Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Text Disappears in different windows, dialouge boxes and search box si

Started by elesh , Feb 25 2012 01:57 PM

  • This topic is locked This topic is locked

#16
elesh
Posted 16 March 2012 - 01:17 PM

elesh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Crag

I followed the instructions and disabled all the services (except microsoft ones by hiding them) and all the startup items. However the problem still exists which means it could be one of the microsoft services.

I have compared the microsoft services that are running in safe mode versus the microsoft services that run in normal mode and i will try to disable one by one and get back to you by tomorrow hopefully with some result.

thanks for the patience
  • 0

Advertisements

#17
elesh
Posted 17 March 2012 - 04:38 AM

elesh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Crag

I spent half day working with msconfig, first I disabled all the start up services and all services (except the microsoft services as it shows in instructions on the link given by you), but that didn't resolve the issue.

So I tried a method on my own, I ran msconfig in safe mode to see what services are running and took a screen shot of them, then in normal mode i disabled all the services including microsoft ones and only kept the services which run in safe mode (referring screen shot). I tried this assuming just like safe mode the problem wont arise but surprisingly it still did.

whatever is causing this problem to me it seems was not listed in msconfig, now i don't have much knowledge but is that possible ?

Don't know what to do next.

help !
  • 0

#18
Crag_Hack
Posted 17 March 2012 - 02:38 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hi Elesh, the next step is to run an OTL scan in safe mode and compare that to one in regular Windows. Boot into safe mode with networking then run OTL and click the quick scan button and post the results. Then do the same in normal Windows mode.
  • 0

#19
elesh
Posted 18 March 2012 - 12:53 PM

elesh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Crag please find the logs

OLT LOG in normal mode

OTL logfile created on: 3/18/2012 8:37:59 PM - Run 3
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Users\elesh\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

1011.95 Mb Total Physical Memory | 254.29 Mb Available Physical Memory | 25.13% Memory free
1.99 Gb Paging File | 1.05 Gb Available in Paging File | 52.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 44.04 Gb Total Space | 11.59 Gb Free Space | 26.32% Space Free | Partition Type: NTFS
Drive D: | 61.90 Gb Total Space | 4.84 Gb Free Space | 7.82% Space Free | Partition Type: NTFS

Computer Name: ELESH-LAPTOP | User Name: elesh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/21 12:54:17 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\elesh\Desktop\OTL.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/01/19 17:17:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/29 04:38:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 17:47:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/29 04:39:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 04:38:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/15 07:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/19 17:17:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/12/22 06:06:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/12/22 02:37:44 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/05/29 01:54:28 | 000,135,168 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffWeb)
SRV - [2011/05/29 01:54:28 | 000,135,168 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffScheduler)
SRV - [2011/01/26 11:36:49 | 000,309,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV - [2010/11/20 17:49:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 17:49:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 17:48:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/07/14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 06:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/11/23 15:14:50 | 002,227,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:28 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/09/01 23:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/08/02 17:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/07/22 11:28:26 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2011/07/11 01:14:14 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:12 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:14:12 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/11/20 18:00:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 18:00:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 18:00:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 15:54:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 15:51:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 15:29:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 14:44:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 14:44:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-IN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6A 9C D0 BC 9D C0 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..keyword.URL: "http://in.search.yah...type=937811&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\elesh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\elesh\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\elesh\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\elesh\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/18 01:49:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 20:25:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/12/22 02:14:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\elesh\AppData\Roaming\Mozilla\Extensions
[2012/01/03 20:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\elesh\AppData\Roaming\Mozilla\Firefox\Profiles\u6pq6uug.default\extensions
[2012/03/01 12:57:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/18 20:25:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/02/18 01:49:16 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/03/18 20:25:12 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/17 07:08:42 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/12/17 06:55:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/17 07:08:42 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/12/17 07:08:42 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/12/17 07:08:42 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/03/06 14:25:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKCU..\Run: [DriverMax_RESTART] C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B97964C-FCF7-4D5F-A734-D877C0CEED27}: DhcpNameServer = 202.56.230.5 202.56.230.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BDFB466-D289-4C67-A151-35FB57795D24}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87BB6E09-22D3-43F3-BCB4-5E3D9103ABC3}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\Windows\System32\acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/18 11:01:48 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{B07B4C5A-8DA4-4A9B-B8D0-A2C46A16873B}
[2012/03/18 11:01:34 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{DC347685-2AE2-42B0-9A78-98A4733766A7}
[2012/03/17 15:24:39 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{DBFFE3DF-24BE-4976-9A8E-23F14C6748D4}
[2012/03/17 15:24:23 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{A5FB9CDE-A02A-4E12-88C2-0394133676E0}
[2012/03/17 03:03:00 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{2AE03A36-9DB0-430C-9A11-73BF3A4D5A09}
[2012/03/17 03:02:46 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{5B281C5D-EA24-41DA-A5F8-0B67E6EFF60D}
[2012/03/16 10:47:41 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{7446A99B-AC45-4409-A7DE-E97A62F2B539}
[2012/03/16 10:47:23 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{F14E92A5-887B-4FE5-84FA-EDB1DB054169}
[2012/03/15 22:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/15 22:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/15 22:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/15 12:40:24 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{802DB80A-5659-4AE7-90D3-A63FB5BEEE8E}
[2012/03/15 12:40:08 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{D6FD6515-F4E7-4F3B-A18F-ABB56E91BCE7}
[2012/03/14 16:03:58 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{772BA675-9547-495B-9C0D-C62111798AE5}
[2012/03/14 16:03:45 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{40E21349-7E84-49A5-9B0A-5CF67DEA9622}
[2012/03/14 01:50:11 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{E223F7E8-1D95-4089-8E9D-42B4DDBD08DC}
[2012/03/14 01:49:54 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{C696B358-96D0-4D35-A1C8-D8C8E6033FAE}
[2012/03/13 13:49:06 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{BE8AEA59-2726-4109-AD10-B8E52CB37958}
[2012/03/13 13:48:46 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{725BBB09-AE5D-4157-AAF6-B5D012FC06AD}
[2012/03/12 20:03:35 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{5722B9FC-DE24-41C6-B38B-0CFAEDB37FF5}
[2012/03/12 20:03:19 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{C8AC53EF-437F-480E-9A95-E03ECD368CE6}
[2012/03/12 16:00:36 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{4337FAAA-BCF7-4F11-A4BC-B7983DF18AE9}
[2012/03/08 21:05:59 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{1AE00A05-D1C3-4CF9-9288-2196900C013D}
[2012/03/08 20:33:01 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{98126BED-69D0-40EF-AFB1-89C8C7CA8A9D}
[2012/03/08 19:03:51 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{E6FB845A-96A9-4616-9896-69B8F4B02F2B}
[2012/03/08 18:10:02 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{644E937A-4A93-403D-9F5E-0EEDBBE2221B}
[2012/03/07 14:47:16 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{83C08F97-61DA-4FC2-8FC3-9130684A03D2}
[2012/03/07 14:46:59 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{4D2913F5-B5C4-499E-B2C0-E42FFF608B30}
[2012/03/06 22:40:45 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{2186F577-6782-46C9-8F5C-EEEAF9677EAD}
[2012/03/06 22:40:30 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{8DA3A460-7F31-4BD3-8AC7-F94A50EE261E}
[2012/03/06 14:33:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/06 14:33:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/06 14:33:23 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\temp
[2012/03/06 14:03:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/06 14:03:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/06 14:03:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/06 14:02:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/06 14:00:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/06 10:39:56 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{2F01F8CD-7BFB-4F66-A151-F5D224CE730A}
[2012/03/05 12:57:45 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{53C0133D-27EB-4401-B3E1-2D3CDC04854E}
[2012/03/05 12:57:29 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{BFB3F2A2-989B-4759-A09F-B3420578887F}
[2012/03/05 00:56:54 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{AC3CE502-378F-4D93-9AA5-44DA70F829F1}
[2012/03/04 11:29:48 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{A190630F-0970-4233-9501-358B880833C5}
[2012/03/04 11:29:33 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{B95B0334-B65A-484F-918F-35A25AF5EBFE}
[2012/03/03 23:28:55 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{EADF7C8A-B071-4188-B05C-7D3988C5C06B}
[2012/03/03 11:28:17 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{941BE42B-F3E4-4667-AB48-8211C4B42B55}
[2012/03/03 11:28:02 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{0F08B22D-41A2-4755-975A-4E68EC6F3F3D}
[2012/03/02 20:10:27 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{12CDE02B-CA99-4606-B532-C56B2644A886}
[2012/03/02 20:10:03 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{1792094C-7FED-44EB-B9CE-820F8FECDD98}
[2012/03/01 23:19:40 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{33AD74F7-F086-42CE-A061-9C5D0573066D}
[2012/03/01 23:19:23 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{DFEF6147-E0F0-448B-A28D-1FFA2DBDFC86}
[2012/03/01 12:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/01 11:18:36 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{F226E03C-C854-4212-898B-85ABEB273A9A}
[2012/03/01 11:18:20 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{A0540D72-BAD2-49CE-A7BC-427648DBD539}
[2012/02/29 22:34:26 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{2AFEFFB3-8E09-48F7-9495-3E2A097DCE25}
[2012/02/29 22:34:08 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{2F0E0B41-7B66-424C-BC4E-CCFF9872F9B1}
[2012/02/29 13:56:10 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{D75B237F-1E24-421E-AE87-2D323A3353B1}
[2012/02/29 13:55:44 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{DC4B54DA-4AB7-40E3-810F-00ED307AB16B}
[2012/02/28 15:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/02/28 14:08:59 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{C1E97428-8528-4741-8775-ADADD757E083}
[2012/02/28 14:08:45 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{CB2F8AF4-C284-4311-BB9C-14FE03D759BB}
[2012/02/28 02:08:11 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{1A795621-AC01-4C7F-B124-77E0BF914079}
[2012/02/28 02:07:56 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{46393C60-FCE9-414C-8086-F075AC6B2B66}
[2012/02/27 23:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\UltraISO
[2012/02/27 14:03:50 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{7FF01772-DBB2-4A2B-8D7A-E10A55D71D1B}
[2012/02/27 14:03:33 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{FA483961-FEF6-4612-8161-D8E08A1C2EF1}
[2012/02/26 20:25:52 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{EA448508-EA65-44C1-958C-414FF2F40E74}
[2012/02/26 20:25:29 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{855CE367-FD4D-4D9A-AB99-64F902F32A11}
[2012/02/26 06:28:59 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{D89C4470-50C6-48D1-AB3E-FFDA91A1448B}
[2012/02/26 06:28:41 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{F0F2982A-25CF-4890-8A74-AB62438922A4}
[2012/02/25 18:28:02 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{58A48458-CBB9-4EEA-84C7-B916186696F7}
[2012/02/25 18:27:47 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{B76DC191-A9EA-41CD-A78A-4A35A48890DC}
[2012/02/24 12:10:00 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{CE1E7139-7554-4095-9B67-AACE7DC6987A}
[2012/02/22 12:29:54 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{D6274274-EFA7-4B7F-9DDB-A43A4EEB6667}
[2012/02/22 12:29:40 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{533C871C-A57C-4BEF-88F3-857CB2949718}
[2012/02/22 00:29:06 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{9C8AB919-E296-4114-9C32-C33E58B07F49}
[2012/02/22 00:28:51 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{F4851368-192F-44D6-824F-8EA6C866ECB8}
[2012/02/21 12:53:55 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Users\elesh\Desktop\OTL.exe
[2012/02/21 12:28:18 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{261E7A73-D306-4414-9E19-D296BCD768C9}
[2012/02/21 12:28:02 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{32EA7B36-1B66-46B0-9E31-1962A0EA106C}
[2012/02/21 01:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2012/02/21 00:27:29 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{1AF92FCF-5E3F-474A-A764-D30D8EB4F117}
[2012/02/21 00:27:13 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{FB17E052-91CC-410E-9372-00B42DD2B81E}
[2012/02/20 12:26:39 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{DA68E1DB-E40F-427A-AB00-834C3DB0CD80}
[2012/02/20 12:26:20 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{50EE2486-4D18-48C5-A31B-BB954400D6DD}
[2012/02/20 03:33:21 | 000,000,000 | ---D | C] -- C:\Users\elesh\Documents\Corel VideoStudio Pro
[2012/02/20 03:07:18 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Roaming\Ulead Systems
[2012/02/20 03:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2012/02/20 03:02:56 | 000,000,000 | ---D | C] -- C:\Program Files\SmartSound Software
[2012/02/20 03:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc
[2012/02/20 03:01:35 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2012/02/20 03:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
[2012/02/20 03:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\InterVideo
[2012/02/20 03:00:51 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/02/20 03:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/02/20 02:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel VideoStudio Pro X4
[2012/02/20 02:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2012/02/20 02:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ulead Systems
[2012/02/20 02:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2012/02/20 00:18:32 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Roaming\gtk-2.0
[2012/02/20 00:15:05 | 000,000,000 | ---D | C] -- C:\Users\elesh\Documents\LongoMatch
[2012/02/19 18:06:48 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{3C95AA99-9764-4DCE-8DE7-6FDAEE7E0F42}
[2012/02/19 18:06:29 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{4DEE394C-95DD-41E3-A686-AEA30090541F}
[2012/02/18 20:29:01 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/02/18 20:29:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2012/02/18 20:28:08 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2012/02/18 20:28:07 | 001,725,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
[2012/02/18 20:28:06 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2012/02/18 20:28:05 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2012/02/18 20:28:05 | 000,214,368 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFNHK.dll
[2012/02/18 20:28:05 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2012/02/18 20:28:05 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2012/02/18 20:28:04 | 000,074,080 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFCOM.dll
[2012/02/18 20:28:04 | 000,068,960 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFAPO.dll
[2012/02/18 20:27:57 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2012/02/18 20:27:57 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2012/02/18 20:27:57 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2012/02/18 20:27:57 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2012/02/18 20:27:56 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2012/02/18 20:27:56 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2012/02/18 20:27:55 | 003,296,600 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll
[2012/02/18 20:27:55 | 000,103,256 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll
[2012/02/18 20:27:55 | 000,061,272 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll
[2012/02/18 20:27:54 | 003,327,320 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll
[2012/02/18 20:27:54 | 000,587,096 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek2.dll
[2012/02/18 20:27:54 | 000,345,944 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll
[2012/02/18 20:27:54 | 000,252,760 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll
[2012/02/18 20:27:54 | 000,088,408 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll
[2012/02/18 20:27:53 | 001,836,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2012/02/18 20:27:53 | 000,259,928 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll
[2012/02/18 20:27:53 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2012/02/18 20:27:52 | 000,357,712 | ---- | C] (Knowles Acoustics ) -- C:\Windows\System32\KAAPORT.dll
[2012/02/18 20:27:52 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2012/02/18 20:27:51 | 001,740,352 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2012/02/18 20:27:51 | 000,601,704 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
[2012/02/18 20:27:51 | 000,327,168 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PREC32.dll
[2012/02/18 20:27:50 | 001,509,480 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
[2012/02/18 20:27:50 | 000,631,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
[2012/02/18 20:27:50 | 000,413,696 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PLFX32.dll
[2012/02/18 20:27:50 | 000,390,656 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PGFX32.dll
[2012/02/18 20:27:49 | 001,292,904 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
[2012/02/18 20:27:49 | 000,458,344 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
[2012/02/18 20:27:49 | 000,375,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
[2012/02/18 20:27:49 | 000,218,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[2012/02/18 20:27:48 | 001,220,200 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
[2012/02/18 20:27:48 | 000,389,736 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
[2012/02/18 20:27:48 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
[2012/02/18 20:27:48 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[2012/02/18 20:27:47 | 000,654,952 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
[2012/02/18 20:01:38 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{BDABA617-0191-4525-BFE4-22CD1D4C51B4}
[2012/02/18 20:01:20 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{5B6C6367-9446-4EEE-83C1-C2616DDD13F0}
[2012/02/18 02:00:06 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\DDMSettings
[2012/02/18 01:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012/02/18 01:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2012/02/18 01:46:00 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012/02/18 01:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/18 20:29:48 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/18 20:29:48 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/18 20:27:13 | 092,152,275 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/03/18 20:22:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/18 20:21:57 | 795,832,320 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/18 14:57:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1746826367-1287877529-936054660-1000UA.job
[2012/03/18 11:57:02 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1746826367-1287877529-936054660-1000Core.job
[2012/03/17 15:23:10 | 000,000,400 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/03/17 00:19:03 | 000,183,146 | ---- | M] () -- C:\Users\elesh\Desktop\Untitled.jpg
[2012/03/16 22:32:01 | 000,013,573 | ---- | M] () -- C:\Users\elesh\Desktop\msconfig - Shortcut.lnk
[2012/03/15 22:03:30 | 000,001,764 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/15 18:23:43 | 000,295,954 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/03/14 20:26:41 | 002,904,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/12 21:09:21 | 000,692,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/12 21:09:21 | 000,133,004 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/06 14:25:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/03/01 00:19:44 | 000,000,046 | ---- | M] () -- C:\Windows\System32\_WKERNEL.FRE
[2012/02/29 23:37:46 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\WinUtilities.lnk
[2012/02/22 01:20:38 | 000,095,979 | ---- | M] () -- C:\Users\elesh\Documents\My Movie.wlmp
[2012/02/21 12:54:17 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\elesh\Desktop\OTL.exe
[2012/02/21 00:41:05 | 000,049,152 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2012/02/20 03:26:43 | 000,002,004 | -H-- | M] () -- C:\Users\elesh\Documents\Default.rdp
[2012/02/20 02:57:32 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\Corel VideoStudio Pro X4.lnk
[2012/02/20 00:23:43 | 000,000,218 | ---- | M] () -- C:\Users\elesh\.recently-used.xbel
[2012/02/19 21:22:16 | 003,967,730 | ---- | M] () -- C:\Users\elesh\Desktop\7_Stereo_love.mp3
[2012/02/19 20:18:11 | 001,919,104 | ---- | M] () -- C:\Users\elesh\Desktop\mujhe pyar hai tumse.mp3
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/17 00:06:32 | 000,183,146 | ---- | C] () -- C:\Users\elesh\Desktop\Untitled.jpg
[2012/03/16 22:32:01 | 000,013,573 | ---- | C] () -- C:\Users\elesh\Desktop\msconfig - Shortcut.lnk
[2012/03/15 22:03:30 | 000,001,764 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/06 14:03:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/06 14:03:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/06 14:03:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/06 14:03:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/06 14:03:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/28 01:40:01 | 000,000,400 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/02/21 15:41:26 | 000,095,979 | ---- | C] () -- C:\Users\elesh\Documents\My Movie.wlmp
[2012/02/20 03:23:24 | 000,002,004 | -H-- | C] () -- C:\Users\elesh\Documents\Default.rdp
[2012/02/20 02:57:32 | 000,001,019 | ---- | C] () -- C:\Users\Public\Desktop\Corel VideoStudio Pro X4.lnk
[2012/02/20 00:23:43 | 000,000,218 | ---- | C] () -- C:\Users\elesh\.recently-used.xbel
[2012/02/19 20:26:58 | 003,967,730 | ---- | C] () -- C:\Users\elesh\Desktop\7_Stereo_love.mp3
[2012/02/19 20:17:46 | 001,919,104 | ---- | C] () -- C:\Users\elesh\Desktop\mujhe pyar hai tumse.mp3
[2012/02/18 20:27:56 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/02/15 18:58:33 | 000,007,636 | ---- | C] () -- C:\Users\elesh\AppData\Local\resmon.resmoncfg
[2012/01/31 16:35:42 | 000,000,237 | ---- | C] () -- C:\Windows\fnerr.dat
[2012/01/28 21:06:56 | 000,044,228 | ---- | C] () -- C:\Users\elesh\AppData\Local\RAContactHistory.xml
[2012/01/19 18:04:40 | 000,000,600 | ---- | C] () -- C:\Users\elesh\AppData\Roaming\winscp.rnd
[2011/12/23 02:17:27 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/12/23 02:14:43 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== LOP Check ==========

[2011/12/23 02:03:45 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\Airytec
[2011/12/22 01:43:47 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\AVG2012
[2012/01/19 22:50:46 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\Azureus
[2012/01/19 17:22:05 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\FileZilla
[2012/02/20 00:18:32 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\gtk-2.0
[2011/12/24 03:29:20 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\IrfanView
[2011/12/26 09:08:06 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\OpenOffice.org
[2012/01/28 21:05:49 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\PeerNetworking
[2012/01/18 16:41:14 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\TeamViewer
[2012/02/20 03:33:50 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\Ulead Systems
[2012/02/26 13:06:40 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\uTorrent
[2012/02/02 13:25:05 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\Windows Live Writer
[2012/03/17 02:12:40 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:1677AB3F

< End of report >



OLT log in safe mode

OTL logfile created on: 3/18/2012 9:56:35 PM - Run 4
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Users\elesh\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

1011.95 Mb Total Physical Memory | 707.52 Mb Available Physical Memory | 69.92% Memory free
1.99 Gb Paging File | 1.68 Gb Available in Paging File | 84.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 44.04 Gb Total Space | 11.49 Gb Free Space | 26.09% Space Free | Partition Type: NTFS
Drive D: | 61.90 Gb Total Space | 4.84 Gb Free Space | 7.82% Space Free | Partition Type: NTFS

Computer Name: ELESH-LAPTOP | User Name: elesh | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/21 12:54:17 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\elesh\Desktop\OTL.exe
PRC - [2011/02/25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/15 07:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/19 17:17:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/12/22 06:06:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/12/22 02:37:44 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/05/29 01:54:28 | 000,135,168 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffWeb)
SRV - [2011/05/29 01:54:28 | 000,135,168 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffScheduler)
SRV - [2011/01/26 11:36:49 | 000,309,760 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV - [2010/11/20 17:49:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 17:49:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 17:48:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/07/14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 06:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011-10-07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011-10-04 06:21:28 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011-09-13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011-09-01 23:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011-08-08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011-08-02 17:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011-07-22 11:28:26 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2011-07-11 01:14:14 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011-07-11 01:14:12 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/11/23 15:14:50 | 002,227,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/07/11 01:14:12 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010-11-20 18:00:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010-11-20 18:00:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010-11-20 18:00:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010-11-20 15:54:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 15:51:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010-11-20 15:29:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-20 14:44:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010-11-20 14:44:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009-02-24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-IN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6A 9C D0 BC 9D C0 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..keyword.URL: "http://in.search.yah...type=937811&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\elesh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\elesh\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\elesh\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\elesh\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-02-18 01:49:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-03-18 20:25:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011-12-22 02:14:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\elesh\AppData\Roaming\Mozilla\Extensions
[2012-01-03 20:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\elesh\AppData\Roaming\Mozilla\Firefox\Profiles\u6pq6uug.default\extensions
[2012-03-01 12:57:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-02-18 01:49:16 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012-03-18 20:25:12 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-12-17 07:08:42 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011-12-17 06:55:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011-12-17 07:08:42 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011-12-17 07:08:42 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011-12-17 07:08:42 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012-03-06 14:25:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKCU..\Run: [DriverMax_RESTART] C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B97964C-FCF7-4D5F-A734-D877C0CEED27}: DhcpNameServer = 202.56.230.5 202.56.230.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BDFB466-D289-4C67-A151-35FB57795D24}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87BB6E09-22D3-43F3-BCB4-5E3D9103ABC3}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\Windows\System32\acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012-03-18 11:01:48 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{B07B4C5A-8DA4-4A9B-B8D0-A2C46A16873B}
[2012-03-18 11:01:34 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{DC347685-2AE2-42B0-9A78-98A4733766A7}
[2012-03-17 15:24:39 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{DBFFE3DF-24BE-4976-9A8E-23F14C6748D4}
[2012-03-17 15:24:23 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{A5FB9CDE-A02A-4E12-88C2-0394133676E0}
[2012-03-17 03:03:00 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{2AE03A36-9DB0-430C-9A11-73BF3A4D5A09}
[2012-03-17 03:02:46 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{5B281C5D-EA24-41DA-A5F8-0B67E6EFF60D}
[2012-03-16 10:47:41 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{7446A99B-AC45-4409-A7DE-E97A62F2B539}
[2012-03-16 10:47:23 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{F14E92A5-887B-4FE5-84FA-EDB1DB054169}
[2012-03-15 22:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012-03-15 22:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012-03-15 22:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012-03-15 12:40:24 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{802DB80A-5659-4AE7-90D3-A63FB5BEEE8E}
[2012-03-15 12:40:08 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{D6FD6515-F4E7-4F3B-A18F-ABB56E91BCE7}
[2012-03-14 16:03:58 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{772BA675-9547-495B-9C0D-C62111798AE5}
[2012-03-14 16:03:45 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{40E21349-7E84-49A5-9B0A-5CF67DEA9622}
[2012-03-14 01:50:11 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{E223F7E8-1D95-4089-8E9D-42B4DDBD08DC}
[2012-03-14 01:49:54 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{C696B358-96D0-4D35-A1C8-D8C8E6033FAE}
[2012-03-13 13:49:06 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{BE8AEA59-2726-4109-AD10-B8E52CB37958}
[2012-03-13 13:48:46 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{725BBB09-AE5D-4157-AAF6-B5D012FC06AD}
[2012-03-12 20:03:35 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{5722B9FC-DE24-41C6-B38B-0CFAEDB37FF5}
[2012-03-12 20:03:19 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{C8AC53EF-437F-480E-9A95-E03ECD368CE6}
[2012-03-12 16:00:36 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{4337FAAA-BCF7-4F11-A4BC-B7983DF18AE9}
[2012-03-08 21:05:59 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{1AE00A05-D1C3-4CF9-9288-2196900C013D}
[2012-03-08 20:33:01 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{98126BED-69D0-40EF-AFB1-89C8C7CA8A9D}
[2012-03-08 19:03:51 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{E6FB845A-96A9-4616-9896-69B8F4B02F2B}
[2012-03-08 18:10:02 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{644E937A-4A93-403D-9F5E-0EEDBBE2221B}
[2012-03-07 14:47:16 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{83C08F97-61DA-4FC2-8FC3-9130684A03D2}
[2012-03-07 14:46:59 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{4D2913F5-B5C4-499E-B2C0-E42FFF608B30}
[2012-03-06 22:40:45 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{2186F577-6782-46C9-8F5C-EEEAF9677EAD}
[2012-03-06 22:40:30 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{8DA3A460-7F31-4BD3-8AC7-F94A50EE261E}
[2012-03-06 14:33:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012-03-06 14:33:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012-03-06 14:33:23 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\temp
[2012-03-06 14:03:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-03-06 14:03:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-03-06 14:03:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-03-06 14:02:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012-03-06 14:00:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-03-06 10:39:56 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{2F01F8CD-7BFB-4F66-A151-F5D224CE730A}
[2012-03-05 12:57:45 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{53C0133D-27EB-4401-B3E1-2D3CDC04854E}
[2012-03-05 12:57:29 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{BFB3F2A2-989B-4759-A09F-B3420578887F}
[2012-03-05 00:56:54 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{AC3CE502-378F-4D93-9AA5-44DA70F829F1}
[2012-03-04 11:29:48 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{A190630F-0970-4233-9501-358B880833C5}
[2012-03-04 11:29:33 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{B95B0334-B65A-484F-918F-35A25AF5EBFE}
[2012-03-03 23:28:55 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{EADF7C8A-B071-4188-B05C-7D3988C5C06B}
[2012-03-03 11:28:17 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{941BE42B-F3E4-4667-AB48-8211C4B42B55}
[2012-03-03 11:28:02 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{0F08B22D-41A2-4755-975A-4E68EC6F3F3D}
[2012-03-02 20:10:27 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{12CDE02B-CA99-4606-B532-C56B2644A886}
[2012-03-02 20:10:03 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{1792094C-7FED-44EB-B9CE-820F8FECDD98}
[2012-03-01 23:19:40 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{33AD74F7-F086-42CE-A061-9C5D0573066D}
[2012-03-01 23:19:23 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{DFEF6147-E0F0-448B-A28D-1FFA2DBDFC86}
[2012-03-01 12:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012-03-01 11:18:36 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{F226E03C-C854-4212-898B-85ABEB273A9A}
[2012-03-01 11:18:20 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{A0540D72-BAD2-49CE-A7BC-427648DBD539}
[2012-02-29 22:34:26 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{2AFEFFB3-8E09-48F7-9495-3E2A097DCE25}
[2012-02-29 22:34:08 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{2F0E0B41-7B66-424C-BC4E-CCFF9872F9B1}
[2012-02-29 13:56:10 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{D75B237F-1E24-421E-AE87-2D323A3353B1}
[2012-02-29 13:55:44 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{DC4B54DA-4AB7-40E3-810F-00ED307AB16B}
[2012-02-28 15:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012-02-28 14:08:59 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{C1E97428-8528-4741-8775-ADADD757E083}
[2012-02-28 14:08:45 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{CB2F8AF4-C284-4311-BB9C-14FE03D759BB}
[2012-02-28 02:08:11 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{1A795621-AC01-4C7F-B124-77E0BF914079}
[2012-02-28 02:07:56 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{46393C60-FCE9-414C-8086-F075AC6B2B66}
[2012-02-27 23:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\UltraISO
[2012-02-27 14:03:50 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{7FF01772-DBB2-4A2B-8D7A-E10A55D71D1B}
[2012-02-27 14:03:33 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{FA483961-FEF6-4612-8161-D8E08A1C2EF1}
[2012-02-26 20:25:52 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{EA448508-EA65-44C1-958C-414FF2F40E74}
[2012-02-26 20:25:29 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{855CE367-FD4D-4D9A-AB99-64F902F32A11}
[2012-02-26 06:28:59 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{D89C4470-50C6-48D1-AB3E-FFDA91A1448B}
[2012-02-26 06:28:41 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{F0F2982A-25CF-4890-8A74-AB62438922A4}
[2012-02-25 18:28:02 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{58A48458-CBB9-4EEA-84C7-B916186696F7}
[2012-02-25 18:27:47 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{B76DC191-A9EA-41CD-A78A-4A35A48890DC}
[2012-02-24 12:10:00 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{CE1E7139-7554-4095-9B67-AACE7DC6987A}
[2012-02-22 12:29:54 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{D6274274-EFA7-4B7F-9DDB-A43A4EEB6667}
[2012-02-22 12:29:40 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{533C871C-A57C-4BEF-88F3-857CB2949718}
[2012-02-22 00:29:06 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{9C8AB919-E296-4114-9C32-C33E58B07F49}
[2012-02-22 00:28:51 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{F4851368-192F-44D6-824F-8EA6C866ECB8}
[2012-02-21 12:53:55 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Users\elesh\Desktop\OTL.exe
[2012-02-21 12:28:18 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{261E7A73-D306-4414-9E19-D296BCD768C9}
[2012-02-21 12:28:02 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{32EA7B36-1B66-46B0-9E31-1962A0EA106C}
[2012-02-21 01:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2012-02-21 00:27:29 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{1AF92FCF-5E3F-474A-A764-D30D8EB4F117}
[2012-02-21 00:27:13 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{FB17E052-91CC-410E-9372-00B42DD2B81E}
[2012-02-20 12:26:39 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{DA68E1DB-E40F-427A-AB00-834C3DB0CD80}
[2012-02-20 12:26:20 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{50EE2486-4D18-48C5-A31B-BB954400D6DD}
[2012-02-20 03:33:21 | 000,000,000 | ---D | C] -- C:\Users\elesh\Documents\Corel VideoStudio Pro
[2012-02-20 03:07:18 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Roaming\Ulead Systems
[2012-02-20 03:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2012-02-20 03:02:56 | 000,000,000 | ---D | C] -- C:\Program Files\SmartSound Software
[2012-02-20 03:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc
[2012-02-20 03:01:35 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2012-02-20 03:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
[2012-02-20 03:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\InterVideo
[2012-02-20 03:00:51 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012-02-20 03:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012-02-20 02:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel VideoStudio Pro X4
[2012-02-20 02:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2012-02-20 02:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ulead Systems
[2012-02-20 02:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2012-02-20 00:18:32 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Roaming\gtk-2.0
[2012-02-20 00:15:05 | 000,000,000 | ---D | C] -- C:\Users\elesh\Documents\LongoMatch
[2012-02-19 18:06:48 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{3C95AA99-9764-4DCE-8DE7-6FDAEE7E0F42}
[2012-02-19 18:06:29 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{4DEE394C-95DD-41E3-A686-AEA30090541F}
[2012-02-18 20:29:01 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012-02-18 20:29:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2012-02-18 20:28:08 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2012-02-18 20:28:07 | 001,725,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
[2012-02-18 20:28:06 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2012-02-18 20:28:05 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2012-02-18 20:28:05 | 000,214,368 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFNHK.dll
[2012-02-18 20:28:05 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2012-02-18 20:28:05 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2012-02-18 20:28:04 | 000,074,080 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFCOM.dll
[2012-02-18 20:28:04 | 000,068,960 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFAPO.dll
[2012-02-18 20:27:57 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2012-02-18 20:27:57 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2012-02-18 20:27:57 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2012-02-18 20:27:57 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2012-02-18 20:27:56 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2012-02-18 20:27:56 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2012-02-18 20:27:55 | 003,296,600 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll
[2012-02-18 20:27:55 | 000,103,256 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll
[2012-02-18 20:27:55 | 000,061,272 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll
[2012-02-18 20:27:54 | 003,327,320 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll
[2012-02-18 20:27:54 | 000,587,096 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek2.dll
[2012-02-18 20:27:54 | 000,345,944 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll
[2012-02-18 20:27:54 | 000,252,760 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll
[2012-02-18 20:27:54 | 000,088,408 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll
[2012-02-18 20:27:53 | 001,836,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2012-02-18 20:27:53 | 000,259,928 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll
[2012-02-18 20:27:53 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2012-02-18 20:27:52 | 000,357,712 | ---- | C] (Knowles Acoustics ) -- C:\Windows\System32\KAAPORT.dll
[2012-02-18 20:27:52 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2012-02-18 20:27:51 | 001,740,352 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2012-02-18 20:27:51 | 000,601,704 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
[2012-02-18 20:27:51 | 000,327,168 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PREC32.dll
[2012-02-18 20:27:50 | 001,509,480 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
[2012-02-18 20:27:50 | 000,631,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
[2012-02-18 20:27:50 | 000,413,696 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PLFX32.dll
[2012-02-18 20:27:50 | 000,390,656 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PGFX32.dll
[2012-02-18 20:27:49 | 001,292,904 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
[2012-02-18 20:27:49 | 000,458,344 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
[2012-02-18 20:27:49 | 000,375,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
[2012-02-18 20:27:49 | 000,218,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[2012-02-18 20:27:48 | 001,220,200 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
[2012-02-18 20:27:48 | 000,389,736 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
[2012-02-18 20:27:48 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
[2012-02-18 20:27:48 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[2012-02-18 20:27:47 | 000,654,952 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
[2012-02-18 20:01:38 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{BDABA617-0191-4525-BFE4-22CD1D4C51B4}
[2012-02-18 20:01:20 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{5B6C6367-9446-4EEE-83C1-C2616DDD13F0}
[2012-02-18 02:00:06 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\DDMSettings
[2012-02-18 01:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012-02-18 01:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2012-02-18 01:46:00 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012-02-18 01:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-03-18 21:51:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-03-18 21:51:07 | 795,832,320 | -HS- | M] () -- C:\hiberfil.sys
[2012-03-18 20:57:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1746826367-1287877529-936054660-1000UA.job
[2012-03-18 20:29:48 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-03-18 20:29:48 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-03-18 20:27:13 | 092,152,275 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012-03-18 11:57:02 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1746826367-1287877529-936054660-1000Core.job
[2012-03-17 15:23:10 | 000,000,400 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012-03-17 00:19:03 | 000,183,146 | ---- | M] () -- C:\Users\elesh\Desktop\Untitled.jpg
[2012-03-16 22:32:01 | 000,013,573 | ---- | M] () -- C:\Users\elesh\Desktop\msconfig - Shortcut.lnk
[2012-03-15 22:03:30 | 000,001,764 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012-03-15 18:23:43 | 000,295,954 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012-03-14 20:26:41 | 002,904,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012-03-12 21:09:21 | 000,692,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-03-12 21:09:21 | 000,133,004 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-03-06 14:25:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012-03-01 00:19:44 | 000,000,046 | ---- | M] () -- C:\Windows\System32\_WKERNEL.FRE
[2012-02-29 23:37:46 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\WinUtilities.lnk
[2012-02-22 01:20:38 | 000,095,979 | ---- | M] () -- C:\Users\elesh\Documents\My Movie.wlmp
[2012-02-21 12:54:17 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\elesh\Desktop\OTL.exe
[2012-02-21 00:41:05 | 000,049,152 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2012-02-20 03:26:43 | 000,002,004 | -H-- | M] () -- C:\Users\elesh\Documents\Default.rdp
[2012-02-20 02:57:32 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\Corel VideoStudio Pro X4.lnk
[2012-02-20 00:23:43 | 000,000,218 | ---- | M] () -- C:\Users\elesh\.recently-used.xbel
[2012-02-19 21:22:16 | 003,967,730 | ---- | M] () -- C:\Users\elesh\Desktop\7_Stereo_love.mp3
[2012-02-19 20:18:11 | 001,919,104 | ---- | M] () -- C:\Users\elesh\Desktop\mujhe pyar hai tumse.mp3
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-03-17 00:06:32 | 000,183,146 | ---- | C] () -- C:\Users\elesh\Desktop\Untitled.jpg
[2012-03-16 22:32:01 | 000,013,573 | ---- | C] () -- C:\Users\elesh\Desktop\msconfig - Shortcut.lnk
[2012-03-15 22:03:30 | 000,001,764 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012-03-06 14:03:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-03-06 14:03:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-03-06 14:03:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-03-06 14:03:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-03-06 14:03:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-02-28 01:40:01 | 000,000,400 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012-02-21 15:41:26 | 000,095,979 | ---- | C] () -- C:\Users\elesh\Documents\My Movie.wlmp
[2012-02-20 03:23:24 | 000,002,004 | -H-- | C] () -- C:\Users\elesh\Documents\Default.rdp
[2012-02-20 02:57:32 | 000,001,019 | ---- | C] () -- C:\Users\Public\Desktop\Corel VideoStudio Pro X4.lnk
[2012-02-20 00:23:43 | 000,000,218 | ---- | C] () -- C:\Users\elesh\.recently-used.xbel
[2012-02-19 20:26:58 | 003,967,730 | ---- | C] () -- C:\Users\elesh\Desktop\7_Stereo_love.mp3
[2012-02-19 20:17:46 | 001,919,104 | ---- | C] () -- C:\Users\elesh\Desktop\mujhe pyar hai tumse.mp3
[2012-02-18 20:27:56 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012-02-15 18:58:33 | 000,007,636 | ---- | C] () -- C:\Users\elesh\AppData\Local\resmon.resmoncfg
[2012-01-31 16:35:42 | 000,000,237 | ---- | C] () -- C:\Windows\fnerr.dat
[2012-01-28 21:06:56 | 000,044,228 | ---- | C] () -- C:\Users\elesh\AppData\Local\RAContactHistory.xml
[2012-01-19 18:04:40 | 000,000,600 | ---- | C] () -- C:\Users\elesh\AppData\Roaming\winscp.rnd
[2011-12-23 02:17:27 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011-12-23 02:14:43 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== LOP Check ==========

[2011-12-23 02:03:45 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\Airytec
[2011-12-22 01:43:47 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\AVG2012
[2012-01-19 22:50:46 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\Azureus
[2012-01-19 17:22:05 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\FileZilla
[2012-02-20 00:18:32 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\gtk-2.0
[2011-12-24 03:29:20 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\IrfanView
[2011-12-26 09:08:06 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\OpenOffice.org
[2012-01-28 21:05:49 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\PeerNetworking
[2012-01-18 16:41:14 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\TeamViewer
[2012-02-20 03:33:50 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\Ulead Systems
[2012-02-26 13:06:40 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\uTorrent
[2012-02-02 13:25:05 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\Windows Live Writer
[2012-03-17 02:12:40 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:1677AB3F

< End of report >
  • 0

#20
Crag_Hack
Posted 18 March 2012 - 01:51 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hi Elesh, I went through your logs and found these entries in normal but not safe mode:

PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/07/29 04:38:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/11/20 17:47:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/29 04:39:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 04:38:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
SRV - [2012/01/19 17:17:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)

I think the first step is to uninstall AVG and see if that solves the problem. Most of the entries above are AVG.
  • 0

#21
elesh
Posted 19 March 2012 - 08:26 AM

elesh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Crag

I followed your instructions ans uninstaled AVG, that did not fix the issue, So one by one I uninstalled all the programs that were listed by you in entries above to check if they caused the issue but that didn't help me either, except 2 entries that I could not uninstall which are -


PRC - [2010/11/20 17:47:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe



Now to provide you more data I ran the O TL logs again in normal and safe mode just in case you want to check again -



OTL normal mode


OTL logfile created on: 3/19/2012 7:19:26 PM - Run 5
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Users\elesh\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

1011.95 Mb Total Physical Memory | 334.96 Mb Available Physical Memory | 33.10% Memory free
1.99 Gb Paging File | 1.21 Gb Available in Paging File | 60.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 44.04 Gb Total Space | 14.54 Gb Free Space | 33.02% Space Free | Partition Type: NTFS
Drive D: | 61.90 Gb Total Space | 5.15 Gb Free Space | 8.33% Space Free | Partition Type: NTFS

Computer Name: ELESH-LAPTOP | User Name: elesh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/21 12:54:17 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\elesh\Desktop\OTL.exe
PRC - [2011/02/25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 17:47:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/15 07:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/22 06:06:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/12/22 02:37:44 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/05/29 01:54:28 | 000,135,168 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffWeb)
SRV - [2011/05/29 01:54:28 | 000,135,168 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffScheduler)
SRV - [2011/01/26 11:36:49 | 000,309,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV - [2010/11/20 17:49:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 17:49:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 17:48:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/07/14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 06:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/11/23 15:14:50 | 002,227,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/09/01 23:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/08/02 17:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/07/22 11:28:26 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2010/11/20 18:00:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 18:00:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 18:00:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 15:54:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 15:51:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 15:29:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 14:44:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 14:44:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-IN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6A 9C D0 BC 9D C0 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..keyword.URL: "http://in.search.yah...type=937811&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\elesh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\elesh\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\elesh\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\elesh\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/19 13:31:16 | 000,000,000 | ---D | M]

[2011/12/22 02:14:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\elesh\AppData\Roaming\Mozilla\Extensions
[2012/01/03 20:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\elesh\AppData\Roaming\Mozilla\Firefox\Profiles\u6pq6uug.default\extensions
[2012/03/01 12:57:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/18 20:25:12 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/17 07:08:42 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/12/17 06:55:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/17 07:08:42 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/12/17 07:08:42 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/12/17 07:08:42 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/03/06 14:25:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DriverMax_RESTART] C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B97964C-FCF7-4D5F-A734-D877C0CEED27}: DhcpNameServer = 202.56.230.5 202.56.230.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BDFB466-D289-4C67-A151-35FB57795D24}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87BB6E09-22D3-43F3-BCB4-5E3D9103ABC3}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\Windows\System32\acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/19 14:26:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012/03/19 14:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2012/03/19 11:03:47 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{0EDE7DA6-4092-4CD4-807D-4A1FA89AECFD}
[2012/03/19 11:03:33 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{E41BC281-B354-4BC6-964F-42114A2BB5BE}
[2012/03/19 00:40:03 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Roaming\NorthEastVoIP_Phone
[2012/03/19 00:39:41 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NorthEastVoIP_Phone
[2012/03/19 00:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\NorthEastVoIP_Phone
[2012/03/18 23:03:01 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{61B64E10-749E-4612-BA4D-E7A4139A2C90}
[2012/03/18 23:02:44 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{2C0787A4-C80C-4639-A503-B2AF81A35D49}
[2012/03/18 11:01:48 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{B07B4C5A-8DA4-4A9B-B8D0-A2C46A16873B}
[2012/03/18 11:01:34 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{DC347685-2AE2-42B0-9A78-98A4733766A7}
[2012/03/17 15:24:39 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{DBFFE3DF-24BE-4976-9A8E-23F14C6748D4}
[2012/03/17 15:24:23 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{A5FB9CDE-A02A-4E12-88C2-0394133676E0}
[2012/03/17 03:03:00 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{2AE03A36-9DB0-430C-9A11-73BF3A4D5A09}
[2012/03/17 03:02:46 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{5B281C5D-EA24-41DA-A5F8-0B67E6EFF60D}
[2012/03/16 10:47:41 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{7446A99B-AC45-4409-A7DE-E97A62F2B539}
[2012/03/16 10:47:23 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{F14E92A5-887B-4FE5-84FA-EDB1DB054169}
[2012/03/15 12:40:24 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{802DB80A-5659-4AE7-90D3-A63FB5BEEE8E}
[2012/03/15 12:40:08 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{D6FD6515-F4E7-4F3B-A18F-ABB56E91BCE7}
[2012/03/14 16:03:58 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{772BA675-9547-495B-9C0D-C62111798AE5}
[2012/03/14 16:03:45 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{40E21349-7E84-49A5-9B0A-5CF67DEA9622}
[2012/03/14 01:50:11 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{E223F7E8-1D95-4089-8E9D-42B4DDBD08DC}
[2012/03/14 01:49:54 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{C696B358-96D0-4D35-A1C8-D8C8E6033FAE}
[2012/03/13 13:49:06 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{BE8AEA59-2726-4109-AD10-B8E52CB37958}
[2012/03/13 13:48:46 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{725BBB09-AE5D-4157-AAF6-B5D012FC06AD}
[2012/03/12 20:03:35 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{5722B9FC-DE24-41C6-B38B-0CFAEDB37FF5}
[2012/03/12 20:03:19 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{C8AC53EF-437F-480E-9A95-E03ECD368CE6}
[2012/03/12 16:00:36 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{4337FAAA-BCF7-4F11-A4BC-B7983DF18AE9}
[2012/03/08 21:05:59 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{1AE00A05-D1C3-4CF9-9288-2196900C013D}
[2012/03/08 20:33:01 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{98126BED-69D0-40EF-AFB1-89C8C7CA8A9D}
[2012/03/08 19:03:51 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{E6FB845A-96A9-4616-9896-69B8F4B02F2B}
[2012/03/08 18:10:02 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{644E937A-4A93-403D-9F5E-0EEDBBE2221B}
[2012/03/07 14:47:16 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{83C08F97-61DA-4FC2-8FC3-9130684A03D2}
[2012/03/07 14:46:59 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{4D2913F5-B5C4-499E-B2C0-E42FFF608B30}
[2012/03/06 22:40:45 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{2186F577-6782-46C9-8F5C-EEEAF9677EAD}
[2012/03/06 22:40:30 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{8DA3A460-7F31-4BD3-8AC7-F94A50EE261E}
[2012/03/06 14:33:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/06 14:33:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/06 14:33:23 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\temp
[2012/03/06 14:03:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/06 14:03:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/06 14:03:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/06 14:02:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/06 14:00:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/06 10:39:56 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{2F01F8CD-7BFB-4F66-A151-F5D224CE730A}
[2012/03/05 12:57:45 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{53C0133D-27EB-4401-B3E1-2D3CDC04854E}
[2012/03/05 12:57:29 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{BFB3F2A2-989B-4759-A09F-B3420578887F}
[2012/03/05 00:56:54 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{AC3CE502-378F-4D93-9AA5-44DA70F829F1}
[2012/03/04 11:29:48 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{A190630F-0970-4233-9501-358B880833C5}
[2012/03/04 11:29:33 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{B95B0334-B65A-484F-918F-35A25AF5EBFE}
[2012/03/03 23:28:55 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{EADF7C8A-B071-4188-B05C-7D3988C5C06B}
[2012/03/03 11:28:17 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{941BE42B-F3E4-4667-AB48-8211C4B42B55}
[2012/03/03 11:28:02 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{0F08B22D-41A2-4755-975A-4E68EC6F3F3D}
[2012/03/02 20:10:27 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{12CDE02B-CA99-4606-B532-C56B2644A886}
[2012/03/02 20:10:03 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{1792094C-7FED-44EB-B9CE-820F8FECDD98}
[2012/03/01 23:19:40 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{33AD74F7-F086-42CE-A061-9C5D0573066D}
[2012/03/01 23:19:23 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{DFEF6147-E0F0-448B-A28D-1FFA2DBDFC86}
[2012/03/01 12:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/01 11:18:36 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{F226E03C-C854-4212-898B-85ABEB273A9A}
[2012/03/01 11:18:20 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{A0540D72-BAD2-49CE-A7BC-427648DBD539}
[2012/02/29 22:34:26 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{2AFEFFB3-8E09-48F7-9495-3E2A097DCE25}
[2012/02/29 22:34:08 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{2F0E0B41-7B66-424C-BC4E-CCFF9872F9B1}
[2012/02/29 13:56:10 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{D75B237F-1E24-421E-AE87-2D323A3353B1}
[2012/02/29 13:55:44 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{DC4B54DA-4AB7-40E3-810F-00ED307AB16B}
[2012/02/28 15:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/02/28 14:08:59 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{C1E97428-8528-4741-8775-ADADD757E083}
[2012/02/28 14:08:45 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{CB2F8AF4-C284-4311-BB9C-14FE03D759BB}
[2012/02/28 02:08:11 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{1A795621-AC01-4C7F-B124-77E0BF914079}
[2012/02/28 02:07:56 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{46393C60-FCE9-414C-8086-F075AC6B2B66}
[2012/02/27 23:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\UltraISO
[2012/02/27 14:03:50 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{7FF01772-DBB2-4A2B-8D7A-E10A55D71D1B}
[2012/02/27 14:03:33 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{FA483961-FEF6-4612-8161-D8E08A1C2EF1}
[2012/02/26 20:25:52 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{EA448508-EA65-44C1-958C-414FF2F40E74}
[2012/02/26 20:25:29 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{855CE367-FD4D-4D9A-AB99-64F902F32A11}
[2012/02/26 06:28:59 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{D89C4470-50C6-48D1-AB3E-FFDA91A1448B}
[2012/02/26 06:28:41 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{F0F2982A-25CF-4890-8A74-AB62438922A4}
[2012/02/25 18:28:02 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{58A48458-CBB9-4EEA-84C7-B916186696F7}
[2012/02/25 18:27:47 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{B76DC191-A9EA-41CD-A78A-4A35A48890DC}
[2012/02/24 12:10:00 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{CE1E7139-7554-4095-9B67-AACE7DC6987A}
[2012/02/22 12:29:54 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{D6274274-EFA7-4B7F-9DDB-A43A4EEB6667}
[2012/02/22 12:29:40 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{533C871C-A57C-4BEF-88F3-857CB2949718}
[2012/02/22 00:29:06 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{9C8AB919-E296-4114-9C32-C33E58B07F49}
[2012/02/22 00:28:51 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{F4851368-192F-44D6-824F-8EA6C866ECB8}
[2012/02/21 12:53:55 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Users\elesh\Desktop\OTL.exe
[2012/02/21 12:28:18 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{261E7A73-D306-4414-9E19-D296BCD768C9}
[2012/02/21 12:28:02 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{32EA7B36-1B66-46B0-9E31-1962A0EA106C}
[2012/02/21 01:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2012/02/21 00:27:29 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{1AF92FCF-5E3F-474A-A764-D30D8EB4F117}
[2012/02/21 00:27:13 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{FB17E052-91CC-410E-9372-00B42DD2B81E}
[2012/02/20 12:26:39 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{DA68E1DB-E40F-427A-AB00-834C3DB0CD80}
[2012/02/20 12:26:20 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{50EE2486-4D18-48C5-A31B-BB954400D6DD}
[2012/02/20 03:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2012/02/20 03:02:56 | 000,000,000 | ---D | C] -- C:\Program Files\SmartSound Software
[2012/02/20 03:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc
[2012/02/20 03:01:35 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2012/02/20 03:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
[2012/02/20 03:00:51 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/02/20 03:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/02/20 02:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2012/02/20 00:18:32 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Roaming\gtk-2.0
[2012/02/20 00:15:05 | 000,000,000 | ---D | C] -- C:\Users\elesh\Documents\LongoMatch
[2012/02/19 18:06:48 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{3C95AA99-9764-4DCE-8DE7-6FDAEE7E0F42}
[2012/02/19 18:06:29 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{4DEE394C-95DD-41E3-A686-AEA30090541F}
[2012/02/18 20:29:01 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/02/18 20:29:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2012/02/18 20:28:08 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2012/02/18 20:28:07 | 001,725,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
[2012/02/18 20:28:06 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2012/02/18 20:28:05 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2012/02/18 20:28:05 | 000,214,368 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFNHK.dll
[2012/02/18 20:28:05 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2012/02/18 20:28:05 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2012/02/18 20:28:04 | 000,074,080 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFCOM.dll
[2012/02/18 20:28:04 | 000,068,960 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFAPO.dll
[2012/02/18 20:27:57 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2012/02/18 20:27:57 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2012/02/18 20:27:57 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2012/02/18 20:27:57 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2012/02/18 20:27:56 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2012/02/18 20:27:56 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2012/02/18 20:27:55 | 003,296,600 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll
[2012/02/18 20:27:55 | 000,103,256 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll
[2012/02/18 20:27:55 | 000,061,272 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll
[2012/02/18 20:27:54 | 003,327,320 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll
[2012/02/18 20:27:54 | 000,587,096 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek2.dll
[2012/02/18 20:27:54 | 000,345,944 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll
[2012/02/18 20:27:54 | 000,252,760 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll
[2012/02/18 20:27:54 | 000,088,408 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll
[2012/02/18 20:27:53 | 001,836,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2012/02/18 20:27:53 | 000,259,928 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll
[2012/02/18 20:27:53 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2012/02/18 20:27:52 | 000,357,712 | ---- | C] (Knowles Acoustics ) -- C:\Windows\System32\KAAPORT.dll
[2012/02/18 20:27:52 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2012/02/18 20:27:51 | 001,740,352 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2012/02/18 20:27:51 | 000,601,704 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
[2012/02/18 20:27:51 | 000,327,168 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PREC32.dll
[2012/02/18 20:27:50 | 001,509,480 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
[2012/02/18 20:27:50 | 000,631,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
[2012/02/18 20:27:50 | 000,413,696 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PLFX32.dll
[2012/02/18 20:27:50 | 000,390,656 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PGFX32.dll
[2012/02/18 20:27:49 | 001,292,904 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
[2012/02/18 20:27:49 | 000,458,344 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
[2012/02/18 20:27:49 | 000,375,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
[2012/02/18 20:27:49 | 000,218,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[2012/02/18 20:27:48 | 001,220,200 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
[2012/02/18 20:27:48 | 000,389,736 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
[2012/02/18 20:27:48 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
[2012/02/18 20:27:48 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[2012/02/18 20:27:47 | 000,654,952 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
[2012/02/18 20:01:38 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{BDABA617-0191-4525-BFE4-22CD1D4C51B4}
[2012/02/18 20:01:20 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{5B6C6367-9446-4EEE-83C1-C2616DDD13F0}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/19 19:03:05 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 19:03:05 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 18:57:02 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1746826367-1287877529-936054660-1000UA.job
[2012/03/19 18:55:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/19 18:55:39 | 795,832,320 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/19 13:56:53 | 002,878,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/19 13:53:38 | 000,000,046 | ---- | M] () -- C:\Windows\System32\_WKERNEL.FRE
[2012/03/19 00:39:41 | 000,003,035 | ---- | M] () -- C:\Users\elesh\Desktop\NorthEastVoIP_Phone.lnk
[2012/03/18 11:57:02 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1746826367-1287877529-936054660-1000Core.job
[2012/03/17 15:23:10 | 000,000,400 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/03/17 00:19:03 | 000,183,146 | ---- | M] () -- C:\Users\elesh\Desktop\Untitled.jpg
[2012/03/16 22:32:01 | 000,013,573 | ---- | M] () -- C:\Users\elesh\Desktop\msconfig - Shortcut.lnk
[2012/03/12 21:09:21 | 000,692,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/12 21:09:21 | 000,133,004 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/06 14:25:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/29 23:37:46 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\WinUtilities.lnk
[2012/02/22 01:20:38 | 000,095,979 | ---- | M] () -- C:\Users\elesh\Documents\My Movie.wlmp
[2012/02/21 12:54:17 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\elesh\Desktop\OTL.exe
[2012/02/21 00:41:05 | 000,049,152 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2012/02/20 03:26:43 | 000,002,004 | -H-- | M] () -- C:\Users\elesh\Documents\Default.rdp
[2012/02/20 00:23:43 | 000,000,218 | ---- | M] () -- C:\Users\elesh\.recently-used.xbel
[2012/02/19 21:22:16 | 003,967,730 | ---- | M] () -- C:\Users\elesh\Desktop\7_Stereo_love.mp3
[2012/02/19 20:18:11 | 001,919,104 | ---- | M] () -- C:\Users\elesh\Desktop\mujhe pyar hai tumse.mp3
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/19 00:39:41 | 000,003,035 | ---- | C] () -- C:\Users\elesh\Desktop\NorthEastVoIP_Phone.lnk
[2012/03/17 00:06:32 | 000,183,146 | ---- | C] () -- C:\Users\elesh\Desktop\Untitled.jpg
[2012/03/16 22:32:01 | 000,013,573 | ---- | C] () -- C:\Users\elesh\Desktop\msconfig - Shortcut.lnk
[2012/03/06 14:03:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/06 14:03:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/06 14:03:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/06 14:03:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/06 14:03:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/28 01:40:01 | 000,000,400 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/02/21 15:41:26 | 000,095,979 | ---- | C] () -- C:\Users\elesh\Documents\My Movie.wlmp
[2012/02/20 03:23:24 | 000,002,004 | -H-- | C] () -- C:\Users\elesh\Documents\Default.rdp
[2012/02/20 00:23:43 | 000,000,218 | ---- | C] () -- C:\Users\elesh\.recently-used.xbel
[2012/02/19 20:26:58 | 003,967,730 | ---- | C] () -- C:\Users\elesh\Desktop\7_Stereo_love.mp3
[2012/02/19 20:17:46 | 001,919,104 | ---- | C] () -- C:\Users\elesh\Desktop\mujhe pyar hai tumse.mp3
[2012/02/18 20:27:56 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/02/15 18:58:33 | 000,007,636 | ---- | C] () -- C:\Users\elesh\AppData\Local\resmon.resmoncfg
[2012/01/31 16:35:42 | 000,000,237 | ---- | C] () -- C:\Windows\fnerr.dat
[2012/01/28 21:06:56 | 000,044,228 | ---- | C] () -- C:\Users\elesh\AppData\Local\RAContactHistory.xml
[2012/01/19 18:04:40 | 000,000,600 | ---- | C] () -- C:\Users\elesh\AppData\Roaming\winscp.rnd
[2011/12/23 02:17:27 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/12/23 02:14:43 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== LOP Check ==========

[2011/12/23 02:03:45 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\Airytec
[2012/01/19 22:50:46 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\Azureus
[2012/01/19 17:22:05 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\FileZilla
[2012/02/20 00:18:32 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\gtk-2.0
[2011/12/24 03:29:20 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\IrfanView
[2012/03/19 00:40:03 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\NorthEastVoIP_Phone
[2011/12/26 09:08:06 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\OpenOffice.org
[2012/01/28 21:05:49 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\PeerNetworking
[2012/01/18 16:41:14 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\TeamViewer
[2012/02/26 13:06:40 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\uTorrent
[2012/02/02 13:25:05 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\Windows Live Writer
[2012/03/17 02:12:40 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:1677AB3F

< End of report >


OTL safe mode


OTL logfile created on: 3/19/2012 7:37:35 PM - Run 6
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Users\elesh\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

1011.95 Mb Total Physical Memory | 571.30 Mb Available Physical Memory | 56.46% Memory free
1.99 Gb Paging File | 1.56 Gb Available in Paging File | 78.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 44.04 Gb Total Space | 14.55 Gb Free Space | 33.03% Space Free | Partition Type: NTFS
Drive D: | 61.90 Gb Total Space | 5.15 Gb Free Space | 8.33% Space Free | Partition Type: NTFS

Computer Name: ELESH-LAPTOP | User Name: elesh | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/21 12:54:17 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\elesh\Desktop\OTL.exe
PRC - [2011/02/25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/15 07:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/22 06:06:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/12/22 02:37:44 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/05/29 01:54:28 | 000,135,168 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffWeb)
SRV - [2011/05/29 01:54:28 | 000,135,168 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffScheduler)
SRV - [2011/01/26 11:36:49 | 000,309,760 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV - [2010/11/20 17:49:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 17:49:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 17:48:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/07/14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 06:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/11/23 15:14:50 | 002,227,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/09/01 23:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/08/02 17:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/07/22 11:28:26 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2010/11/20 18:00:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 18:00:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 18:00:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 15:54:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 15:51:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 15:29:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 14:44:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 14:44:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-IN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6A 9C D0 BC 9D C0 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..keyword.URL: "http://in.search.yah...type=937811&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\elesh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\elesh\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\elesh\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\elesh\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/19 13:31:16 | 000,000,000 | ---D | M]

[2011/12/22 02:14:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\elesh\AppData\Roaming\Mozilla\Extensions
[2012/01/03 20:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\elesh\AppData\Roaming\Mozilla\Firefox\Profiles\u6pq6uug.default\extensions
[2012/03/01 12:57:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/18 20:25:12 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/17 07:08:42 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/12/17 06:55:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/17 07:08:42 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/12/17 07:08:42 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/12/17 07:08:42 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/03/06 14:25:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DriverMax_RESTART] C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B97964C-FCF7-4D5F-A734-D877C0CEED27}: DhcpNameServer = 202.56.230.5 202.56.230.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BDFB466-D289-4C67-A151-35FB57795D24}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87BB6E09-22D3-43F3-BCB4-5E3D9103ABC3}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\Windows\System32\acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/19 14:26:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012/03/19 14:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2012/03/19 11:03:47 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{0EDE7DA6-4092-4CD4-807D-4A1FA89AECFD}
[2012/03/19 11:03:33 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{E41BC281-B354-4BC6-964F-42114A2BB5BE}
[2012/03/19 00:40:03 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Roaming\NorthEastVoIP_Phone
[2012/03/19 00:39:41 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NorthEastVoIP_Phone
[2012/03/19 00:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\NorthEastVoIP_Phone
[2012/03/18 23:03:01 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{61B64E10-749E-4612-BA4D-E7A4139A2C90}
[2012/03/18 23:02:44 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{2C0787A4-C80C-4639-A503-B2AF81A35D49}
[2012/03/18 11:01:48 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{B07B4C5A-8DA4-4A9B-B8D0-A2C46A16873B}
[2012/03/18 11:01:34 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{DC347685-2AE2-42B0-9A78-98A4733766A7}
[2012/03/17 15:24:39 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{DBFFE3DF-24BE-4976-9A8E-23F14C6748D4}
[2012/03/17 15:24:23 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{A5FB9CDE-A02A-4E12-88C2-0394133676E0}
[2012/03/17 03:03:00 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{2AE03A36-9DB0-430C-9A11-73BF3A4D5A09}
[2012/03/17 03:02:46 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{5B281C5D-EA24-41DA-A5F8-0B67E6EFF60D}
[2012/03/16 10:47:41 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{7446A99B-AC45-4409-A7DE-E97A62F2B539}
[2012/03/16 10:47:23 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{F14E92A5-887B-4FE5-84FA-EDB1DB054169}
[2012/03/15 12:40:24 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{802DB80A-5659-4AE7-90D3-A63FB5BEEE8E}
[2012/03/15 12:40:08 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{D6FD6515-F4E7-4F3B-A18F-ABB56E91BCE7}
[2012/03/14 16:03:58 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{772BA675-9547-495B-9C0D-C62111798AE5}
[2012/03/14 16:03:45 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{40E21349-7E84-49A5-9B0A-5CF67DEA9622}
[2012/03/14 01:50:11 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{E223F7E8-1D95-4089-8E9D-42B4DDBD08DC}
[2012/03/14 01:49:54 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{C696B358-96D0-4D35-A1C8-D8C8E6033FAE}
[2012/03/13 13:49:06 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{BE8AEA59-2726-4109-AD10-B8E52CB37958}
[2012/03/13 13:48:46 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{725BBB09-AE5D-4157-AAF6-B5D012FC06AD}
[2012/03/12 20:03:35 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{5722B9FC-DE24-41C6-B38B-0CFAEDB37FF5}
[2012/03/12 20:03:19 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{C8AC53EF-437F-480E-9A95-E03ECD368CE6}
[2012/03/12 16:00:36 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{4337FAAA-BCF7-4F11-A4BC-B7983DF18AE9}
[2012/03/08 21:05:59 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{1AE00A05-D1C3-4CF9-9288-2196900C013D}
[2012/03/08 20:33:01 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{98126BED-69D0-40EF-AFB1-89C8C7CA8A9D}
[2012/03/08 19:03:51 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{E6FB845A-96A9-4616-9896-69B8F4B02F2B}
[2012/03/08 18:10:02 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{644E937A-4A93-403D-9F5E-0EEDBBE2221B}
[2012/03/07 14:47:16 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{83C08F97-61DA-4FC2-8FC3-9130684A03D2}
[2012/03/07 14:46:59 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{4D2913F5-B5C4-499E-B2C0-E42FFF608B30}
[2012/03/06 22:40:45 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{2186F577-6782-46C9-8F5C-EEEAF9677EAD}
[2012/03/06 22:40:30 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{8DA3A460-7F31-4BD3-8AC7-F94A50EE261E}
[2012/03/06 14:33:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/06 14:33:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/06 14:33:23 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\temp
[2012/03/06 14:03:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/06 14:03:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/06 14:03:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/06 14:02:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/06 14:00:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/06 10:39:56 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{2F01F8CD-7BFB-4F66-A151-F5D224CE730A}
[2012/03/05 12:57:45 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{53C0133D-27EB-4401-B3E1-2D3CDC04854E}
[2012/03/05 12:57:29 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{BFB3F2A2-989B-4759-A09F-B3420578887F}
[2012/03/05 00:56:54 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{AC3CE502-378F-4D93-9AA5-44DA70F829F1}
[2012/03/04 11:29:48 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{A190630F-0970-4233-9501-358B880833C5}
[2012/03/04 11:29:33 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{B95B0334-B65A-484F-918F-35A25AF5EBFE}
[2012/03/03 23:28:55 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{EADF7C8A-B071-4188-B05C-7D3988C5C06B}
[2012/03/03 11:28:17 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{941BE42B-F3E4-4667-AB48-8211C4B42B55}
[2012/03/03 11:28:02 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{0F08B22D-41A2-4755-975A-4E68EC6F3F3D}
[2012/03/02 20:10:27 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{12CDE02B-CA99-4606-B532-C56B2644A886}
[2012/03/02 20:10:03 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{1792094C-7FED-44EB-B9CE-820F8FECDD98}
[2012/03/01 23:19:40 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{33AD74F7-F086-42CE-A061-9C5D0573066D}
[2012/03/01 23:19:23 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{DFEF6147-E0F0-448B-A28D-1FFA2DBDFC86}
[2012/03/01 12:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/01 11:18:36 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{F226E03C-C854-4212-898B-85ABEB273A9A}
[2012/03/01 11:18:20 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{A0540D72-BAD2-49CE-A7BC-427648DBD539}
[2012/02/29 22:34:26 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{2AFEFFB3-8E09-48F7-9495-3E2A097DCE25}
[2012/02/29 22:34:08 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{2F0E0B41-7B66-424C-BC4E-CCFF9872F9B1}
[2012/02/29 13:56:10 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{D75B237F-1E24-421E-AE87-2D323A3353B1}
[2012/02/29 13:55:44 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{DC4B54DA-4AB7-40E3-810F-00ED307AB16B}
[2012/02/28 15:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/02/28 14:08:59 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{C1E97428-8528-4741-8775-ADADD757E083}
[2012/02/28 14:08:45 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{CB2F8AF4-C284-4311-BB9C-14FE03D759BB}
[2012/02/28 02:08:11 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{1A795621-AC01-4C7F-B124-77E0BF914079}
[2012/02/28 02:07:56 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{46393C60-FCE9-414C-8086-F075AC6B2B66}
[2012/02/27 23:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\UltraISO
[2012/02/27 14:03:50 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{7FF01772-DBB2-4A2B-8D7A-E10A55D71D1B}
[2012/02/27 14:03:33 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{FA483961-FEF6-4612-8161-D8E08A1C2EF1}
[2012/02/26 20:25:52 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{EA448508-EA65-44C1-958C-414FF2F40E74}
[2012/02/26 20:25:29 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{855CE367-FD4D-4D9A-AB99-64F902F32A11}
[2012/02/26 06:28:59 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{D89C4470-50C6-48D1-AB3E-FFDA91A1448B}
[2012/02/26 06:28:41 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{F0F2982A-25CF-4890-8A74-AB62438922A4}
[2012/02/25 18:28:02 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{58A48458-CBB9-4EEA-84C7-B916186696F7}
[2012/02/25 18:27:47 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{B76DC191-A9EA-41CD-A78A-4A35A48890DC}
[2012/02/24 12:10:00 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{CE1E7139-7554-4095-9B67-AACE7DC6987A}
[2012/02/22 12:29:54 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{D6274274-EFA7-4B7F-9DDB-A43A4EEB6667}
[2012/02/22 12:29:40 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{533C871C-A57C-4BEF-88F3-857CB2949718}
[2012/02/22 00:29:06 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{9C8AB919-E296-4114-9C32-C33E58B07F49}
[2012/02/22 00:28:51 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{F4851368-192F-44D6-824F-8EA6C866ECB8}
[2012/02/21 12:53:55 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Users\elesh\Desktop\OTL.exe
[2012/02/21 12:28:18 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{261E7A73-D306-4414-9E19-D296BCD768C9}
[2012/02/21 12:28:02 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{32EA7B36-1B66-46B0-9E31-1962A0EA106C}
[2012/02/21 01:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2012/02/21 00:27:29 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{1AF92FCF-5E3F-474A-A764-D30D8EB4F117}
[2012/02/21 00:27:13 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{FB17E052-91CC-410E-9372-00B42DD2B81E}
[2012/02/20 12:26:39 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{DA68E1DB-E40F-427A-AB00-834C3DB0CD80}
[2012/02/20 12:26:20 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{50EE2486-4D18-48C5-A31B-BB954400D6DD}
[2012/02/20 03:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2012/02/20 03:02:56 | 000,000,000 | ---D | C] -- C:\Program Files\SmartSound Software
[2012/02/20 03:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc
[2012/02/20 03:01:35 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2012/02/20 03:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
[2012/02/20 03:00:51 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/02/20 03:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/02/20 02:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2012/02/20 00:18:32 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Roaming\gtk-2.0
[2012/02/20 00:15:05 | 000,000,000 | ---D | C] -- C:\Users\elesh\Documents\LongoMatch
[2012/02/19 18:06:48 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{3C95AA99-9764-4DCE-8DE7-6FDAEE7E0F42}
[2012/02/19 18:06:29 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{4DEE394C-95DD-41E3-A686-AEA30090541F}
[2012/02/18 20:29:01 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/02/18 20:29:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2012/02/18 20:28:08 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2012/02/18 20:28:07 | 001,725,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
[2012/02/18 20:28:06 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2012/02/18 20:28:05 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2012/02/18 20:28:05 | 000,214,368 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFNHK.dll
[2012/02/18 20:28:05 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2012/02/18 20:28:05 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2012/02/18 20:28:04 | 000,074,080 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFCOM.dll
[2012/02/18 20:28:04 | 000,068,960 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFAPO.dll
[2012/02/18 20:27:57 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2012/02/18 20:27:57 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2012/02/18 20:27:57 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2012/02/18 20:27:57 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2012/02/18 20:27:56 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2012/02/18 20:27:56 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2012/02/18 20:27:55 | 003,296,600 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll
[2012/02/18 20:27:55 | 000,103,256 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll
[2012/02/18 20:27:55 | 000,061,272 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll
[2012/02/18 20:27:54 | 003,327,320 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll
[2012/02/18 20:27:54 | 000,587,096 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek2.dll
[2012/02/18 20:27:54 | 000,345,944 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll
[2012/02/18 20:27:54 | 000,252,760 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll
[2012/02/18 20:27:54 | 000,088,408 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll
[2012/02/18 20:27:53 | 001,836,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2012/02/18 20:27:53 | 000,259,928 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll
[2012/02/18 20:27:53 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2012/02/18 20:27:52 | 000,357,712 | ---- | C] (Knowles Acoustics ) -- C:\Windows\System32\KAAPORT.dll
[2012/02/18 20:27:52 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2012/02/18 20:27:51 | 001,740,352 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2012/02/18 20:27:51 | 000,601,704 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
[2012/02/18 20:27:51 | 000,327,168 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PREC32.dll
[2012/02/18 20:27:50 | 001,509,480 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
[2012/02/18 20:27:50 | 000,631,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
[2012/02/18 20:27:50 | 000,413,696 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PLFX32.dll
[2012/02/18 20:27:50 | 000,390,656 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PGFX32.dll
[2012/02/18 20:27:49 | 001,292,904 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
[2012/02/18 20:27:49 | 000,458,344 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
[2012/02/18 20:27:49 | 000,375,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
[2012/02/18 20:27:49 | 000,218,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[2012/02/18 20:27:48 | 001,220,200 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
[2012/02/18 20:27:48 | 000,389,736 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
[2012/02/18 20:27:48 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
[2012/02/18 20:27:48 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[2012/02/18 20:27:47 | 000,654,952 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
[2012/02/18 20:01:38 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{BDABA617-0191-4525-BFE4-22CD1D4C51B4}
[2012/02/18 20:01:20 | 000,000,000 | ---D | C] -- C:\Users\elesh\AppData\Local\{5B6C6367-9446-4EEE-83C1-C2616DDD13F0}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/19 19:36:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/19 19:36:27 | 795,832,320 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/19 19:03:05 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 19:03:05 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 18:57:02 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1746826367-1287877529-936054660-1000UA.job
[2012/03/19 13:56:53 | 002,878,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/19 13:53:38 | 000,000,046 | ---- | M] () -- C:\Windows\System32\_WKERNEL.FRE
[2012/03/19 00:39:41 | 000,003,035 | ---- | M] () -- C:\Users\elesh\Desktop\NorthEastVoIP_Phone.lnk
[2012/03/18 11:57:02 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1746826367-1287877529-936054660-1000Core.job
[2012/03/17 15:23:10 | 000,000,400 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/03/17 00:19:03 | 000,183,146 | ---- | M] () -- C:\Users\elesh\Desktop\Untitled.jpg
[2012/03/16 22:32:01 | 000,013,573 | ---- | M] () -- C:\Users\elesh\Desktop\msconfig - Shortcut.lnk
[2012/03/12 21:09:21 | 000,692,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/12 21:09:21 | 000,133,004 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/06 14:25:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/29 23:37:46 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\WinUtilities.lnk
[2012/02/22 01:20:38 | 000,095,979 | ---- | M] () -- C:\Users\elesh\Documents\My Movie.wlmp
[2012/02/21 12:54:17 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\elesh\Desktop\OTL.exe
[2012/02/21 00:41:05 | 000,049,152 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2012/02/20 03:26:43 | 000,002,004 | -H-- | M] () -- C:\Users\elesh\Documents\Default.rdp
[2012/02/20 00:23:43 | 000,000,218 | ---- | M] () -- C:\Users\elesh\.recently-used.xbel
[2012/02/19 21:22:16 | 003,967,730 | ---- | M] () -- C:\Users\elesh\Desktop\7_Stereo_love.mp3
[2012/02/19 20:18:11 | 001,919,104 | ---- | M] () -- C:\Users\elesh\Desktop\mujhe pyar hai tumse.mp3
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/19 00:39:41 | 000,003,035 | ---- | C] () -- C:\Users\elesh\Desktop\NorthEastVoIP_Phone.lnk
[2012/03/17 00:06:32 | 000,183,146 | ---- | C] () -- C:\Users\elesh\Desktop\Untitled.jpg
[2012/03/16 22:32:01 | 000,013,573 | ---- | C] () -- C:\Users\elesh\Desktop\msconfig - Shortcut.lnk
[2012/03/06 14:03:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/06 14:03:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/06 14:03:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/06 14:03:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/06 14:03:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/28 01:40:01 | 000,000,400 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/02/21 15:41:26 | 000,095,979 | ---- | C] () -- C:\Users\elesh\Documents\My Movie.wlmp
[2012/02/20 03:23:24 | 000,002,004 | -H-- | C] () -- C:\Users\elesh\Documents\Default.rdp
[2012/02/20 00:23:43 | 000,000,218 | ---- | C] () -- C:\Users\elesh\.recently-used.xbel
[2012/02/19 20:26:58 | 003,967,730 | ---- | C] () -- C:\Users\elesh\Desktop\7_Stereo_love.mp3
[2012/02/19 20:17:46 | 001,919,104 | ---- | C] () -- C:\Users\elesh\Desktop\mujhe pyar hai tumse.mp3
[2012/02/18 20:27:56 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/02/15 18:58:33 | 000,007,636 | ---- | C] () -- C:\Users\elesh\AppData\Local\resmon.resmoncfg
[2012/01/31 16:35:42 | 000,000,237 | ---- | C] () -- C:\Windows\fnerr.dat
[2012/01/28 21:06:56 | 000,044,228 | ---- | C] () -- C:\Users\elesh\AppData\Local\RAContactHistory.xml
[2012/01/19 18:04:40 | 000,000,600 | ---- | C] () -- C:\Users\elesh\AppData\Roaming\winscp.rnd
[2011/12/23 02:17:27 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/12/23 02:14:43 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== LOP Check ==========

[2011/12/23 02:03:45 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\Airytec
[2012/01/19 22:50:46 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\Azureus
[2012/01/19 17:22:05 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\FileZilla
[2012/02/20 00:18:32 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\gtk-2.0
[2011/12/24 03:29:20 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\IrfanView
[2012/03/19 00:40:03 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\NorthEastVoIP_Phone
[2011/12/26 09:08:06 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\OpenOffice.org
[2012/01/28 21:05:49 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\PeerNetworking
[2012/01/18 16:41:14 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\TeamViewer
[2012/02/26 13:06:40 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\uTorrent
[2012/02/02 13:25:05 | 000,000,000 | ---D | M] -- C:\Users\elesh\AppData\Roaming\Windows Live Writer
[2012/03/17 02:12:40 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:1677AB3F

< End of report >
  • 0

#22
Crag_Hack
Posted 20 March 2012 - 01:17 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hi elesh, the next step is to terminate the two processes you mentioned. To do this press ctrl-shift-escape, go to the processes tab in the Windows Task Manager window, select the relevant process, and click End Process. See if this fixes the issue then report back to me.
  • 0

#23
elesh
Posted 21 March 2012 - 01:16 AM

elesh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Crag

I tried but that didn't help either.



Sad.
  • 0

#24
Crag_Hack
Posted 21 March 2012 - 02:17 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hi elesh, I only have one more recommendation - that is to do a system restore to a date prior to when the symptoms manifested themselves. Other than that I don't know exactly what to do. If that doesn't fix your problem you can seek help in this forum - you are running windows 7 right?

It's cleanup time now. Also here is my final speech with tips on staying clean.

Press the Windows key and the R key at the same time
Copy/paste the following bolded text into the Run box and click OK:
ComboFix /Uninstall

You can now remove all the tools that were used to disinfect your computer by running OTL and clicking the CleanUp button.

Now that your computer is disinfected it is important to keep it that way. What follows are guidelines to keeping your computer malware-free.

You absolutely must have an antivirus program installed. This is important because the antivirus program runs in the background of the computer and prevents viruses from both infecting the computer and doing malicious things to the computer. This can prevent many infections in the first place. Just as a city without police would be chaotic so would a computer with an anti-virus program. I recommend the free programs Avira AntiVir Personal and avast! Free Anti-Virus or the paid programs Bit Defender Anti-Virus and Kaspersky Anti-Virus. Also make absolutely sure to only have one anti-virus installed as more than one can slow your computer, create software conflicts, and increase your vulnerability to viruses and malware.


It is also advised to have an anti-spyware program as well. I recommend the paid version of Malwarebytes' Anti-Malware. This program complementing your anti-virus can protect your computer from most infections out there. Make absolutely sure to only have one anti-spyware installed as more than one can slow your computer, create software conflicts, and increase your vulnerability to viruses and malware.

A program to complement your anti-virus and anti-spyware with passive protection is SpywareBlaster. SpywareBlaster is not a malware scanner or removal tool and uses no system resources except a little disk space. It does a great job of preventing malware from being installed in the first place! It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them from malicious websites. You can download it here. To use it to protect your computer install it then do the following regularly at your concenience (once a week is adequate):
  • Run SpywareBlaster
  • Click Updates on the left of the screen
  • Click the 'Check for Updates' button and let the program update
  • Click 'Protection Status' on the left of the screen
  • Click 'Enable All Protection' on the bottom of the screen and SpywareBlaster will implement its protection
  • Exit the program

Another important thing to have installed is a firewall to secure communications to and from your computer. The firewall prevents inbound communications from the Internet to your computer that could be malicious in nature. Some firewalls also regulate outbound communications from your computer to the Internet that could be malicious as well. Inbound communications can take advantage of security holes in software running on your computer to gain control of your computer and infect you with malware. Outbound communications can be from malware on your computer to malicious websites on the Internet, containing information about your computer usage and even your passwords. For these reasons it is essential to the security of your computer to install a firewall. Make sure to only install one firewall as any more than that would prove to be redundant - one firewall is just as effective as multiple ones. Also more than one firewall could cause software conflicts. This applies to the Windows firewall as well - if you use a third-party firewall make sure to disable the Windows firewall. I recommend ZoneAlarm Free Firewall or Comodo Firewall as free solutions or Outpost Firewall Pro as a paid solution.

Besides these measures, an equally important step to take to protect your computer from malware is to update all programs regularly and do Windows Updates as well. Windows, Java, Adobe Flash, PDF readers, and other programs have security holes in them that leave your computer vulnerable to malicious code from hackers that could infect your computer with malware when taken advantage of. For this reason it is important to always update programs when prompted. Windows Updates is enabled by default in Windows and Java, Flash, and others have auto-update programs enabled by default as well. You will not have to worry about setting up the auto-update feature for these programs unless you altered the settings to begin with. Make sure as well to never update a program via e-mail - companies will never send e-mails to update their products. In order to help you update programs you might want to download and run FileHippo.com Update Checker from here. This program will tell you which programs need to be updated. Instructions for automating Windows Updates follow:

1. Right click My Computer and select properties
2. Select the automatic updates tab
3. Select the automatic option and configure appropriately

One last thing to consider is to exercise caution when browsing the web and viewing e-mails. Try to stay away from non-reputable websites including websites for software piracy and pornography. By staying away from these websites you decrease your chances of malware infection significantly. To help you exercise caution in your browsing habits you can download and install Web of Trust into your web browser here. This program will install in your browser and color code the website you are viewing to inform you if it is safe or not; green means safe, yellow means proceed with caution, and red means danger. Viewing e-mails should also be done with caution. If you don't recognize an email as one from a known or requested source then you will be safer to avoid opening it. File attachments should be opened only with extreme caution as they can contain files that exploit security holes on your computer and infect you with malware. Never open an attachment unless you are expecting it or you verify that the sender intended to send it to you. Also make sure to scan the attachment before opening it.

You might want to use an alternate browser than Internet Explorer. Firefox and Google Chrome are excellent candidates. They are more secure than Internet Explorer and are just as functional. You can download Google Chrome here and Firefox here.

Something just as important as preventing infection by malware is to backup your data. You can read about different methods here.

Some articles you might be interested in reading to reiterate points I have addressed in this post as well as make new points follow:

By following these steps you should ensure that you most likely will never get infected with malware again. Good luck and safe browsing!

-Josh
  • 0

#25
elesh
Posted 22 March 2012 - 12:17 AM

elesh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Crag


Thanks for your help and patience, will follow as advised.
Regards
  • 0

Advertisements

#26
Elise
Posted 26 March 2012 - 11:38 PM

Elise

    Emsisoft Research

  • Expert
  • 3,389 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP