 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:01:33.0351 5144 sfloppy - ok
21:01:33.0500 5144 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:01:33.0501 5144 sisagp - ok
21:01:33.0637 5144 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:01:33.0639 5144 SiSRaid2 - ok
21:01:33.0690 5144 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:01:33.0692 5144 SiSRaid4 - ok
21:01:33.0875 5144 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:01:33.0888 5144 Smb - ok
21:01:33.0928 5144 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:01:33.0931 5144 spldr - ok
21:01:34.0025 5144 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:01:34.0036 5144 srv - ok
21:01:34.0089 5144 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:01:34.0096 5144 srv2 - ok
21:01:34.0115 5144 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:01:34.0120 5144 srvnet - ok
21:01:34.0221 5144 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
21:01:34.0226 5144 STHDA - ok
21:01:34.0322 5144 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
21:01:34.0324 5144 StillCam - ok
21:01:34.0399 5144 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:01:34.0400 5144 swenum - ok
21:01:34.0438 5144 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:01:34.0439 5144 Symc8xx - ok
21:01:34.0489 5144 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:01:34.0490 5144 Sym_hi - ok
21:01:34.0525 5144 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:01:34.0526 5144 Sym_u3 - ok
21:01:34.0654 5144 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
21:01:34.0661 5144 Tcpip - ok
21:01:34.0952 5144 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
21:01:34.0960 5144 Tcpip6 - ok
21:01:35.0134 5144 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:01:35.0160 5144 tcpipreg - ok
21:01:35.0212 5144 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:01:35.0215 5144 TDPIPE - ok
21:01:35.0240 5144 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:01:35.0243 5144 TDTCP - ok
21:01:35.0312 5144 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:01:35.0316 5144 tdx - ok
21:01:35.0392 5144 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:01:35.0403 5144 TermDD - ok
21:01:35.0456 5144 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:01:35.0459 5144 tssecsrv - ok
21:01:35.0487 5144 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:01:35.0489 5144 tunmp - ok
21:01:35.0563 5144 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:01:35.0586 5144 tunnel - ok
21:01:35.0630 5144 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:01:35.0631 5144 uagp35 - ok
21:01:35.0775 5144 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:01:35.0800 5144 udfs - ok
21:01:35.0851 5144 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:01:35.0852 5144 uliagpkx - ok
21:01:36.0079 5144 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:01:36.0082 5144 uliahci - ok
21:01:36.0161 5144 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:01:36.0162 5144 UlSata - ok
21:01:36.0246 5144 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:01:36.0249 5144 ulsata2 - ok
21:01:36.0299 5144 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:01:36.0316 5144 umbus - ok
21:01:36.0354 5144 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:01:36.0357 5144 usbccgp - ok
21:01:36.0399 5144 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:01:36.0401 5144 usbcir - ok
21:01:36.0493 5144 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:01:36.0514 5144 usbehci - ok
21:01:36.0551 5144 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:01:36.0558 5144 usbhub - ok
21:01:36.0596 5144 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:01:36.0598 5144 usbohci - ok
21:01:36.0636 5144 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
21:01:36.0638 5144 usbprint - ok
21:01:36.0703 5144 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:01:36.0721 5144 USBSTOR - ok
21:01:36.0756 5144 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:01:36.0759 5144 usbuhci - ok
21:01:36.0921 5144 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:01:36.0923 5144 vga - ok
21:01:37.0085 5144 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:01:37.0104 5144 VgaSave - ok
21:01:37.0152 5144 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:01:37.0154 5144 viaagp - ok
21:01:37.0258 5144 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:01:37.0260 5144 ViaC7 - ok
21:01:37.0289 5144 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:01:37.0291 5144 viaide - ok
21:01:37.0320 5144 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:01:37.0324 5144 volmgr - ok
21:01:37.0464 5144 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:01:37.0509 5144 volmgrx - ok
21:01:37.0582 5144 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:01:37.0590 5144 volsnap - ok
21:01:37.0646 5144 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:01:37.0649 5144 vsmraid - ok
21:01:37.0695 5144 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:01:37.0697 5144 WacomPen - ok
21:01:37.0767 5144 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:01:37.0769 5144 Wanarp - ok
21:01:37.0779 5144 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:01:37.0782 5144 Wanarpv6 - ok
21:01:37.0828 5144 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:01:37.0830 5144 Wd - ok
21:01:38.0087 5144 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:01:38.0117 5144 Wdf01000 - ok
21:01:38.0201 5144 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
21:01:38.0204 5144 WimFltr - ok
21:01:38.0345 5144 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:01:38.0353 5144 winachsf - ok
21:01:38.0597 5144 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:01:38.0609 5144 WmiAcpi - ok
21:01:38.0682 5144 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:01:38.0685 5144 ws2ifsl - ok
21:01:38.0765 5144 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:01:38.0770 5144 WUDFRd - ok
21:01:38.0843 5144 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
21:01:38.0845 5144 XAudio - ok
21:01:39.0039 5144 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
21:01:39.0044 5144 yukonwlh - ok
21:01:39.0089 5144 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
21:01:39.0111 5144 \Device\Harddisk0\DR0 - ok
21:01:39.0143 5144 Boot (0x1200) (1c87bb41b794aa77b498067de1159056) \Device\Harddisk0\DR0\Partition0
21:01:39.0159 5144 \Device\Harddisk0\DR0\Partition0 - ok
21:01:39.0171 5144 Boot (0x1200) (864b35927f8c07c44532c324952cab64) \Device\Harddisk0\DR0\Partition1
21:01:39.0174 5144 \Device\Harddisk0\DR0\Partition1 - ok
21:01:39.0174 5144 ============================================================
21:01:39.0174 5144 Scan finished
21:01:39.0174 5144 ============================================================
21:01:39.0193 3624 Detected object count: 0
21:01:39.0193 3624 Actual detected object count: 0
21:01:53.0391 5428 Deinitialize success


aswMBR.exe:
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-24 21:03:36
-----------------------------
21:03:36.910 OS Version: Windows 6.0.6002 Service Pack 2
21:03:36.910 Number of processors: 2 586 0xF0D
21:03:36.912 ComputerName: NEHA-PC UserName: Neha
21:03:37.964 Initialize success
21:03:38.841 AVAST engine defs: 11112401
21:04:44.371 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:04:44.375 Disk 0 Vendor: SAMSUNG_ HH10 Size: 152627MB BusType: 3
21:04:44.425 Disk 0 MBR read successfully
21:04:44.429 Disk 0 MBR scan
21:04:44.505 Disk 0 Windows VISTA default MBR code
21:04:44.538 Disk 0 scanning sectors +312578048
21:04:44.730 Disk 0 scanning C:\Windows\system32\drivers
21:05:07.129 Service scanning
21:05:08.869 Modules scanning
21:05:29.257 Scan finished successfully
21:14:06.049 Disk 0 MBR has been saved successfully to "C:\Users\Neha\Desktop\MBR.dat"
21:14:06.051 The log file has been saved successfully to "C:\Users\Neha\Desktop\aswMBR.txt"

OTL Log:
OTL logfile created on: 24/11/2011 9:16:46 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Neha\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 43.51% Memory free
4.21 Gb Paging File | 2.95 Gb Available in Paging File | 69.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.74 Gb Total Space | 90.53 Gb Free Space | 66.20% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 5.23 Gb Free Space | 53.54% Space Free | Partition Type: NTFS

Computer Name: NEHA-PC | User Name: Neha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/23 18:51:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Neha\Desktop\OTL.exe
PRC - [2011/11/20 23:22:14 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/07/04 06:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 01:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/05/13 16:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/05/04 04:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/05/04 04:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/05/04 04:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/03/04 00:05:24 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2008/02/22 17:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/01/20 21:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/21 10:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/13 13:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/13 13:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/07/27 16:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/22 12:50:03 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011/10/22 12:49:43 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/22 12:49:20 | 000,223,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\5d71f5ae06ea0338fa4e266ac77cf988\VistaBridgeLibrary.ni.dll
MOD - [2011/10/22 12:49:19 | 001,523,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\700cb2f214cccc84461b0fdbce7f7716\DellDock.ni.exe
MOD - [2011/10/22 12:49:15 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\83f44b2d5e196db1d3c90d140a22af59\MyDock.Util.ni.dll
MOD - [2011/10/22 12:49:09 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011/10/22 12:21:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/22 11:53:14 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/22 11:52:23 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/22 11:51:51 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/22 11:48:28 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/22 11:47:43 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/02/04 16:57:38 | 000,913,408 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2008/05/16 07:16:24 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2008/08/13 09:10:37 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/13 13:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 06:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 06:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 06:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 06:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 06:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/07/04 06:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2008/05/04 04:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/06 02:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/03/04 00:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2008/03/04 00:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2008/01/20 21:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/11/12 06:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/06 11:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 11:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 11:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.ca [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.live.ca [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.ca [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=WLEM&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.bing.com/...TDF&PC=WLEM&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/08/09 15:50:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/20 23:23:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/20 23:47:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/20 23:24:05 | 000,000,000 | ---D | M]

[2008/08/23 20:23:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Neha\AppData\Roaming\Mozilla\Extensions
[2011/11/23 19:35:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\bd8ek5km.default\extensions
[2011/10/29 19:10:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\bd8ek5km.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/23 19:35:19 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\bd8ek5km.default\extensions\[email protected]
[2010/10/26 19:29:10 | 000,001,832 | ---- | M] () -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\bd8ek5km.default\searchplugins\bing.xml
[2011/11/20 23:47:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/20 23:42:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\NEHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BD8EK5KM.DEFAULT\EXTENSIONS\{6614D11D-D21D-B211-AE23-815234E1EBB5}.XPI
() (No name found) -- C:\USERS\NEHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BD8EK5KM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/11/05 02:10:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/20 23:42:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/04 22:44:20 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/11/04 22:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 22:44:20 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/11/04 22:44:20 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/11/04 22:44:20 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/11/24 20:52:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Neha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E08DF09-B3A1-420F-878E-C4AE240E1D34}: DhcpNameServer = 205.188.146.145
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/24 21:02:43 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Neha\Desktop\aswMBR.exe
[2011/11/24 20:57:25 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Neha\Desktop\tdsskiller.exe
[2011/11/24 20:54:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/24 20:54:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/24 20:54:45 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\temp
[2011/11/24 20:39:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/24 20:39:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/24 20:39:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/24 20:39:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/24 20:39:49 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/24 20:39:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/24 20:35:01 | 004,306,729 | R--- | C] (Swearware) -- C:\Users\Neha\Desktop\ComboFix.exe
[2011/11/24 20:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/24 20:25:46 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/24 20:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/24 20:23:03 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Neha\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/23 18:50:26 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Neha\Desktop\OTL.exe
[2011/11/23 18:44:23 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{99A75BB5-1E9A-4F02-8FAB-F1272E22E4E1}
[2011/11/23 18:43:54 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{10C974C0-AB3F-4615-8AFC-746F353F3C71}
[2011/11/22 20:43:20 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{B92B74C2-AA3A-49A6-873D-947CA051E8C2}
[2011/11/22 20:42:43 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{EBD3818E-7641-418F-B972-C933621DBC0F}
[2011/11/21 20:25:05 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{8C4C034D-F989-49D1-AFBB-00BC86E4C385}
[2011/11/21 20:25:01 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{7E2378EB-40DC-4945-97C4-71CE1684AB5C}
[2011/11/20 23:42:33 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/11/20 23:42:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/11/20 23:42:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/11/20 23:36:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/20 23:34:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/20 23:34:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/20 23:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/11/20 23:22:51 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2011/11/20 23:22:24 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2011/11/20 23:22:24 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2011/11/20 23:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/11/20 23:22:21 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2011/11/20 23:16:34 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{FF5E5DED-B09F-4CAB-BD06-D8B7B5CEE115}
[2011/11/20 23:16:13 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{C7E8A321-6410-46CB-B7CA-D2FADA2560A7}
[2011/11/20 18:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/20 18:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/11/20 17:16:40 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/11/20 17:09:05 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/11/20 17:09:05 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/11/20 17:09:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/11/20 17:09:04 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/11/20 17:09:04 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/11/20 17:09:04 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/11/20 17:09:04 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/11/20 17:09:04 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/11/20 17:09:03 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/11/20 17:09:03 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/11/20 17:09:03 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/11/20 17:09:02 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/11/20 17:09:02 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/11/20 17:09:02 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/11/20 17:09:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/11/20 17:09:02 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/11/20 17:09:02 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/11/20 17:09:02 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/11/20 17:09:01 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/11/20 17:09:01 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/11/20 17:09:01 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/11/20 17:09:01 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/11/20 17:09:01 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/11/20 17:09:01 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/11/20 17:08:59 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/11/20 17:08:59 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/11/20 17:08:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/11/20 17:08:59 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/11/20 17:08:59 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/11/20 17:08:58 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/11/20 17:08:58 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/11/20 17:08:58 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/11/20 17:08:58 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/11/20 17:08:57 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/11/20 17:08:57 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/11/20 17:08:57 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/11/20 17:08:57 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/11/20 17:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/11/20 17:03:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/11/20 16:44:30 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/11/20 16:37:57 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2011/11/20 16:37:57 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011/11/20 16:37:56 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2011/11/20 16:33:26 | 000,000,000 | ---D | C] -- C:\Users\Neha\Desktop\Programs
[2011/11/20 16:30:18 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{02CBD278-F392-4DAF-AC02-81B61EC8BD84}
[2011/11/20 16:30:16 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{23CF7E9B-980D-4BA8-86BC-8AB01587C187}
[2011/11/20 15:17:34 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\Secunia PSI
[2011/11/20 15:17:24 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/11/20 14:59:48 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Roaming\Malwarebytes
[2011/11/20 14:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/20 12:02:06 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{A1AE7217-A918-4674-B636-72C017160F93}
[2011/11/19 20:27:30 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{62292BFC-C379-477A-AD1E-5C527B1444A1}
[2011/11/19 20:27:26 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{9538D7E4-DC0F-41BE-961A-704BB774EA35}
[2011/11/19 10:11:52 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{9B54EFBA-4C4E-4D40-AFCF-60DE26D26EE7}
[2011/11/19 10:11:41 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{D5CF2684-D7AD-4C90-B7EB-64079194386E}
[2011/11/18 17:42:27 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{6A0077C9-79AD-48BC-B4D1-F7329B4A5EBB}
[2011/11/17 17:16:01 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{630108D3-9D49-42B5-AF90-8640933C3BB8}
[2011/11/17 17:15:58 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{39D42745-D5D9-45F0-B535-47CDE24AFBED}
[2011/11/16 20:59:36 | 000,527,208 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\HPDiscoPM9311.dll
[2011/11/16 20:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/11/16 20:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/11/16 20:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/11/16 20:55:55 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\HP
[2011/11/16 20:54:58 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{167642EA-35B9-4D25-AAEF-3F4B86D58E16}
[2011/11/16 20:54:34 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{14F1AE07-0F5F-43DC-9676-3C23DA71E1F5}
[2011/11/14 20:55:24 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{DDF82348-1685-4B66-BF79-5CC56A5EE1E9}
[2011/11/14 20:55:18 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{4ECE417F-A510-441A-941B-9FA728105AB6}
[2011/11/14 14:54:16 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{C2789DB1-C253-4376-AC24-27D0789D109D}
[2011/11/13 14:41:40 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{F156BD2D-7D89-4BB5-84FC-428A4293DA3A}
[2011/11/13 12:53:13 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{76AF2590-BFA2-48D9-9790-4AC97C027B85}
[2011/11/02 08:52:27 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{C9A4FF3F-FDF3-4254-8102-BDE801B68A57}
[2011/11/02 08:52:16 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{E77A61FF-8ABA-438C-959C-F0197837D33F}
[2011/10/30 11:13:44 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{B2AB12E5-DC85-40E8-B495-34838AC6D03A}
[2011/10/30 11:13:37 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{FC8A69ED-5E93-4033-A608-4D052CEE7E71}
[2011/10/29 19:10:27 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{A1DC2122-7A28-4985-8DFA-A9FE28EAA64D}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/24 21:14:06 | 000,000,512 | ---- | M] () -- C:\Users\Neha\Desktop\MBR.dat
[2011/11/24 21:02:52 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Neha\Desktop\aswMBR.exe
[2011/11/24 20:57:41 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Neha\Desktop\tdsskiller.exe
[2011/11/24 20:52:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/24 20:35:28 | 004,306,729 | R--- | M] (Swearware) -- C:\Users\Neha\Desktop\ComboFix.exe
[2011/11/24 20:27:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/24 20:27:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/24 20:25:49 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/24 20:23:29 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Neha\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/24 20:21:55 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/24 20:21:55 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/24 20:15:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/24 20:15:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/24 20:15:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/23 18:51:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Neha\Desktop\OTL.exe
[2011/11/23 18:44:27 | 000,004,332 | ---- | M] () -- C:\Users\Neha\Documents\cc_20111123_184422.reg
[2011/11/20 23:53:45 | 000,001,314 | ---- | M] () -- C:\Users\Neha\Documents\cc_20111120_235339.reg
[2011/11/20 23:53:16 | 000,034,052 | ---- | M] () -- C:\Users\Neha\Documents\cc_20111120_235307.reg
[2011/11/20 23:47:59 | 000,000,872 | ---- | M] () -- C:\Users\Neha\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/20 23:47:59 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/20 23:42:13 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/11/20 23:42:13 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/11/20 23:42:13 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/11/20 23:42:13 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/11/20 23:38:43 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/20 23:36:10 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/20 23:22:51 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2011/11/20 23:22:24 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2011/11/20 23:22:24 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2011/11/20 23:22:22 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2011/11/20 18:07:48 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/20 17:31:10 | 000,000,945 | ---- | M] () -- C:\Users\Neha\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/20 17:09:41 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/11/20 17:09:40 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/11/20 17:09:39 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/11/20 17:09:05 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/11/20 17:09:05 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/11/20 17:09:04 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/11/20 17:09:04 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/11/20 17:09:04 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/11/20 17:09:04 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/11/20 17:09:04 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/11/20 17:09:04 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/11/20 17:09:03 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/11/20 17:09:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/11/20 17:09:03 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/11/20 17:09:02 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/11/20 17:09:02 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/11/20 17:09:02 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/11/20 17:09:02 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/11/20 17:09:02 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/11/20 17:09:02 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/11/20 17:09:02 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/11/20 17:09:02 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/11/20 17:09:01 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/11/20 17:09:01 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/11/20 17:09:01 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/11/20 17:09:01 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/11/20 17:09:01 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/11/20 17:09:01 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/11/20 17:08:59 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/11/20 17:08:59 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/11/20 17:08:59 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/11/20 17:08:59 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/11/20 17:08:59 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/11/20 17:08:58 | 001,798,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/11/20 17:08:58 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/11/20 17:08:58 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/11/20 17:08:58 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/11/20 17:08:57 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/11/20 17:08:57 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/11/20 17:08:57 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/11/20 17:08:57 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/11/13 14:43:43 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/24 21:14:06 | 000,000,512 | ---- | C] () -- C:\Users\Neha\Desktop\MBR.dat
[2011/11/24 20:39:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/24 20:39:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/24 20:39:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/24 20:39:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/24 20:39:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/24 20:25:49 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/23 18:44:25 | 000,004,332 | ---- | C] () -- C:\Users\Neha\Documents\cc_20111123_184422.reg
[2011/11/20 23:53:42 | 000,001,314 | ---- | C] () -- C:\Users\Neha\Documents\cc_20111120_235339.reg
[2011/11/20 23:53:11 | 000,034,052 | ---- | C] () -- C:\Users\Neha\Documents\cc_20111120_235307.reg
[2011/11/20 23:36:10 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/20 18:07:48 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/20 17:09:41 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/11/20 17:09:40 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/11/20 17:09:02 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/11/20 15:17:25 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2009/08/20 19:27:02 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/20 19:27:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/07 17:14:51 | 000,000,680 | ---- | C] () -- C:\Users\Neha\AppData\Local\d3d9caps.dat
[2008/11/02 18:15:56 | 000,003,584 | ---- | C] () -- C:\Users\Neha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/26 19:05:54 | 000,000,170 | ---- | C] () -- C:\Users\Neha\AppData\Roaming\wklnhst.dat
[2008/08/23 20:32:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/20 16:50:31 | 000,008,248 | ---- | C] () -- C:\Users\Neha\AppData\Local\en.ini
[2008/08/13 11:36:26 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/08/13 11:36:26 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/08/13 11:36:26 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/08/13 11:36:26 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/08/13 11:36:26 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/08/13 11:36:22 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/08/13 09:00:56 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/08/13 09:00:55 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/08/13 08:56:25 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/02/03 18:37:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,395,232 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,609,196 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,108,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >

OTL Extra:
OTL Extras logfile created on: 24/11/2011 9:16:46 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Neha\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 43.51% Memory free
4.21 Gb Paging File | 2.95 Gb Available in Paging File | 69.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.74 Gb Total Space | 90.53 Gb Free Space | 66.20% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 5.23 Gb Free Space | 53.54% Space Free | Partition Type: NTFS

Computer Name: NEHA-PC | User Name: Neha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1EBDB3E8-7E28-4D2E-B6E8-9A963E677C83}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{203F1293-CB4A-4FCC-972D-CC04EF819E24}" = lport=138 | protocol=17 | dir=in | app=system |
"{30329D08-09ED-428C-A89F-6B66C82B62E8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3CECC815-FF9C-4E02-B7BD-8D28FCEBF731}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{435729B3-BD2C-484C-B27E-684D9BCD562F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4AA6DAC9-74E3-44EF-B946-1E46E2F65686}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{65305B6E-1C40-416C-8364-C3477719895D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{704AA5EC-3E0A-4FAE-B6E5-1FDD5C56E316}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{72183201-02AC-4D6C-A257-D9E08C0D52ED}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A65BF7FC-D671-44CA-8203-7B9C7188D50B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B3E5544F-1010-4949-B770-03F69886FD27}" = rport=137 | protocol=17 | dir=out | app=system |
"{B7C0675B-22C7-4E24-B1D7-DE4DF894E195}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BA080478-E6B6-4252-92DF-FC562285EF8D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BECAE3BE-AC9A-4C8C-91D0-DFBB3E52E95F}" = rport=138 | protocol=17 | dir=out | app=system |
"{C52C9EB3-1D39-4A4F-8C75-4D245661CB8E}" = lport=139 | protocol=6 | dir=in | app=system |
"{CB99AA02-1EF9-4864-8BD8-DF813F99B375}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D56D0ED6-3DB6-4562-9FC9-77BC0D1233EC}" = rport=139 | protocol=6 | dir=out | app=system |
"{DB213E90-FB35-4821-9CC4-B85A711E7942}" = rport=445 | protocol=6 | dir=out | app=system |
"{DC4473AB-6FAA-4362-97AB-A6B111F188EA}" = lport=445 | protocol=6 | dir=in | app=system |
"{DCFA790E-7933-4342-8199-076E9B1FFC1C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E3E2106B-E265-454D-A92B-ADBDC287FE7B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EEC9C80D-6D07-42CC-B92B-34EAA34A94D6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F8B6B2F8-5B43-496B-817A-FAF8BFA9A7C9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FE2AE733-9825-48ED-849B-E12A98FD7D29}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D58BDA5-ADF4-4FA7-8992-CB67C7BD8145}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{0F5122E0-62D1-4937-A403-E97B7A57F2A8}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{14FF4383-9012-4DD9-8C59-33523EC167E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{23A053FA-34C4-4BB8-A603-E5BAEBEFB0E9}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{296DAFE4-92E7-4133-97EA-58ED8D3B0FBA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2ABCD3C3-DC5B-401B-B0B9-6E692DDAC572}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{3C2E1176-8DD4-4505-B54A-DDD1C4072C6D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{40CE1B46-3BDF-4134-B794-A559C2DE9AED}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{434EEFDF-58BC-4145-A50B-73ADFFA1F6CF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{446B236E-527E-4BCC-B11D-6E6514D2AB13}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4544F2DF-E0A2-4EE2-82CF-AB08200BC129}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{476775A2-D603-45CC-91A0-0EF7D5B55097}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{54549B62-DC7A-4892-B187-B4B9BB1EB426}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{547787B8-5522-4492-9349-FF6C8FE06C5F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5B0F3CE2-8E5E-4FC2-9496-B6C0DD5F92EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6D226714-9E77-4CF1-9B96-119879D7662B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6F3F88BF-F7D5-4E9A-AC1D-B7E36C8927C0}" = protocol=58 | dir=in | [email protected],-28545 |
"{7038B98D-DC12-48B3-BF81-A8AFD8F6FA73}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{72B709B1-700E-4A81-9CA8-1E8D462B90CC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{77FF02B8-4D09-4916-AED6-5B8AC2DE918F}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{7FF769BB-B77A-4B5B-818E-E255F85ED362}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{81205967-EFFB-4A1C-8225-54FDAB923255}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{92894B75-814E-48A3-9938-AA00562D1CF2}" = protocol=1 | dir=in | [email protected],-28543 |
"{9374F5B4-D423-4AFC-A69C-F89E4F0971EA}" = protocol=6 | dir=out | app=system |
"{9E3DE435-3BBE-4100-AC5C-E8B04429B79F}" = protocol=58 | dir=out | [email protected],-28546 |
"{A1CE1CD4-25A1-41F1-A4CE-E39BAEC185F9}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B46A9CAB-1A3A-4E30-A734-1538A374242B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B65E0320-0D4D-4B00-BAF1-B2DCB0E9A779}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C42E9B72-A4E4-42EA-9FCC-112ED889F85A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{DE812A3C-8F7B-430B-92A2-8D598E52FD6B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DEEEF6F5-51C7-4EBD-BC1A-EA39AAD13CCA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EBD27E27-A27A-4D38-8FE6-DB40AE38B055}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F2A6E747-A5CF-4E16-8AB0-D43F50F2D91A}" = protocol=1 | dir=out | [email protected],-28544 |
"{F66139F2-9A1A-4CA1-A451-BB3670A0F6AF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FA53D7D3-F4BD-4F71-87A3-0F467CDFE6E2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FFF18F5D-3D53-4D5C-83B7-E326B3236C42}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{16B34FC1-F5BD-4534-BC31-3581A983AF30}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{B09E58B8-BAEA-4C47-A609-3B4AD9364960}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0564C76B-8E1F-4157-8654-B0F9F308BEE9}" = HP Deskjet 3050 J610 series Basic Device Software
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"avast" = avast! Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0 (x86 en-GB)" = Mozilla Firefox 8.0 (x86 en-GB)
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 18/03/2010 12:03:36 PM | Computer Name = Neha-PC | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 20/11/2011 7:53:51 PM | Computer Name = Neha-PC | Source = Bonjour Service | ID = 100
Description = Local Hostname Neha-PC.local already in use; will try Neha-PC-2.local
instead

Error - 20/11/2011 7:54:52 PM | Computer Name = Neha-PC | Source = WinMgmt | ID = 10
Description =

Error - 20/11/2011 9:49:06 PM | Computer Name = Neha-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.100:5353 4 Neha-PC.local.
Addr 192.168.1.100

Error - 20/11/2011 9:49:06 PM | Computer Name = Neha-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Neha-PC.local.
Addr 192.168.1.102

Error - 20/11/2011 9:49:06 PM | Computer Name = Neha-PC | Source = Bonjour Service | ID = 100
Description = Local Hostname Neha-PC.local already in use; will try Neha-PC-2.local
instead

Error - 20/11/2011 9:50:21 PM | Computer Name = Neha-PC | Source = WinMgmt | ID = 10
Description =

Error - 20/11/2011 10:47:55 PM | Computer Name = Neha-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.100:5353 4 Neha-PC.local.
Addr 192.168.1.100

Error - 20/11/2011 10:47:55 PM | Computer Name = Neha-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Neha-PC.local.
Addr 192.168.1.102

Error - 20/11/2011 10:47:55 PM | Computer Name = Neha-PC | Source = Bonjour Service | ID = 100
Description = Local Hostname Neha-PC.local already in use; will try Neha-PC-2.local
instead

Error - 21/11/2011 12:15:16 AM | Computer Name = Neha-PC | Source = WinMgmt | ID = 10
Description =

[ Broadcom Wireless LAN Events ]
Error - 25/03/2010 3:52:42 PM | Computer Name = Neha-PC | Source = WLAN-Tray | ID = 0
Description = 15:52:41, Thu, Mar 25, 10 Error - Unable to gain access to user store


Error - 25/03/2010 3:58:25 PM | Computer Name = Neha-PC | Source = WLAN-Tray | ID = 0
Description = 15:58:25, Thu, Mar 25, 10 Error - Unable to gain access to user store


Error - 15/05/2010 1:43:27 PM | Computer Name = Neha-PC | Source = WLAN-Tray | ID = 0
Description = 13:43:26, Sat, May 15, 10 Error - Unable to gain access to user store


Error - 29/08/2010 12:51:07 PM | Computer Name = Neha-PC | Source = WLAN-Tray | ID = 0
Description = 12:51:06, Sun, Aug 29, 10 Error - Unable to gain access to user store


Error - 15/09/2010 8:57:25 PM | Computer Name = Neha-PC | Source = WLAN-Tray | ID = 0
Description = 20:57:24, Wed, Sep 15, 10 Error - Unable to gain access to user store


Error - 18/09/2010 1:38:55 PM | Computer Name = Neha-PC | Source = WLAN-Tray | ID = 0
Description = 13:38:55, Sat, Sep 18, 10 Error - Unable to gain access to user store


Error - 30/10/2010 6:48:35 PM | Computer Name = Neha-PC | Source = WLAN-Tray | ID = 0
Description = 18:48:35, Sat, Oct 30, 10 Error - Unable to gain access to user store


Error - 25/11/2010 1:42:45 PM | Computer Name = Neha-PC | Source = WLAN-Tray | ID = 0
Description = 12:42:44, Thu, Nov 25, 10 Error - Unable to gain access to user store


Error - 06/03/2011 7:39:28 PM | Computer Name = Neha-PC | Source = WLAN-Tray | ID = 0
Description = 18:39:28, Sun, Mar 06, 11 Error - Unable to gain access to user store


Error - 06/03/2011 8:34:20 PM | Computer Name = Neha-PC | Source = WLAN-Tray | ID = 0
Description = 19:34:19, Sun, Mar 06, 11 Error - Unable to gain access to user store


[ OSession Events ]
Error - 06/06/2011 10:24:00 PM | Computer Name = Neha-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 24/11/2011 9:15:59 PM | Computer Name = Neha-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 24/11/2011 9:15:59 PM | Computer Name = Neha-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 24/11/2011 9:16:03 PM | Computer Name = Neha-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 24/11/2011 9:16:03 PM | Computer Name = Neha-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 24/11/2011 9:42:15 PM | Computer Name = Neha-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 24/11/2011 9:43:51 PM | Computer Name = Neha-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 24/11/2011 9:44:17 PM | Computer Name = Neha-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 24/11/2011 9:49:12 PM | Computer Name = Neha-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 24/11/2011 9:52:42 PM | Computer Name = Neha-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 24/11/2011 9:58:23 PM | Computer Name = Neha-PC | Source = DCOM | ID = 10010
Description =


< End of report >

Avast Boot:
11/24/2011 21:36
Scan of all local drives

File C:\Users\Neha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1be2fe4c-429c0f4d|>rotor\Glocker.class is infected by Java:Agent-ZY [Expl], Moved to chest
File C:\Users\Neha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1be2fe4c-429c0f4d|>rotor\zalux$1.class is infected by Java:Agent-ZX [Expl], Moved to chest
File C:\Users\Neha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1be2fe4c-429c0f4d|>rotor\zalux$zordo.class is infected by Java:Agent-TB [Expl], Moved to chest
File C:\Users\Neha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1be2fe4c-429c0f4d|>rotor\zalux.class is infected by Java:Agent-WY [Expl], Moved to chest
File C:\Users\Neha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1be2fe4c-429c0f4d|>rotor\Zo666.class is infected by Java:Agent-ZZ [Expl], Moved to chest
File C:\Users\Neha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1be2fe4c-429c0f4d|>rotor\Zom.class is infected by Java:Agent-ZW [Expl], Moved to chest
File C:\Users\Neha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\126cbbd9-583c7f98|>folder\Glocker.class is infected by Java:Agent-OZ [Expl], Moved to chest
File C:\Users\Neha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\126cbbd9-583c7f98|>folder\Ump_45.class is infected by Java:Agent-OB [Expl], Moved to chest
Number of searched folders: 25220
Number of tested files: 614654
Number of infected files: 8

Edited by nehac, 24 November 2011 - 10:18 PM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Looking pretty good.

Copy the text in the code box by highlighting and Ctrl + c

:OTL
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
[2011/10/29 19:10:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\bd8ek5km.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
() (No name found) -- C:\USERS\NEHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BD8EK5KM.DEFAULT\EXTENSIONS\{6614D11D-D21D-B211-AE23-815234E1EBB5}.XPI
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
    
:Commands
[RESETHOSTS]
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP. Vista almost always says it can't fix something but it is usually just a .ini file so don't be alarmed.)



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#5
nehac

nehac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 25/11/2011 11:24:00 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/11/2011 4:02:20 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 25/11/2011 4:02:19 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 25/11/2011 4:02:19 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 25/11/2011 4:02:19 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 25/11/2011 4:02:19 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 25/11/2011 4:02:19 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 25/11/2011 4:02:19 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 25/11/2011 4:02:19 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/11/2011 4:00:06 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 25/11/2011 4:00:06 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv.dll


Vino's Event Viewer v01c run on Windows Vista in English
Report run at 25/11/2011 11:25:35 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 25/11/2011 4:02:19 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 25/11/2011 4:00:04 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 0 user registry handles leaked from \Registry\User\S-1-5-21-3050332229-2584247302-3963020623-1000:
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP

Log: 'System' Date/Time: 25/11/2011 4:02:20 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.


Is this a Dell? There is a newer driver out for your wireless that fixes this problem.

Go to the dell support site and put in your PC details and then look for the latest wireless driver.

If you don't find anything then you can just turn off the BCM42RLY service as it doesn't seem to really do anything important.

Right click on (My) Computer and select Manage then Continue then Services and Applications then Services. Find the BCM42RLY service in the right pane and right click and select Properties then change the Startup Type: to Disabled. Apply and reboot.

How is the PC running now?

Ron
  • 0

#7
nehac

nehac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Will go and check for the update. Thank you for pointing this out
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
I'll give you the cleanup routine now but if you need help on the driver tell me the make and model of your PC and I'll see what I can do.


We need to cleanup System Restore:

Copy the following:

:Commands
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#9
nehac

nehac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Thank you, I am having trouble finding the driver... Downloaded one with the service tag of my computer but it doesnt seem to work.

I am using a Dell Inspiron 1525 windows vista
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Is this the one you tried?

Dell_multi-device_A17_R174291.exe
  • 0

Advertisements


#11
nehac

nehac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Yes, when I try to install I get the following message:

Setup Error
The operating System is not supported.
The software will not be installed.

Setup will now exit.
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
I downloaded a version of the driver and extracted out the file we need. Let's see if that works.

Download the attached zip file.

Right click on it and extract all and it should create a folder called bcm42rly. Inside the folder is a file bcm42rly.sys. Copy the file and then go to C:\windows\system32\drivers and paste the file into the folder. Clear your events as before:

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.
Right-click VEW.exe and Run As Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply. Let's see if it liked it.
  • 0

#13
nehac

nehac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Thank you, pasted it there as you said. Here is the log:

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 26/11/2011 9:15:00 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/11/2011 2:12:53 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 27/11/2011 2:12:43 AM
Type: Error Category: 0
Event: 4321 Source: netbt
The name "NEHA-PC :20" could not be registered on the interface with IP address 192.168.1.102. The computer with the IP address 192.168.1.100 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 27/11/2011 2:12:43 AM
Type: Error Category: 0
Event: 2505 Source: Server
The server could not bind to the transport \Device\NetBT_Tcpip_{2E08DF09-B3A1-420F-878E-C4AE240E1D34} because another computer on the network has the same name. The server could not start.

Log: 'System' Date/Time: 27/11/2011 2:12:40 AM
Type: Error Category: 0
Event: 4321 Source: netbt
The name "NEHA-PC :0" could not be registered on the interface with IP address 192.168.1.102. The computer with the IP address 192.168.1.100 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 27/11/2011 2:12:40 AM
Type: Error Category: 0
Event: 4321 Source: netbt
The name "NEHA-PC :0" could not be registered on the interface with IP address 192.168.1.102. The computer with the IP address 192.168.1.100 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 27/11/2011 2:12:37 AM
Type: Error Category: 0
Event: 4321 Source: netbt
The name "NEHA-PC :20" could not be registered on the interface with IP address 192.168.1.102. The computer with the IP address 192.168.1.100 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 27/11/2011 2:12:37 AM
Type: Error Category: 0
Event: 2505 Source: Server
The server could not bind to the transport \Device\NetBT_Tcpip_{2E08DF09-B3A1-420F-878E-C4AE240E1D34} because another computer on the network has the same name. The server could not start.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/11/2011 2:12:40 AM
Type: Warning Category: 0
Event: 3033 Source: mrxsmb
The redirector was unable to register the address for transport NetBT_Tcpip_{2E08DF09-B3A1-420F-878E for the following reason: You were not connected because a duplicate name exists on the network. If joining a domain, go to System in Control Panel to change the computer name and try again. If joining a workgroup, choose another workgroup name.. Transport has been taken offline.

Log: 'System' Date/Time: 27/11/2011 2:11:22 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 27/11/2011 2:11:22 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv.dll

----
Seems like a lot of the errors have to do with the name of my laptop and the desktop are the same (causing errors when I connect through the wireless connections?)

Edited by nehac, 26 November 2011 - 08:23 PM.

  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Yes. The main thing is we no longer have the error. The other errors can be ignored tho you really ought to change the name on one of the PCs. I think we can cleanup now.

We need to cleanup System Restore:

Copy the following:

:Commands
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#15
nehac

nehac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Great, thank you :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP