Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware attack. [Closed]


  • This topic is locked This topic is locked

#1
rmsiyer

rmsiyer

    New Member

  • Member
  • Pip
  • 5 posts
Kindly see the logsheet generated by OTL.Suddenly, I could hear blip sounds while working on my machine. Atleast 120 emails were generated and sent to the person in the contact list from my yahoo id though I did not send any of them. Most of them were returned undelivered. Kindly check the machine status as soon as possible.

Kind regards

OTL Extras logfile created on: 29-04-2012 00:08:33 - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\hp\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

2.92 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 60.20% Memory free
5.84 Gb Paging File | 4.25 Gb Available in Paging File | 72.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 253.78 Gb Free Space | 85.16% Space Free | Partition Type: NTFS

Computer Name: HP-PC | User Name: hp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DDB6C35-C9AC-4E10-B46A-C279610AAD2E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1FC715FD-C2B7-4A63-91DC-F9D9DDEF5F77}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2B4E1FB3-1D29-4E88-A7EB-9A0C5D75227F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2ED76718-1A4A-463F-9A32-EBE43A7C1045}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{326C31CD-C78E-49A8-8EC6-D6A956D3CF03}" = rport=138 | protocol=17 | dir=out | app=system |
"{340D622E-8D81-44D9-A29F-48687EEE7D99}" = lport=445 | protocol=6 | dir=in | app=system |
"{3456E6F6-1FD8-44DF-9A26-78464F5B29B3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{422A3A42-3A98-41F3-BBEF-84989BF29C6C}" = rport=137 | protocol=17 | dir=out | app=system |
"{57084F48-C3E6-4D76-8346-6BFCC680A908}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{5EC01920-D583-412E-A833-43D994B35C12}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6187F4FA-9BBD-497C-90BB-ADB34AC5189A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6EBEA818-6CF3-4D32-87E4-4596A3F7110B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7D357A8F-FF00-491D-9B9A-F99319E49499}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AF913A42-A894-4C3F-BA5F-E6A542342212}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B380C856-DD3C-4F57-B435-843F06C44217}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BA83321B-63CD-45BA-B29C-568098393A6A}" = lport=139 | protocol=6 | dir=in | app=system |
"{C0691E6D-4FEB-4C92-81EE-844097140B2B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CD3D1B02-CE40-496C-AEDD-600AF3763A50}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E5996735-B27C-4D9C-8B33-51690A607519}" = rport=139 | protocol=6 | dir=out | app=system |
"{EEE3DDB1-A8E0-4312-9894-8A6CC93C7680}" = lport=138 | protocol=17 | dir=in | app=system |
"{F698CCB7-0538-4B1A-9BE8-36EA736DCE7E}" = lport=137 | protocol=17 | dir=in | app=system |
"{F6F51E24-D74F-4582-92EC-9CA611FBCE06}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FD01DD4C-988E-4CC4-B4A1-1C306BE7E6D1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FF18D5C2-5430-4741-A7B7-5E47CFC6BABD}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15E67B30-0D26-4DAE-A672-67333796FD24}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1DA4D382-D1D1-473B-960D-2BE4F644DC26}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{203ACA2D-F82D-4ACB-A22D-1248EECE8C6E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2678EDE3-033D-4990-8268-E16AB77E32F0}" = protocol=58 | dir=in | [email protected],-28545 |
"{3FB9E2A3-F83D-4077-BF14-8FF681F9B072}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4FD7564E-87E3-4C19-8A20-EDAD9C2EDEAD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5302FC81-393C-44DD-A5FA-F2EA869542F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{540D0D05-1313-4A8E-BE86-6C2A8C314C54}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{582934A5-F87A-4631-BE97-F1F38D89DC1B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5FC051B0-352C-4138-B4FD-D9C50B6FFE9A}" = protocol=1 | dir=in | [email protected],-28543 |
"{61C9D2E8-733A-49B2-938F-28BC333591BB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{63F1C421-B276-49A7-B8DF-2F0DD110E947}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6CEE76B5-D222-423B-BCB0-9D7826648C02}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7BA01A0B-14B9-4ECE-8EB5-D6E65497660C}" = protocol=6 | dir=out | app=system |
"{7BF0F24F-4048-416E-A380-B8CCF21AE82E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{81574000-767C-407B-8AC8-ABB0D531AD69}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9293DDAB-8E49-4C6C-AF9B-86A6B7BE32B6}" = protocol=58 | dir=out | [email protected],-28546 |
"{A24A0CFC-243B-420A-9FD0-57AE1F8F5FE0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ADFF49C6-5773-4ED2-868D-EAC7FD585B11}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BFF54222-8EFB-48BF-AF54-6282472FE947}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C5AED60A-E62A-498E-9BA3-618F46D9F78E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D17A4792-D2FD-4FC8-939F-BD3E125638EF}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D2D98266-1ECD-4026-80B7-86E9E2E89D66}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D8E53585-8C74-4B18-B706-2434A842CB22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E7234B5C-3313-4568-BAFB-B37941F5F033}" = protocol=1 | dir=out | [email protected],-28544 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A419-40A5-BD20-04BF618CA0F9}" = QuickBooks Simple Start 2010 Free Edition
"{071D7C92-3477-13E9-732D-C59794C3BC7C}" = CCC Help Polish
"{0C07CBAC-F2DF-4849-A284-E4255A2F9464}" = SafeNet Authentication Client 8.0
"{0D70F1A8-C546-5339-68FC-DAAAC4DB6AF1}" = ccc-core-static
"{0D97C559-8699-58CF-EB56-1E996EAFE75A}" = ATI Catalyst Install Manager
"{0F54DD2D-0727-2A99-AE85-F5F771E64C74}" = CCC Help Turkish
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413" = CanoScan LiDE 100 Scanner Driver
"{125D8F18-C773-2921-1F68-46F82F12C5CF}" = CCC Help Hungarian
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager
"{1AE2A154-F58B-7B7B-3201-BF6F29C8D3E4}" = CCC Help Italian
"{1DCFBD56-54B3-E5AC-D22C-B0BD2669D52B}" = Catalyst Control Center Localization All
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F44A5A0-017F-D54D-DD7D-74A67944DB63}" = CCC Help Chinese Traditional
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2C5C91FC-06AA-CFCD-6D2E-12896F472F6E}" = CCC Help Czech
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34E6F14D-68F9-486D-87BA-6AA8431F3F44}" = Drive Encryption for HP ProtectTools
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{391255B8-EF86-B606-66FA-C9A55A61714C}" = CCC Help Spanish
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{458BE236-23C8-98EA-AEAC-D657ED34DA89}" = Catalyst Control Center Graphics Full New
"{4C6E7BA9-6139-7138-F1B8-27A16BCC6EB3}" = Catalyst Control Center Graphics Previews Vista
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{57153451-D67A-C1AC-B5C0-75805EA4D896}" = CCC Help Japanese
"{5DCBD841-3768-4D3A-8517-65BFB87E05D3}" = Validity Fingerprint Driver
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6257E290-5E8E-11D4-9B8D-00D0B72459DD}" = SafeNet iKey Driver v4.1.1.5
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{67C090D6-109A-47D7-8DED-4160C4D96F32}" = HP 3D DriveGuard
"{6E590919-EFD8-6559-3892-195B14D5C4FC}" = CCC Help Swedish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142190}" = Java 2 Runtime Environment, SE v1.4.2_19
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{747DC616-0DDF-E45B-C06F-C48531E80927}" = ccc-utility
"{76EA9BD5-0CAD-7519-A389-3ADC073AEC48}" = CCC Help Thai
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AF3CEC5-36BF-1E2B-BF2F-647AC0514806}" = CCC Help Portuguese
"{7EB4C260-3797-BE13-DB06-CC0ECCFEEC1B}" = CCC Help Danish
"{801E22F6-9F85-18D3-C5A2-9D905CDBA5CC}" = CCC Help Greek
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{909FA9C3-A931-9DDB-F913-F0A12698B516}" = CCC Help Finnish
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{A10B9E4E-9C40-4491-A3E1-C2B53DAB03C1}" = Facebook Messenger 2.0.4478.0
"{A366D90D-EE9F-A465-213B-AC32D31A385D}" = CCC Help Norwegian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAB49CB7-FE7C-44CE-A19B-E0602945F8A2}" = Catalyst Control Center - Branding
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B65EF674-C55E-2EBE-4522-885F000617D6}" = CCC Help English
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B8C94522-EC7F-83C0-74CE-854A7CA3E68F}" = CCC Help Dutch
"{BE3AD89B-F9B2-4E22-8FAB-BCF63190ABCD}" = HP ProtectTools Security Manager
"{C24D2E87-763B-AABD-0135-624C124D9B91}" = Catalyst Control Center Graphics Light
"{C339426D-AEE9-0A01-6FB2-1784CA63EF2A}" = CCC Help German
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{CA5EB5E2-694C-9F87-0F74-4A339F5183C1}" = Catalyst Control Center Graphics Full Existing
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{D25D0547-E4EA-B2E8-08C6-C5457C402E01}" = Catalyst Control Center Core Implementation
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = HP Webcam Driver
"{E26865E0-C11A-2666-A09C-EE909256E2F7}" = CCC Help Russian
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E644FE30-CE99-0D6D-4918-0C0BDC3EFE3F}" = CCC Help Korean
"{E793990C-90BE-4B69-AC29-BF5E8FD4ED54}" = Face Recognition for HP ProtectTools
"{EF5E8060-95BA-43CC-B1C1-878B0ACA569E}" = HP HotKey Support
"{F1520098-EA98-FC2C-A2D6-CECA4E381BCD}" = CCC Help French
"{F34203ED-86FB-9FD6-4360-B1865C9E8CB8}" = CCC Help Chinese Standard
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF5FCC49-E321-5CC0-4FBA-C40C5ED8002C}" = Catalyst Control Center InstallProxy
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"avast" = avast! Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"Belarc Advisor" = Belarc Advisor 8.2
"blekkotb" = Spam Free Search Bar
"Canon LBP3010/LBP3018/LBP3050" = Canon LBP3010/LBP3018/LBP3050
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Drive Encryption" = Drive Encryption for HP ProtectTools
"Google Chrome" = Google Chrome
"HPProtectTools" = HP ProtectTools Security Manager
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"LyricsSeeker plugins" = LyricsSeeker plugins 2.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"PROPLUS" = Microsoft Office Professional Plus 2007
"searchya" = SearchYa Toolbar on IE and Chrome
"SynTPDeinstKey" = Synaptics Pointing Device Driver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24-04-2012 01:10:12 | Computer Name = hp-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 24-04-2012 01:14:19 | Computer Name = hp-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 24-04-2012 01:14:19 | Computer Name = hp-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 24-04-2012 01:14:19 | Computer Name = hp-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 24-04-2012 11:37:52 | Computer Name = hp-PC | Source = Google Update | ID = 20
Description =

Error - 24-04-2012 23:34:49 | Computer Name = hp-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 24-04-2012 23:34:49 | Computer Name = hp-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 24-04-2012 23:34:49 | Computer Name = hp-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 26-04-2012 09:46:40 | Computer Name = hp-PC | Source = Google Update | ID = 20
Description =

Error - 28-04-2012 02:59:05 | Computer Name = hp-PC | Source = Google Update | ID = 20
Description =

[ Media Center Events ]
Error - 07-04-2012 07:34:04 | Computer Name = hp-PC | Source = MCUpdate | ID = 0
Description = 5:04:04 PM - Error connecting to the internet. 5:04:04 PM - Unable
to contact server..

Error - 07-04-2012 07:34:10 | Computer Name = hp-PC | Source = MCUpdate | ID = 0
Description = 5:04:09 PM - Error connecting to the internet. 5:04:09 PM - Unable
to contact server..

Error - 08-04-2012 06:10:52 | Computer Name = hp-PC | Source = MCUpdate | ID = 0
Description = 3:40:52 PM - Error connecting to the internet. 3:40:52 PM - Unable
to contact server..

Error - 08-04-2012 06:11:00 | Computer Name = hp-PC | Source = MCUpdate | ID = 0
Description = 3:40:57 PM - Error connecting to the internet. 3:40:57 PM - Unable
to contact server..

Error - 16-04-2012 08:10:20 | Computer Name = hp-PC | Source = MCUpdate | ID = 0
Description = 5:40:20 PM - Error connecting to the internet. 5:40:20 PM - Unable
to contact server..

Error - 16-04-2012 08:10:46 | Computer Name = hp-PC | Source = MCUpdate | ID = 0
Description = 5:40:42 PM - Error connecting to the internet. 5:40:42 PM - Unable
to contact server..

Error - 17-04-2012 06:27:38 | Computer Name = hp-PC | Source = MCUpdate | ID = 0
Description = 3:57:38 PM - Error connecting to the internet. 3:57:38 PM - Unable
to contact server..

Error - 17-04-2012 06:28:04 | Computer Name = hp-PC | Source = MCUpdate | ID = 0
Description = 3:58:01 PM - Error connecting to the internet. 3:58:01 PM - Unable
to contact server..

Error - 17-04-2012 09:33:53 | Computer Name = hp-PC | Source = MCUpdate | ID = 0
Description = 7:03:53 PM - Error connecting to the internet. 7:03:53 PM - Unable
to contact server..

Error - 17-04-2012 09:34:02 | Computer Name = hp-PC | Source = MCUpdate | ID = 0
Description = 7:03:58 PM - Error connecting to the internet. 7:03:58 PM - Unable
to contact server..

[ System Events ]
Error - 16-04-2012 01:51:25 | Computer Name = hp-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1115

Error - 16-04-2012 01:51:25 | Computer Name = hp-PC | Source = Service Control Manager | ID = 7023
Description = The Server service terminated with the following error: %%13

Error - 16-04-2012 01:54:54 | Computer Name = hp-PC | Source = BROWSER | ID = 8017
Description =

Error - 16-04-2012 01:54:54 | Computer Name = hp-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1115

Error - 16-04-2012 01:54:55 | Computer Name = hp-PC | Source = Service Control Manager | ID = 7023
Description = The Server service terminated with the following error: %%13

Error - 16-04-2012 23:44:00 | Computer Name = hp-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:04:45 AM on ?4/?17/?2012 was unexpected.

Error - 17-04-2012 04:30:07 | Computer Name = hp-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 24-04-2012 23:39:27 | Computer Name = hp-PC | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 0.0.0.0 with
the system having network hardware address 00-00-00-00-00-00. Network operations
on this system may be disrupted as a result.

Error - 26-04-2012 03:29:08 | Computer Name = hp-PC | Source = SCardSvr | ID = 610
Description =

Error - 26-04-2012 03:29:08 | Computer Name = hp-PC | Source = WudfUsbccidDriver | ID = 12
Description =


< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi I will need to see the main OTL log


  • Run OTL.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window.
  • Post this log

THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
rmsiyer

rmsiyer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Dear Moderator,

Many Thanks for your quick reply.
The first step was completed successfully and the log is posted below.

OTL logfile created on: 29-04-2012 08:59:46 - Run 2
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\hp\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

2.92 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 55.22% Memory free
5.84 Gb Paging File | 3.87 Gb Available in Paging File | 66.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 253.78 Gb Free Space | 85.16% Space Free | Partition Type: NTFS

Computer Name: HP-PC | User Name: hp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-04-29 00:07:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe
PRC - [2012-04-26 07:48:38 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
PRC - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-04-04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012-03-07 05:45:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012-03-07 05:45:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012-02-04 18:10:44 | 000,045,056 | ---- | M] (Intuit) -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010-11-20 17:47:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010-11-20 17:47:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-10-19 12:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2010-10-01 14:44:58 | 000,280,120 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2010-10-01 14:44:06 | 000,256,056 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
PRC - [2010-09-27 17:29:26 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010-07-27 19:51:22 | 000,008,392 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\SafeNet\Authentication\SAC\x32\SACSrv.exe
PRC - [2010-07-27 19:51:08 | 001,024,200 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\SafeNet\Authentication\SAC\x32\SACMonitor.exe
PRC - [2010-07-16 14:54:06 | 000,634,192 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
PRC - [2010-07-16 14:54:06 | 000,300,880 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
PRC - [2010-03-18 07:05:12 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010-03-18 07:04:42 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010-03-17 18:18:42 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010-03-17 18:18:42 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe
PRC - [2010-03-09 12:05:58 | 000,828,704 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2010-03-09 12:05:58 | 000,628,000 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2010-02-01 17:09:48 | 000,281,192 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2009-12-04 17:52:40 | 000,506,472 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\System32\uArcCapture.exe
PRC - [2009-11-05 03:16:56 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.EXE
PRC - [2009-11-05 03:16:54 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.EXE
PRC - [2009-08-25 22:27:52 | 000,354,840 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE
PRC - [2009-08-25 22:27:44 | 000,186,904 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
PRC - [2009-03-03 16:13:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe
PRC - [2008-02-20 08:16:06 | 001,119,624 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CNAB8SWK.EXE
PRC - [2008-02-20 08:14:24 | 000,181,624 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CNAP2RPK.EXE
PRC - [2007-09-06 05:18:00 | 000,406,944 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE


========== Modules (No Company Name) ==========

MOD - [2012-04-11 09:15:51 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll
MOD - [2012-04-11 09:15:23 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012-04-11 09:15:15 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012-02-15 19:16:47 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll
MOD - [2012-02-15 19:16:30 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll
MOD - [2012-02-15 16:37:03 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012-02-15 14:05:51 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012-02-15 14:05:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012-02-15 14:05:46 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011-12-30 20:08:12 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011-12-22 11:46:50 | 000,092,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
MOD - [2011-12-22 11:46:50 | 000,073,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
MOD - [2011-12-21 14:17:01 | 001,708,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3729.10007__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll
MOD - [2011-12-21 14:17:01 | 000,380,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3729.9873__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011-12-21 14:17:01 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3729.9897__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2011-12-21 14:17:01 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3729.9890__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2011-12-21 14:17:01 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3729.9884__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2011-12-21 14:17:00 | 001,302,528 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3729.10003__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
MOD - [2011-12-21 14:17:00 | 000,827,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3729.9925__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2011-12-21 14:17:00 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3729.9898__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2011-12-21 14:17:00 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3729.9975__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2011-12-21 14:17:00 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3729.9947__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2011-12-21 14:17:00 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3729.9938__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2011-12-21 14:17:00 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3729.9902__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2011-12-21 14:17:00 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3729.9897__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2011-12-21 14:17:00 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3729.9974__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2011-12-21 14:17:00 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3729.9924__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2011-12-21 14:17:00 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3729.9939__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2011-12-21 14:17:00 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3729.9930__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2011-12-21 14:17:00 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3729.9954__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2011-12-21 14:17:00 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3729.9883__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2011-12-21 14:17:00 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3729.9976__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2011-12-21 14:17:00 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3729.9938__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2011-12-21 14:17:00 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3729.9933__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2011-12-21 14:17:00 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3729.9922__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2011-12-21 14:17:00 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3729.9974__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2011-12-21 14:17:00 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3729.9930__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2011-12-21 14:17:00 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3729.9902__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2011-12-21 14:17:00 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3729.10007__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll
MOD - [2011-12-21 14:16:59 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3729.9923__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2011-12-21 14:16:59 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3729.9918__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2011-12-21 14:16:59 | 000,323,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3729.9932__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2011-12-21 14:16:59 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011-12-21 14:16:59 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3729.9865__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011-12-21 14:16:59 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3729.9863__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011-12-21 14:16:59 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3729.9954__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2011-12-21 14:16:59 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3729.9923__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2011-12-21 14:16:59 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3729.9914__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2011-12-21 14:16:59 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3729.9938__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2011-12-21 14:16:59 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3729.9894__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2011-12-21 14:16:59 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3729.9923__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2011-12-21 14:16:59 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3729.9884__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2011-12-21 14:16:59 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011-12-21 14:16:59 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3729.9924__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2011-12-21 14:16:59 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3729.9975__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2011-12-21 14:16:59 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3729.9933__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2011-12-21 14:16:59 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3729.9931__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2011-12-21 14:16:59 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3729.9862__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011-12-21 14:16:59 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3729.9969__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011-12-21 14:16:59 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3729.9948__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2011-12-21 14:16:59 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3729.9884__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2011-12-21 14:16:59 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3729.9884__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2011-12-21 14:16:59 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3729.9894__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2011-12-21 14:16:59 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3729.9864__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2011-12-21 14:16:59 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3729.9929__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2011-12-21 14:16:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3729.9865__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2011-12-21 14:16:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3729.9872__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2011-12-21 14:16:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3729.9864__90ba9c70f846762e\APM.Foundation.dll
MOD - [2011-12-21 14:16:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2011-12-21 14:16:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2011-12-21 14:16:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3729.9890__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2011-12-21 14:16:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3729.9883__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2011-12-21 14:16:59 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3729.9862__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2011-12-21 14:16:59 | 000,009,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3729.9975__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll
MOD - [2011-12-21 14:16:59 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3729.9867__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011-12-21 14:16:59 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3729.9864__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2011-12-21 14:16:59 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2011-12-21 14:16:59 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3729.9862__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011-12-21 14:16:59 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3729.9974__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011-12-21 14:16:59 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3729.9872__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2011-12-21 14:16:59 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3729.9868__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2011-12-21 14:16:59 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3729.9869__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011-12-21 14:16:59 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3729.9866__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011-12-21 14:16:59 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3729.9868__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2011-12-21 14:16:59 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3729.9981__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2011-12-21 14:16:59 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3729.9872__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011-12-21 14:16:59 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3729.9869__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2011-12-21 14:16:58 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3729.9879__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2011-12-21 14:16:58 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3729.9890__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2011-12-21 14:16:58 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3729.9969__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011-12-21 14:16:58 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3729.9967__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011-12-21 14:16:58 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3729.9870__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2011-12-21 14:16:58 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3729.9867__90ba9c70f846762e\APM.Server.dll
MOD - [2011-12-21 14:16:58 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3729.9872__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2011-12-21 14:16:58 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3729.9870__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2011-12-21 14:16:58 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3729.9869__90ba9c70f846762e\AEM.Server.dll
MOD - [2011-12-21 14:16:58 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3729.9982__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011-12-21 14:16:58 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3729.9867__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2011-12-21 14:16:58 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3729.9877__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2011-12-21 14:16:58 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3729.9865__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011-12-21 14:16:58 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2011-12-21 14:16:58 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3729.9866__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011-12-21 14:16:58 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3729.9969__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2011-12-21 14:16:58 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3729.9889__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2011-12-21 14:16:58 | 000,010,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3729.9878__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2011-12-21 14:16:58 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3729.9896__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2011-12-21 14:16:58 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3729.9871__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2011-12-21 14:16:58 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3729.9870__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2011-10-07 15:56:22 | 000,323,584 | ---- | M] () -- C:\Windows\System32\flcdlmsg.dll
MOD - [2010-05-24 10:01:00 | 000,644,368 | ---- | M] () -- C:\Windows\System32\SUPSDK.dll
MOD - [2010-03-09 12:06:06 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009-08-26 12:24:40 | 000,098,304 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll


========== Win32 Services (SafeList) ==========

SRV - [2012-04-26 07:48:40 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-03-07 05:45:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012-02-04 18:10:44 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011-12-24 10:43:26 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011-10-07 14:59:08 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK)
SRV - [2010-10-19 12:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2010-10-01 14:44:58 | 000,280,120 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2010-09-27 17:29:26 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010-07-27 19:51:22 | 000,008,392 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\SafeNet\Authentication\SAC\x32\SACSrv.exe -- (SACSrv)
SRV - [2010-07-16 14:54:06 | 000,300,880 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV - [2010-03-18 07:04:42 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010-03-17 18:18:42 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe -- (STacSV)
SRV - [2010-03-09 12:05:58 | 000,628,000 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010-02-01 17:09:48 | 000,281,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2009-12-14 10:47:46 | 001,639,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\System32\vcsFPService.exe -- (vcsFPService)
SRV - [2009-12-04 17:52:40 | 000,506,472 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\System32\uArcCapture.exe -- (uArcCapture)
SRV - [2009-11-05 03:16:56 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.EXE -- (UNS) Intel®
SRV - [2009-11-05 03:16:54 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.EXE -- (LMS) Intel®
SRV - [2009-08-25 22:27:52 | 000,354,840 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE -- (IAANTMON) Intel®
SRV - [2009-07-23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009-07-14 06:46:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009-07-14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 06:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-03-03 16:13:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe -- (AESTFilters)
SRV - [2007-05-31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007-05-31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2012-04-04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012-03-07 05:33:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012-03-07 05:33:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012-03-07 05:32:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012-03-07 05:31:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012-03-07 05:31:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012-03-07 05:31:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011-10-07 12:37:06 | 000,032,312 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2010-11-20 18:00:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010-11-20 18:00:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010-11-20 18:00:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010-11-20 15:54:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 15:29:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010-11-20 14:44:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010-11-20 14:44:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010-04-29 10:16:22 | 000,018,080 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IKEYIFD.SYS -- (iKeyIFD)
DRV - [2010-04-29 10:16:22 | 000,011,616 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IKEYENUM.SYS -- (iKeyEnum)
DRV - [2010-03-18 07:24:50 | 005,320,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2010-03-18 06:11:18 | 000,150,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010-03-17 18:18:42 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010-03-09 06:51:26 | 000,107,024 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010-02-16 12:24:12 | 000,021,560 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2010-02-01 17:11:46 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2010-02-01 17:11:28 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2010-02-01 17:11:24 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2010-02-01 17:11:22 | 000,110,520 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2009-12-23 03:07:28 | 000,073,344 | R--- | M] (Realtek Semiconductor Corp.) [2 MP Fixed] [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSUVC.SYS -- (rtsuvc)
DRV - [2009-12-04 16:18:18 | 000,029,824 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftVCapture.sys -- (ARCVCAM)
DRV - [2009-11-11 14:41:00 | 000,181,792 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSUSTOR.SYS -- (RSUSBSTOR)
DRV - [2009-10-05 09:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009-09-18 02:24:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009-07-14 05:22:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009-07-14 05:15:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009-07-08 13:48:38 | 000,025,656 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2009-07-08 13:48:22 | 000,033,848 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008-07-29 17:40:04 | 000,048,296 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aksifdh.sys -- (AKSIFDH)
DRV - [2008-07-29 17:40:04 | 000,034,472 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksup.sys -- (AKSUP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4183839594-2379288338-85488235-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-4183839594-2379288338-85488235-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4183839594-2379288338-85488235-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/?rd=1
IE - HKU\S-1-5-21-4183839594-2379288338-85488235-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-4183839594-2379288338-85488235-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4183839594-2379288338-85488235-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-4183839594-2379288338-85488235-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?s...q={searchTerms}
IE - HKU\S-1-5-21-4183839594-2379288338-85488235-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4183839594-2379288338-85488235-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011-12-22 13:08:49 | 000,000,000 | ---D | M]

[2012-02-26 19:57:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009-06-11 03:09:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Updater For Spam Free Search Bar) - {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files\blekkotb\auxi\blekkoAu.dll (Visicom Media)
O2 - BHO: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files\blekkotb\blekkoDx.dll ()
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files\blekkotb\blekkoDx.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CNAP2 Launcher] C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE (CANON INC.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SafeNetCertMngr] C:\Program Files\SafeNet\Authentication\SAC\x32\SACMonitor.exe (SafeNet, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Rohini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_19)
O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2789B06B-7652-493B-B431-D49D2935C0C7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4886B8D1-0759-45F0-9C74-872CB166E4BD}: NameServer = 202.56.215.54,202.56.215.55
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{920E0F70-FA1F-4ACB-AC3F-000AA84930E3}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{cd690e32-2c1f-11e1-9a77-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cd690e32-2c1f-11e1-9a77-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SWSETUP\APPINSTL\hpsoftwaresetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-04-29 00:07:40 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe
[2012-04-28 22:24:29 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Malwarebytes
[2012-04-28 22:24:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-04-28 22:24:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-04-28 22:24:21 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012-04-28 22:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-04-25 19:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\LyricsSeeker
[2012-04-18 08:37:57 | 000,000,000 | ---D | C] -- C:\Users\hp\Documents\Triveni flat
[2012-04-17 15:36:06 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\AR_MEN_UPLOAD
[2012-04-17 13:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Web Start
[2012-04-17 13:08:21 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012-04-17 13:08:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012-04-17 13:08:02 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\{7148F0A6-6813-11D6-A77B-00B0D0142190}
[2012-04-17 12:58:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012-04-16 17:56:14 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\MODI ENTERT FORMS UPLOAD
[2012-04-15 14:14:17 | 000,000,000 | ---D | C] -- C:\Users\hp\Documents\Bluetooth Exchange Folder
[2012-04-11 16:52:06 | 000,000,000 | ---D | C] -- C:\Users\hp\Documents\MODI ENTERT
[2012-04-06 21:44:15 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\Form 1 VE India_final
[2012-04-06 15:47:08 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\VE INDIA FORMS 18 & 32
[2012-04-06 15:34:03 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\VE ATTACHMENTS
[2012-04-04 22:15:20 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012-04-04 22:10:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012-04-02 11:47:48 | 000,000,000 | ---D | C] -- C:\Users\hp\Documents\QDI 2012
[2012-03-31 10:51:26 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\arcot
[1 C:\Users\hp\Desktop\*.tmp files -> C:\Users\hp\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-04-29 08:52:28 | 000,020,720 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-04-29 08:52:28 | 000,020,720 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-04-29 08:44:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-04-29 08:44:32 | 2352,553,984 | -HS- | M] () -- C:\hiberfil.sys
[2012-04-29 00:07:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe
[2012-04-28 22:24:22 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-04-28 22:08:04 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-04-28 22:08:04 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-04-28 21:29:04 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4183839594-2379288338-85488235-1004UA.job
[2012-04-28 18:29:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4183839594-2379288338-85488235-1004Core.job
[2012-04-26 11:23:39 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-04-24 19:14:40 | 007,777,320 | ---- | M] () -- C:\Users\hp\Desktop\XBRLToolInst.zip
[2012-04-24 13:42:11 | 000,036,656 | ---- | M] () -- C:\Users\hp\Desktop\G.F.Legal positions.pdf
[2012-04-18 08:07:08 | 000,000,022 | ---- | M] () -- C:\Users\hp\Desktop\AR_MEN_UPLOAD (2).zip
[2012-04-17 13:11:32 | 000,002,011 | ---- | M] () -- C:\Users\Public\Desktop\Java Web Start.lnk
[2012-04-12 19:48:47 | 000,165,854 | ---- | M] () -- C:\Users\hp\Desktop\OriginLetter.dotx
[2012-04-12 18:56:34 | 000,025,095 | ---- | M] () -- C:\Users\hp\Desktop\attorney-letterhead.zip
[2012-04-12 09:43:38 | 002,591,518 | ---- | M] () -- C:\Users\hp\Desktop\Form67_India Nails_Last & Final.pdf
[2012-04-12 08:13:31 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012-04-11 15:59:11 | 002,592,588 | ---- | M] () -- C:\Users\hp\Desktop\Form67_MSSL.pdf
[2012-04-11 15:16:38 | 002,591,035 | ---- | M] () -- C:\Users\hp\Desktop\Form67_SMIEL_CERTIFIED.pdf
[2012-04-11 15:11:43 | 002,590,940 | ---- | M] () -- C:\Users\hp\Desktop\Form67_MGWL_CERTIFIED.pdf
[2012-04-10 20:00:46 | 001,398,920 | ---- | M] () -- C:\Users\hp\Desktop\Circular_37-2011_07jun2011.pdf
[2012-04-09 14:45:07 | 000,159,812 | ---- | M] () -- C:\Users\hp\Desktop\RBI Letter - FDI.pdf
[2012-04-06 20:30:58 | 002,441,201 | ---- | M] () -- C:\Users\hp\Desktop\Form1_Draft_v5.pdf
[2012-04-06 15:45:54 | 002,389,056 | ---- | M] () -- C:\Users\hp\Desktop\Form1_Draft_v4.pdf
[2012-04-05 07:04:55 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-04-05 07:04:55 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-04-04 22:10:19 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012-04-04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012-04-03 13:56:49 | 002,890,109 | ---- | M] () -- C:\Users\hp\Desktop\MPS p1.pdf
[2012-04-02 21:01:02 | 000,077,333 | ---- | M] () -- C:\Users\hp\Desktop\AuthorizedSignDtls_India Metercom Technology.pdf
[2012-04-02 15:14:13 | 000,120,389 | ---- | M] () -- C:\Users\hp\Desktop\PROFORMA-NAME-PANELREVIEWERS_new.pdf
[2012-04-02 10:26:08 | 003,659,809 | ---- | M] () -- C:\Users\hp\Documents\Attachments_Reboul_DIN.zip
[2012-04-02 08:16:42 | 000,076,474 | ---- | M] () -- C:\Users\hp\Desktop\Mani.pdf
[2012-04-02 07:49:17 | 003,995,133 | ---- | M] () -- C:\Users\hp\Documents\Avinash_30March 12.zip
[1 C:\Users\hp\Desktop\*.tmp files -> C:\Users\hp\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-04-28 22:24:22 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-04-24 19:13:46 | 007,777,320 | ---- | C] () -- C:\Users\hp\Desktop\XBRLToolInst.zip
[2012-04-24 13:42:11 | 000,036,656 | ---- | C] () -- C:\Users\hp\Desktop\G.F.Legal positions.pdf
[2012-04-17 16:31:19 | 000,000,022 | ---- | C] () -- C:\Users\hp\Desktop\AR_MEN_UPLOAD (2).zip
[2012-04-17 13:11:32 | 000,002,011 | ---- | C] () -- C:\Users\Public\Desktop\Java Web Start.lnk
[2012-04-17 13:11:11 | 000,045,163 | ---- | C] () -- C:\Windows\System32\javaw.exe
[2012-04-17 13:11:11 | 000,045,161 | ---- | C] () -- C:\Windows\System32\java.exe
[2012-04-12 19:48:55 | 000,165,854 | ---- | C] () -- C:\Users\hp\Desktop\OriginLetter.dotx
[2012-04-12 18:56:29 | 000,025,095 | ---- | C] () -- C:\Users\hp\Desktop\attorney-letterhead.zip
[2012-04-12 09:37:44 | 002,591,518 | ---- | C] () -- C:\Users\hp\Desktop\Form67_India Nails_Last & Final.pdf
[2012-04-12 08:13:31 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012-04-11 18:24:17 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4183839594-2379288338-85488235-1004UA.job
[2012-04-11 18:24:16 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4183839594-2379288338-85488235-1004Core.job
[2012-04-11 15:55:09 | 002,592,588 | ---- | C] () -- C:\Users\hp\Desktop\Form67_MSSL.pdf
[2012-04-11 15:16:17 | 002,591,035 | ---- | C] () -- C:\Users\hp\Desktop\Form67_SMIEL_CERTIFIED.pdf
[2012-04-11 15:11:12 | 002,590,940 | ---- | C] () -- C:\Users\hp\Desktop\Form67_MGWL_CERTIFIED.pdf
[2012-04-10 20:00:46 | 001,398,920 | ---- | C] () -- C:\Users\hp\Desktop\Circular_37-2011_07jun2011.pdf
[2012-04-09 14:45:07 | 000,159,812 | ---- | C] () -- C:\Users\hp\Desktop\RBI Letter - FDI.pdf
[2012-04-06 20:30:57 | 002,441,201 | ---- | C] () -- C:\Users\hp\Desktop\Form1_Draft_v5.pdf
[2012-04-06 15:37:33 | 002,389,056 | ---- | C] () -- C:\Users\hp\Desktop\Form1_Draft_v4.pdf
[2012-04-04 22:10:19 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012-04-04 19:35:17 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-04-03 13:56:49 | 002,890,109 | ---- | C] () -- C:\Users\hp\Desktop\MPS p1.pdf
[2012-04-02 21:01:02 | 000,077,333 | ---- | C] () -- C:\Users\hp\Desktop\AuthorizedSignDtls_India Metercom Technology.pdf
[2012-04-02 15:14:03 | 000,120,389 | ---- | C] () -- C:\Users\hp\Desktop\PROFORMA-NAME-PANELREVIEWERS_new.pdf
[2012-04-02 10:26:08 | 003,659,809 | ---- | C] () -- C:\Users\hp\Documents\Attachments_Reboul_DIN.zip
[2012-04-02 08:16:42 | 000,076,474 | ---- | C] () -- C:\Users\hp\Desktop\Mani.pdf
[2012-04-02 07:48:22 | 003,995,133 | ---- | C] () -- C:\Users\hp\Documents\Avinash_30March 12.zip
[2011-12-24 16:51:34 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011-12-23 13:37:23 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011-12-21 14:29:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011-12-21 14:25:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011-12-21 14:16:14 | 000,001,035 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011-12-21 14:15:50 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2011-12-21 14:15:50 | 000,198,341 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011-12-21 14:15:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2011-10-07 15:56:22 | 000,323,584 | ---- | C] () -- C:\Windows\System32\flcdlmsg.dll
[2011-05-19 08:50:58 | 000,000,256 | ---- | C] () -- C:\Windows\System32\DPPassFilter.dll.hpsign
[2011-05-19 08:50:58 | 000,000,256 | ---- | C] () -- C:\Windows\System32\DPCrProv.dll.hpsign
[2010-07-16 14:54:06 | 000,000,256 | ---- | C] () -- C:\Windows\System32\DPSCEL.dll.hpsign
[2010-07-16 14:54:06 | 000,000,256 | ---- | C] () -- C:\Windows\System32\DPFPApi.dll.hpsign
[2010-07-16 14:54:06 | 000,000,256 | ---- | C] () -- C:\Windows\System32\DPClback.dll.hpsign
[2010-07-15 16:01:46 | 000,000,256 | ---- | C] () -- C:\Windows\System32\DPFPApiUI.dll.hpsign
[2010-05-24 10:01:00 | 000,644,368 | ---- | C] () -- C:\Windows\System32\SUPSDK.dll
[2010-05-24 10:00:38 | 000,050,448 | ---- | C] () -- C:\Windows\System32\ExpSnapShotAPI.dll

========== LOP Check ==========

[2012-02-11 10:39:44 | 000,000,000 | ---D | M] -- C:\Users\Rohini\AppData\Roaming\Babylon
[2012-04-22 17:49:05 | 000,000,000 | ---D | M] -- C:\Users\Rohini\AppData\Roaming\Canon
[2011-12-23 18:41:11 | 000,000,000 | ---D | M] -- C:\Users\Rohini\AppData\Roaming\DigitalPersona
[2012-02-18 12:18:45 | 000,000,000 | ---D | M] -- C:\Users\Rohini\AppData\Roaming\redsn0w
[2012-04-28 18:29:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4183839594-2379288338-85488235-1004Core.job
[2012-04-28 21:29:04 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4183839594-2379288338-85488235-1004UA.job
[2012-04-26 11:23:39 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2009-07-14 06:44:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009-10-31 11:15:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010-11-20 17:47:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe
[2010-11-20 17:47:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2009-08-03 11:19:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009-08-03 11:05:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009-10-31 11:30:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012-04-04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009-07-14 06:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009-07-14 06:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010-11-20 17:47:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010-11-20 17:47:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009-07-14 06:44:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012-04-04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009-10-28 11:47:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009-10-28 11:22:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010-11-20 17:47:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010-11-20 17:47:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009-07-14 06:44:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: HP-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 System Rese NTFS Partition 100 MB Healthy System
Volume 2 C NTFS Partition 297 GB Healthy Boot

< End of report >
  • 0

#4
rmsiyer

rmsiyer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Attached File  aswMBR.txt   1.94KB   34 downloadsDear Moderator,
I have pasted the results of the aswMBR results below. Original file is also attached.
Kindly review and comments.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-29 09:17:46
-----------------------------
09:17:46.029 OS Version: Windows 6.1.7601 Service Pack 1
09:17:46.029 Number of processors: 4 586 0x2502
09:17:46.029 ComputerName: HP-PC UserName: hp
09:17:47.850 Initialize success
09:17:48.927 AVAST engine defs: 12042801
09:17:59.067 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:17:59.067 Disk 0 Vendor: Hitachi_ PC3O Size: 305245MB BusType: 3
09:17:59.098 Disk 0 MBR read successfully
09:17:59.098 Disk 0 MBR scan
09:17:59.113 Disk 0 Windows 7 default MBR code
09:17:59.129 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:17:59.145 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
09:17:59.160 Disk 0 scanning sectors +625139712
09:17:59.238 Disk 0 scanning C:\Windows\system32\drivers
09:18:11.102 Service scanning
09:18:25.229 Service SafeBoot C:\Windows\System32\Drivers\SafeBoot.sys **LOCKED** 32
09:18:32.192 Modules scanning
09:18:42.847 Disk 0 trace - called modules:
09:18:43.377 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ACPI.sys iaStor.sys
09:18:43.393 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d902d8]
09:18:43.409 3 CLASSPNP.SYS[8b59b59e] -> nt!IofCallDriver -> [0x8556a340]
09:18:43.424 5 hpdskflt.sys[8b54d090] -> nt!IofCallDriver -> [0x862da838]
09:18:43.440 7 ACPI.sys[8aea63d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x862ec028]
09:18:44.657 AVAST engine scan C:\Windows
09:18:46.404 AVAST engine scan C:\Windows\system32
09:20:29.967 AVAST engine scan C:\Windows\system32\drivers
09:20:40.132 AVAST engine scan C:\Users\hp
09:21:23.861 Disk 0 MBR has been saved successfully to "C:\Users\hp\Desktop\MBR.dat"
09:21:23.861 The log file has been saved successfully to "C:\Users\hp\Desktop\aswMBR.txt"
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Intriguing not a great deal apparent from that

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#6
rmsiyer

rmsiyer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
ComboFix 12-04-29.01 - hp 29-04-2012 17:02:19.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2991.1795 [GMT 5.5:30]
Running from: c:\users\hp\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\hp\agent.exe
c:\users\hp\AppData\Local\Temp\{62C9CBD5-2846-41B3-A3E9-28537A675E18}\fpb.tmp
c:\users\hp\DRTCP021.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
.
.
2012-04-29 11:39 . 2012-04-29 11:39 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B6318EE-1015-47C4-851B-F6CD0D91753D}\offreg.dll
2012-04-29 11:38 . 2012-04-29 11:40 -------- d-----w- c:\users\hp\AppData\Local\temp
2012-04-29 11:38 . 2012-04-29 11:38 -------- d-----w- c:\users\Rohini\AppData\Local\temp
2012-04-29 11:38 . 2012-04-29 11:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-28 16:54 . 2012-04-28 16:54 -------- d-----w- c:\users\hp\AppData\Roaming\Malwarebytes
2012-04-28 16:54 . 2012-04-28 16:54 -------- d-----w- c:\programdata\Malwarebytes
2012-04-28 16:54 . 2012-04-28 16:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-28 16:54 . 2012-04-04 10:26 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-28 02:24 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B6318EE-1015-47C4-851B-F6CD0D91753D}\mpengine.dll
2012-04-25 14:22 . 2012-04-25 14:22 -------- d-----w- c:\program files\LyricsSeeker
2012-04-22 12:21 . 2012-04-22 12:22 -------- d-----w- c:\users\Rohini\AppData\Local\Adobe
2012-04-22 12:19 . 2012-04-22 12:19 -------- d-----w- c:\users\Rohini\AppData\Roaming\Canon
2012-04-17 07:41 . 2008-11-09 18:04 61555 ----a-w- c:\windows\system32\jpicpl32.cpl
2012-04-17 07:38 . 2012-04-17 07:41 -------- d-----w- c:\program files\Java
2012-04-17 07:38 . 2012-04-17 07:38 -------- d-----w- c:\program files\Common Files\Java
2012-04-17 07:38 . 2012-04-17 07:38 -------- d-----w- c:\users\hp\AppData\Local\{7148F0A6-6813-11D6-A77B-00B0D0142190}
2012-04-11 12:54 . 2012-04-11 12:54 -------- d-----w- c:\users\Rohini\AppData\Local\Facebook
2012-04-11 03:44 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 03:44 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 03:44 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 03:44 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-04 14:05 . 2012-04-26 02:18 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-31 05:21 . 2012-03-31 05:21 -------- d-----w- c:\users\hp\AppData\Roaming\arcot
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-26 02:18 . 2012-03-07 10:35 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-17 14:47 . 2011-12-26 11:56 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-04-16 15:30 . 2011-12-24 03:50 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-04-16 14:24 . 2011-12-26 11:37 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-04-16 14:24 . 2012-01-08 10:53 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-04-08 12:33 . 2011-12-24 03:39 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-04-08 12:16 . 2011-12-24 03:22 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-04-08 12:16 . 2011-12-24 03:22 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-07 12:40 . 2011-12-26 11:56 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-03-07 00:15 . 2011-12-23 15:34 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2011-12-23 15:34 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2011-12-23 15:34 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2011-12-23 15:34 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2012-02-25 05:45 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-07 00:01 . 2011-12-23 15:34 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2011-12-23 15:34 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-07 00:01 . 2011-12-23 15:34 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 04:48 . 2011-12-21 09:35 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34 . 2012-03-14 03:18 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-14 03:18 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-14 03:18 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38 . 2012-03-14 03:22 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-07 05:32 . 2012-02-07 05:32 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 03:54 . 2012-03-14 03:22 2343424 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}]
2011-12-21 15:12 262312 ----a-w- c:\program files\blekkotb\auxi\blekkoAu.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
2011-12-21 15:12 86696 ----a-w- c:\program files\blekkotb\blekkoDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{26c9e18c-3717-4be1-a225-04e4471f5b6e}"= "c:\program files\blekkotb\blekkoDx.dll" [2011-12-21 86696]
.
[HKEY_CLASSES_ROOT\clsid\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-18 98304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-17 495708]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-03 1791272]
"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-10-01 256056]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE" [2007-09-05 406944]
"SafeNetCertMngr"="c:\program files\SafeNet\Authentication\SAC\x32\SACMonitor.exe" [2010-07-27 1024200]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-9 828704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2011-10-07 09:29 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 04:37 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-phishing Domain Advisor]
2011-12-07 20:35 217256 ----a-w- c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 17:55 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2011-02-22 07:28 1497352 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-07 20:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 03:51 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-08 136176]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-12-14 1639728]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 253088]
R3 AKSUP;AKSUP;c:\windows\system32\drivers\aksup.sys [2008-07-29 34472]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-03-18 286248]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-18 33320]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2011-10-07 32312]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2011-10-07 362040]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-08 136176]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-11-11 181792]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-01-12 257568]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-24 1343400]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\aestsrv.exe [2009-03-03 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-18 172032]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-10-19 32768]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-09-27 92216]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-01 281192]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-10-01 280120]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 SACSrv;SACSrv;c:\program files\SafeNet\Authentication\SAC\x32\SACSrv.exe [2010-07-27 8392]
S2 uArcCapture;ArcCapture;c:\windows\system32\uArcCapture.exe [2009-12-04 506472]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-18 5320192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-18 150016]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2009-12-04 29824]
S3 iKeyEnum;Rainbow iKey Enumerator;c:\windows\system32\DRIVERS\ikeyenum.sys [2010-04-29 11616]
S3 iKeyIFD;Rainbow iKey Virtual Reader;c:\windows\system32\DRIVERS\ikeyifd.sys [2010-04-29 18080]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [2009-12-22 21:37 73344]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 02:18]
.
2012-04-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4183839594-2379288338-85488235-1004Core.job
- c:\users\Rohini\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-11 12:54]
.
2012-04-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4183839594-2379288338-85488235-1004UA.job
- c:\users\Rohini\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-11 12:54]
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-08 14:08]
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-08 14:08]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4886B8D1-0759-45F0-9C74-872CB166E4BD}: NameServer = 202.56.215.54,202.56.215.55
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(628)
c:\windows\system32\DPFPApi.DLL
.
- - - - - - - > 'Explorer.exe'(1764)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\windows\system32\taskhost.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\conhost.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\CNAP2RPK.EXE
c:\windows\system32\spool\DRIVERS\W32X86\3\CNAB8SWK.EXE
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-04-29 17:13:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-29 11:43
.
Pre-Run: 271,913,365,504 bytes free
Post-Run: 271,980,625,920 bytes free
.
- - End Of File - - 0374F397BE062D643E70A00433043770
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My assessment is that your online Yahoo e-mail account was hacked .. Have you changed the password ?
  • 0

#8
rmsiyer

rmsiyer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Dear Essexboy,

After running combofix, I am unable to open any of the programs like microsoft word, excel from the startup menu.
A message saying that the registry key has been marked for deletion appears.

Can you please help in running the programs like word, excel , pdf tools etc from the start up menu?
This is very urgent since my work is held up.
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
A reboot cures that

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP