Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Text Disappears in different windows, dialouge boxes and search box si

Started by elesh , Feb 25 2012 01:57 PM

  • This topic is locked This topic is locked

#1
elesh
Posted 25 February 2012 - 01:57 PM

elesh

    Member

  • Member
  • PipPip
  • 13 posts
example1.jpg

example2.jpg

example3.jpg

example4.jpg



Hi Team, above you can see that i am facing a weird error with my windows. The text goes missing / disappears on multiple occasions / places such as dialogue boxes, folder options and the search box in browser (firefox and internet explorer) become thin and you can not see what you are typing in that search box.
The problem starts after few minutes of windows startup OR once I start using different applications.The problem did not exist until over a month ago therefore i assume some kind of software may have caused this but I have been unable to identify. I have done registry cleaning and have not found any malware yet.
I have uninstalled and reinstalled display drivers and that did not help either. I have put the OLT log for you below to refer.




Please HELP !!




Here is the report for the OLT scan



OLT.txt

OTL logfile created on: 2/21/2012 1:00:39 PM - Run 1
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Users\elesh\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

1011.95 Mb Total Physical Memory | 69.97 Mb Available Physical Memory | 6.91% Memory free
1.99 Gb Paging File | 0.91 Gb Available in Paging File | 45.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 44.04 Gb Total Space | 15.98 Gb Free Space | 36.29% Space Free | Partition Type: NTFS
Drive D: | 61.90 Gb Total Space | 7.98 Gb Free Space | 12.89% Space Free | Partition Type: NTFS

Computer Name: ELESH-LAPTOP | User Name: elesh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/21 12:54:17 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\elesh\Desktop\OTL.exe
PRC - [2012/02/19 23:46:04 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/01/19 17:17:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/29 04:38:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 17:47:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/19 23:46:03 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/18 20:37:32 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/29 04:39:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 04:38:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/15 07:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/19 17:17:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/12/22 06:06:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/12/22 02:37:44 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/05/29 01:54:28 | 000,135,168 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffWeb)
SRV - [2011/05/29 01:54:28 | 000,135,168 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffScheduler)
SRV - [2011/01/26 11:36:49 | 000,309,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV - [2010/11/20 17:49:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 17:49:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 17:48:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/07/14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 06:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/11/23 15:14:50 | 002,227,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:28 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/09/01 23:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/08/02 17:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/07/22 11:28:26 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2011/07/11 01:14:14 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:12 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:14:12 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/11/20 18:00:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 18:00:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 18:00:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 15:54:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 15:51:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 15:29:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 14:44:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 14:44:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-IN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6A 9C D0 BC 9D C0 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..keyword.URL: "http://in.search.yah...type=937811&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\elesh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\elesh\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\elesh\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\elesh\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/18 01:49:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/19 23:46:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/12/22 02:14:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\elesh\AppData\Roaming\Mozilla\Extensions
[2012/01/03 20:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\elesh\AppData\Roaming\Mozilla\Firefox\Profiles\u6pq6uug.default\extensions
[2011/12/24 00:40:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/18 01:49:16 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/02/19 23:46:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/17 07:08:42 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/12/17 06:55:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/17 07:08:42 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/12/17 07:08:42 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/12/17 07:08:42 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/11 03:09:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKCU..\Run: [DriverMax_RESTART] C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B97964C-FCF7-4D5F-A734-D877C0CEED27}: DhcpNameServer = 202.56.230.5 202.56.230.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87BB6E09-22D3-43F3-BCB4-5E3D9103ABC3}: NameServer = 208.67.222.222,208.67.220.220
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/21 12:53:55 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Users\elesh\Desktop\OTL.exe
[2012/02/21 12:28:18 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{261E7A73-D306-4414-9E19-D296BCD768C9}
[2012/02/21 12:28:02 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{32EA7B36-1B66-46B0-9E31-1962A0EA106C}
[2012/02/21 01:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2012/02/21 00:27:29 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{1AF92FCF-5E3F-474A-A764-D30D8EB4F117}
[2012/02/21 00:27:13 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{FB17E052-91CC-410E-9372-00B42DD2B81E}
[2012/02/20 19:04:44 | 000,000,000 | ---D | C] -- C:\Users\elesh\Desktop\New folder
[2012/02/20 12:26:39 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{DA68E1DB-E40F-427A-AB00-834C3DB0CD80}
[2012/02/20 12:26:20 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{50EE2486-4D18-48C5-A31B-BB954400D6DD}
[2012/02/20 03:33:21 | 000,000,000 | ---D | C] -- C:\Users\elesh\Documents\Corel VideoStudio Pro
[2012/02/20 03:07:18 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Roaming\Ulead Systems
[2012/02/20 03:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2012/02/20 03:02:56 | 000,000,000 | ---D | C] -- C:\Program Files\SmartSound Software
[2012/02/20 03:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc
[2012/02/20 03:01:35 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2012/02/20 03:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
[2012/02/20 03:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\InterVideo
[2012/02/20 03:00:51 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/02/20 03:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/02/20 02:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel VideoStudio Pro X4
[2012/02/20 02:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2012/02/20 02:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ulead Systems
[2012/02/20 02:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2012/02/20 00:18:32 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Roaming\gtk-2.0
[2012/02/20 00:15:05 | 000,000,000 | ---D | C] -- C:\Users\elesh\Documents\LongoMatch
[2012/02/19 20:30:45 | 000,000,000 | ---D | C] -- C:\Users\elesh\Desktop\temp
[2012/02/19 18:06:48 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{3C95AA99-9764-4DCE-8DE7-6FDAEE7E0F42}
[2012/02/19 18:06:29 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{4DEE394C-95DD-41E3-A686-AEA30090541F}
[2012/02/18 20:29:01 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/02/18 20:29:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2012/02/18 20:28:08 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2012/02/18 20:28:07 | 001,725,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
[2012/02/18 20:28:06 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2012/02/18 20:28:05 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2012/02/18 20:28:05 | 000,214,368 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFNHK.dll
[2012/02/18 20:28:05 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2012/02/18 20:28:05 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2012/02/18 20:28:04 | 000,074,080 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFCOM.dll
[2012/02/18 20:28:04 | 000,068,960 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFAPO.dll
[2012/02/18 20:27:57 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2012/02/18 20:27:57 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2012/02/18 20:27:57 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2012/02/18 20:27:57 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2012/02/18 20:27:56 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2012/02/18 20:27:56 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2012/02/18 20:27:55 | 003,296,600 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll
[2012/02/18 20:27:55 | 000,103,256 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll
[2012/02/18 20:27:55 | 000,061,272 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll
[2012/02/18 20:27:54 | 003,327,320 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll
[2012/02/18 20:27:54 | 000,587,096 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek2.dll
[2012/02/18 20:27:54 | 000,345,944 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll
[2012/02/18 20:27:54 | 000,252,760 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll
[2012/02/18 20:27:54 | 000,088,408 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll
[2012/02/18 20:27:53 | 001,836,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2012/02/18 20:27:53 | 000,259,928 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll
[2012/02/18 20:27:53 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2012/02/18 20:27:52 | 000,357,712 | ---- | C] (Knowles Acoustics ) -- C:\Windows\System32\KAAPORT.dll
[2012/02/18 20:27:52 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2012/02/18 20:27:51 | 001,740,352 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2012/02/18 20:27:51 | 000,601,704 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
[2012/02/18 20:27:51 | 000,327,168 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PREC32.dll
[2012/02/18 20:27:50 | 001,509,480 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
[2012/02/18 20:27:50 | 000,631,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
[2012/02/18 20:27:50 | 000,413,696 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PLFX32.dll
[2012/02/18 20:27:50 | 000,390,656 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PGFX32.dll
[2012/02/18 20:27:49 | 001,292,904 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
[2012/02/18 20:27:49 | 000,458,344 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
[2012/02/18 20:27:49 | 000,375,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
[2012/02/18 20:27:49 | 000,218,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[2012/02/18 20:27:48 | 001,220,200 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
[2012/02/18 20:27:48 | 000,389,736 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
[2012/02/18 20:27:48 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
[2012/02/18 20:27:48 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[2012/02/18 20:27:47 | 000,654,952 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
[2012/02/18 20:01:38 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{BDABA617-0191-4525-BFE4-22CD1D4C51B4}
[2012/02/18 20:01:20 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{5B6C6367-9446-4EEE-83C1-C2616DDD13F0}
[2012/02/18 02:00:06 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\DDMSettings
[2012/02/18 01:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012/02/18 01:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2012/02/18 01:46:00 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012/02/18 01:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012/02/17 19:20:30 | 002,227,712 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2012/02/17 17:33:31 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{91E04D61-B567-4453-B686-69725AD6E897}
[2012/02/17 02:48:06 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{A04CBD0F-4CB6-4CAE-B699-E19FF17AA9C8}
[2012/02/17 02:47:47 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{09613524-DBDC-4116-BD28-CBD0DEDC9420}
[2012/02/16 14:47:13 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{52C2082B-045D-4414-9F49-CAF7AF65A074}
[2012/02/16 14:46:53 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{7D68EFA0-B56B-4BE0-B303-19CA6C90E11E}
[2012/02/16 01:43:31 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{EF06A90B-E584-4EE5-A2B3-C3479DA3E43D}
[2012/02/16 01:43:12 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{AC584E8D-8264-4675-ADBF-9ACE8DAAF2DC}
[2012/02/15 22:47:12 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2012/02/15 22:47:07 | 000,000,000 | ---D | C] -- C:\Windows\ehome
[2012/02/15 22:47:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\BestPractices
[2012/02/15 22:47:02 | 000,000,000 | ---D | C] -- C:\inetpub
[2012/02/15 13:42:37 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{E15A5560-A9E3-4E4D-A79E-300D31760AC9}
[2012/02/15 01:42:01 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{8C6CD51C-D5C3-4C02-B835-FA9886AE2BAB}
[2012/02/14 13:41:24 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{0C7BC8BD-2588-4307-A06D-57CBE8801543}
[2012/02/14 01:40:49 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{599B9250-918A-44BB-8A37-CB04DC2910D8}
[2012/02/13 13:40:15 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{5F4CD29A-EAF9-4EFD-99A8-425643D08E0D}
[2012/02/13 01:39:58 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{1A404366-C94E-4BCD-A959-E849DE47FAC7}
[2012/02/12 14:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2012/02/12 13:39:26 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{E7F48930-0660-4087-B661-AF3A1F21F86E}
[2012/02/12 13:39:11 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{43FDD122-8382-416A-B694-A9E9299339F8}
[2012/02/12 00:34:57 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{02D9A417-919A-4DDF-982D-8D471B034CC0}
[2012/02/12 00:34:39 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{47435B99-5F6D-4171-BCB5-86F843AECF03}
[2012/02/11 17:11:45 | 000,544,768 | ---- | C] (Stardock Corporation) -- C:\Windows\System32\wbocx.ocx
[2012/02/11 17:11:45 | 000,056,496 | ---- | C] (Stardock.Net, Inc) -- C:\Windows\System32\wbhelp2.dll
[2012/02/11 17:11:45 | 000,033,968 | ---- | C] (Neil Banfield) -- C:\Windows\System32\anim.dll
[2012/02/11 17:11:44 | 000,000,000 | ---D | C] -- C:\Program Files\WinUtilities
[2012/02/11 12:34:01 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{216BFFCB-B0AF-4BB0-AFC3-B8632CE74938}
[2012/02/10 13:35:04 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{C95D1436-BA58-4668-87A7-D99E2B87B733}
[2012/02/10 13:34:46 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{D8A670D1-859D-4A10-ADE5-110A02E590FC}
[2012/02/10 00:25:50 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{CC33C549-0A01-469B-9F1B-DA76654EE6E4}
[2012/02/10 00:25:26 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{74C6FA94-27CC-4508-AACC-314291224146}
[2012/02/09 12:24:49 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{E92C02E9-9AB6-4A4E-B3D5-B95040592B3F}
[2012/02/09 12:24:25 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{706A7986-7320-47D5-9D39-176AA27F2169}
[2012/02/08 16:27:56 | 000,000,000 | ---D | C] -- C:\Users\elesh\Desktop\artwork
[2012/02/08 14:06:00 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{CE548049-51EC-4637-B178-59B1DBEB963C}
[2012/02/08 14:05:43 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{7C902403-5CBC-47D1-A35F-4D233CB19AEB}
[2012/02/08 02:53:23 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\Macroplant
[2012/02/08 02:52:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iExplorer
[2012/02/08 02:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\iExplorer
[2012/02/08 02:05:11 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{53B1B59B-198B-4C11-8FD9-943E09334DDC}
[2012/02/08 02:04:55 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{358DF211-8ADC-494B-B26B-1A98E7A70350}
[2012/02/07 21:51:26 | 000,000,000 | ---D | C] -- C:\Users\elesh\Desktop\From Siddhant
[2012/02/07 14:04:21 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{8155DA50-16E9-4455-A889-2698825418E9}
[2012/02/07 14:04:02 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{FFD4EF27-8881-4AC6-8735-094240939BA4}
[2012/02/07 02:03:29 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{FD81B859-FE25-4F57-B4D1-8B760E5B04A0}
[2012/02/07 02:03:14 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{50C704FB-DD66-47C5-BE4F-ECAF2797127F}
[2012/02/06 14:02:41 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{C876DB5E-37B9-480C-9FDF-9402236B7AC9}
[2012/02/06 14:02:27 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{2875908C-59BD-4A16-97BB-6ED39D397D52}
[2012/02/05 23:28:34 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{5491A172-9AEE-40B5-A8EC-3C3AEBA7A6B3}
[2012/02/05 23:28:19 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{E538EBA8-B243-42A1-91F5-3BAD1CDCF8F2}
[2012/02/05 19:28:39 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\Apps
[2012/02/05 11:27:47 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{9C424F6B-D1FB-4666-BC8C-B4CD6EB505B6}
[2012/02/05 11:27:30 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{FC32C718-AB4B-4528-8F05-1845C75FE880}
[2012/02/04 14:16:11 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{6DA03D3E-88B3-4015-B9E7-0242B1D39116}
[2012/02/04 14:15:57 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{C8C625E2-9D34-499C-ABA0-16D099024129}
[2012/02/04 02:15:25 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{91F2F734-25DB-43A9-9C08-7439998FB94E}
[2012/02/04 02:15:03 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{E4F1A647-B0B8-4F2F-B45F-5FA6A4A345CE}
[2012/02/03 12:54:05 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{A3F23DDC-FE77-4874-9783-53AC871F2EA5}
[2012/02/03 12:53:44 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{DF87A665-2561-4F75-ACA2-2882D736A2CD}
[2012/02/02 23:22:35 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{1214EB5D-1802-4430-8429-2DA1BE1A6B98}
[2012/02/02 23:22:17 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{06F03102-DA1D-4E50-A65B-3C0B0DE58996}
[2012/02/02 15:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/02/02 15:05:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/02/02 14:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/02/02 14:55:30 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/02/02 13:25:05 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Roaming\Windows Live Writer
[2012/02/02 13:25:05 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\Windows Live Writer
[2012/02/02 12:23:51 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\Innovative Solutions
[2012/02/02 12:23:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
[2012/02/02 12:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2012/02/02 11:21:43 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{39DF1084-1D8B-4700-9443-823F39858073}
[2012/02/02 11:21:26 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{A0A02EC6-6BB4-4200-8B84-DDFD204E6C00}
[2012/02/01 23:15:08 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{25F6C153-35CF-4A0A-BD6B-EEF49FFBB453}
[2012/02/01 23:14:51 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{50CA6C30-6377-4A91-945C-AE5D3E104D06}
[2012/02/01 21:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/02/01 18:17:41 | 000,000,000 | ---D | C] -- C:\Users\elesh\Desktop\siddhant
[2012/02/01 11:14:07 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{CAA6E780-8764-47ED-9B23-8474CF784A57}
[2012/02/01 11:13:47 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{36C3DD63-5712-4EBE-919A-2C3C3BA4B8F4}
[2012/02/01 11:13:46 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{21D446CE-0F1B-4AC2-86B0-81AD51890BEE}
[2012/01/31 16:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitstream
[2012/01/31 13:19:33 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{553DF2BC-137B-463E-AA11-1136C2F805BD}
[2012/01/31 13:19:17 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{00CFAC2F-9526-40E2-90C7-76C7A25DCA42}
[2012/01/31 01:18:45 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{78F52792-6B35-4311-B1E0-8A7744518276}
[2012/01/31 01:18:28 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{AFBB02F8-EF0D-4129-8F01-40FDF2F844E1}
[2012/01/30 13:17:56 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{5A9F6679-39F3-4CEA-813F-912F384C8E75}
[2012/01/30 13:17:38 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{D49E9D20-E426-4899-8E09-F7657FB3DE45}
[2012/01/29 21:42:04 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{8E678342-6EDC-4322-ACCF-8CD0842F7BA1}
[2012/01/29 21:41:48 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{E0B0625E-0AB7-4EDA-9F6D-301B781E1838}
[2012/01/29 21:04:48 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/01/29 20:58:30 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/01/28 21:05:49 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Roaming\PeerNetworking
[2012/01/28 21:02:24 | 000,000,000 | ---D | C] -- C:\Users\elesh\Documents\Remote Assistance Logs
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/21 12:57:04 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1746826367-1287877529-936054660-1000UA.job
[2012/02/21 12:54:17 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\elesh\Desktop\OTL.exe
[2012/02/21 12:27:39 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/21 12:27:39 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/21 12:20:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/21 12:20:03 | 795,832,320 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/21 12:11:23 | 089,620,850 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/02/21 00:41:05 | 000,049,152 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2012/02/20 12:25:09 | 002,907,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/20 03:26:43 | 000,002,004 | -H-- | M] () -- C:\Users\elesh\Documents\Default.rdp
[2012/02/20 02:57:32 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\Corel VideoStudio Pro X4.lnk
[2012/02/20 01:46:03 | 000,692,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/20 01:46:03 | 000,133,004 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/20 00:23:43 | 000,000,218 | ---- | M] () -- C:\Users\elesh\.recently-used.xbel
[2012/02/19 21:22:16 | 003,967,730 | ---- | M] () -- C:\Users\elesh\Desktop\7_Stereo_love.mp3
[2012/02/19 20:23:43 | 004,139,378 | ---- | M] () -- C:\Users\elesh\Desktop\Stereo Love.mp3
[2012/02/19 20:18:11 | 001,919,104 | ---- | M] () -- C:\Users\elesh\Desktop\mujhe pyar hai tumse.mp3
[2012/02/19 20:04:08 | 000,000,046 | ---- | M] () -- C:\Windows\System32\_WKERNEL.FRE
[2012/02/18 20:12:14 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1746826367-1287877529-936054660-1000Core.job
[2012/02/15 22:55:21 | 000,001,418 | ---- | M] () -- C:\Users\elesh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/15 19:40:16 | 000,007,636 | ---- | M] () -- C:\Users\elesh\AppData\Local\resmon.resmoncfg
[2012/02/14 02:43:05 | 000,057,394 | ---- | M] () -- C:\Users\elesh\Desktop\chillout logo.cdr
[2012/02/13 18:10:41 | 000,290,223 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/02/12 02:47:36 | 000,027,884 | ---- | M] () -- C:\Users\elesh\Desktop\e3 444.jpg
[2012/02/12 02:04:04 | 001,623,177 | ---- | M] () -- C:\Users\elesh\Desktop\elesh jaipur.psd
[2012/02/12 00:18:56 | 000,078,523 | ---- | M] () -- C:\Users\elesh\Desktop\elesh jaipur 1777.jpg
[2012/02/11 23:18:17 | 000,126,285 | ---- | M] () -- C:\Users\elesh\Desktop\Untitled-2.jpg
[2012/02/11 23:04:30 | 000,101,926 | ---- | M] () -- C:\Users\elesh\Desktop\photofacefun_com_XApIowNPz_1328981610.jpg
[2012/02/11 23:02:26 | 000,953,058 | ---- | M] () -- C:\Users\elesh\Desktop\1234.jpg
[2012/02/11 20:05:05 | 000,045,321 | ---- | M] () -- C:\Users\elesh\Desktop\el.jpg
[2012/02/11 19:59:57 | 001,309,731 | ---- | M] () -- C:\Users\elesh\Desktop\IMG_1337.JPG
[2012/02/11 17:11:57 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\WinUtilities.lnk
[2012/02/02 15:07:23 | 000,001,764 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/02 12:23:50 | 000,001,107 | ---- | M] () -- C:\Users\elesh\Desktop\DriverMax.lnk
[2012/01/31 20:14:46 | 000,000,237 | ---- | M] () -- C:\Windows\fnerr.dat
[2012/01/28 23:39:25 | 000,044,228 | ---- | M] () -- C:\Users\elesh\AppData\Local\RAContactHistory.xml
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/20 03:23:24 | 000,002,004 | -H-- | C] () -- C:\Users\elesh\Documents\Default.rdp
[2012/02/20 02:57:32 | 000,001,019 | ---- | C] () -- C:\Users\Public\Desktop\Corel VideoStudio Pro X4.lnk
[2012/02/20 00:23:43 | 000,000,218 | ---- | C] () -- C:\Users\elesh\.recently-used.xbel
[2012/02/19 20:26:58 | 003,967,730 | ---- | C] () -- C:\Users\elesh\Desktop\7_Stereo_love.mp3
[2012/02/19 20:22:48 | 004,139,378 | ---- | C] () -- C:\Users\elesh\Desktop\Stereo Love.mp3
[2012/02/19 20:17:46 | 001,919,104 | ---- | C] () -- C:\Users\elesh\Desktop\mujhe pyar hai tumse.mp3
[2012/02/18 20:27:56 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/02/15 22:55:21 | 000,001,424 | ---- | C] () -- C:\Users\elesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/02/15 22:55:21 | 000,001,418 | ---- | C] () -- C:\Users\elesh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/15 22:51:25 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/02/15 22:51:21 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/02/15 18:58:33 | 000,007,636 | ---- | C] () -- C:\Users\elesh\AppData\Local\resmon.resmoncfg
[2012/02/14 02:43:01 | 000,057,394 | ---- | C] () -- C:\Users\elesh\Desktop\chillout logo.cdr
[2012/02/12 00:18:50 | 000,078,523 | ---- | C] () -- C:\Users\elesh\Desktop\elesh jaipur 1777.jpg
[2012/02/11 23:39:11 | 000,027,884 | ---- | C] () -- C:\Users\elesh\Desktop\e3 444.jpg
[2012/02/11 23:18:17 | 000,126,285 | ---- | C] () -- C:\Users\elesh\Desktop\Untitled-2.jpg
[2012/02/11 23:04:28 | 000,101,926 | ---- | C] () -- C:\Users\elesh\Desktop\photofacefun_com_XApIowNPz_1328981610.jpg
[2012/02/11 23:02:19 | 000,953,058 | ---- | C] () -- C:\Users\elesh\Desktop\1234.jpg
[2012/02/11 23:00:26 | 005,778,037 | ---- | C] () -- C:\Users\elesh\Desktop\DSC_1754.JPG
[2012/02/11 20:05:02 | 000,045,321 | ---- | C] () -- C:\Users\elesh\Desktop\el.jpg
[2012/02/11 17:12:18 | 000,000,046 | ---- | C] () -- C:\Windows\System32\_WKERNEL.FRE
[2012/02/11 17:11:57 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\WinUtilities.lnk
[2012/02/11 17:11:44 | 000,000,439 | ---- | C] () -- C:\Windows\System32\shfolder.inf
[2012/02/11 14:35:49 | 001,623,177 | ---- | C] () -- C:\Users\elesh\Desktop\elesh jaipur.psd
[2012/02/11 13:23:12 | 001,309,731 | ---- | C] () -- C:\Users\elesh\Desktop\IMG_1337.JPG
[2012/02/02 15:07:23 | 000,001,764 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/02 12:23:50 | 000,001,107 | ---- | C] () -- C:\Users\elesh\Desktop\DriverMax.lnk
[2012/01/31 16:35:42 | 000,000,237 | ---- | C] () -- C:\Windows\fnerr.dat
[2012/01/29 20:49:56 | 000,001,262 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/01/29 20:39:45 | 000,001,331 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/01/29 20:26:14 | 000,001,415 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/01/28 21:06:56 | 000,044,228 | ---- | C] () -- C:\Users\elesh\AppData\Local\RAContactHistory.xml
[2012/01/19 18:04:40 | 000,000,600 | ---- | C] () -- C:\Users\elesh\AppData\Roaming\winscp.rnd
[2011/12/23 02:17:27 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/12/23 02:14:43 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== LOP Check ==========

[2011/12/23 02:03:45 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\Airytec
[2011/12/22 01:43:47 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\AVG2012
[2012/01/19 22:50:46 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\Azureus
[2012/01/19 17:22:05 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\FileZilla
[2012/02/20 00:18:32 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\gtk-2.0
[2011/12/24 03:29:20 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\IrfanView
[2011/12/26 09:08:06 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\OpenOffice.org
[2012/01/28 21:05:49 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\PeerNetworking
[2012/01/18 16:41:14 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\TeamViewer
[2012/02/20 03:33:50 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\Ulead Systems
[2012/02/20 02:41:38 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\uTorrent
[2012/02/02 13:25:05 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\Windows Live Writer
[2012/02/03 12:52:53 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


OLT extra.txt
OTL Extras logfile created on: 2/21/2012 1:00:39 PM - Run 1
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Users\elesh\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

1011.95 Mb Total Physical Memory | 69.97 Mb Available Physical Memory | 6.91% Memory free
1.99 Gb Paging File | 0.91 Gb Available in Paging File | 45.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 44.04 Gb Total Space | 15.98 Gb Free Space | 36.29% Space Free | Partition Type: NTFS
Drive D: | 61.90 Gb Total Space | 7.98 Gb Free Space | 12.89% Space Free | Partition Type: NTFS

Computer Name: ELESH-LAPTOP | User Name: elesh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{AA902C31-B49D-4608-BCCF-2519EB77722D}" = Corel VideoStudio Pro X4
"_{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications ® Core
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 30
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3990E632-42C3-4A25-ADFF-1101E3D6DD47}" = VSClassic
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6DE2A9A5-4211-46A9-81D9-2CE788676459}" = AVG 2012
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 2.2.1.3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A567895C-1D23-48ED-BE83-FB3ED7D30442}" = IPM_VS_Pro
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AA902C31-B49D-4608-BCCF-2519EB77722D}" = ICA
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0125BEB-6731-43FA-88DA-B64D7BD3AD2D}" = VSPro
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B84ECBE1-6ED5-4E86-B4AB-DF46D342411F}" = Share
"{B87FAC24-973D-4A4F-AFC4-555FB95B32DB}" = PureHD
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}" = Corel Graphics - Windows Shell Extension
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4778408-3268-45CE-AE15-772D1739A1F1}" = VIO
"{C6017EEA-9E51-4129-84BA-EFA9520E69D8}" = Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CC4C7E9B-4B26-4D8D-8076-40CF708A9FA4}" = Contents
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D07F85DE-22F1-4FB4-B3D1-402FD22C4870}" = DeviceIO
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications ® Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D68897FC-7E8D-4849-819A-726B2489713C}" = ISCOM
"{D8D9BCF5-0F5F-4D3F-8427-64B7632F93BE}" = Setup
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FC274982-5AAD-4C20-848D-4424A5043010}_is1" = WinUtilities 10.41 Free Edition
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"7-Zip" = 7-Zip 9.22beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Airytec Switch Off" = Airytec Switch Off
"AVG" = AVG 2012
"DivX Setup" = DivX Setup
"DMX5_is1" = DriverMax 6
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"IrfanView" = IrfanView (remove only)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mihov Image Resizer" = Mihov Image Resizer 1.2 (remove only)
"Mozilla Firefox 10.0.2 (x86 en-GB)" = Mozilla Firefox 10.0.2 (x86 en-GB)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"TeamViewer 7" = TeamViewer 7
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

Advertisements

#2
Crag_Hack
Posted 26 February 2012 - 02:55 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hello and welcome to the Geeks to Go Virus, Spyware & Malware Removal forum. My name is Josh and I will be helping you remove your infection. I am only human not superman - I can make errors but will do my best to help you as best I can so we can solve your problems.

Some of the following instructions to begin the malware removal process can be hard to follow - let me know if you have any questions. Please read all of my responses through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. Also please do not attempt any disinfection procedures without my instruction as things can go wrong that way.

One more thing - please refrain from using your computer until it is disinfected unless you absolutely have to (unless you are following my disinfection procedures) - when you are using it the current malware infection could propagate further infections - forcing us to do a second or even third round of disinfection after the first. If you do have to use it please disconnect it from the Internet - that way the current malware cannot propagate further infections.

I will get back to you soon with further instructions. Expect no more than 24 hours between your post and my response unless World War 3 breaks out and I will need at most 36 hours for initial analysis of your OTL log. Good luck!
  • 0

#3
Crag_Hack
Posted 27 February 2012 - 03:14 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hello Elesh. I finshed analyzing your OTL log. It looks clean. We will now pear into a folder to see if there is malware in it, verify that several files are indeed clean, and run a special program called aswMBR to scan for infections prevalent these days.

Step 1

  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Paste this into the 'Custom Scans/Fixes' section:

    C:\Windows\System32\BestPractices\*.* /s
C:\Windows\System32\_WKERNEL.FRE /md5
C:\Users\elesh\AppData\Roaming\winscp.rnd /md5
C:\Windows\System32\RDVGHelper.exe /md5
C:\Windows\System32\PrintBrmUi.exe /md5
  • Click the None button
  • Click the Run Scan button. The scan wont take long.
  • When the scan completes, it will open a notepad window - OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it in your topic

Step 2

  • Download aswMBR.exe ( 1870KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • It will ask you if you want to download the latest Avast! virus definitions, answer no

    Posted Image
  • Click the Scan button to start scan

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply

Things to see in your next post:
OTL scan log (OTL.txt)
aswMBR log
  • 0

#4
Elise
Posted 03 March 2012 - 01:22 AM

Elise

    Emsisoft Research

  • Expert
  • 3,389 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#5
Elise
Posted 03 March 2012 - 01:01 PM

Elise

    Emsisoft Research

  • Expert
  • 3,389 posts
Topic reopened as requested.

Please proceed with the steps in post #3 of this topic.
  • 0

#6
elesh
Posted 04 March 2012 - 12:20 AM

elesh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hello Crag

Please find the details of the 2 logs requeted

OLT



OTL logfile created on: 3/4/2012 12:08:16 AM - Run 2
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Users\elesh\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

1011.95 Mb Total Physical Memory | 246.13 Mb Available Physical Memory | 24.32% Memory free
1.99 Gb Paging File | 0.76 Gb Available in Paging File | 38.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 44.04 Gb Total Space | 16.03 Gb Free Space | 36.41% Space Free | Partition Type: NTFS
Drive D: | 61.90 Gb Total Space | 5.13 Gb Free Space | 8.28% Space Free | Partition Type: NTFS

Computer Name: ELESH-LAPTOP | User Name: elesh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========


< C:\Windows\System32\BestPractices\*.* /s >
[2009/06/11 02:55:55 | 000,060,608 | ---- | M] () -- C:\Windows\System32\BestPractices\v1.0\Models\Microsoft\Windows\WebServer\WebServer_Model.ps1
[2010/11/20 17:40:51 | 000,010,786 | ---- | M] () -- C:\Windows\System32\BestPractices\v1.0\Models\Microsoft\Windows\WebServer\en-US\WebServer_model.psd1

< C:\Windows\System32\_WKERNEL.FRE /md5 >
[2012/03/01 00:19:44 | 000,000,046 | ---- | M] () MD5=2C4A36CB453433CC2D0750FA9924AD4D -- C:\Windows\System32\_WKERNEL.FRE

< C:\Users\elesh\AppData\Roaming\winscp.rnd /md5 >
[2012/01/19 19:03:24 | 000,000,600 | ---- | M] () MD5=081579E21C6DD0186799547F70CEFF21 -- C:\Users\elesh\AppData\Roaming\winscp.rnd

< C:\Windows\System32\RDVGHelper.exe /md5 >
[2010/11/20 17:47:31 | 000,080,896 | ---- | M] () MD5=A04C06A2142226D79DDA75920A496243 -- C:\Windows\System32\RDVGHelper.exe

< C:\Windows\System32\PrintBrmUi.exe /md5 >
[2010/11/20 17:47:29 | 000,066,048 | ---- | M] () MD5=EB6C16CE0163AD282E95FCE5EE9BA518 -- C:\Windows\System32\PrintBrmUi.exe

< End of report >

MBR

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-04 00:12:08
-----------------------------
00:12:08.748 OS Version: Windows 6.1.7601 Service Pack 1
00:12:08.749 Number of processors: 2 586 0x1C02
00:12:08.753 ComputerName: ELESH-LAPTOP UserName: elesh
00:12:26.759 Initialize success
00:12:59.876 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:12:59.885 Disk 0 Vendor: ST9120817AS 3.AAA Size: 114473MB BusType: 3
00:12:59.919 Disk 0 MBR read successfully
00:12:59.935 Disk 0 MBR scan
00:12:59.951 Disk 0 Windows 7 default MBR code
00:12:59.963 Disk 0 Partition 1 00 12 Compaq diag MSWIN4.1 5992 MB offset 63
00:12:59.995 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 45096 MB offset 12273660
00:13:00.005 Disk 0 Partition - 00 0F Extended LBA 63381 MB offset 104631345
00:13:00.037 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 63381 MB offset 104631408
00:13:00.064 Disk 0 scanning sectors +234436545
00:13:00.161 Disk 0 scanning C:\Windows\system32\drivers
00:13:15.894 Service scanning
00:13:43.559 Modules scanning
00:14:02.025 Disk 0 trace - called modules:
00:14:02.618 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
00:14:02.649 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84418a78]
00:14:02.665 3 CLASSPNP.SYS[8768559e] -> nt!IofCallDriver -> [0x84319918]
00:14:02.680 5 ACPI.sys[86e2f3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84344610]
00:14:02.712 Scan finished successfully
00:14:12.604 Disk 0 MBR has been saved successfully to "C:\Users\elesh\Desktop\MBR.dat"
00:14:12.635 The log file has been saved successfully to "C:\Users\elesh\Desktop\aswMBR.txt"
  • 0

#7
Crag_Hack
Posted 05 March 2012 - 02:45 AM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hello elesh, we will now run a very capable anti-malware utility called Combofix. This might clear out the bulk of a possible infection. Please do the following:

Download and Install Combofix - you can temporarily connect to the Internet for this procedure

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
Also please make sure to take note of anything ComboFix says during the course of its run especially if related to your infection and report to me in your next post.

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks - if the update succeeds combofix will restart - if not it will continue with the current copy

    Posted Image

    Posted Image

    Posted Image
  • Answer yes to install the Recovery Console if it asks and yes to scan for malware afterwards if prompted

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#8
elesh
Posted 06 March 2012 - 03:26 AM

elesh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
please find the log

ComboFix 12-03-04.02 - elesh 06-03-2012 14:07:07.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.91.1033.18.1012.302 [GMT 5.5:30]
Running from: c:\users\elesh\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\iexplorer
c:\program files\iexplorer\AxInterop.QTOControlLib.dll
c:\program files\iexplorer\ICSharpCode.SharpZipLib.dll
c:\program files\iexplorer\iExplorer.exe
c:\program files\iexplorer\Interop.QTOControlLib.dll
c:\program files\iexplorer\Interop.QTOLibrary.dll
c:\program files\iexplorer\isxdl.dll
c:\program files\iexplorer\MPCrashReporter.dll
c:\program files\iexplorer\MPUpdater.dll
c:\program files\iexplorer\msvcr71.dll
c:\program files\iexplorer\PodPhone2.dll
c:\program files\iexplorer\unins000.dat
c:\program files\iexplorer\unins000.exe
c:\program files\iexplorer\unins000.msg
.
.
((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))))
.
.
2012-03-06 08:55 . 2012-03-06 08:56 -------- d-----w- c:\users\elesh\AppData\Local\temp
2012-03-06 08:55 . 2012-03-06 08:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-01 07:28 . 2012-03-01 07:28 -------- d-----w- c:\program files\Common Files\Java
2012-02-28 17:34 . 2009-07-14 06:13 97280 ----a-r- C:\BOOTSECT.EXE
2012-02-27 17:38 . 2012-02-29 17:11 -------- d-----w- c:\program files\UltraISO
2012-02-20 19:30 . 2012-02-20 19:30 -------- d-----w- c:\program files\Windows Resource Kits
2012-02-20 16:55 . 2009-09-23 14:00 1002008 ----a-w- c:\windows\system32\igxpun.exe
2012-02-19 21:37 . 2012-02-19 22:03 -------- d-----w- c:\users\elesh\AppData\Roaming\Ulead Systems
2012-02-19 21:33 . 2012-02-19 21:33 -------- d-----w- c:\programdata\eSellerate
2012-02-19 21:32 . 2012-02-19 21:33 -------- d-----w- c:\program files\SmartSound Software
2012-02-19 21:32 . 2012-02-19 21:33 -------- d-----w- c:\programdata\SmartSound Software Inc
2012-02-19 21:31 . 2012-02-19 21:31 -------- d--h--w- c:\windows\msdownld.tmp
2012-02-19 21:30 . 2012-02-19 21:30 -------- d-----w- c:\programdata\InterVideo
2012-02-19 21:30 . 2012-02-29 17:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2012-02-19 21:30 . 2012-02-19 21:30 -------- d-----w- c:\program files\Common Files\InstallShield
2012-02-19 21:26 . 2012-02-19 21:26 -------- d-----w- c:\programdata\Ulead Systems
2012-02-19 21:20 . 2012-02-19 21:21 -------- d-----w- c:\program files\Common Files\Ulead Systems
2012-02-19 21:20 . 2012-02-19 21:20 -------- d-----w- c:\program files\Windows Media Components
2012-02-19 19:16 . 2012-02-19 19:16 -------- d-----w- c:\users\DefaultAppPool
2012-02-19 18:48 . 2012-02-19 18:48 -------- d-----w- c:\users\elesh\AppData\Roaming\gtk-2.0
2012-02-18 14:59 . 2012-02-18 14:59 -------- d-----w- c:\program files\Realtek
2012-02-18 14:59 . 2012-02-18 14:59 -------- d-----w- c:\windows\system32\RTCOM
2012-02-18 14:57 . 2010-11-08 02:01 78680 ----a-w- c:\windows\system32\RTEEL32A.dll
2012-02-17 20:30 . 2012-02-17 20:30 -------- d-----w- c:\users\elesh\AppData\Local\DDMSettings
2012-02-17 20:18 . 2012-02-17 20:19 -------- d-----w- c:\program files\Common Files\DivX Shared
2012-02-17 20:16 . 2012-02-17 20:19 -------- d-----w- c:\program files\DivX
2012-02-17 20:12 . 2012-02-17 20:19 -------- d-----w- c:\programdata\DivX
2012-02-17 13:50 . 2011-11-23 09:44 2227712 ----a-w- c:\windows\system32\drivers\athr.sys
2012-02-17 13:48 . 2011-12-21 12:05 80488 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-02-17 13:48 . 2011-11-23 17:32 491112 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2012-02-15 17:17 . 2012-02-15 17:17 -------- d-----w- c:\program files\Windows Sidebar
2012-02-15 17:17 . 2012-02-15 17:17 -------- d-----w- c:\windows\ehome
2012-02-15 17:17 . 2012-02-15 17:17 -------- d-----w- c:\windows\system32\BestPractices
2012-02-15 17:17 . 2012-02-15 17:17 -------- d-----w- C:\inetpub
2012-02-15 17:17 . 2012-02-15 17:17 -------- d-----r- c:\users\Public\Recorded TV
2012-02-15 17:17 . 2012-02-15 17:17 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs
2012-02-15 06:22 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 06:22 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 06:22 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 06:22 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 15:04 . 2011-11-23 17:32 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2012-02-12 08:54 . 2012-02-12 08:54 -------- d-----w- c:\programdata\Hewlett-Packard
2012-02-12 08:54 . 2009-07-14 01:15 280064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
2012-02-11 11:41 . 2010-07-25 16:53 56496 ----a-w- c:\windows\system32\wbhelp2.dll
2012-02-11 11:41 . 2010-07-25 16:53 544768 ----a-w- c:\windows\system32\wbocx.ocx
2012-02-11 11:41 . 2010-07-25 16:53 33968 ----a-w- c:\windows\system32\anim.dll
2012-02-11 11:41 . 2010-07-25 16:53 258352 ----a-w- c:\windows\system32\unicows.dll
2012-02-11 11:41 . 2010-07-25 16:53 1706800 ----a-w- c:\windows\system32\gdiplus.dll
2012-02-11 11:41 . 2010-07-25 16:53 4608 ----a-w- c:\windows\system32\W95INF32.DLL
2012-02-11 11:41 . 2010-07-25 16:53 2272 ----a-w- c:\windows\system32\W95INF16.DLL
2012-02-11 11:41 . 2012-02-29 18:09 -------- d-----w- c:\program files\WinUtilities
2012-02-07 21:23 . 2012-02-07 21:23 -------- d-----w- c:\users\elesh\AppData\Local\Macroplant
2012-02-05 13:58 . 2012-02-29 17:11 -------- d-----w- c:\users\elesh\AppData\Local\Apps
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 07:27 . 2011-12-22 00:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-18 15:07 . 2011-12-22 11:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-02 07:03 . 2012-02-02 07:03 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2012-01-03 15:55 . 2011-03-28 13:06 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-22 21:18 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-12-22 00:42 . 2011-12-22 00:42 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-22 00:42 . 2011-12-22 00:42 161792 ----a-w- c:\windows\system32\msls31.dll
2011-12-22 00:42 . 2011-12-22 00:42 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-22 00:42 . 2011-12-22 00:42 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-22 00:42 . 2011-12-22 00:42 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-22 00:42 . 2011-12-22 00:42 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-22 00:42 . 2011-12-22 00:42 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-12-22 00:42 . 2011-12-22 00:42 367104 ----a-w- c:\windows\system32\html.iec
2011-12-22 00:42 . 2011-12-22 00:42 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-12-22 00:42 . 2011-12-22 00:42 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-22 00:42 . 2011-12-22 00:42 152064 ----a-w- c:\windows\system32\wextract.exe
2011-12-22 00:42 . 2011-12-22 00:42 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-12-22 00:42 . 2011-12-22 00:42 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-12-22 00:42 . 2011-12-22 00:42 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-22 00:42 . 2011-12-22 00:42 11776 ----a-w- c:\windows\system32\mshta.exe
2011-12-22 00:42 . 2011-12-22 00:42 101888 ----a-w- c:\windows\system32\admparse.dll
2011-12-22 00:42 . 2011-12-22 00:42 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-02-19 18:16 . 2011-12-21 20:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2011-05-13 1449312]
"DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\drivermax.exe" [2012-01-26 8563624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-12-13 11487848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SwOffScheduler;Airytec Switch Off - Task Scheduler;c:\program files\Airytec\Switch Off\swoff.exe [2011-05-28 135168]
R2 SwOffWeb;Airytec Switch Off - Web Interface;c:\program files\Airytec\Switch Off\swoff.exe [2011-05-28 135168]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-07-22 145496]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-08-02 18432]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-22 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-10 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-10 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-10 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-11-23 491112]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
ftpsvc REG_MULTI_SZ ftpsvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746826367-1287877529-936054660-1000Core.job
- c:\users\elesh\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-03 16:16]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746826367-1287877529-936054660-1000UA.job
- c:\users\elesh\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-03 16:16]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: Interfaces\{87BB6E09-22D3-43F3-BCB4-5E3D9103ABC3}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{87BB6E09-22D3-43F3-BCB4-5E3D9103ABC3}\359444: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\elesh\AppData\Roaming\Mozilla\Firefox\Profiles\u6pq6uug.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://in.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1 - c:\program files\iExplorer\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-06 14:33:20
ComboFix-quarantined-files.txt 2012-03-06 09:03
.
Pre-Run: 17,990,250,496 bytes free
Post-Run: 18,051,796,992 bytes free
.
- - End Of File - - 657310E41BFBFCF93B85F11BA79FED92
  • 0

#9
Crag_Hack
Posted 08 March 2012 - 02:24 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hi elesh. Now that have run combofix is your computer running any better?
  • 0

#10
Crag_Hack
Posted 08 March 2012 - 10:52 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Sorry for the delay in replying to you. In the future I will most definitely not take so long but this time I had to consult a colleague about your issues. Ultimately if Combofix has not resolved your problems it is probably not a malware issue but I can still help you to resolve your problem if you wish.
  • 0

Advertisements

#11
Elise
Posted 13 March 2012 - 12:33 AM

Elise

    Emsisoft Research

  • Expert
  • 3,389 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#12
elesh
Posted 13 March 2012 - 11:04 AM

elesh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Crag



I would definitely appreciate help , I felt my self that its probably its not lmalware, but i am no expert.

I would like you to help me since I dont want to format n reinstall windows. as i have many softwares Please tell me what should i do.
  • 0

#13
Crag_Hack
Posted 13 March 2012 - 11:21 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hi elesh. The first step to take in troubleshooting your issue is to see if it persists in safe mode. Please do the following then report to me if the problem persisted or not. Also I assume you have tried rebooting the computer to see if that fixes the problem right?

  • Restart your computer
  • Repeatedly tap F8 while it is starting
  • You will encounter an Advanced Boot Options Menu
  • Select the Safe Mode with Networking option
  • You will see a bunch of lines of system files
  • If you are prompted with a choice of user accounts select an administrator account

  • 0

#14
elesh
Posted 14 March 2012 - 09:57 AM

elesh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Crag

I did what you asked me to and aparently the problem does not come up in safe mode with networking.

I remember testing the issue over a month ago in safe mode and it existed but may be I remember wrong. Anyways it does not appear in safe mode and I have tested 4-5 times in safe mode, I opened browsers, surfed websites and also ran few applications such as photoshop and all seems fine in safe mode.

What would you like me to do next ?
  • 0

#15
Crag_Hack
Posted 15 March 2012 - 05:26 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hi elesh, considering the problem didn't occur in safe mode the next step is to determine which startup item/service that wasn't loaded in safe mode is causing the problem. We achieve this using msconfig which allows us to disable startup items/services. We disable all the items/services then turn half of them back on and see if the problem recurs. If so the offending entry/service is one of the ones we turned back on so then we disable half of those to see if the entry/service is one of the ones now enabled. We repeat this disable/enable half procedure until we isolate the offending entry/service. This page explains how to do it. Let me know if you have any questions.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP