Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Affected with W32.gaobot.worm.gen.u [Solved]

Started by bengaluru , Sep 20 2009 08:09 PM

This topic is locked

#16
Tweene

Posted 30 September 2009 - 03:13 PM

Trusted Helper

Malware Removal
1,387 posts

Hi

Ok, good job

But there is still some work to do.

Step 1

You have too many protections running as real time protection : anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Here is a program which will help you in removing Norton
http://service1.syma...005033108162039

Step 2

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent our tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once you get the all clear.

Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
In the File menu click "Exit" to exit Spybot Search & Destroy.

Step 3

Double click on the Win32kdiag icon to run it (Vista users : right click on the icon and select "run as administrators")
A black window will appear, let this run
On completion a log will appear on your desktop called Win32kDiag.txt please post this in your next reply.

Step 4

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Please open Notepad
If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter

And copy/paste the text in the quotebox below into it:

File::
c:\windows\win32k.sys
c:\windows\system32\h2w9iwbc.exe

Folder::
c:\program files\SaveDefender Software

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 5

Post the logs of Win32kdiag (step3) and combofix.
Please do not attach them as it makes them harder to read

#17
bengaluru

Posted 01 October 2009 - 04:40 AM

Member

Topic Starter
Member
143 posts

Step 2

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent our tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once you get the all clear.
Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
In the File menu click "Exit" to exit Spybot Search & Destroy.

Thanks Tweene. I am unable to open Spybot. I tried running as Administrator but get an error message :"Windows cannot access the specified path or device. You may not have the appropriate permission to access the item "

What do I do ? I have not proceeded further and will wait for your instructions,

Do you want me to run W32Diag.exe again after Teatimer is removed or now ? Do you think the log will be different than the one I posted here. ?

I also searched for Norton but did not find it. All I have is Live Update,,,,is that the one you are asking me to remove ?

Take care

Edited by bengaluru, 01 October 2009 - 04:49 AM.

#18
Tweene

Posted 01 October 2009 - 02:04 PM

Trusted Helper

Malware Removal
1,387 posts

Thanks Tweene. I am unable to open Spybot. I tried running as Administrator but get an error message :"Windows cannot access the specified path or device. You may not have the appropriate permission to access the item "

I'm not really surprised, go on with the Win32kdiag please.

I also searched for Norton but did not find it. All I have is Live Update,,,,is that the one you are asking me to remove ?

Try to use the uninstaller I gave you in my previous post

#19
bengaluru

Posted 01 October 2009 - 04:26 PM

Member

Topic Starter
Member
143 posts

Hi Tweene

Here is my log from W32diag.exe.

Running from: C:\Users\Nidhi\Desktop\Win32kDiag.exe

Log file at : C:\Users\Nidhi\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...

Could not open reparse point C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.16868_none_05136bbbd8da5cfa\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.16868_none_05136bbbd8da5cfa: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.21065_none_0599dfcaf1fae401\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.21065_none_0599dfcaf1fae401: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.18270_none_06e6d825d6103f24\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.18270_none_06e6d825d6103f24: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.22447_none_0797e8a0ef0f39a3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.22447_none_0797e8a0ef0f39a3: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6002.18049_none_08f6be51d31621ab\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6002.18049_none_08f6be51d31621ab: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6002.22150_none_096c8896ec43f957\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6002.22150_none_096c8896ec43f957: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.16884_none_83e02be57bf1f0b4\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.16884_none_83e02be57bf1f0b4: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.21082_none_8467a03e95119112\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.21082_none_8467a03e95119112: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.18288_none_85ca6bb37914e701\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.18288_none_85ca6bb37914e701: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.22468_none_8669aa3c92224c10\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.22468_none_8669aa3c92224c10: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.18064_none_87c27e31762e9c0e\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.18064_none_87c27e31762e9c0e: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.22170_none_883d49e88f57f26d\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.22170_none_883d49e88f57f26d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.18091_none_87a35e9f02db5bf5\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.18091_none_87a35e9f02db5bf5: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22200_none_888d4c521bb0e416\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22200_none_888d4c521bb0e416: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.16908_en-us_80aa46aabe6988cc\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.16908_en-us_80aa46aabe6988cc: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.21108_en-us_8133bb97d7875bd8\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.21108_en-us_8133bb97d7875bd8: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.18311_en-us_827eb35ebb9e844d\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.18311_en-us_827eb35ebb9e844d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.22497_en-us_82b7d285d4f79ba9\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.22497_en-us_82b7d285d4f79ba9: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.18091_en-us_840ea5e6b905b8f9\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.18091_en-us_840ea5e6b905b8f9: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.22200_en-us_84f89399d1db411a\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.22200_en-us_84f89399d1db411a: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.16908_none_54bd3631b81fb89b\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.16908_none_54bd3631b81fb89b: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21108_none_5546ab1ed13d8ba7\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21108_none_5546ab1ed13d8ba7: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22497_none_56cac20cceadcb78\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22497_none_56cac20cceadcb78: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.16908_en-us_f28bf998a1c9cb0c\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.16908_en-us_f28bf998a1c9cb0c: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.21108_en-us_f3156e85bae79e18\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.21108_en-us_f3156e85bae79e18: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.18311_en-us_f460664c9efec68d\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.18311_en-us_f460664c9efec68d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.22497_en-us_f4998573b857dde9\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.22497_en-us_f4998573b857dde9: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.18091_en-us_f5f058d49c65fb39\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.18091_en-us_f5f058d49c65fb39: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.22200_en-us_f6da4687b53b835a\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.22200_en-us_f6da4687b53b835a: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6000.16865_none_80bdcfa6fa29e6c3\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6000.16865_none_80bdcfa6fa29e6c3: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6000.21061_none_8143436c134b5473\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6000.21061_none_8143436c134b5473: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.18266_none_82a50e96f74f910b\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.18266_none_82a50e96f74f910b: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.22443_none_83414c42105faa15\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.22443_none_83414c42105faa15: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6002.18045_none_84a021f2f466921d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6002.18045_none_84a021f2f466921d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6002.22146_none_852abf080d834b3e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6002.22146_none_852abf080d834b3e: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\be1ae9d467d31f99e4c451bfdbd8940c\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16700_none_0a3bfb69f525d803\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16700_none_0a3bfb69f525d803: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\be1ae9d467d31f99e4c451bfdbd8940c\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20856_none_0a958a550e669b8c\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20856_none_0a958a550e669b8c: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\be1ae9d467d31f99e4c451bfdbd8940c\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18089_none_0bd4bb63f2852f64\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18089_none_0bd4bb63f2852f64: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\be1ae9d467d31f99e4c451bfdbd8940c\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22201_none_0cacd7250b692215\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22201_none_0cacd7250b692215: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\be1ae9d467d31f99e4c451bfdbd8940c\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16700_none_0a3ffc91f5223d5f\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16700_none_0a3ffc91f5223d5f: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\be1ae9d467d31f99e4c451bfdbd8940c\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20856_none_0a998b7d0e6300e8\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20856_none_0a998b7d0e6300e8: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\be1ae9d467d31f99e4c451bfdbd8940c\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18089_none_0bd8bc8bf28194c0\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18089_none_0bd8bc8bf28194c0: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\be1ae9d467d31f99e4c451bfdbd8940c\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22201_none_0cb0d84d0b658771\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22201_none_0cb0d84d0b658771: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16711_none_ebd662c7164a156d\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16711_none_ebd662c7164a156d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20868_none_ec30f1fc2f89f24d\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20868_none_ec30f1fc2f89f24d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16711_none_b2f30b79d9aa8cd1\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16711_none_b2f30b79d9aa8cd1: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20868_none_b34d9aaef2ea69b1\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20868_none_b34d9aaef2ea69b1: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18099_none_b48acb29d70acadb\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18099_none_b48acb29d70acadb: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22212_none_b563e734efedd6e3\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22212_none_b563e734efedd6e3: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16711_none_ded59a427f534c40\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16711_none_ded59a427f534c40: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20868_none_df30297798932920\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20868_none_df30297798932920: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18099_none_e06d59f27cb38a4a\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18099_none_e06d59f27cb38a4a: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22212_none_e14675fd95969652\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22212_none_e14675fd95969652: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.16711_none_8d4999ae54b931f5\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.16711_none_8d4999ae54b931f5: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.20868_none_8da428e36df90ed5\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.20868_none_8da428e36df90ed5: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16711_none_fff8e71ba4b3b364\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16711_none_fff8e71ba4b3b364: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20868_none_00537650bdf39044\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20868_none_00537650bdf39044: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18099_none_0190a6cba213f16e\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18099_none_0190a6cba213f16e: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22212_none_0269c2d6baf6fd76\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22212_none_0269c2d6baf6fd76: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16711_none_f9a209f56e9f2db7\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16711_none_f9a209f56e9f2db7: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20868_none_f9fc992a87df0a97\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20868_none_f9fc992a87df0a97: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16711_none_95d642ad8484b3e5\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16711_none_95d642ad8484b3e5: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20868_none_9630d1e29dc490c5\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20868_none_9630d1e29dc490c5: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_2dcc82dc361eff27\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_2dcc82dc361eff27: 3
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-09-28 22:25:59 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()

#20
Tweene

Posted 01 October 2009 - 05:43 PM

Trusted Helper

Malware Removal
1,387 posts

Ok, it seems that it can't finish the scan. Go on with the Step 4 (Combofix)

#21
bengaluru

Posted 01 October 2009 - 06:03 PM

Member

Topic Starter
Member
143 posts

Here is the combo-fix Log.

ComboFix 09-10-01.01 - Nidhi 01/10/2009 19:23:54.2.2 - NTFSx86
Running from: C:\Users\Nidhi\Desktop\Combo-Fix.exe
Command switches used :: C:\Users\Nidhi\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\h2w9iwbc.exe"
"c:\windows\win32k.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\SaveDefender Software
c:\program files\SaveDefender Software\SaveDefender\uninstall.exe
c:\windows\system32\h2w9iwbc.exe
c:\windows\win32k.sys

.
((((((((((((((((((((((((( Files Created from 2009-09-01 to 2009-10-01 )))))))))))))))))))))))))))))))
.

2009-10-01 23:36:11 . 2009-10-01 23:36:11 0 d-----w- C:\Users\Public\AppData\Local\temp
2009-10-01 23:36:11 . 2009-10-01 23:36:11 0 d-----w- C:\Users\Default\AppData\Local\temp
2009-09-29 02:22:39 . 2009-10-01 23:36:18 0 d-----w- C:\Users\Nidhi\AppData\Local\temp
2009-09-24 19:51:42 . 2009-09-28 22:42:20 0 d-----w- C:\ProgramData\Spybot - Search & Destroy
2009-09-24 19:51:42 . 2009-09-24 20:01:09 0 d-----w- C:\Program Files\Spybot - Search & Destroy
2009-09-23 22:38:43 . 2009-09-26 18:06:08 0 d-----w- C:\$AVG8.VAULT$
2009-09-23 22:33:53 . 2009-09-23 22:33:53 11952 ----a-w- C:\Windows\system32\avgrsstx.dll
2009-09-23 22:33:52 . 2009-09-23 22:33:52 108552 ----a-w- C:\Windows\system32\drivers\avgtdix.sys
2009-09-23 22:33:36 . 2009-09-23 22:33:36 335240 ----a-w- C:\Windows\system32\drivers\avgldx86.sys
2009-09-23 22:33:29 . 2009-09-23 22:33:29 27784 ----a-w- C:\Windows\system32\drivers\avgmfx86.sys
2009-09-23 22:29:53 . 2009-10-01 22:21:16 0 d-----w- C:\Windows\system32\drivers\Avg
2009-09-23 22:29:46 . 2009-09-23 22:29:46 0 d-----w- C:\ProgramData\AVG Security Toolbar
2009-09-23 22:28:07 . 2009-09-23 22:28:07 0 d-----w- C:\Program Files\AVG
2009-09-23 22:28:03 . 2009-09-23 22:52:04 0 d-----w- C:\ProgramData\avg8
2009-09-23 21:55:23 . 2009-09-23 21:55:23 0 d-----w- C:\Users\Nidhi\AppData\Roaming\AVG8
2009-09-21 01:52:47 . 2009-09-21 01:52:47 0 d-----w- C:\Users\Nidhi\AppData\Roaming\Malwarebytes
2009-09-21 01:52:38 . 2009-09-21 01:52:38 0 d-----w- C:\ProgramData\Malwarebytes
2009-09-20 15:28:44 . 2009-09-20 22:38:43 0 d-----w- C:\HijackThis
2009-09-20 15:07:02 . 2009-09-20 15:07:02 0 d-----w- C:\Program Files\Trend Micro
2009-09-10 11:34:26 . 2009-07-11 19:26:52 123904 ----a-w- C:\Windows\system32\L2SecHC.dll
2009-09-10 11:34:25 . 2009-07-11 19:32:59 297984 ----a-w- C:\Windows\system32\wlansec.dll
2009-09-10 11:34:25 . 2009-07-11 19:32:59 290816 ----a-w- C:\Windows\system32\wlanmsm.dll
2009-09-10 11:34:24 . 2009-07-11 19:32:59 502272 ----a-w- C:\Windows\system32\wlansvc.dll
2009-09-10 11:34:23 . 2009-07-11 19:32:58 67584 ----a-w- C:\Windows\system32\wlanhlp.dll
2009-09-10 11:34:23 . 2009-07-11 19:32:57 47104 ----a-w- C:\Windows\system32\wlanapi.dll
2009-09-10 11:28:53 . 2009-06-10 12:07:29 2855424 ----a-w- C:\Windows\system32\mf.dll
2009-09-10 11:28:51 . 2009-06-10 12:07:32 98816 ----a-w- C:\Windows\system32\mfps.dll
2009-09-10 11:28:51 . 2009-06-10 10:15:18 24576 ----a-w- C:\Windows\system32\mfpmp.exe
2009-09-10 11:28:51 . 2009-06-10 10:14:32 52736 ----a-w- C:\Windows\system32\rrinstaller.exe
2009-09-10 11:28:50 . 2009-06-10 08:50:12 2048 ----a-w- C:\Windows\system32\mferror.dll
2009-09-02 18:42:32 . 2009-08-29 03:41:42 1686528 ----a-w- C:\Windows\system32\gameux.dll
2009-09-02 18:42:26 . 2009-08-29 03:40:31 28672 ----a-w- C:\Windows\system32\Apphlpdm.dll
2009-09-02 18:42:24 . 2009-08-28 23:31:54 4247552 ----a-w- C:\Windows\system32\GameUXLegacyGDFs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-21 23:15:56 . 2007-08-23 21:45:38 0 d-----w- C:\Program Files\Norton Internet Security
2009-09-21 22:44:32 . 2007-08-23 21:43:21 0 d-----w- C:\ProgramData\Symantec
2009-09-21 22:44:22 . 2007-08-23 21:43:07 0 d-----w- C:\Program Files\Common Files\Symantec Shared
2009-09-20 22:14:33 . 2009-08-25 19:02:12 0 d-----w- C:\ProgramData\Yahoo! Companion
2009-09-20 22:14:31 . 2008-08-04 20:27:23 0 d-----w- C:\ProgramData\Microsoft Help
2009-09-20 22:14:31 . 2007-08-23 21:54:47 0 d-----w- C:\Program Files\Microsoft Works
2009-09-20 22:14:31 . 2006-11-02 11:18:33 0 d-----w- C:\Program Files\Windows Mail
2009-09-20 22:14:30 . 2008-07-25 00:18:15 0 d-----w- C:\Program Files\Microsoft Silverlight
2009-09-20 22:14:29 . 2007-08-23 21:54:07 0 d-----w- C:\Program Files\Google
2009-09-19 02:12:25 . 2008-11-08 03:46:47 680 ----a-w- C:\Users\Nidhi\AppData\Local\d3d9caps.dat
2009-08-25 19:02:23 . 2009-08-25 18:58:54 0 d-----w- C:\ProgramData\Yahoo!
2009-08-25 19:02:23 . 2009-08-25 18:58:41 0 d-----w- C:\Program Files\Yahoo!
2009-08-25 19:02:12 . 2009-08-25 19:02:12 0 d-----w- C:\Users\Nidhi\AppData\Roaming\Yahoo!
2009-08-22 02:51:58 . 2009-08-22 02:51:58 0 d-----w- C:\Users\Nidhi\AppData\Roaming\dvdcss
2009-08-18 10:36:25 . 2007-08-23 21:43:23 0 d-----w- C:\Program Files\Symantec
2009-08-18 10:36:23 . 2007-08-23 21:44:08 806 ----a-w- C:\Windows\system32\drivers\SYMEVENT.INF
2009-08-18 10:36:23 . 2007-08-23 21:44:08 124464 ----a-w- C:\Windows\system32\drivers\SYMEVENT.SYS
2009-08-18 10:36:23 . 2007-08-23 21:44:08 10635 ----a-w- C:\Windows\system32\drivers\SYMEVENT.CAT
2009-08-14 17:16:11 . 2009-09-10 11:33:53 213592 ----a-w- C:\Windows\system32\drivers\netio.sys
2009-08-14 16:42:08 . 2009-09-10 11:33:47 167424 ----a-w- C:\Windows\system32\tcpipcfg.dll
2009-08-14 16:40:56 . 2009-09-10 11:33:50 103936 ----a-w- C:\Windows\system32\netiohlp.dll
2009-08-14 16:40:52 . 2009-09-10 11:33:45 15360 ----a-w- C:\Windows\system32\netevent.dll
2009-08-14 14:25:18 . 2009-09-10 11:33:46 9728 ----a-w- C:\Windows\system32\TCPSVCS.EXE
2009-08-14 14:25:16 . 2009-09-10 11:33:46 17920 ----a-w- C:\Windows\system32\ROUTE.EXE
2009-08-14 14:25:15 . 2009-09-10 11:33:46 11264 ----a-w- C:\Windows\system32\MRINFO.EXE
2009-08-14 14:25:14 . 2009-09-10 11:33:45 27136 ----a-w- C:\Windows\system32\NETSTAT.EXE
2009-08-14 14:25:10 . 2009-09-10 11:33:46 19968 ----a-w- C:\Windows\system32\ARP.EXE
2009-08-14 14:25:10 . 2009-09-10 11:33:45 8704 ----a-w- C:\Windows\system32\HOSTNAME.EXE
2009-08-14 14:25:10 . 2009-09-10 11:33:45 10240 ----a-w- C:\Windows\system32\finger.exe
2009-08-14 14:24:47 . 2009-09-10 11:33:54 813568 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2009-08-14 14:23:53 . 2009-09-10 11:33:46 22016 ----a-w- C:\Windows\system32\netiougc.exe
2009-08-03 23:07:24 . 2009-08-03 23:07:24 9892 ----a-w- C:\Windows\system32\drivers\SymRedir.cat
2009-08-03 23:07:24 . 2009-08-03 23:07:24 1356 ----a-w- C:\Windows\system32\drivers\SymRedir.inf
2009-08-03 23:07:12 . 2009-08-03 23:07:12 38448 ----a-w- C:\Windows\system32\drivers\symndisv.sys
2009-08-03 23:07:10 . 2009-08-03 23:07:10 39856 ----a-w- C:\Windows\system32\drivers\symids.sys
2009-08-03 23:07:10 . 2009-08-03 23:07:10 26416 ----a-w- C:\Windows\system32\drivers\symredrv.sys
2009-08-03 23:07:10 . 2009-08-03 23:07:10 188080 ----a-w- C:\Windows\system32\drivers\symtdi.sys
2009-08-03 23:07:10 . 2009-08-03 23:07:10 145968 ----a-w- C:\Windows\system32\drivers\symfw.sys
2009-08-03 23:07:10 . 2009-08-03 23:07:10 12720 ----a-w- C:\Windows\system32\drivers\symdns.sys
2009-07-18 12:17:15 . 2009-07-29 10:42:47 827392 ----a-w- C:\Windows\system32\wininet.dll
2009-07-18 12:10:33 . 2009-07-29 10:42:43 56320 ----a-w- C:\Windows\system32\iesetup.dll
2009-07-18 12:10:23 . 2009-07-29 10:42:45 78336 ----a-w- C:\Windows\system32\ieencode.dll
2009-07-18 12:07:34 . 2009-07-29 10:42:44 72704 ----a-w- C:\Windows\system32\admparse.dll
2009-07-18 10:00:53 . 2009-07-29 10:42:42 26624 ----a-w- C:\Windows\system32\ieUnatt.exe
2009-07-18 08:34:45 . 2009-07-29 10:42:39 48128 ----a-w- C:\Windows\system32\mshtmler.dll
2009-07-17 14:52:41 . 2009-08-13 02:31:42 71680 ----a-w- C:\Windows\system32\atl.dll
2009-07-14 13:02:21 . 2009-08-13 02:20:40 313344 ----a-w- C:\Windows\system32\wmpdxm.dll
2009-07-14 13:01:29 . 2009-08-13 02:20:27 4096 ----a-w- C:\Windows\system32\dxmasf.dll
2009-07-14 13:00:51 . 2009-08-13 02:20:31 7680 ----a-w- C:\Windows\system32\spwmp.dll
2009-07-14 11:11:02 . 2009-08-13 02:20:25 8147968 ----a-w- C:\Windows\system32\wmploc.DLL
2008-08-02 16:24:15 . 2008-08-02 16:24:19 122880 ----a-w- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-08-24 05:19:37 . 2007-08-24 05:15:52 8192 --sha-w- C:\Windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-09-29_02.28.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:05:11 . 2009-10-01 23:08:12 64546 C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-08-30 17:23:40 . 2009-10-01 23:08:12 10460 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2934146092-3137938891-3697879613-1000_UserData.bin
+ 2007-08-30 17:23:59 . 2009-10-01 23:10:35 32768 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-08-30 17:23:59 . 2009-09-29 02:25:59 32768 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-08-30 17:23:59 . 2009-10-01 23:10:35 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-08-30 17:23:59 . 2009-09-29 02:25:59 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-29 02:25:24 . 2009-10-01 23:04:55 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-09-29 02:25:24 . 2009-09-29 02:25:24 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-09-29 02:25:24 . 2009-10-01 23:04:55 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-09-29 02:25:24 . 2009-09-29 02:25:24 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2007-08-30 17:23:58 . 2009-09-29 02:25:59 180224 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-08-30 17:23:58 . 2009-10-01 23:10:35 180224 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 13:55:58 1090816 ----a-w- C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 13:55:58 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 13:55:58 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CollaborationHost"="C:\Windows\system32\p2phost.exe" [2006-11-02 12:35:38 191488]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 12:35:32 125440]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 21:45:08 313472]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 22:51:28 3885408]
"Google Update"="C:\Users\Nidhi\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-05 01:48:26 133104]
"googletalk"="C:\Users\Nidhi\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 21:22:02 3739648]
"Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 01:06:32 4351216]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 20:07:20 2260480]
"WindowsWelcomeCenter"="oobefldr.dll" - C:\Windows\System32\oobefldr.dll [2006-11-02 12:34:50 2159104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-24 05:17:20 1006264]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-04-18 03:31:58 159744]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-25 05:17:04 405504]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-05-16 04:53:32 138008]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-05-16 04:53:24 154392]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-05-16 04:53:28 133912]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 16:37:04 81920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-12-03 23:25:26 107112]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-12-03 23:23:34 22696]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 21:10:26 184320]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 10:20:42 17920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-02 16:24:15 29744]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 16:35:42 221184]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2000-08-08 20:00:00 24576]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2006-06-05 09:20:22 749568]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-08 20:00:00 28739]
"fssui"="C:\Program Files\Windows Live\Family Safety\fsui.exe" [2009-02-06 22:08:58 454000]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 13:24:00 16384]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 21:38:31 583048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 08:27:04 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-05-26 21:18:30 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-06-05 17:39:22 292136]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2009-09-23 22:28:32 2007832]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-15 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-8-23 50688]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-8-23 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll C:\Windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FB692E2E-494B-4A4D-AC02-4FFB2957EEB9}"= C:\Program Files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{6C3A5978-C1A6-4A3B-ABE8-350D0AF131E0}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{AE8362A1-D7AF-4430-8BAC-735A66C4392A}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{57F97EAA-4160-421E-96CC-4B78A7DD2769}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{5C4DBBFF-23CB-43CB-B661-4858AC25641E}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{F6F4FC87-F96C-4C68-864A-CC4D7F64B36C}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{883F24EA-72AC-483E-9A05-2B97276A7C1D}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2F4D1598-755E-4844-B4E9-80BD88DCCB58}"= C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{3233C955-9635-4F55-B05A-0E802C768CB0}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{3F4A57F9-8D8B-4AF3-941E-A19514F4B2B9}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{4EF094EF-2152-49DC-A29B-35FE29C268CE}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{774256F3-920A-4BD7-82B8-A3F8FD88775F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{DF028690-1B0B-466E-99E6-AFF671AC7283}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{3DB36004-6F51-47D7-BC67-9F382781C443}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5DE2D2D2-C7E3-4DC9-AC9F-6B7695432AA9}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{7869C9C8-1F07-4FE4-B964-801E65F88D21}"= C:\Program Files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 sonyhcb;Sony Digital Imaging Base;C:\Windows\System32\drivers\sonyhcb.sys [02/05/2009 3:49:00 PM 6097]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\System32\drivers\avgldx86.sys [23/09/2009 6:33:36 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;C:\Windows\System32\drivers\avgtdix.sys [23/09/2009 6:33:52 PM 108552]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071011.001\IDSvix86.sys [12/10/2007 3:25:36 PM 180272]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [23/09/2009 6:28:16 PM 297752]
R2 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [14/03/2009 10:46:01 AM 55280]
R2 fsssvc;Windows Live Family Safety;C:\Program Files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 6:08:58 PM 533360]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [24/09/2009 3:51:49 PM 1153368]
R3 SYMNDISV;SYMNDISV;C:\Windows\System32\drivers\symndisv.sys [03/08/2009 7:07:12 PM 38448]
S2 SaveDefenderSvc;SaveDefender Security Service;C:\Program Files\SaveDefender Software\SaveDefender\SaveDefenderSvc.exe --> C:\Program Files\SaveDefender Software\SaveDefender\SaveDefenderSvc.exe [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [23/08/2007 5:54:11 PM 29744]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\Windows\System32\drivers\s115bus.sys [23/04/2007 1:54:46 PM 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\Windows\System32\drivers\s115mdfl.sys [23/04/2007 1:54:48 PM 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\Windows\System32\drivers\s115mdm.sys [23/04/2007 1:54:48 PM 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\Windows\System32\drivers\s115mgmt.sys [23/04/2007 1:54:50 PM 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\Windows\System32\drivers\s115obex.sys [23/04/2007 1:54:50 PM 98568]
S3 sonyhcs;Sony Digital Imaging Video;C:\Windows\System32\drivers\sonyhcs.sys [02/05/2009 3:49:01 PM 299923]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2009-09-20 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2934146092-3137938891-3697879613-1000Core.job
- C:\Users\Nidhi\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-05 01:48:31 . 2008-09-05 01:48:26]

2009-10-01 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2934146092-3137938891-3697879613-1000UA.job
- C:\Users\Nidhi\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-05 01:48:31 . 2008-09-05 01:48:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=5070824
uInternet Settings,ProxyOverride = *.local
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.

#22
Tweene

Posted 01 October 2009 - 11:48 PM

Trusted Helper

Malware Removal
1,387 posts

Hello

Is the last log complete ? The last lines should contain something like that :

Pre-Run: 52,867,706,880 bytes free
Post-Run: 52,750,512,128 bytes free

If you have the last lines, please post them.

Ok, we're not done, but how is running your computer at this point ?

#23
bengaluru

Posted 02 October 2009 - 04:39 AM

Member

Topic Starter
Member
143 posts

Hi Tweene,

The log is the complete one........I dont see any lines as mentioned above. Do you think I should run again and re post.?

#24
Tweene

Posted 02 October 2009 - 02:42 PM

Trusted Helper

Malware Removal
1,387 posts

Hi

Ok, I need to check something, I'll get back as soon as possible.

#25
Tweene

Posted 02 October 2009 - 04:19 PM

Trusted Helper

Malware Removal
1,387 posts

Hi

Norton is still installed and running on your computer, is there any problem in uninstalling it ?
Please try to use the uninstaller :
http://service1.syma...005033108162039

For the programs that don't want to play (spybot for example) please do the following :

Download this program and drag each of the exe files (not the shortcuts) that you are unable to run into Inherit.exe.

Then wait for it to say "OK"

Then try again to disable Spybot.

Step 1

We'll clean out your unnecessary temp files to speed up the scans

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Step 2

You have used Malwarebytes before. If you still have it on your machine please update and run a Quick Scan. Post the scan report back here.

If you no-longer have Malwarebytes, Posted Image

please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Step 3

Download RootRepeal from one of the following locations and save it to your desktop:Link 1
Link 2
Link 3

Double click to start the program
Click on the Report tab at the bottom of the program window
Click the button
In the Select Scan dialog, check:
- Drivers
- Files
- Processes
- SSDT
- Stealth Objects
- Hidden Services
- Shadow SSDT
Click the OK button
In the next dialog, select all drives showing
Click OK to start the scan

Note: The scan can take some time. DO NOT run any other programs while the scan is running
When the scan is complete, click the button and save the report to your Desktop as RootRepeal.txt
Go to File, then Exit to close the program

If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:

Click Add Reply
Under the reply panel is the Attachments Panel
Browse for the attachment file you want to upload, then click the green Upload button
Once it has uploaded, click the Manage Current Attachments drop down box
Click on to insert the attachment into your post

Step 4

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop

Close ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program.
Check the box that says Scan All Users
Under Additional Scans check the following:
- File - Lop Check
- File - Purity Scan
- Reg - Shell Spawning
- Reg - File associations
- Evnt - EvtViewer (last 10)
In the custom scan section copy and paste the following
%systemroot%\*. /s /r
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:

Click Add Reply
Under the reply panel is the Attachments Panel
Browse for the attachment file you want to upload, then click the green Upload button
Once it has uploaded, click the Manage Current Attachments drop down box
Click on to insert the attachment into your post

Step 5

Things I'd like to see in your next reply :
- the MBAM log
- the RootRepeal log
- the OTS log

#26
bengaluru

Posted 02 October 2009 - 08:57 PM

Member

Topic Starter
Member
143 posts

Hi Tweene,

1. I have removed the Norton antivirus completely.

2. Here is the malawarebytes Log.

Malwarebytes' Anti-Malware 1.41
Database version: 2897
Windows 6.0.6000

02/10/2009 10:14:40 PM
mbam-log-2009-10-02 (22-14-40).txt

Scan type: Quick Scan
Objects scanned: 90256
Time elapsed: 11 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SaveDefenderSvc (Rogue.SaveDefender) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\spool\prtprocs\w32x86\00000029.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

3. I downloaded Rootrepeal several times but get an error everytime I tried to run it
the error message is : FOPS - DeviceIoControl Error! - 0x0000024 Extended Info (0x00000d8)

4. I downloaded OTS and here is the Log report.

OTS logfile created on: 02/10/2009 10:40:47 PM - Run 1
OTS by OldTimer - Version 3.0.20.0	 Folder = C:\Users\Nidhi\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16890)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
1013.57 Mb Total Physical Memory | 180.21 Mb Available Physical Memory | 17.78% Memory free
2.22 Gb Paging File | 1.19 Gb Available in Paging File | 53.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.18 Gb Total Space | 51.38 Gb Free Space | 51.80% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.32 Gb Free Space | 63.22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NIDHIPC
Current User Name: Nidhi
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
apmsgfwd.exe -> C:\Program Files\DellTPad\ApMsgFwd.exe -> [2007/04/18 00:48:18 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.)
apntex.exe -> C:\Program Files\DellTPad\Apntex.exe -> [2006/09/08 19:06:08 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.)
apoint.exe -> C:\Program Files\DellTPad\Apoint.exe -> [2007/04/17 23:31:58 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.)
avgnsx.exe -> C:\Program Files\AVG\AVG8\avgnsx.exe -> [2009/09/23 18:28:54 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsx.exe -> C:\Program Files\AVG\AVG8\avgrsx.exe -> [2009/09/23 18:28:54 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgtray.exe -> C:\Program Files\AVG\AVG8\avgtray.exe -> [2009/09/23 18:28:32 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/09/23 18:28:17 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
dlg.exe -> C:\Program Files\Digital Line Detect\DLG.exe -> [2006/11/03 19:02:14 | 00,050,688 | ---- | M] (Avanquest Software )
ehmsas.exe -> C:\Windows\ehome\ehmsas.exe -> [2006/11/02 08:35:32 | 00,037,376 | ---- | M] (Microsoft Corporation)
ehtray.exe -> C:\Windows\ehome\ehtray.exe -> [2006/11/02 08:35:32 | 00,125,440 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\Windows\Explorer.EXE -> [2008/10/29 02:20:29 | 02,923,520 | ---- | M] (Microsoft Corporation)
fsssvc.exe -> C:\Program Files\Windows Live\Family Safety\fsssvc.exe -> [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation)
fsui.exe -> C:\Program Files\Windows Live\Family Safety\fsui.exe -> [2009/02/06 18:08:58 | 00,454,000 | ---- | M] (Microsoft Corporation)
googledesktop.exe -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -> [2008/08/02 12:24:15 | 00,029,744 | ---- | M] (Google)
googledesktop.exe -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -> [2008/08/02 12:24:15 | 00,029,744 | ---- | M] (Google)
googleupdate.exe -> C:\Users\Nidhi\AppData\Local\Google\Update\GoogleUpdate.exe -> [2008/09/04 21:48:26 | 00,133,104 | ---- | M] (Google Inc.)
hidfind.exe -> C:\Program Files\DellTPad\HidFind.exe -> [2006/09/08 19:10:22 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.)
hkcmd.exe -> C:\Windows\System32\hkcmd.exe -> [2007/05/16 00:53:24 | 00,154,392 | ---- | M] (Intel Corporation)
igfxpers.exe -> C:\Windows\System32\igfxpers.exe -> [2007/05/16 00:53:28 | 00,133,912 | ---- | M] (Intel Corporation)
igfxsrvc.exe -> C:\Windows\System32\igfxsrvc.exe -> [2007/05/16 00:53:30 | 00,252,696 | ---- | M] (Intel Corporation)
ipodservice.exe -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.)
issch.exe -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> [2006/10/03 12:37:04 | 00,081,920 | ---- | M] (Macrovision Corporation)
ituneshelper.exe -> C:\Program Files\iTunes\iTunesHelper.exe -> [2009/06/05 13:39:22 | 00,292,136 | ---- | M] (Apple Inc.)
jusched.exe -> C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe -> [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
msascui.exe -> C:\Program Files\Windows Defender\MSASCui.exe -> [2007/08/24 01:17:20 | 01,006,264 | ---- | M] (Microsoft Corporation)
msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
ots.exe -> C:\Users\Nidhi\Desktop\OTS.exe -> [2009/10/02 22:37:03 | 00,519,168 | ---- | M] (OldTimer Tools)
p2phost.exe -> C:\Windows\System32\p2phost.exe -> [2006/11/02 08:35:38 | 00,191,488 | ---- | M] (Microsoft Corporation)
pcmservice.exe -> C:\Program Files\Dell\MediaDirect\PCMService.exe -> [2007/04/16 17:10:26 | 00,184,320 | ---- | M] (CyberLink Corp.)
quickset.exe -> C:\Program Files\Dell\QuickSet\quickset.exe -> [2007/02/20 14:01:12 | 01,125,088 | ---- | M] (Dell Inc)
roxwatch9.exe -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> [2006/11/05 12:13:00 | 00,159,744 | ---- | M] (Sonic Solutions)
sdwinsec.exe -> C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -> [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.)
stacsv.exe -> C:\Windows\System32\STacSV.exe -> [2007/06/25 01:17:00 | 00,094,208 | ---- | M] (SigmaTel, Inc.)
sttray.exe -> C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe -> [2007/06/25 01:17:04 | 00,405,504 | ---- | M] (SigmaTel, Inc.)
teatimer.exe -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -> [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.)
unsecapp.exe -> C:\Windows\System32\wbem\unsecapp.exe -> [2006/11/02 05:45:50 | 00,037,376 | ---- | M] (Microsoft Corporation)
wmiprvse.exe -> C:\Windows\System32\wbem\wmiprvse.exe -> [2009/03/02 21:59:26 | 00,247,296 | ---- | M] (Microsoft Corporation)
xaudio.exe -> C:\Windows\System32\DRIVERS\xaudio.exe -> [2006/08/04 20:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.)
yahooauservice.exe -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 16:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.)
ymsgr_tray.exe -> C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe -> [2009/05/26 21:06:32 | 00,079,088 | ---- | M] (Yahoo! Inc.)
 
[Win32 Services - Safe List]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.)
(avg8wd) AVG Free8 WatchDog [Win32_Own | Auto | Running] -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/09/23 18:28:17 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/27 14:00:25 | 00,069,632 | ---- | M] (Microsoft Corporation)
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> C:\Program Files\DellSupport\brkrsvc.exe -> [2007/03/19 13:44:44 | 00,070,656 | ---- | M] ()
(ehRecvr) Windows Media Center Receiver Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehRecvr.exe -> [2007/08/24 01:15:46 | 00,291,840 | ---- | M] (Microsoft Corporation)
(ehSched) Windows Media Center Scheduler Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehsched.exe -> [2006/11/02 08:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation)
(ehstart) Windows Media Center Service Launcher [Win32_Shared | Auto | Stopped] -> C:\Windows\ehome\ehstart.dll -> [2006/11/02 08:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation)
(Eventlog) Windows Event Log [Win32_Shared | Auto | Running] -> C:\Windows\System32\wevtsvc.dll -> [2006/11/02 05:46:13 | 00,989,696 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -> [2008/06/19 21:18:04 | 00,046,104 | ---- | M] (Microsoft Corporation)
(fsssvc) Windows Live Family Safety [Win32_Own | Auto | Running] -> C:\Program Files\Windows Live\Family Safety\fsssvc.exe -> [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation)
(GoogleDesktopManager-061008-081103) Google Desktop Manager 5.7.806.10245 [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -> [2008/08/02 12:24:15 | 00,029,744 | ---- | M] (Google)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2008/06/19 21:17:49 | 00,881,664 | ---- | M] (Microsoft Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2008/06/19 21:17:50 | 00,132,096 | ---- | M] (Microsoft Corporation)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> [2006/11/05 12:15:12 | 00,880,640 | ---- | M] (Sonic Solutions)
(RoxWatch9) Roxio Hard Drive Watcher 9 [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> [2006/11/05 12:13:00 | 00,159,744 | ---- | M] (Sonic Solutions)
(SBSDWSCService) SBSD Security Center Service [Win32_Own | Auto | Running] -> C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -> [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.)
(STacSV) SigmaTel Audio Service [Win32_Own | Auto | Running] -> C:\Windows\System32\STacSV.exe -> [2007/06/25 01:17:00 | 00,094,208 | ---- | M] (SigmaTel, Inc.)
(stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -> [2006/09/14 15:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.)
(WinDefend) Windows Defender [Win32_Shared | Auto | Running] -> C:\Program Files\Windows Defender\mpsvc.dll -> [2007/08/24 01:17:20 | 00,265,912 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2006/11/02 08:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation)
(XAudioService) XAudioService [Win32_Own | Auto | Running] -> C:\Windows\System32\DRIVERS\xaudio.exe -> [2006/08/04 20:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.)
(YahooAUService) Yahoo! Updater [Win32_Own | Auto | Running] -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 16:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.)
 
[Driver Services - Safe List]
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2006/11/02 05:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.)
(adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2006/11/02 05:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.)
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.)
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2006/11/02 05:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.)
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006/11/02 05:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.)
(aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2007/08/24 01:16:26 | 00,017,592 | ---- | M] (Acer Laboratories Inc.)
(ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP/Vista [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\Apfiltr.sys -> [2007/04/12 20:02:56 | 00,157,184 | ---- | M] (Alps Electric Co., Ltd.)
(arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2006/11/02 05:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.)
(arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2006/11/02 05:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.)
(AvgLdx86) AVG Free AVI Loader Driver x86 [Kernel | System | Running] -> C:\Windows\System32\Drivers\avgldx86.sys -> [2009/09/23 18:33:36 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> C:\Windows\System32\Drivers\avgmfx86.sys -> [2009/09/23 18:33:29 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgTdiX) AVG Free8 Network Redirector [Kernel | System | Running] -> C:\Windows\System32\Drivers\avgtdix.sys -> [2009/09/23 18:33:52 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\bcm4sbxp.sys -> [2006/11/21 08:25:44 | 00,045,568 | ---- | M] (Broadcom Corporation)
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006/11/02 04:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.)
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006/11/02 04:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.)
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006/11/02 04:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.)
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006/11/02 04:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.)
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006/11/02 04:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.)
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006/11/02 04:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.)
(cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2007/08/24 01:16:26 | 00,019,128 | ---- | M] (CMD Technology, Inc.)
(DSproct) DSproct [Kernel | On_Demand | Stopped] -> C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -> [2006/10/05 18:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.)
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> C:\Windows\System32\DRIVERS\dsunidrv.sys -> [2007/02/25 13:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.)
(e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\e1e6032.sys -> [2006/11/02 03:30:55 | 00,200,704 | ---- | M] (Intel Corporation)
(E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\E1G60I32.sys -> [2006/11/02 03:30:54 | 00,117,760 | ---- | M] (Intel Corporation)
(elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2006/11/02 05:51:34 | 00,316,520 | ---- | M] (Emulex)
(fssfltr) fssfltr [Kernel | Auto | Running] -> C:\Windows\System32\DRIVERS\fssfltr.sys -> [2009/02/06 18:08:52 | 00,055,280 | ---- | M] (Microsoft Corporation)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\Drivers\GEARAspiWDM.sys -> [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.)
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2006/11/02 05:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\HSX_DPV.sys -> [2006/11/02 22:43:30 | 00,986,624 | ---- | M] (Conexant Systems, Inc.)
(HSXHWAZL) HSXHWAZL [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\HSXHWAZL.sys -> [2006/11/02 22:42:18 | 00,206,848 | ---- | M] (Conexant Systems, Inc.)
(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\system32\drivers\iastor.sys -> [2007/02/12 17:36:54 | 00,277,784 | ---- | M] (Intel Corporation)
(iaStorV) Intel RAID Controller Vista [Kernel | Boot | Running] -> C:\Windows\system32\drivers\iastorv.sys -> [2006/11/02 05:51:25 | 00,232,040 | ---- | M] (Intel Corporation)
(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\igdkmd32.sys -> [2007/05/16 00:53:24 | 01,674,240 | ---- | M] (Intel Corporation)
(iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006/11/02 05:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH)
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006/11/02 05:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006/11/02 05:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2006/11/02 05:50:04 | 00,065,640 | ---- | M] (LSI Logic)
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2006/11/02 05:50:05 | 00,065,640 | ---- | M] (LSI Logic)
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2006/11/02 05:50:10 | 00,065,640 | ---- | M] (LSI Logic)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\Windows\System32\DRIVERS\mdmxsdk.sys -> [2006/06/19 17:26:58 | 00,012,672 | ---- | M] (Conexant)
(megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2006/11/02 05:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation)
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006/11/02 05:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation)
(NETw4v32) Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\NETw4v32.sys -> [2007/02/25 10:14:00 | 02,216,448 | ---- | M] (Intel Corporation)
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006/11/02 05:50:19 | 00,045,160 | ---- | M] (IBM Corporation)
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006/11/02 03:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies)
(nvraid) nvraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2006/11/02 05:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation)
(nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvstor.sys -> [2006/11/02 05:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\PxHelp20.sys -> [2006/07/24 04:00:00 | 00,036,528 | ---- | M] (Sonic Solutions)
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2006/11/02 05:51:45 | 00,900,712 | ---- | M] (QLogic Corporation)
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006/11/02 05:50:35 | 00,106,088 | ---- | M] (QLogic Corporation)
(R300) R300 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\atikmdag.sys -> [2006/11/02 03:36:43 | 02,028,032 | ---- | M] (ATI Technologies Inc.)
(rimmptsk) rimmptsk [Kernel | Auto | Running] -> C:\Windows\System32\DRIVERS\rimmptsk.sys -> [2006/11/27 03:48:44 | 00,032,256 | ---- | M] (REDC)
(rimsptsk) rimsptsk [Kernel | Auto | Running] -> C:\Windows\System32\DRIVERS\rimsptsk.sys -> [2006/11/27 03:48:44 | 00,043,520 | ---- | M] (REDC)
(rismxdp) Ricoh xD-Picture Card Driver [Kernel | Auto | Running] -> C:\Windows\System32\DRIVERS\rixdptsk.sys -> [2006/11/27 03:48:46 | 00,037,376 | ---- | M] (REDC)
(RMCAST) RMCAST (Pgm) Protocol Driver [Kernel | Auto | Running] -> C:\Windows\System32\DRIVERS\RMCAST.sys -> [2008/05/09 21:21:06 | 00,113,664 | ---- | M] (Microsoft Corporation)
(s115bus) Sony Ericsson Device 115 driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\s115bus.sys -> [2007/04/23 13:54:46 | 00,083,208 | ---- | M] (MCCI Corporation)
(s115mdfl) Sony Ericsson Device 115 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\s115mdfl.sys -> [2007/04/23 13:54:48 | 00,015,112 | ---- | M] (MCCI Corporation)
(s115mdm) Sony Ericsson Device 115 USB WMC Modem Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\s115mdm.sys -> [2007/04/23 13:54:48 | 00,108,680 | ---- | M] (MCCI Corporation)
(s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\s115mgmt.sys -> [2007/04/23 13:54:50 | 00,100,488 | ---- | M] (MCCI Corporation)
(s115obex) Sony Ericsson Device 115 USB WMC OBEX Interface [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\s115obex.sys -> [2007/04/23 13:54:50 | 00,098,568 | ---- | M] (MCCI Corporation)
(secdrv) Security Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\secdrv.sys -> [2006/11/02 02:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid2.sys -> [2006/11/02 05:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.)
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2006/11/02 05:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems)
(sonyhcb) Sony Digital Imaging Base [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\sonyhcb.sys -> [2001/11/05 09:23:14 | 00,006,097 | ---- | M] (Sony Corporation)
(sonyhcs) Sony Digital Imaging Video [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\sonyhcs.sys -> [2001/11/05 09:23:52 | 00,299,923 | ---- | M] (Sony Corporation)
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\stwrt.sys -> [2007/06/25 01:17:04 | 00,326,656 | ---- | M] (SigmaTel, Inc.)
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006/11/02 05:50:05 | 00,035,944 | ---- | M] (LSI Logic)
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006/11/02 05:49:56 | 00,031,848 | ---- | M] (LSI Logic)
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006/11/02 05:50:03 | 00,034,920 | ---- | M] (LSI Logic)
(uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2006/11/02 05:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.)
(UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.)
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2006/11/02 05:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.)
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\Drivers\usbaapl.sys -> [2009/06/05 11:42:38 | 00,039,424 | ---- | M] (Apple, Inc.)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\usbaudio.sys -> [2006/11/02 04:55:04 | 00,071,552 | ---- | M] (Microsoft Corporation)
(viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2007/08/24 01:16:26 | 00,020,152 | ---- | M] (VIA Technologies, Inc.)
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2006/11/02 05:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd)
(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\HSX_CNXT.sys -> [2006/11/02 22:42:08 | 00,659,968 | ---- | M] (Conexant Systems, Inc.)
(XAudio) XAudio [Kernel | Auto | Running] -> C:\Windows\System32\DRIVERS\xaudio.sys -> [2006/08/04 20:39:10 | 00,008,192 | ---- | M] (Conexant Systems, Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2009/07/30 22:44:14 | 00,909,040 | ---- | M] (Yahoo! Inc.)
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2009/07/30 22:44:14 | 00,909,040 | ---- | M] (Yahoo! Inc.)
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\] > -> -> 
HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\: Main\\"Default_Secondary_Page_URL" -> [Binary data over 100 bytes] -> 
HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\: Main\\"Local Page" -> C:\Windows\system32\blank.htm -> 
HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\: Main\\"Start Page" -> http://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=5070824 -> 
HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\: Main\\"StartPageCache" -> 1 -> 
HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\: "ProxyEnable" -> 0 -> 
HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\: "ProxyOverride" -> *.local -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/08/09 03:02:25 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> C:\PROGRAM FILES\AVG\AVG8\FIREFOX [C:\PROGRAM FILES\AVG\AVG8\FIREFOX] -> [2009/09/23 18:28:10 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\avg@igeared -> C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED [C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED] -> [2009/09/23 18:29:45 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
< HOSTS File > (27 bytes and 1 lines) -> C:\Windows\System32\drivers\etc\Hosts -> 
Reset Hosts
127.0.0.1	   localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [&Yahoo! Toolbar Helper] -> [2009/07/30 22:44:14 | 00,909,040 | ---- | M] (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 04:16:42 | 00,059,032 | ---- | M] (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2009/09/23 18:29:03 | 01,111,320 | ---- | M] (AVG Technologies CZ, s.r.o.)
{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} [HKLM] -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [Windows Live Family Safety Browser Helper Class] -> [2009/02/06 18:08:44 | 00,061,808 | ---- | M] (Microsoft Corporation)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> [2008/06/10 04:27:02 | 00,509,328 | ---- | M] (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/02/17 17:11:04 | 00,408,440 | ---- | M] (Microsoft Corporation)
{A3BC75A2-1F87-4686-AA43-5347D756017C} [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/07/24 09:55:58 | 01,090,816 | ---- | M] ()
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> c:\program files\google\googletoolbar1.dll [Google Toolbar Helper] -> [2007/08/23 17:54:07 | 02,193,280 | R--- | M] (Google Inc.)
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKLM] -> C:\Program Files\BAE\BAE.dll [CBrowserHelperObject Object] -> [2007/03/16 06:20:26 | 00,098,304 | ---- | M] (Dell Inc.)
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} [HKLM] -> C:\Program Files\Free Download Manager\iefdm2.dll [FDMIECookiesBHO Class] -> [2008/06/18 07:56:52 | 00,094,208 | ---- | M] ()
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [SingleInstance Class] -> [2009/07/30 22:44:02 | 00,159,472 | ---- | M] (Yahoo! Inc)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> c:\program files\google\googletoolbar1.dll [&Google] -> [2007/08/23 17:54:07 | 02,193,280 | R--- | M] (Google Inc.)
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009/07/24 09:55:58 | 01,090,816 | ---- | M] ()
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2009/07/30 22:44:14 | 00,909,040 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\] > -> HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> c:\program files\google\googletoolbar1.dll [&Google] -> [2007/08/23 17:54:07 | 02,193,280 | R--- | M] (Google Inc.)
WebBrowser\\"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009/07/24 09:55:58 | 01,090,816 | ---- | M] ()
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Apoint" -> C:\Program Files\DellTPad\Apoint.exe [C:\Program Files\DellTPad\Apoint.exe] -> [2007/04/17 23:31:58 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.)
"AVG8_TRAY" -> C:\Program Files\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> [2009/09/23 18:28:32 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.)
"dscactivate" -> C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ["C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"] -> [2007/11/15 09:24:00 | 00,016,384 | ---- | M] ( )
"ECenter" -> c:\dell\E-Center\EULALauncher.exe [c:\dell\E-Center\EULALauncher.exe] -> [2007/03/16 06:20:42 | 00,017,920 | ---- | M] ( )
"fssui" -> C:\Program Files\Windows Live\Family Safety\fsui.exe ["C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun] -> [2009/02/06 18:08:58 | 00,454,000 | ---- | M] (Microsoft Corporation)
"Google Desktop Search" -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> [2008/08/02 12:24:15 | 00,029,744 | ---- | M] (Google)
"HotKeysCmds" -> C:\Windows\System32\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> [2007/05/16 00:53:24 | 00,154,392 | ---- | M] (Intel Corporation)
"IgfxTray" -> C:\Windows\System32\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> [2007/05/16 00:53:32 | 00,138,008 | ---- | M] (Intel Corporation)
"ISUSPM Startup" -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> [2006/10/03 12:35:42 | 00,221,184 | ---- | M] (Macrovision Corporation)
"ISUSScheduler" -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2006/10/03 12:37:04 | 00,081,920 | ---- | M] (Macrovision Corporation)
"iTunesHelper" -> C:\Program Files\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2009/06/05 13:39:22 | 00,292,136 | ---- | M] (Apple Inc.)
"Malwarebytes Anti-Malware (reboot)" -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2009/09/10 14:53:56 | 01,312,080 | ---- | M] (Malwarebytes Corporation)
"Microsoft Works Portfolio" -> C:\Program Files\Microsoft Works\WksSb.exe [C:\Program Files\Microsoft Works\WksSb.exe /AllUsers] -> [2006/06/05 05:20:22 | 00,749,568 | ---- | M] (Microsoft® Corporation)
"Microsoft Works Update Detection" -> C:\Program Files\Microsoft Works\WkDetect.exe [C:\Program Files\Microsoft Works\WkDetect.exe] -> [2000/08/08 16:00:00 | 00,028,739 | ---- | M] (Microsoft® Corporation)
"PCMService" -> C:\Program Files\Dell\MediaDirect\PCMService.exe ["C:\Program Files\Dell\MediaDirect\PCMService.exe"] -> [2007/04/16 17:10:26 | 00,184,320 | ---- | M] (CyberLink Corp.)
"Persistence" -> C:\Windows\System32\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> [2007/05/16 00:53:28 | 00,133,912 | ---- | M] (Intel Corporation)
"QuickTime Task" -> C:\Program Files\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2009/05/26 17:18:30 | 00,413,696 | ---- | M] (Apple Inc.)
"SigmatelSysTrayApp" -> C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe] -> [2007/06/25 01:17:04 | 00,405,504 | ---- | M] (SigmaTel, Inc.)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2007/08/24 01:17:20 | 01,006,264 | ---- | M] (Microsoft Corporation)
"WorksFUD" -> C:\Program Files\Microsoft Works\wkfud.exe [C:\Program Files\Microsoft Works\wkfud.exe] -> [2000/08/08 16:00:00 | 00,024,576 | ---- | M] (Microsoft® Corporation)
< Run [HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\] > -> HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"CollaborationHost" -> C:\Windows\System32\p2phost.exe [C:\Windows\system32\p2phost.exe -s] -> [2006/11/02 08:35:38 | 00,191,488 | ---- | M] (Microsoft Corporation)
"ehTray.exe" -> C:\Windows\ehome\ehTray.exe [C:\Windows\ehome\ehTray.exe] -> [2006/11/02 08:35:32 | 00,125,440 | ---- | M] (Microsoft Corporation)
"Google Update" -> C:\Users\Nidhi\AppData\Local\Google\Update\GoogleUpdate.exe ["C:\Users\Nidhi\AppData\Local\Google\Update\GoogleUpdate.exe" /c] -> [2008/09/04 21:48:26 | 00,133,104 | ---- | M] (Google Inc.)
"googletalk" -> C:\Users\Nidhi\AppData\Roaming\Google\Google Talk\googletalk.exe [C:\Users\Nidhi\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart] -> [2007/01/01 17:22:02 | 03,739,648 | ---- | M] (Google)
"Messenger (Yahoo!)" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> [2009/05/26 21:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.)
"MsnMsgr" -> C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe ["C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"SpybotSD TeaTimer" -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.)
"WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2006/11/02 08:34:50 | 02,159,104 | ---- | M] (Microsoft Corporation)
< Software Policy Settings [HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000] > -> HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [2] -> File not found
\\"ConsentPromptBehaviorUser" ->  [1] -> File not found
\\"EnableInstallerDetection" ->  [1] -> File not found
\\"EnableLUA" ->  [1] -> File not found
\\"EnableSecureUIAPaths" ->  [1] -> File not found
\\"EnableVirtualization" ->  [1] -> File not found
\\"PromptOnSecureDesktop" ->  [1] -> File not found
\\"ValidateAdminCodeSignatures" ->  [0] -> File not found
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"scforceoption" ->  [0] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"FilterAdministratorToken" ->  [0] -> File not found
\\"DisableRegistryTools" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
\UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" ->  [1] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" ->  [2] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" ->  [7] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIB" ->  [8] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" ->  [9] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" ->  [13] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" ->  [17] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000] > -> HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000] > -> HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll [Menu: Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search && Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\] > -> HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\] > -> HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab [Java Plug-in 1.6.0] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
CabBuilder [HKLM] -> http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.0.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{7B7F40DA-D114-489E-BC1C-E555E56B63ED}\\DhcpNameServer -> 192.168.0.1   (Intel(R) PRO/Wireless 3945ABG Network Connection) -> 
{B6C4DF43-D66F-41E8-A6C2-95CA1AAE070B}\\DhcpNameServer -> 163.244.112.71 10.101.101.100 163.244.101.69 163.244.100.254 163.244.112.254 10.101.101.254   (Broadcom 440x 10/100 Integrated Controller) -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [2008/08/02 12:24:16 | 00,113,664 | ---- | M] (Google)
C:\Windows\System32\avgrsstx.dll -> C:\Windows\System32\avgrsstx.dll -> [2009/09/23 18:33:53 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\Windows\explorer.exe -> [2008/10/29 02:20:29 | 02,923,520 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> C:\Windows\System32\igfxdev.dll -> [2007/05/16 00:53:26 | 00,204,800 | ---- | M] (Intel Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> Reg Error: Key error. [] -> File not found
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2006/09/18 17:43:36 | 00,000,024 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> File not found
exefile [open] -> "%1" %* -> File not found
 
[Registry - Additional Scans - Safe List]
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.bat [@ = batfile] -> "%1" %* -> 
.chm [@ = chm.file] -> C:\Windows\hh.exe -> [2006/11/02 05:45:13 | 00,014,848 | ---- | M] (Microsoft Corporation)
.cmd [@ = cmdfile] -> "%1" %* -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
.hlp [@ = hlpfile] -> C:\Windows\winhlp32.exe -> [2006/11/02 05:45:57 | 00,009,216 | ---- | M] (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -> Reg Error: Key error. -> File not found
.pif [@ = piffile] -> "%1" %* -> 
.scr [@ = scrfile] -> "%1" /S -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
batfile [open] -> "%1" %* -> File not found
chm.file [open] -> "%SystemRoot%\hh.exe" %1 -> [2006/11/02 05:45:13 | 00,014,848 | ---- | M] (Microsoft Corporation)
cmdfile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* -> File not found
exefile [open] -> "%1" %* -> File not found
helpfile [open] -> Reg Error: Key error.
hlpfile [open] -> %SystemRoot%\winhlp32.exe %1 -> [2006/11/02 05:45:57 | 00,009,216 | ---- | M] (Microsoft Corporation)
htmlfile [edit] -> "E:\PFiles\MSOffice\Office\msohtmed.exe" %1 -> File not found
htmlfile [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2009/07/18 08:16:49 | 00,634,648 | ---- | M] (Microsoft Corporation)
htmlfile [opennew] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 -> [2009/07/18 08:16:49 | 00,634,648 | ---- | M] (Microsoft Corporation)
http [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2009/07/18 08:16:49 | 00,634,648 | ---- | M] (Microsoft Corporation)
https [open] -> "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" -> File not found
piffile [open] -> "%1" %* -> File not found
regfile [merge] -> Reg Error: Key error.
scrfile [config] -> "%1" -> File not found
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2006/11/02 05:44:42 | 00,368,640 | ---- | M] (Microsoft Corporation)
scrfile [open] -> "%1" /S -> File not found
txtfile [edit] -> Reg Error: Key error.
Directory [AddToPlaylistVLC] -> C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" -> [2008/10/06 16:00:34 | 00,094,208 | ---- | M] ()
Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2006/11/02 05:44:59 | 00,320,000 | ---- | M] (Microsoft Corporation)
Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/10/29 02:20:29 | 02,923,520 | ---- | M] (Microsoft Corporation)
Directory [PlayWithVLC] -> C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" -> [2008/10/06 16:00:34 | 00,094,208 | ---- | M] ()
Folder [open] -> %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L -> [2008/10/29 02:20:29 | 02,923,520 | ---- | M] (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L -> [2008/10/29 02:20:29 | 02,923,520 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/10/29 02:20:29 | 02,923,520 | ---- | M] (Microsoft Corporation)
Applications\iexplore.exe [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" %1 -> [2009/07/18 08:16:49 | 00,634,648 | ---- | M] (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "C:\Program Files\Internet Explorer\iexplore.exe" -> [2009/07/18 08:16:49 | 00,634,648 | ---- | M] (Microsoft Corporation)
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 10/05/2009 7:28:02 PM Computer Name = NidhiPC | Source = Application Error | ID = 1000 -> Description = Faulting application msnmsgr.exe, version 14.0.8064.206, time stamp 0x498cf586, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00001b60,  process id 0x1fe0, application start time 0x01c9d1c231e3e7d0.
Application [ Error ] 11/05/2009 2:14:15 PM Computer Name = NidhiPC | Source = Application Error | ID = 1000 -> Description = Faulting application msnmsgr.exe, version 14.0.8064.206, time stamp 0x498cf586, faulting module UXCore.dll, version 14.0.8064.206, time stamp 0x498cdee0, exception code 0xc0000005, fault offset 0x00069bda,  process id 0xbc8, application start time 0x01c9d22a7ad83960.
Application [ Error ] 11/05/2009 5:37:07 PM Computer Name = NidhiPC | Source = Application Error | ID = 1000 -> Description = Faulting application msnmsgr.exe, version 14.0.8064.206, time stamp 0x498cf586, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000,  process id 0x1990, application start time 0x01c9d264685d3030.
Application [ Error ] 12/05/2009 9:58:50 PM Computer Name = NidhiPC | Source = Application Error | ID = 1000 -> Description = Faulting application msnmsgr.exe, version 14.0.8064.206, time stamp 0x498cf586, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00060000,  process id 0xedc, application start time 0x01c9d2866a1e6fc0.
Application [ Error ] 12/05/2009 10:18:00 PM Computer Name = NidhiPC | Source = Application Error | ID = 1000 -> Description = Faulting application msnmsgr.exe, version 14.0.8064.206, time stamp 0x498cf586, faulting module UXCore.dll, version 14.0.8064.206, time stamp 0x498cdee0, exception code 0xc0000005, fault offset 0x00066fea,  process id 0x1d54, application start time 0x01c9d370d6e57690.
Application [ Error ] 12/05/2009 11:16:59 PM Computer Name = NidhiPC | Source = Application Error | ID = 1000 -> Description = Faulting application msnmsgr.exe, version 14.0.8064.206, time stamp 0x498cf586, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x80000000,  process id 0x1f28, application start time 0x01c9d3711858fca0.
Application [ Error ] 13/05/2009 8:52:37 AM Computer Name = NidhiPC | Source = Application Error | ID = 1000 -> Description = Faulting application msnmsgr.exe, version 14.0.8064.206, time stamp 0x498cf586, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000,  process id 0x200, application start time 0x01c9d3c967207f40.
Application [ Error ] 13/05/2009 8:55:33 AM Computer Name = NidhiPC | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 7.0.6000.16830, time stamp 0x49ac913e, faulting module AcroPDF.dll, version 7.0.8.0, time stamp 0x446aa70a, exception code 0xc0000005, fault offset 0x0002fdb3,  process id 0x110c, application start time 0x01c9d3c8669cc5c0.
Application [ Error ] 14/05/2009 12:18:33 AM Computer Name = NidhiPC | Source = Application Error | ID = 1000 -> Description = Faulting application msnmsgr.exe, version 14.0.8064.206, time stamp 0x498cf586, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00040000,  process id 0xe8c, application start time 0x01c9d4441e508d70.
Application [ Error ] 14/05/2009 8:16:10 PM Computer Name = NidhiPC | Source = Application Error | ID = 1000 -> Description = Faulting application msnmsgr.exe, version 14.0.8064.206, time stamp 0x498cf586, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000,  process id 0x1f3c, application start time 0x01c9d4cda1ef79a0.
Media Center [ Error ] 06/12/2007 6:46:55 PM Computer Name = NidhiPC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Media Center [ Error ] 06/12/2007 10:56:53 PM Computer Name = NidhiPC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Media Center [ Error ] 10/12/2007 10:43:19 PM Computer Name = NidhiPC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Media Center [ Error ] 12/12/2007 10:54:36 PM Computer Name = NidhiPC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Media Center [ Error ] 18/12/2007 9:06:14 PM Computer Name = NidhiPC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Media Center [ Error ] 22/12/2007 10:59:14 AM Computer Name = NidhiPC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Media Center [ Error ] 16/04/2008 12:19:15 PM Computer Name = NidhiPC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Media Center [ Error ] 17/04/2008 7:46:02 AM Computer Name = NidhiPC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Media Center [ Error ] 18/04/2008 3:55:35 PM Computer Name = NidhiPC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Media Center [ Error ] 30/01/2009 6:36:31 PM Computer Name = NidhiPC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
ODiag [ Error ] 22/12/2008 6:21:43 PM Computer Name = NidhiPC | Source = Microsoft Office 12 Diagnostics | ID = 320 -> Description = An unexpected error occurred. Tag: 81vb. Error code: N/A
OSession [ Error ] 22/12/2008 6:16:29 PM Computer Name = NidhiPC | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1902 seconds with 180 seconds of active time.  This session ended with a crash.
OSession [ Error ] 22/12/2008 6:17:01 PM Computer Name = NidhiPC | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 22 seconds with 0 seconds of active time.  This session ended with a crash.
OSession [ Error ] 22/12/2008 6:17:44 PM Computer Name = NidhiPC | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 24 seconds with 0 seconds of active time.  This session ended with a crash.
OSession [ Error ] 22/12/2008 6:19:03 PM Computer Name = NidhiPC | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 72 seconds with 60 seconds of active time.  This session ended with a crash.
OSession [ Error ] 22/12/2008 6:21:09 PM Computer Name = NidhiPC | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 113 seconds with 60 seconds of active time.  This session ended with a crash.
OSession [ Error ] 22/12/2008 6:23:38 PM Computer Name = NidhiPC | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12 seconds with 0 seconds of active time.  This session ended with a crash.
OSession [ Error ] 22/12/2008 6:24:24 PM Computer Name = NidhiPC | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 13 seconds with 0 seconds of active time.  This session ended with a crash.
OSession [ Error ] 22/12/2008 10:49:11 PM Computer Name = NidhiPC | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 46 seconds with 0 seconds of active time.  This session ended with a crash.
OSession [ Error ] 22/12/2008 10:49:31 PM Computer Name = NidhiPC | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
System [ Error ] 02/10/2009 9:33:25 PM Computer Name = NidhiPC | Source = Service Control Manager | ID = 7031 -> Description = 
System [ Error ] 02/10/2009 9:33:25 PM Computer Name = NidhiPC | Source = Service Control Manager | ID = 7034 -> Description = 
System [ Error ] 02/10/2009 9:33:25 PM Computer Name = NidhiPC | Source = Service Control Manager | ID = 7034 -> Description = 
System [ Error ] 02/10/2009 9:33:25 PM Computer Name = NidhiPC | Source = Service Control Manager | ID = 7034 -> Description = 
System [ Error ] 02/10/2009 9:33:25 PM Computer Name = NidhiPC | Source = Service Control Manager | ID = 7034 -> Description = 
System [ Error ] 02/10/2009 9:33:25 PM Computer Name = NidhiPC | Source = Service Control Manager | ID = 7034 -> Description = 
System [ Error ] 02/10/2009 9:50:17 PM Computer Name = NidhiPC | Source = Service Control Manager | ID = 7000 -> Description = 
System [ Error ] 02/10/2009 9:50:25 PM Computer Name = NidhiPC | Source = Service Control Manager | ID = 7009 -> Description = 
System [ Error ] 02/10/2009 9:50:25 PM Computer Name = NidhiPC | Source = Service Control Manager | ID = 7000 -> Description = 
System [ Error ] 02/10/2009 10:18:14 PM Computer Name = NidhiPC | Source = DCOM | ID = 10010 -> Description = 
 
[Files/Folders - Created Within 30 Days]
ProgramData -> C:\ProgramData -> [2009/10/01 20:17:07 | 00,000,000 | ---D | M]
Adobe -> C:\ProgramData\Adobe -> [2009/10/01 20:17:07 | 00,000,000 | ---D | M]
AVG Security Toolbar -> C:\ProgramData\AVG Security Toolbar -> [2009/09/23 18:29:46 | 00,000,000 | ---D | M]
avg8 -> C:\ProgramData\avg8 -> [2009/09/23 18:52:04 | 00,000,000 | ---D | M]
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2009/09/20 21:52:38 | 00,000,000 | ---D | M]
Microsoft -> C:\ProgramData\Microsoft -> [2009/09/20 12:44:47 | 00,000,000 | --SD | M]
Microsoft Help -> C:\ProgramData\Microsoft Help -> [2009/09/20 18:14:31 | 00,000,000 | ---D | M]
Spybot - Search & Destroy -> C:\ProgramData\Spybot - Search & Destroy -> [2009/09/28 18:42:20 | 00,000,000 | ---D | M]
Symantec -> C:\ProgramData\Symantec -> [2009/10/02 20:53:15 | 00,000,000 | ---D | M]
Yahoo! Companion -> C:\ProgramData\Yahoo! Companion -> [2009/09/20 18:14:33 | 00,000,000 | ---D | M]
Roaming -> C:\Users\Nidhi\AppData\Roaming -> [2009/09/23 17:55:23 | 00,000,000 | ---D | M]
AVG8 -> C:\Users\Nidhi\AppData\Roaming\AVG8 -> [2009/09/23 17:55:23 | 00,000,000 | ---D | M]
Malwarebytes -> C:\Users\Nidhi\AppData\Roaming\Malwarebytes -> [2009/09/20 21:52:47 | 00,000,000 | ---D | M]
Microsoft -> C:\Users\Nidhi\AppData\Roaming\Microsoft -> [2009/09/16 20:53:35 | 00,000,000 | --SD | M]
Mozilla -> C:\Users\Nidhi\AppData\Roaming\Mozilla -> [2009/09/23 20:06:13 | 00,000,000 | ---D | M]
Local -> C:\Users\Nidhi\AppData\Local -> [2009/10/01 19:47:38 | 00,000,000 | ---D | M]
MediaDirect -> C:\Users\Nidhi\AppData\Local\MediaDirect -> [2009/09/20 18:14:33 | 00,000,000 | ---D | M]
Microsoft -> C:\Users\Nidhi\AppData\Local\Microsoft -> [2009/09/16 20:53:35 | 00,000,000 | ---D | M]
Microsoft Help -> C:\Users\Nidhi\AppData\Local\Microsoft Help -> [2009/09/20 18:14:33 | 00,000,000 | ---D | M]
temp -> C:\Users\Nidhi\AppData\Local\temp -> [2009/10/02 22:40:40 | 00,000,000 | ---D | M]
Common Files -> C:\Program Files\Common Files -> [2009/10/01 19:32:19 | 00,000,000 | ---D | M]
Symantec Shared -> C:\Program Files\Common Files\Symantec Shared -> [2009/10/02 20:53:15 | 00,000,000 | ---D | M]
Program Files -> C:\Program Files -> [2009/10/02 22:00:20 | 00,000,000 | R--D | M]
AVG -> C:\Program Files\AVG -> [2009/09/23 18:28:07 | 00,000,000 | ---D | M]
Common Files -> C:\Program Files\Common Files -> [2009/10/01 19:32:19 | 00,000,000 | ---D | M]
Google -> C:\Program Files\Google -> [2009/09/20 18:14:29 | 00,000,000 | ---D | M]
HijackThis -> C:\Program Files\HijackThis -> [2009/09/20 14:37:10 | 00,000,000 | ---D | M]
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/10/02 22:00:30 | 00,000,000 | ---D | M]
Microsoft Silverlight -> C:\Program Files\Microsoft Silverlight -> [2009/09/20 18:14:30 | 00,000,000 | ---D | M]
Microsoft Works -> C:\Program Files\Microsoft Works -> [2009/09/20 18:14:31 | 00,000,000 | ---D | M]
Mozilla Firefox -> C:\Program Files\Mozilla Firefox -> [2009/09/23 20:06:19 | 00,000,000 | ---D | M]
Spybot - Search & Destroy -> C:\Program Files\Spybot - Search & Destroy -> [2009/09/24 16:01:09 | 00,000,000 | ---D | M]
Trend Micro -> C:\Program Files\Trend Micro -> [2009/09/20 11:07:02 | 00,000,000 | ---D | M]
Windows Mail -> C:\Program Files\Windows Mail -> [2009/09/20 18:14:31 | 00,000,000 | ---D | M]
OTS.exe -> C:\Users\Nidhi\Desktop\OTS.exe -> [2009/10/02 22:36:53 | 00,519,168 | ---- | C] (OldTimer Tools)
RootRepeal.exe -> C:\Users\Nidhi\Desktop\RootRepeal.exe -> [2009/10/02 22:27:50 | 00,472,064 | ---- | C] ( )
mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2009/10/02 22:00:22 | 00,038,224 | ---- | C] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2009/10/02 22:00:20 | 00,019,160 | ---- | C] (Malwarebytes Corporation)
mbam-setup.exe -> C:\Users\Nidhi\Desktop\mbam-setup.exe -> [2009/10/02 21:56:20 | 04,045,528 | ---- | C] (Malwarebytes Corporation									)
TFC.exe -> C:\Users\Nidhi\Desktop\TFC.exe -> [2009/10/02 21:19:23 | 00,271,872 | ---- | C] (OldTimer Tools)
Adobe -> C:\ProgramData\Adobe -> [2009/10/01 20:17:07 | 00,000,000 | ---D | C]
$RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2009/10/01 19:45:09 | 00,000,000 | -HSD | C]
temp -> C:\Windows\temp -> [2009/10/01 19:36:11 | 00,000,000 | ---D | C]
CF28910.exe -> C:\Windows\System32\CF28910.exe -> [2009/10/01 19:19:35 | 00,320,000 | ---- | C] (Microsoft Corporation)
Combo-Fix -> C:\Combo-Fix -> [2009/10/01 19:19:35 | 00,000,000 | ---D | C]
swsc.exe -> C:\Windows\System32\swsc.exe -> [2009/10/01 18:41:07 | 00,031,744 | ---- | C] (Microsoft Corporation)
SWREG.exe -> C:\Windows\SWREG.exe -> [2009/09/28 22:04:00 | 00,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> C:\Windows\SWSC.exe -> [2009/09/28 22:04:00 | 00,136,704 | ---- | C] (SteelWerX)
NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2009/09/28 22:04:00 | 00,031,232 | ---- | C] (NirSoft)
SWXCACLS.exe -> C:\Windows\SWXCACLS.exe -> [2009/09/28 22:03:59 | 00,212,480 | ---- | C] (SteelWerX)
Qoobox -> C:\Qoobox -> [2009/09/28 21:48:18 | 00,000,000 | ---D | C]
Avenger -> C:\Avenger -> [2009/09/28 18:45:18 | 00,000,000 | ---D | C]
Spybot - Search & Destroy -> C:\ProgramData\Spybot - Search & Destroy -> [2009/09/24 15:51:42 | 00,000,000 | ---D | C]
$AVG8.VAULT$ -> C:\$AVG8.VAULT$ -> [2009/09/23 18:38:43 | 00,000,000 | ---D | C]
avgrsstx.dll -> C:\Windows\System32\avgrsstx.dll -> [2009/09/23 18:33:53 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.)
avgtdix.sys -> C:\Windows\System32\drivers\avgtdix.sys -> [2009/09/23 18:33:52 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.)
avgldx86.sys -> C:\Windows\System32\drivers\avgldx86.sys -> [2009/09/23 18:33:36 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.)
avgmfx86.sys -> C:\Windows\System32\drivers\avgmfx86.sys -> [2009/09/23 18:33:29 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.)
Avg -> C:\Windows\System32\drivers\Avg -> [2009/09/23 18:29:53 | 00,000,000 | ---D | C]
AVG Security Toolbar -> C:\ProgramData\AVG Security Toolbar -> [2009/09/23 18:29:46 | 00,000,000 | ---D | C]
avg8 -> C:\ProgramData\avg8 -> [2009/09/23 18:28:03 | 00,000,000 | ---D | C]
avg_free_stb_all_8_32_cnet.exe -> C:\Users\Nidhi\Desktop\avg_free_stb_all_8_32_cnet.exe -> [2009/09/23 17:55:27 | 00,848,712 | ---- | C] (AVG Technologies)
mysetup.exe -> C:\Users\Nidhi\Desktop\mysetup.exe -> [2009/09/21 18:11:06 | 04,045,528 | ---- | C] (Malwarebytes Corporation									)
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2009/09/20 21:52:38 | 00,000,000 | ---D | C]
ERDNT -> C:\Windows\ERDNT -> [2009/09/20 21:49:20 | 00,000,000 | ---D | C]
HijackThis -> C:\HijackThis -> [2009/09/20 11:28:44 | 00,000,000 | ---D | C]
L2SecHC.dll -> C:\Windows\System32\L2SecHC.dll -> [2009/09/10 07:34:26 | 00,123,904 | ---- | C] (Microsoft Corporation)
wlansec.dll -> C:\Windows\System32\wlansec.dll -> [2009/09/10 07:34:25 | 00,297,984 | ---- | C] (Microsoft Corporation)
wlanmsm.dll -> C:\Windows\System32\wlanmsm.dll -> [2009/09/10 07:34:25 | 00,290,816 | ---- | C] (Microsoft Corporation)
wlansvc.dll -> C:\Windows\System32\wlansvc.dll -> [2009/09/10 07:34:24 | 00,502,272 | ---- | C] (Microsoft Corporation)
wlanhlp.dll -> C:\Windows\System32\wlanhlp.dll -> [2009/09/10 07:34:23 | 00,067,584 | ---- | C] (Microsoft Corporation)
wlanapi.dll -> C:\Windows\System32\wlanapi.dll -> [2009/09/10 07:34:23 | 00,047,104 | ---- | C] (Microsoft Corporation)
tcpip.sys -> C:\Windows\System32\drivers\tcpip.sys -> [2009/09/10 07:33:54 | 00,813,568 | ---- | C] (Microsoft Corporation)
netio.sys -> C:\Windows\System32\drivers\netio.sys -> [2009/09/10 07:33:53 | 00,213,592 | ---- | C] (Microsoft Corporation)
netiohlp.dll -> C:\Windows\System32\netiohlp.dll -> [2009/09/10 07:33:50 | 00,103,936 | ---- | C] (Microsoft Corporation)
tcpipcfg.dll -> C:\Windows\System32\tcpipcfg.dll -> [2009/09/10 07:33:47 | 00,167,424 | ---- | C] (Microsoft Corporation)
netiougc.exe -> C:\Windows\System32\netiougc.exe -> [2009/09/10 07:33:46 | 00,022,016 | ---- | C] (Microsoft Corporation)
ARP.EXE -> C:\Windows\System32\ARP.EXE -> [2009/09/10 07:33:46 | 00,019,968 | ---- | C] (Microsoft Corporation)
ROUTE.EXE -> C:\Windows\System32\ROUTE.EXE -> [2009/09/10 07:33:46 | 00,017,920 | ---- | C] (Microsoft Corporation)
MRINFO.EXE -> C:\Windows\System32\MRINFO.EXE -> [2009/09/10 07:33:46 | 00,011,264 | ---- | C] (Microsoft Corporation)
TCPSVCS.EXE -> C:\Windows\System32\TCPSVCS.EXE -> [2009/09/10 07:33:46 | 00,009,728 | ---- | C] (Microsoft Corporation)
NETSTAT.EXE -> C:\Windows\System32\NETSTAT.EXE -> [2009/09/10 07:33:45 | 00,027,136 | ---- | C] (Microsoft Corporation)
netevent.dll -> C:\Windows\System32\netevent.dll -> [2009/09/10 07:33:45 | 00,015,360 | ---- | C] (Microsoft Corporation)
finger.exe -> C:\Windows\System32\finger.exe -> [2009/09/10 07:33:45 | 00,010,240 | ---- | C] (Microsoft Corporation)
HOSTNAME.EXE -> C:\Windows\System32\HOSTNAME.EXE -> [2009/09/10 07:33:45 | 00,008,704 | ---- | C] (Microsoft Corporation)
WMVCORE.DLL -> C:\Windows\System32\WMVCORE.DLL -> [2009/09/10 07:28:54 | 02,433,536 | ---- | C] (Microsoft Corporation)
mf.dll -> C:\Windows\System32\mf.dll -> [2009/09/10 07:28:53 | 02,855,424 | ---- | C] (Microsoft Corporation)
mfps.dll -> C:\Windows\System32\mfps.dll -> [2009/09/10 07:28:51 | 00,098,816 | ---- | C] (Microsoft Corporation)
rrinstaller.exe -> C:\Windows\System32\rrinstaller.exe -> [2009/09/10 07:28:51 | 00,052,736 | ---- | C] (Microsoft Corporation)
mfpmp.exe -> C:\Windows\System32\mfpmp.exe -> [2009/09/10 07:28:51 | 00,024,576 | ---- | C] (Microsoft Corporation)
mferror.dll -> C:\Windows\System32\mferror.dll -> [2009/09/10 07:28:50 | 00,002,048 | ---- | C] (Microsoft Corporation)
jscript.dll -> C:\Windows\System32\jscript.dll -> [2009/09/10 07:24:27 | 00,512,000 | ---- | C] (Microsoft Corporation)
 
[Files/Folders - Modified Within 30 Days]
18 C:\Users\Nidhi\Documents\*.tmp files -> C:\Users\Nidhi\Documents\*.tmp -> 
ntuser.dat -> C:\Users\Nidhi\ntuser.dat -> [2009/10/02 22:48:40 | 03,932,160 | -HS- | M] ()
OTS.exe -> C:\Users\Nidhi\Desktop\OTS.exe -> [2009/10/02 22:37:03 | 00,519,168 | ---- | M] (OldTimer Tools)
settings.dat -> C:\Users\Nidhi\Desktop\settings.dat -> [2009/10/02 22:31:23 | 00,000,000 | ---- | M] ()
RootRepeal.exe -> C:\Users\Nidhi\Desktop\RootRepeal.exe -> [2009/10/02 22:31:08 | 00,472,064 | ---- | M] ( )
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2009/10/02 22:19:36 | 00,003,456 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2009/10/02 22:19:36 | 00,003,456 | -H-- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2009/10/02 22:19:34 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2009/10/02 22:19:29 | 00,067,584 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/10/02 22:19:27 | 10,634,52672 | -HS- | M] ()
IconCache.db -> C:\Users\Nidhi\AppData\Local\IconCache.db -> [2009/10/02 22:18:06 | 04,195,236 | -H-- | M] ()
GoogleUpdateTaskUserS-1-5-21-2934146092-3137938891-3697879613-1000UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2934146092-3137938891-3697879613-1000UA.job -> [2009/10/02 22:16:03 | 00,000,908 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/10/02 22:00:25 | 00,000,823 | ---- | M] ()
mbam-setup.exe -> C:\Users\Nidhi\Desktop\mbam-setup.exe -> [2009/10/02 21:58:16 | 04,045,528 | ---- | M] (Malwarebytes Corporation									)
TFC.exe -> C:\Users\Nidhi\Desktop\TFC.exe -> [2009/10/02 21:19:27 | 00,271,872 | ---- | M] (OldTimer Tools)
Inherit.exe -> C:\Users\Nidhi\Desktop\Inherit.exe -> [2009/10/02 21:09:53 | 00,085,504 | ---- | M] ()
incavi.avm -> C:\Windows\System32\drivers\Avg\incavi.avm -> [2009/10/02 17:38:49 | 42,186,641 | ---- | M] ()
microavi.avg -> C:\Windows\System32\drivers\Avg\microavi.avg -> [2009/10/02 17:38:49 | 00,004,566 | ---- | M] ()
Adobe Reader 7.0.lnk -> C:\Users\Public\Desktop\Adobe Reader 7.0.lnk -> [2009/10/01 20:17:32 | 00,001,903 | ---- | M] ()
Adobe Reader Speed Launch.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> [2009/10/01 20:17:31 | 00,001,926 | ---- | M] ()
AcRdB7_0_9.sta -> C:\Users\Public\Documents\AcRdB7_0_9.sta -> [2009/10/01 20:10:45 | 00,000,082 | ---- | M] ()
d3d9caps.dat -> C:\Users\Nidhi\AppData\Local\d3d9caps.dat -> [2009/10/01 19:47:38 | 00,000,680 | ---- | M] ()
system.ini -> C:\Windows\system.ini -> [2009/10/01 19:36:29 | 00,000,215 | ---- | M] ()
CF28910.exe -> C:\Windows\System32\CF28910.exe -> [2009/10/01 19:18:36 | 00,320,000 | ---- | M] (Microsoft Corporation)
Combo-Fix.exe -> C:\Users\Nidhi\Desktop\Combo-Fix.exe -> [2009/10/01 18:42:23 | 03,324,272 | R--- | M] ()
miniavi.avg -> C:\Windows\System32\drivers\Avg\miniavi.avg -> [2009/10/01 18:20:45 | 00,492,629 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Nidhi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/09/29 06:33:10 | 00,074,752 | ---- | M] ()
hosts -> C:\Windows\System32\drivers\etc\hosts -> [2009/09/28 22:28:15 | 00,000,027 | ---- | M] ()
Chapter 3 Bio Notes.docx -> C:\Users\Nidhi\Documents\Chapter 3 Bio Notes.docx -> [2009/09/26 17:23:03 | 00,015,170 | ---- | M] ()
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2009/09/26 14:42:50 | 00,623,972 | ---- | M] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2009/09/26 14:42:50 | 00,109,172 | ---- | M] ()
PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2009/09/26 14:42:49 | 00,716,948 | ---- | M] ()
Win32kDiag.exe -> C:\Users\Nidhi\Desktop\Win32kDiag.exe -> [2009/09/25 06:18:21 | 00,047,616 | ---- | M] ()
Spybot - Search & Destroy.lnk -> C:\Users\Nidhi\Desktop\Spybot - Search & Destroy.lnk -> [2009/09/24 15:51:58 | 00,001,060 | ---- | M] ()
MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2009/09/24 06:57:21 | 16,601,0143 | ---- | M] ()
reregisterie.cmd -> C:\Users\Nidhi\Documents\reregisterie.cmd -> [2009/09/23 19:39:04 | 00,002,306 | ---- | M] ()
AVG Free 8.5.lnk -> C:\Users\Public\Desktop\AVG Free 8.5.lnk -> [2009/09/23 18:34:01 | 00,001,652 | ---- | M] ()
avgrsstx.dll -> C:\Windows\System32\avgrsstx.dll -> [2009/09/23 18:33:53 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgtdix.sys -> C:\Windows\System32\drivers\avgtdix.sys -> [2009/09/23 18:33:52 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgldx86.sys -> C:\Windows\System32\drivers\avgldx86.sys -> [2009/09/23 18:33:36 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgmfx86.sys -> C:\Windows\System32\drivers\avgmfx86.sys -> [2009/09/23 18:33:29 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.)
avi7.avg -> C:\Windows\System32\drivers\Avg\avi7.avg -> [2009/09/23 18:30:27 | 06,061,540 | ---- | M] ()
avg_free_stb_all_8_32_cnet.exe -> C:\Users\Nidhi\Desktop\avg_free_stb_all_8_32_cnet.exe -> [2009/09/23 17:54:56 | 00,848,712 | ---- | M] (AVG Technologies)
Safari.lnk -> C:\Users\Public\Desktop\Safari.lnk -> [2009/09/21 22:38:39 | 00,002,281 | ---- | M] ()
UserTile.png -> C:\Users\Nidhi\AppData\Roaming\UserTile.png -> [2009/09/21 21:43:26 | 00,026,340 | ---- | M] ()
mysetup.exe -> C:\Users\Nidhi\Desktop\mysetup.exe -> [2009/09/21 18:13:21 | 04,045,528 | ---- | M] (Malwarebytes Corporation									)
Nidhi Ravishankar- Zara Zara.mp3 -> C:\Users\Nidhi\Desktop\Nidhi Ravishankar- Zara Zara.mp3 -> [2009/09/20 12:09:18 | 04,813,473 | ---- | M] ()
QuickSet.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk -> [2009/09/20 11:42:43 | 00,002,485 | ---- | M] ()
GoogleUpdateTaskUserS-1-5-21-2934146092-3137938891-3697879613-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2934146092-3137938891-3697879613-1000Core.job -> [2009/09/20 01:16:04 | 00,000,856 | ---- | M] ()
Chapter 1 Bio Notes.doc -> C:\Users\Nidhi\Documents\Chapter 1 Bio Notes.doc -> [2009/09/16 19:49:22 | 00,037,888 | ---- | M] ()
Chapter 1 Bio Notes.docx -> C:\Users\Nidhi\Documents\Chapter 1 Bio Notes.docx -> [2009/09/16 19:15:56 | 00,016,346 | ---- | M] ()
Chapter 2 Bio Notes.pdf -> C:\Users\Nidhi\Documents\Chapter 2 Bio Notes.pdf -> [2009/09/16 19:12:39 | 01,230,626 | ---- | M] ()
Chapter 1 Bio Notes.pdf -> C:\Users\Nidhi\Documents\Chapter 1 Bio Notes.pdf -> [2009/09/16 19:07:49 | 00,690,961 | ---- | M] ()
Chemistry- Chapter 1 Notes.doc -> C:\Users\Nidhi\Documents\Chemistry- Chapter 1 Notes.doc -> [2009/09/15 10:00:19 | 03,197,440 | ---- | M] ()
Chapter 1 Physics Notes Concepts of Motion.docx -> C:\Users\Nidhi\Documents\Chapter 1 Physics Notes Concepts of Motion.docx -> [2009/09/14 18:34:43 | 00,027,571 | ---- | M] ()
Physics Chapter 1 Notes Concepts of Motion.doc -> C:\Users\Nidhi\Documents\Physics Chapter 1 Notes Concepts of Motion.doc -> [2009/09/14 07:43:04 | 00,059,904 | ---- | M] ()
PEV.exe -> C:\Windows\PEV.exe -> [2009/09/14 02:12:36 | 00,229,888 | ---- | M] ()
Chemistry- Chapter 1 Notes.docx -> C:\Users\Nidhi\Documents\Chemistry- Chapter 1 Notes.docx -> [2009/09/11 19:53:14 | 00,147,892 | ---- | M] ()
Chapter_1_-__Structure_&_Bonding.doc -> C:\Users\Nidhi\Documents\Chapter_1_-__Structure_&_Bonding.doc -> [2009/09/11 19:51:28 | 03,183,616 | ---- | M] ()
Chapter_1_-__Structure_&_Bonding.pdf -> C:\Users\Nidhi\Documents\Chapter_1_-__Structure_&_Bonding.pdf -> [2009/09/10 17:40:09 | 03,601,510 | ---- | M] ()
Timetable.doc -> C:\Users\Nidhi\Documents\Timetable.doc -> [2009/09/10 15:16:46 | 00,044,032 | ---- | M] ()
Timetable.docx -> C:\Users\Nidhi\Documents\Timetable.docx -> [2009/09/10 15:16:26 | 00,014,600 | ---- | M] ()
Bio150- Course Syllabus.pdf -> C:\Users\Nidhi\Documents\Bio150- Course Syllabus.pdf -> [2009/09/10 15:07:39 | 00,298,477 | ---- | M] ()
mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation)
 
[Files - No Company Name]
settings.dat -> C:\Users\Nidhi\Desktop\settings.dat -> [2009/10/02 22:31:23 | 00,000,000 | ---- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/10/02 22:00:25 | 00,000,823 | ---- | C] ()
Inherit.exe -> C:\Users\Nidhi\Desktop\Inherit.exe -> [2009/10/02 21:09:53 | 00,085,504 | ---- | C] ()
Adobe Reader 7.0.lnk -> C:\Users\Public\Desktop\Adobe Reader 7.0.lnk -> [2009/10/01 20:17:32 | 00,001,903 | ---- | C] ()
Adobe Reader Speed Launch.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> [2009/10/01 20:17:31 | 00,001,926 | ---- | C] ()
AcRdB7_0_9.sta -> C:\Users\Public\Documents\AcRdB7_0_9.sta -> [2009/10/01 20:10:46 | 00,000,082 | ---- | C] ()
Combo-Fix.exe -> C:\Users\Nidhi\Desktop\Combo-Fix.exe -> [2009/10/01 18:41:26 | 03,324,272 | R--- | C] ()
PEV.exe -> C:\Windows\PEV.exe -> [2009/09/28 22:04:00 | 00,229,888 | ---- | C] ()
sed.exe -> C:\Windows\sed.exe -> [2009/09/28 22:04:00 | 00,098,816 | ---- | C] ()
grep.exe -> C:\Windows\grep.exe -> [2009/09/28 22:04:00 | 00,080,412 | ---- | C] ()
zip.exe -> C:\Windows\zip.exe -> [2009/09/28 22:04:00 | 00,068,096 | ---- | C] ()
avenger.exe -> C:\Users\Nidhi\Desktop\avenger.exe -> [2009/09/28 18:31:17 | 00,731,136 | ---- | C] ()
Win32kDiag.exe -> C:\Users\Nidhi\Desktop\Win32kDiag.exe -> [2009/09/25 06:18:20 | 00,047,616 | ---- | C] ()
Spybot - Search & Destroy.lnk -> C:\Users\Nidhi\Desktop\Spybot - Search & Destroy.lnk -> [2009/09/24 15:51:58 | 00,001,060 | ---- | C] ()
reregisterie.cmd -> C:\Users\Nidhi\Documents\reregisterie.cmd -> [2009/09/23 19:38:29 | 00,002,306 | ---- | C] ()
AVG Free 8.5.lnk -> C:\Users\Public\Desktop\AVG Free 8.5.lnk -> [2009/09/23 18:34:01 | 00,001,652 | ---- | C] ()
incavi.avm -> C:\Windows\System32\drivers\Avg\incavi.avm -> [2009/09/23 18:30:56 | 42,186,641 | ---- | C] ()
microavi.avg -> C:\Windows\System32\drivers\Avg\microavi.avg -> [2009/09/23 18:30:54 | 00,004,566 | ---- | C] ()
miniavi.avg -> C:\Windows\System32\drivers\Avg\miniavi.avg -> [2009/09/23 18:30:27 | 00,492,629 | ---- | C] ()
avi7.avg -> C:\Windows\System32\drivers\Avg\avi7.avg -> [2009/09/23 18:29:53 | 06,061,540 | ---- | C] ()
IconCache.db -> C:\Users\Nidhi\AppData\Local\IconCache.db -> [2009/09/22 18:09:30 | 04,195,236 | -H-- | C] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/09/22 06:24:14 | 10,634,52672 | -HS- | C] ()
Nidhi Ravishankar- Zara Zara.mp3 -> C:\Users\Nidhi\Desktop\Nidhi Ravishankar- Zara Zara.mp3 -> [2009/09/20 11:59:17 | 04,813,473 | ---- | C] ()
Chapter 3 Bio Notes.docx -> C:\Users\Nidhi\Documents\Chapter 3 Bio Notes.docx -> [2009/09/16 20:46:57 | 00,015,170 | ---- | C] ()
Chapter 1 Bio Notes.doc -> C:\Users\Nidhi\Documents\Chapter 1 Bio Notes.doc -> [2009/09/16 19:49:18 | 00,037,888 | ---- | C] ()
Chapter 2 Bio Notes.pdf -> C:\Users\Nidhi\Documents\Chapter 2 Bio Notes.pdf -> [2009/09/16 19:12:39 | 01,230,626 | ---- | C] ()
Chapter 1 Bio Notes.pdf -> C:\Users\Nidhi\Documents\Chapter 1 Bio Notes.pdf -> [2009/09/16 19:07:49 | 00,690,961 | ---- | C] ()
Chapter 1 Bio Notes.docx -> C:\Users\Nidhi\Documents\Chapter 1 Bio Notes.docx -> [2009/09/14 17:19:52 | 00,016,346 | ---- | C] ()
Chemistry- Chapter 1 Notes.doc -> C:\Users\Nidhi\Documents\Chemistry- Chapter 1 Notes.doc -> [2009/09/14 07:43:48 | 03,197,440 | ---- | C] ()
Physics Chapter 1 Notes Concepts of Motion.doc -> C:\Users\Nidhi\Documents\Physics Chapter 1 Notes Concepts of Motion.doc -> [2009/09/14 07:43:02 | 00,059,904 | ---- | C] ()
Chapter 1 Physics Notes Concepts of Motion.docx -> C:\Users\Nidhi\Documents\Chapter 1 Physics Notes Concepts of Motion.docx -> [2009/09/12 10:47:27 | 00,027,571 | ---- | C] ()
Chapter_1_-__Structure_&_Bonding.doc -> C:\Users\Nidhi\Documents\Chapter_1_-__Structure_&_Bonding.doc -> [2009/09/10 20:24:19 | 03,183,616 | ---- | C] ()
Chemistry- Chapter 1 Notes.docx -> C:\Users\Nidhi\Documents\Chemistry- Chapter 1 Notes.docx -> [2009/09/10 18:01:28 | 00,147,892 | ---- | C] ()
Chapter_1_-__Structure_&_Bonding.pdf -> C:\Users\Nidhi\Documents\Chapter_1_-__Structure_&_Bonding.pdf -> [2009/09/10 17:40:08 | 03,601,510 | ---- | C] ()
Timetable.doc -> C:\Users\Nidhi\Documents\Timetable.doc -> [2009/09/10 15:16:45 | 00,044,032 | ---- | C] ()
Timetable.docx -> C:\Users\Nidhi\Documents\Timetable.docx -> [2009/09/10 15:16:24 | 00,014,600 | ---- | C] ()
Bio150- Course Syllabus.pdf -> C:\Users\Nidhi\Documents\Bio150- Course Syllabus.pdf -> [2009/09/10 15:07:38 | 00,298,477 | ---- | C] ()
wlan.tmf -> C:\Windows\System32\wlan.tmf -> [2009/09/10 07:34:24 | 01,657,350 | ---- | C] ()
winscp.rnd -> C:\Users\Nidhi\AppData\Roaming\winscp.rnd -> [2009/06/16 11:39:04 | 00,000,600 | ---- | C] ()
PUTTY.RND -> C:\Users\Nidhi\AppData\Local\PUTTY.RND -> [2009/06/16 11:34:42 | 00,000,600 | ---- | C] ()
d3d9caps.dat -> C:\Users\Nidhi\AppData\Local\d3d9caps.dat -> [2008/11/07 23:46:47 | 00,000,680 | ---- | C] ()
ODBC.INI -> C:\Windows\ODBC.INI -> [2007/09/01 12:53:59 | 00,000,376 | ---- | C] ()
wklnhst.dat -> C:\Users\Nidhi\AppData\Roaming\wklnhst.dat -> [2007/09/01 12:46:42 | 00,000,120 | ---- | C] ()
UserTile.png -> C:\Users\Nidhi\AppData\Roaming\UserTile.png -> [2007/08/30 18:44:14 | 00,026,340 | ---- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Nidhi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2007/08/30 18:14:54 | 00,074,752 | ---- | C] ()
GDIPFONTCACHEV1.DAT -> C:\Users\Nidhi\AppData\Local\GDIPFONTCACHEV1.DAT -> [2007/08/30 13:22:56 | 00,130,992 | ---- | C] ()
igfxTMM.dll -> C:\Windows\System32\igfxTMM.dll -> [2007/08/24 01:20:03 | 00,249,856 | ---- | C] ()
igfxCoIn_v1253.dll -> C:\Windows\System32\igfxCoIn_v1253.dll -> [2007/08/24 01:20:03 | 00,204,800 | ---- | C] ()
igmedkrn.dll -> C:\Windows\System32\igmedkrn.dll -> [2007/08/24 01:20:02 | 00,910,304 | ---- | C] ()
rixdicon.dll -> C:\Windows\System32\rixdicon.dll -> [2007/08/24 01:19:56 | 00,016,480 | ---- | C] ()
px.ini -> C:\Windows\System32\px.ini -> [2006/11/07 15:25:58 | 00,000,000 | ---- | C] ()
desktop.ini -> C:\Program Files\desktop.ini -> [2006/11/02 08:50:50 | 00,000,174 | -HS- | C] ()
sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 08:35:32 | 00,005,632 | ---- | C] ()
atitmmxx.dll -> C:\Windows\System32\atitmmxx.dll -> [2006/11/02 06:25:44 | 00,159,744 | ---- | C] ()
win.ini -> C:\Windows\win.ini -> [2006/11/02 06:23:31 | 00,000,219 | ---- | C] ()
system.ini -> C:\Windows\system.ini -> [2006/11/02 06:23:31 | 00,000,215 | ---- | C] ()
pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 03:40:29 | 00,013,750 | ---- | C] ()
CddbPlaylist2Roxio.dll -> C:\Windows\System32\CddbPlaylist2Roxio.dll -> [2006/09/17 00:36:50 | 00,520,192 | ---- | C] ()
CddbFileTaggerRoxio.dll -> C:\Windows\System32\CddbFileTaggerRoxio.dll -> [2006/09/17 00:36:50 | 00,204,800 | ---- | C] ()
 
[File - Lop Check]
 
[File - Purity Scan]
 
 
[Files/Folders - Unicode - All]
C:\Users\Nidhi\Documents\2008-05-28 ?? 21-59 ??? ??.bmp -> C:\Users\Nidhi\Documents\2008-05-28 오후 21-59 비율로 스캔.bmp -> [2008/06/01 20:19:26 | 20,983,014 | ---- | M] ()
C:\Users\Nidhi\Documents\2008-05-28 ?? 21-59 ??? ??.bmp -> C:\Users\Nidhi\Documents\2008-05-28 오후 21-59 비율로 스캔.bmp -> [2008/06/01 20:24:33 | 20,983,014 | ---- | C] ()
 
[HardLinks - Junction Points - Mount Points - Symbolic Links]
capilock.dat -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\capilock.dat -> HardLink
 
[Alternate Data Streams]
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:73828A71
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A2947BEA
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:82591FF7
< End of report >

#27
bengaluru

Posted 03 October 2009 - 06:45 AM

Member

Topic Starter
Member
143 posts

Hello Tweene,

After I sent the log for OTS I realized that I had copy pasted the code at the "Paste Fix Here" instead of "Custom Scans".

So I scanned again and here is the new log. I know you wanted it as an attachment......so I have attached the text file as well.

OTS.Txt 220.78KB 164 downloads

OTS logfile created on: 02/10/2009 10:58:48 PM - Run 2
OTS by OldTimer - Version 3.0.20.0	 Folder = C:\Users\Nidhi\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16890)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
1013.57 Mb Total Physical Memory | 120.82 Mb Available Physical Memory | 11.92% Memory free
2.22 Gb Paging File | 1.11 Gb Available in Paging File | 49.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.18 Gb Total Space | 51.37 Gb Free Space | 51.80% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.32 Gb Free Space | 63.22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NIDHIPC
Current User Name: Nidhi
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
apmsgfwd.exe -> C:\Program Files\DellTPad\ApMsgFwd.exe -> [2007/04/18 00:48:18 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.)
apntex.exe -> C:\Program Files\DellTPad\Apntex.exe -> [2006/09/08 19:06:08 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.)
apoint.exe -> C:\Program Files\DellTPad\Apoint.exe -> [2007/04/17 23:31:58 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.)
avgnsx.exe -> C:\Program Files\AVG\AVG8\avgnsx.exe -> [2009/09/23 18:28:54 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsx.exe -> C:\Program Files\AVG\AVG8\avgrsx.exe -> [2009/09/23 18:28:54 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgtray.exe -> C:\Program Files\AVG\AVG8\avgtray.exe -> [2009/09/23 18:28:32 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/09/23 18:28:17 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
chrome.exe -> C:\Users\Nidhi\AppData\Local\Google\Chrome\Application\chrome.exe -> [2009/09/28 13:05:02 | 00,919,024 | ---- | M] (Google Inc.)
chrome.exe -> C:\Users\Nidhi\AppData\Local\Google\Chrome\Application\chrome.exe -> [2009/09/28 13:05:02 | 00,919,024 | ---- | M] (Google Inc.)
dlg.exe -> C:\Program Files\Digital Line Detect\DLG.exe -> [2006/11/03 19:02:14 | 00,050,688 | ---- | M] (Avanquest Software )
ehmsas.exe -> C:\Windows\ehome\ehmsas.exe -> [2006/11/02 08:35:32 | 00,037,376 | ---- | M] (Microsoft Corporation)
ehtray.exe -> C:\Windows\ehome\ehtray.exe -> [2006/11/02 08:35:32 | 00,125,440 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\Windows\Explorer.EXE -> [2008/10/29 02:20:29 | 02,923,520 | ---- | M] (Microsoft Corporation)
fsssvc.exe -> C:\Program Files\Windows Live\Family Safety\fsssvc.exe -> [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation)
fsui.exe -> C:\Program Files\Windows Live\Family Safety\fsui.exe -> [2009/02/06 18:08:58 | 00,454,000 | ---- | M] (Microsoft Corporation)
googledesktop.exe -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -> [2008/08/02 12:24:15 | 00,029,744 | ---- | M] (Google)
googledesktop.exe -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -> [2008/08/02 12:24:15 | 00,029,744 | ---- | M] (Google)
googleupdate.exe -> C:\Users\Nidhi\AppData\Local\Google\Update\GoogleUpdate.exe -> [2008/09/04 21:48:26 | 00,133,104 | ---- | M] (Google Inc.)
hidfind.exe -> C:\Program Files\DellTPad\HidFind.exe -> [2006/09/08 19:10:22 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.)
hkcmd.exe -> C:\Windows\System32\hkcmd.exe -> [2007/05/16 00:53:24 | 00,154,392 | ---- | M] (Intel Corporation)
igfxpers.exe -> C:\Windows\System32\igfxpers.exe -> [2007/05/16 00:53:28 | 00,133,912 | ---- | M] (Intel Corporation)
igfxsrvc.exe -> C:\Windows\System32\igfxsrvc.exe -> [2007/05/16 00:53:30 | 00,252,696 | ---- | M] (Intel Corporation)
ipodservice.exe -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.)
issch.exe -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> [2006/10/03 12:37:04 | 00,081,920 | ---- | M] (Macrovision Corporation)
ituneshelper.exe -> C:\Program Files\iTunes\iTunesHelper.exe -> [2009/06/05 13:39:22 | 00,292,136 | ---- | M] (Apple Inc.)
jusched.exe -> C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe -> [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
msascui.exe -> C:\Program Files\Windows Defender\MSASCui.exe -> [2007/08/24 01:17:20 | 01,006,264 | ---- | M] (Microsoft Corporation)
msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
ots.exe -> C:\Users\Nidhi\Desktop\OTS.exe -> [2009/10/02 22:37:03 | 00,519,168 | ---- | M] (OldTimer Tools)
p2phost.exe -> C:\Windows\System32\p2phost.exe -> [2006/11/02 08:35:38 | 00,191,488 | ---- | M] (Microsoft Corporation)
pcmservice.exe -> C:\Program Files\Dell\MediaDirect\PCMService.exe -> [2007/04/16 17:10:26 | 00,184,320 | ---- | M] (CyberLink Corp.)
quickset.exe -> C:\Program Files\Dell\QuickSet\quickset.exe -> [2007/02/20 14:01:12 | 01,125,088 | ---- | M] (Dell Inc)
roxwatch9.exe -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> [2006/11/05 12:13:00 | 00,159,744 | ---- | M] (Sonic Solutions)
sdwinsec.exe -> C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -> [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.)
stacsv.exe -> C:\Windows\System32\STacSV.exe -> [2007/06/25 01:17:00 | 00,094,208 | ---- | M] (SigmaTel, Inc.)
sttray.exe -> C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe -> [2007/06/25 01:17:04 | 00,405,504 | ---- | M] (SigmaTel, Inc.)
teatimer.exe -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -> [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.)
unsecapp.exe -> C:\Windows\System32\wbem\unsecapp.exe -> [2006/11/02 05:45:50 | 00,037,376 | ---- | M] (Microsoft Corporation)
wmiprvse.exe -> C:\Windows\System32\wbem\wmiprvse.exe -> [2009/03/02 21:59:26 | 00,247,296 | ---- | M] (Microsoft Corporation)
xaudio.exe -> C:\Windows\System32\DRIVERS\xaudio.exe -> [2006/08/04 20:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.)
yahooauservice.exe -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 16:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.)
ymsgr_tray.exe -> C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe -> [2009/05/26 21:06:32 | 00,079,088 | ---- | M] (Yahoo! Inc.)
 
[Win32 Services - Safe List]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.)
(avg8wd) AVG Free8 WatchDog [Win32_Own | Auto | Running] -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/09/23 18:28:17 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/27 14:00:25 | 00,069,632 | ---- | M] (Microsoft Corporation)
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> C:\Program Files\DellSupport\brkrsvc.exe -> [2007/03/19 13:44:44 | 00,070,656 | ---- | M] ()
(ehRecvr) Windows Media Center Receiver Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehRecvr.exe -> [2007/08/24 01:15:46 | 00,291,840 | ---- | M] (Microsoft Corporation)
(ehSched) Windows Media Center Scheduler Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehsched.exe -> [2006/11/02 08:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation)
(ehstart) Windows Media Center Service Launcher [Win32_Shared | Auto | Stopped] -> C:\Windows\ehome\ehstart.dll -> [2006/11/02 08:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation)
(Eventlog) Windows Event Log [Win32_Shared | Auto | Running] -> C:\Windows\System32\wevtsvc.dll -> [2006/11/02 05:46:13 | 00,989,696 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -> [2008/06/19 21:18:04 | 00,046,104 | ---- | M] (Microsoft Corporation)
(fsssvc) Windows Live Family Safety [Win32_Own | Auto | Running] -> C:\Program Files\Windows Live\Family Safety\fsssvc.exe -> [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation)
(GoogleDesktopManager-061008-081103) Google Desktop Manager 5.7.806.10245 [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -> [2008/08/02 12:24:15 | 00,029,744 | ---- | M] (Google)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2008/06/19 21:17:49 | 00,881,664 | ---- | M] (Microsoft Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2008/06/19 21:17:50 | 00,132,096 | ---- | M] (Microsoft Corporation)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> [2006/11/05 12:15:12 | 00,880,640 | ---- | M] (Sonic Solutions)
(RoxWatch9) Roxio Hard Drive Watcher 9 [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> [2006/11/05 12:13:00 | 00,159,744 | ---- | M] (Sonic Solutions)
(SBSDWSCService) SBSD Security Center Service [Win32_Own | Auto | Running] -> C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -> [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.)
(STacSV) SigmaTel Audio Service [Win32_Own | Auto | Running] -> C:\Windows\System32\STacSV.exe -> [2007/06/25 01:17:00 | 00,094,208 | ---- | M] (SigmaTel, Inc.)
(stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -> [2006/09/14 15:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.)
(WinDefend) Windows Defender [Win32_Shared | Auto | Running] -> C:\Program Files\Windows Defender\mpsvc.dll -> [2007/08/24 01:17:20 | 00,265,912 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2006/11/02 08:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation)
(XAudioService) XAudioService [Win32_Own | Auto | Running] -> C:\Windows\System32\DRIVERS\xaudio.exe -> [2006/08/04 20:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.)
(YahooAUService) Yahoo! Updater [Win32_Own | Auto | Running] -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 16:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.)
 
[Driver Services - Safe List]
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2006/11/02 05:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.)
(adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2006/11/02 05:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.)
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.)
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2006/11/02 05:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.)
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006/11/02 05:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.)
(aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2007/08/24 01:16:26 | 00,017,592 | ---- | M] (Acer Laboratories Inc.)
(ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP/Vista [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\Apfiltr.sys -> [2007/04/12 20:02:56 | 00,157,184 | ---- | M] (Alps Electric Co., Ltd.)
(arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2006/11/02 05:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.)
(arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2006/11/02 05:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.)
(AvgLdx86) AVG Free AVI Loader Driver x86 [Kernel | System | Running] -> C:\Windows\System32\Drivers\avgldx86.sys -> [2009/09/23 18:33:36 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> C:\Windows\System32\Drivers\avgmfx86.sys -> [2009/09/23 18:33:29 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgTdiX) AVG Free8 Network Redirector [Kernel | System | Running] -> C:\Windows\System32\Drivers\avgtdix.sys -> [2009/09/23 18:33:52 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\bcm4sbxp.sys -> [2006/11/21 08:25:44 | 00,045,568 | ---- | M] (Broadcom Corporation)
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006/11/02 04:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.)
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006/11/02 04:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.)
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006/11/02 04:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.)
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006/11/02 04:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.)
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006/11/02 04:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.)
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006/11/02 04:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.)
(cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2007/08/24 01:16:26 | 00,019,128 | ---- | M] (CMD Technology, Inc.)
(DSproct) DSproct [Kernel | On_Demand | Stopped] -> C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -> [2006/10/05 18:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.)
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> C:\Windows\System32\DRIVERS\dsunidrv.sys -> [2007/02/25 13:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.)
(e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\e1e6032.sys -> [2006/11/02 03:30:55 | 00,200,704 | ---- | M] (Intel Corporation)
(E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\E1G60I32.sys -> [2006/11/02 03:30:54 | 00,117,760 | ---- | M] (Intel Corporation)
(elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2006/11/02 05:51:34 | 00,316,520 | ---- | M] (Emulex)
(fssfltr) fssfltr [Kernel | Auto | Running] -> C:\Windows\System32\DRIVERS\fssfltr.sys -> [2009/02/06 18:08:52 | 00,055,280 | ---- | M] (Microsoft Corporation)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\Drivers\GEARAspiWDM.sys -> [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.)
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2006/11/02 05:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\HSX_DPV.sys -> [2006/11/02 22:43:30 | 00,986,624 | ---- | M] (Conexant Systems, Inc.)
(HSXHWAZL) HSXHWAZL [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\HSXHWAZL.sys -> [2006/11/02 22:42:18 | 00,206,848 | ---- | M] (Conexant Systems, Inc.)
(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\system32\drivers\iastor.sys -> [2007/02/12 17:36:54 | 00,277,784 | ---- | M] (Intel Corporation)
(iaStorV) Intel RAID Controller Vista [Kernel | Boot | Running] -> C:\Windows\system32\drivers\iastorv.sys -> [2006/11/02 05:51:25 | 00,232,040 | ---- | M] (Intel Corporation)
(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\igdkmd32.sys -> [2007/05/16 00:53:24 | 01,674,240 | ---- | M] (Intel Corporation)
(iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006/11/02 05:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH)
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006/11/02 05:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006/11/02 05:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2006/11/02 05:50:04 | 00,065,640 | ---- | M] (LSI Logic)
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2006/11/02 05:50:05 | 00,065,640 | ---- | M] (LSI Logic)
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2006/11/02 05:50:10 | 00,065,640 | ---- | M] (LSI Logic)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\Windows\System32\DRIVERS\mdmxsdk.sys -> [2006/06/19 17:26:58 | 00,012,672 | ---- | M] (Conexant)
(megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2006/11/02 05:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation)
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006/11/02 05:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation)
(NETw4v32) Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\NETw4v32.sys -> [2007/02/25 10:14:00 | 02,216,448 | ---- | M] (Intel Corporation)
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006/11/02 05:50:19 | 00,045,160 | ---- | M] (IBM Corporation)
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006/11/02 03:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies)
(nvraid) nvraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2006/11/02 05:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation)
(nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvstor.sys -> [2006/11/02 05:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\PxHelp20.sys -> [2006/07/24 04:00:00 | 00,036,528 | ---- | M] (Sonic Solutions)
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2006/11/02 05:51:45 | 00,900,712 | ---- | M] (QLogic Corporation)
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006/11/02 05:50:35 | 00,106,088 | ---- | M] (QLogic Corporation)
(R300) R300 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\atikmdag.sys -> [2006/11/02 03:36:43 | 02,028,032 | ---- | M] (ATI Technologies Inc.)
(rimmptsk) rimmptsk [Kernel | Auto | Running] -> C:\Windows\System32\DRIVERS\rimmptsk.sys -> [2006/11/27 03:48:44 | 00,032,256 | ---- | M] (REDC)
(rimsptsk) rimsptsk [Kernel | Auto | Running] -> C:\Windows\System32\DRIVERS\rimsptsk.sys -> [2006/11/27 03:48:44 | 00,043,520 | ---- | M] (REDC)
(rismxdp) Ricoh xD-Picture Card Driver [Kernel | Auto | Running] -> C:\Windows\System32\DRIVERS\rixdptsk.sys -> [2006/11/27 03:48:46 | 00,037,376 | ---- | M] (REDC)
(RMCAST) RMCAST (Pgm) Protocol Driver [Kernel | Auto | Running] -> C:\Windows\System32\DRIVERS\RMCAST.sys -> [2008/05/09 21:21:06 | 00,113,664 | ---- | M] (Microsoft Corporation)
(s115bus) Sony Ericsson Device 115 driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\s115bus.sys -> [2007/04/23 13:54:46 | 00,083,208 | ---- | M] (MCCI Corporation)
(s115mdfl) Sony Ericsson Device 115 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\s115mdfl.sys -> [2007/04/23 13:54:48 | 00,015,112 | ---- | M] (MCCI Corporation)
(s115mdm) Sony Ericsson Device 115 USB WMC Modem Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\s115mdm.sys -> [2007/04/23 13:54:48 | 00,108,680 | ---- | M] (MCCI Corporation)
(s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\s115mgmt.sys -> [2007/04/23 13:54:50 | 00,100,488 | ---- | M] (MCCI Corporation)
(s115obex) Sony Ericsson Device 115 USB WMC OBEX Interface [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\s115obex.sys -> [2007/04/23 13:54:50 | 00,098,568 | ---- | M] (MCCI Corporation)
(secdrv) Security Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\secdrv.sys -> [2006/11/02 02:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid2.sys -> [2006/11/02 05:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.)
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2006/11/02 05:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems)
(sonyhcb) Sony Digital Imaging Base [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\sonyhcb.sys -> [2001/11/05 09:23:14 | 00,006,097 | ---- | M] (Sony Corporation)
(sonyhcs) Sony Digital Imaging Video [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\sonyhcs.sys -> [2001/11/05 09:23:52 | 00,299,923 | ---- | M] (Sony Corporation)
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\stwrt.sys -> [2007/06/25 01:17:04 | 00,326,656 | ---- | M] (SigmaTel, Inc.)
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006/11/02 05:50:05 | 00,035,944 | ---- | M] (LSI Logic)
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006/11/02 05:49:56 | 00,031,848 | ---- | M] (LSI Logic)
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006/11/02 05:50:03 | 00,034,920 | ---- | M] (LSI Logic)
(uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2006/11/02 05:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.)
(UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.)
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2006/11/02 05:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.)
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\Drivers\usbaapl.sys -> [2009/06/05 11:42:38 | 00,039,424 | ---- | M] (Apple, Inc.)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\usbaudio.sys -> [2006/11/02 04:55:04 | 00,071,552 | ---- | M] (Microsoft Corporation)
(viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2007/08/24 01:16:26 | 00,020,152 | ---- | M] (VIA Technologies, Inc.)
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2006/11/02 05:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd)
(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\HSX_CNXT.sys -> [2006/11/02 22:42:08 | 00,659,968 | ---- | M] (Conexant Systems, Inc.)
(XAudio) XAudio [Kernel | Auto | Running] -> C:\Windows\System32\DRIVERS\xaudio.sys -> [2006/08/04 20:39:10 | 00,008,192 | ---- | M] (Conexant Systems, Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2009/07/30 22:44:14 | 00,909,040 | ---- | M] (Yahoo! Inc.)
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2009/07/30 22:44:14 | 00,909,040 | ---- | M] (Yahoo! Inc.)
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\] > -> -> 
HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\: Main\\"Default_Secondary_Page_URL" -> [Binary data over 100 bytes] -> 
HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\: Main\\"Local Page" -> C:\Windows\system32\blank.htm -> 
HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\: Main\\"Start Page" -> http://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=5070824 -> 
HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\: Main\\"StartPageCache" -> 1 -> 
HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\: "ProxyEnable" -> 0 -> 
HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\: "ProxyOverride" -> *.local -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/08/09 03:02:25 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> C:\PROGRAM FILES\AVG\AVG8\FIREFOX [C:\PROGRAM FILES\AVG\AVG8\FIREFOX] -> [2009/09/23 18:28:10 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\avg@igeared -> C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED [C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED] -> [2009/09/23 18:29:45 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
< HOSTS File > (27 bytes and 1 lines) -> C:\Windows\System32\drivers\etc\Hosts -> 
Reset Hosts
127.0.0.1	   localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [&Yahoo! Toolbar Helper] -> [2009/07/30 22:44:14 | 00,909,040 | ---- | M] (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 04:16:42 | 00,059,032 | ---- | M] (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2009/09/23 18:29:03 | 01,111,320 | ---- | M] (AVG Technologies CZ, s.r.o.)
{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} [HKLM] -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [Windows Live Family Safety Browser Helper Class] -> [2009/02/06 18:08:44 | 00,061,808 | ---- | M] (Microsoft Corporation)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> [2008/06/10 04:27:02 | 00,509,328 | ---- | M] (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/02/17 17:11:04 | 00,408,440 | ---- | M] (Microsoft Corporation)
{A3BC75A2-1F87-4686-AA43-5347D756017C} [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/07/24 09:55:58 | 01,090,816 | ---- | M] ()
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> c:\program files\google\googletoolbar1.dll [Google Toolbar Helper] -> [2007/08/23 17:54:07 | 02,193,280 | R--- | M] (Google Inc.)
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKLM] -> C:\Program Files\BAE\BAE.dll [CBrowserHelperObject Object] -> [2007/03/16 06:20:26 | 00,098,304 | ---- | M] (Dell Inc.)
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} [HKLM] -> C:\Program Files\Free Download Manager\iefdm2.dll [FDMIECookiesBHO Class] -> [2008/06/18 07:56:52 | 00,094,208 | ---- | M] ()
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [SingleInstance Class] -> [2009/07/30 22:44:02 | 00,159,472 | ---- | M] (Yahoo! Inc)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> c:\program files\google\googletoolbar1.dll [&Google] -> [2007/08/23 17:54:07 | 02,193,280 | R--- | M] (Google Inc.)
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009/07/24 09:55:58 | 01,090,816 | ---- | M] ()
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2009/07/30 22:44:14 | 00,909,040 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\] > -> HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> c:\program files\google\googletoolbar1.dll [&Google] -> [2007/08/23 17:54:07 | 02,193,280 | R--- | M] (Google Inc.)
WebBrowser\\"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009/07/24 09:55:58 | 01,090,816 | ---- | M] ()
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Apoint" -> C:\Program Files\DellTPad\Apoint.exe [C:\Program Files\DellTPad\Apoint.exe] -> [2007/04/17 23:31:58 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.)
"AVG8_TRAY" -> C:\Program Files\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> [2009/09/23 18:28:32 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.)
"dscactivate" -> C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ["C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"] -> [2007/11/15 09:24:00 | 00,016,384 | ---- | M] ( )
"ECenter" -> c:\dell\E-Center\EULALauncher.exe [c:\dell\E-Center\EULALauncher.exe] -> [2007/03/16 06:20:42 | 00,017,920 | ---- | M] ( )
"fssui" -> C:\Program Files\Windows Live\Family Safety\fsui.exe ["C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun] -> [2009/02/06 18:08:58 | 00,454,000 | ---- | M] (Microsoft Corporation)
"Google Desktop Search" -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> [2008/08/02 12:24:15 | 00,029,744 | ---- | M] (Google)
"HotKeysCmds" -> C:\Windows\System32\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> [2007/05/16 00:53:24 | 00,154,392 | ---- | M] (Intel Corporation)
"IgfxTray" -> C:\Windows\System32\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> [2007/05/16 00:53:32 | 00,138,008 | ---- | M] (Intel Corporation)
"ISUSPM Startup" -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> [2006/10/03 12:35:42 | 00,221,184 | ---- | M] (Macrovision Corporation)
"ISUSScheduler" -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2006/10/03 12:37:04 | 00,081,920 | ---- | M] (Macrovision Corporation)
"iTunesHelper" -> C:\Program Files\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2009/06/05 13:39:22 | 00,292,136 | ---- | M] (Apple Inc.)
"Malwarebytes Anti-Malware (reboot)" -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2009/09/10 14:53:56 | 01,312,080 | ---- | M] (Malwarebytes Corporation)
"Microsoft Works Portfolio" -> C:\Program Files\Microsoft Works\WksSb.exe [C:\Program Files\Microsoft Works\WksSb.exe /AllUsers] -> [2006/06/05 05:20:22 | 00,749,568 | ---- | M] (Microsoft® Corporation)
"Microsoft Works Update Detection" -> C:\Program Files\Microsoft Works\WkDetect.exe [C:\Program Files\Microsoft Works\WkDetect.exe] -> [2000/08/08 16:00:00 | 00,028,739 | ---- | M] (Microsoft® Corporation)
"PCMService" -> C:\Program Files\Dell\MediaDirect\PCMService.exe ["C:\Program Files\Dell\MediaDirect\PCMService.exe"] -> [2007/04/16 17:10:26 | 00,184,320 | ---- | M] (CyberLink Corp.)
"Persistence" -> C:\Windows\System32\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> [2007/05/16 00:53:28 | 00,133,912 | ---- | M] (Intel Corporation)
"QuickTime Task" -> C:\Program Files\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2009/05/26 17:18:30 | 00,413,696 | ---- | M] (Apple Inc.)
"SigmatelSysTrayApp" -> C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe] -> [2007/06/25 01:17:04 | 00,405,504 | ---- | M] (SigmaTel, Inc.)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2007/08/24 01:17:20 | 01,006,264 | ---- | M] (Microsoft Corporation)
"WorksFUD" -> C:\Program Files\Microsoft Works\wkfud.exe [C:\Program Files\Microsoft Works\wkfud.exe] -> [2000/08/08 16:00:00 | 00,024,576 | ---- | M] (Microsoft® Corporation)
< Run [HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\] > -> HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"CollaborationHost" -> C:\Windows\System32\p2phost.exe [C:\Windows\system32\p2phost.exe -s] -> [2006/11/02 08:35:38 | 00,191,488 | ---- | M] (Microsoft Corporation)
"ehTray.exe" -> C:\Windows\ehome\ehTray.exe [C:\Windows\ehome\ehTray.exe] -> [2006/11/02 08:35:32 | 00,125,440 | ---- | M] (Microsoft Corporation)
"Google Update" -> C:\Users\Nidhi\AppData\Local\Google\Update\GoogleUpdate.exe ["C:\Users\Nidhi\AppData\Local\Google\Update\GoogleUpdate.exe" /c] -> [2008/09/04 21:48:26 | 00,133,104 | ---- | M] (Google Inc.)
"googletalk" -> C:\Users\Nidhi\AppData\Roaming\Google\Google Talk\googletalk.exe [C:\Users\Nidhi\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart] -> [2007/01/01 17:22:02 | 03,739,648 | ---- | M] (Google)
"Messenger (Yahoo!)" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> [2009/05/26 21:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.)
"MsnMsgr" -> C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe ["C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"SpybotSD TeaTimer" -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.)
"WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2006/11/02 08:34:50 | 02,159,104 | ---- | M] (Microsoft Corporation)
< Software Policy Settings [HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000] > -> HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [2] -> File not found
\\"ConsentPromptBehaviorUser" ->  [1] -> File not found
\\"EnableInstallerDetection" ->  [1] -> File not found
\\"EnableLUA" ->  [1] -> File not found
\\"EnableSecureUIAPaths" ->  [1] -> File not found
\\"EnableVirtualization" ->  [1] -> File not found
\\"PromptOnSecureDesktop" ->  [1] -> File not found
\\"ValidateAdminCodeSignatures" ->  [0] -> File not found
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"scforceoption" ->  [0] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"FilterAdministratorToken" ->  [0] -> File not found
\\"DisableRegistryTools" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
\UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" ->  [1] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" ->  [2] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" ->  [7] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIB" ->  [8] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" ->  [9] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" ->  [13] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" ->  [17] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000] > -> HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000] > -> HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll [Menu: Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search && Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\] > -> HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\] > -> HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab [Java Plug-in 1.6.0] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
CabBuilder [HKLM] -> http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.0.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{7B7F40DA-D114-489E-BC1C-E555E56B63ED}\\DhcpNameServer -> 192.168.0.1   (Intel(R) PRO/Wireless 3945ABG Network Connection) -> 
{B6C4DF43-D66F-41E8-A6C2-95CA1AAE070B}\\DhcpNameServer -> 163.244.112.71 10.101.101.100 163.244.101.69 163.244.100.254 163.244.112.254 10.101.101.254   (Broadcom 440x 10/100 Integrated Controller) -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [2008/08/02 12:24:16 | 00,113,664 | ---- | M] (Google)
C:\Windows\System32\avgrsstx.dll -> C:\Windows\System32\avgrsstx.dll -> [2009/09/23 18:33:53 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\Windows\explorer.exe -> [2008/10/29 02:20:29 | 02,923,520 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> C:\Windows\System32\igfxdev.dll -> [2007/05/16 00:53:26 | 00,204,800 | ---- | M] (Intel Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> Reg Error: Key error. [] -> File not found
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2006/09/18 17:43:36 | 00,000,024 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> File not found
exefile [open] -> "%1" %* -> File not found
 
[Registry - Additional Scans - Safe List]
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.bat [@ = batfile] -> "%1" %* -> 
.chm [@ = chm.file] -> C:\Windows\hh.exe -> [2006/11/02 05:45:13 | 00,014,848 | ---- | M] (Microsoft Corporation)
.cmd [@ = cmdfile] -> "%1" %* -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
.hlp [@ = hlpfile] -> C:\Windows\winhlp32.exe -> [2006/11/02 05:45:57 | 00,009,216 | ---- | M] (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -> Reg Error: Key error. -> File not found
.pif [@ = piffile] -> "%1" %* -> 
.scr [@ = scrfile] -> "%1" /S -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
batfile [open] -> "%1" %* -> File not found
chm.file [open] -> "%SystemRoot%\hh.exe" %1 -> [2006/11/02 05:45:13 | 00,014,848 | ---- | M] (Microsoft Corporation)
cmdfile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* -> File not found
exefile [open] -> "%1" %* -> File not found
helpfile [open] -> Reg Error: Key error.
hlpfile [open] -> %SystemRoot%\winhlp32.exe %1 -> [2006/11/02 05:45:57 | 00,009,216 | ---- | M] (Microsoft Corporation)
htmlfile [edit] -> "E:\PFiles\MSOffice\Office\msohtmed.exe" %1 -> File not found
htmlfile [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2009/07/18 08:16:49 | 00,634,648 | ---- | M] (Microsoft Corporation)
htmlfile [opennew] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 -> [2009/07/18 08:16:49 | 00,634,648 | ---- | M] (Microsoft Corporation)
http [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2009/07/18 08:16:49 | 00,634,648 | ---- | M] (Microsoft Corporation)
https [open] -> "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" -> File not found
piffile [open] -> "%1" %* -> File not found
regfile [merge] -> Reg Error: Key error.
scrfile [config] -> "%1" -> File not found
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2006/11/02 05:44:42 | 00,368,640 | ---- | M] (Microsoft Corporation)
scrfile [open] -> "%1" /S -> File not found
txtfile [edit] -> Reg Error: Key error.
Directory [AddToPlaylistVLC] -> C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" -> [2008/10/06 16:00:34 | 00,094,208 | ---- | M] ()
Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2006/11/02 05:44:59 | 00,320,000 | ---- | M] (Microsoft Corporation)
Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/10/29 02:20:29 | 02,923,520 | ---- | M] (Microsoft Corporation)
Directory [PlayWithVLC] -> C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" -> [2008/10/06 16:00:34 | 00,094,208 | ---- | M] ()
Folder [open] -> %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L -> [2008/10/29 02:20:29 | 02,923,520 | ---- | M] (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L -> [2008/10/29 02:20:29 | 02,923,520 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/10/29 02:20:29 | 02,923,520 | ---- | M] (Microsoft Corporation)
Applications\iexplore.exe [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" %1 -> [2009/07/18 08:16:49 | 00,634,648 | ---- | M] (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "C:\Program Files\Internet Explorer\iexplore.exe" -> [2009/07/18 08:16:49 | 00,634,648 | ---- | M] (Microsoft Corporation)
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 10/05/2009 7:28:02 PM Computer Name = NidhiPC | Source = Application Error | ID = 1000 -> Description = Faulting application msnmsgr.exe, version 14.0.8064.206, time stamp 0x498cf586, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00001b60,  process id 0x1fe0, application start time 0x01c9d1c231e3e7d0.
Application [ Error ] 11/05/2009 2:14:15 PM Computer Name = NidhiPC | Source = Application Error | ID = 1000 -> Description = Faulting application msnmsgr.exe, version 14.0.8064.206, time stamp 0x498cf586, faulting module UXCore.dll, version 14.0.8064.206, time stamp 0x498cdee0, exception code 0xc0000005, fault offset 0x00069bda,  process id 0xbc8, application start time 0x01c9d22a7ad83960.
Application [ Error ] 11/05/2009 5:37:07 PM Computer Name = NidhiPC | Source = Application Error | ID = 1000 -> Description = Faulting application msnmsgr.exe, version 14.0.8064.206, time stamp 0x498cf586, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000,  process id 0x1990, application start time 0x01c9d264685d3030.
Application [ Error ] 12/05/2009 9:58:50 PM Computer Name = NidhiPC | Source = Application Error | ID = 1000 -> Description = Faulting application msnmsgr.exe, version 14.0.8064.206, time stamp 0x498cf586, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00060000,  process id 0xedc, application start time 0x01c9d2866a1e6fc0.
Application [ Error ] 12/05/2009 10:18:00 PM Computer Name = NidhiPC | Source = Application Error | ID = 1000 -> Description = Faulting application msnmsgr.exe, version 14.0.8064.206, time stamp 0x498cf586, faulting module UXCore.dll, version 14.0.8064.206, time stamp 0x498cdee0, exception code 0xc0000005, fault offset 0x00066fea,  process id 0x1d54, application start time 0x01c9d370d6e57690.
Application [ Error ] 12/05/2009 11:16:59 PM Computer Name = NidhiPC | Source = Application Error | ID = 1000 -> Description = Faulting application msnmsgr.exe, version 14.0.8064.206, time stamp 0x498cf586, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x80000000,  process id 0x1f28, application start time 0x01c9d3711858fca0.
Application [ Error ] 13/05/2009 8:52:37 AM Computer Name = NidhiPC | Source = Application Error | ID = 1000 -> Description = Faulting application msnmsgr.exe, version 14.0.8064.206, time stamp 0x498cf586, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000,  process id 0x200, application start time 0x01c9d3c967207f40.
Application [ Error ] 13/05/2009 8:55:33 AM Computer Name = NidhiPC | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 7.0.6000.16830, time stamp 0x49ac913e, faulting module AcroPDF.dll, version 7.0.8.0, time stamp 0x446aa70a, exception code 0xc0000005, fault offset 0x0002fdb3,  process id 0x110c, application start time 0x01c9d3c8669cc5c0.
Application [ Error ] 14/05/2009 12:18:33 AM Computer Name = NidhiPC | Source = Application Error | ID = 1000 -> Description = Faulting application msnmsgr.exe, version 14.0.8064.206, time stamp 0x498cf586, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00040000,  process id 0xe8c, application start time 0x01c9d4441e508d70.
Application [ Error ] 14/05/2009 8:16:10 PM Computer Name = NidhiPC | Source = Application Error | ID = 1000 -> Description = Faulting application msnmsgr.exe, version 14.0.8064.206, time stamp 0x498cf586, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000,  process id 0x1f3c, application start time 0x01c9d4cda1ef79a0.
Media Center [ Error ] 06/12/2007 6:46:55 PM Computer Name = NidhiPC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Media Center [ Error ] 06/12/2007 10:56:53 PM Computer Name = NidhiPC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Media Center [ Error ] 10/12/2007 10:43:19 PM Computer Name = NidhiPC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Media Center [ Error ] 12/12/2007 10:54:36 PM Computer Name = NidhiPC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Media Center [ Error ] 18/12/2007 9:06:14 PM Computer Name = NidhiPC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Media Center [ Error ] 22/12/2007 10:59:14 AM Computer Name = NidhiPC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Media Center [ Error ] 16/04/2008 12:19:15 PM Computer Name = NidhiPC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Media Center [ Error ] 17/04/2008 7:46:02 AM Computer Name = NidhiPC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Media Center [ Error ] 18/04/2008 3:55:35 PM Computer Name = NidhiPC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Media Center [ Error ] 30/01/2009 6:36:31 PM Computer Name = NidhiPC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
ODiag [ Error ] 22/12/2008 6:21:43 PM Computer Name = NidhiPC | Source = Microsoft Office 12 Diagnostics | ID = 320 -> Description = An unexpected error occurred. Tag: 81vb. Error code: N/A
OSession [ Error ] 22/12/2008 6:16:29 PM Computer Name = NidhiPC | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1902 seconds with 180 seconds of active time.  This session ended with a crash.
OSession [ Error ] 22/12/2008 6:17:01 PM Computer Name = NidhiPC | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 22 seconds with 0 seconds of active time.  This session ended with a crash.
OSession [ Error ] 22/12/2008 6:17:44 PM Computer Name = NidhiPC | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 24 seconds with 0 seconds of active time.  This session ended with a crash.
OSession [ Error ] 22/12/2008 6:19:03 PM Computer Name = NidhiPC | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 72 seconds with 60 seconds of active time.  This session ended with a crash.
OSession [ Error ] 22/12/2008 6:21:09 PM Computer Name = NidhiPC | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 113 seconds with 60 seconds of active time.  This session ended with a crash.
OSession [ Error ] 22/12/2008 6:23:38 PM Computer Name = NidhiPC | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12 seconds with 0 seconds of active time.  This session ended with a crash.
OSession [ Error ] 22/12/2008 6:24:24 PM Computer Name = NidhiPC | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 13 seconds with 0 seconds of active time.  This session ended with a crash.
OSession [ Error ] 22/12/2008 10:49:11 PM Computer Name = NidhiPC | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 46 seconds with 0 seconds of active time.  This session ended with a crash.
OSession [ Error ] 22/12/2008 10:49:31 PM Computer Name = NidhiPC | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
System [ Error ] 02/10/2009 9:33:25 PM Computer Name = NidhiPC | Source = Service Control Manager | ID = 7031 -> Description = 
System [ Error ] 02/10/2009 9:33:25 PM Computer Name = NidhiPC | Source = Service Control Manager | ID = 7034 -> Description = 
System [ Error ] 02/10/2009 9:33:25 PM Computer Name = NidhiPC | Source = Service Control Manager | ID = 7034 -> Description = 
System [ Error ] 02/10/2009 9:33:25 PM Computer Name = NidhiPC | Source = Service Control Manager | ID = 7034 -> Description = 
System [ Error ] 02/10/2009 9:33:25 PM Computer Name = NidhiPC | Source = Service Control Manager | ID = 7034 -> Description = 
System [ Error ] 02/10/2009 9:33:25 PM Computer Name = NidhiPC | Source = Service Control Manager | ID = 7034 -> Description = 
System [ Error ] 02/10/2009 9:50:17 PM Computer Name = NidhiPC | Source = Service Control Manager | ID = 7000 -> Description = 
System [ Error ] 02/10/2009 9:50:25 PM Computer Name = NidhiPC | Source = Service Control Manager | ID = 7009 -> Description = 
System [ Error ] 02/10/2009 9:50:25 PM Computer Name = NidhiPC | Source = Service Control Manager | ID = 7000 -> Description = 
System [ Error ] 02/10/2009 10:18:14 PM Computer Name = NidhiPC | Source = DCOM | ID = 10010 -> Description = 
 
[Files/Folders - Created Within 30 Days]
ProgramData -> C:\ProgramData -> [2009/10/01 20:17:07 | 00,000,000 | ---D | M]
Adobe -> C:\ProgramData\Adobe -> [2009/10/01 20:17:07 | 00,000,000 | ---D | M]
AVG Security Toolbar -> C:\ProgramData\AVG Security Toolbar -> [2009/09/23 18:29:46 | 00,000,000 | ---D | M]
avg8 -> C:\ProgramData\avg8 -> [2009/09/23 18:52:04 | 00,000,000 | ---D | M]
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2009/09/20 21:52:38 | 00,000,000 | ---D | M]
Microsoft -> C:\ProgramData\Microsoft -> [2009/09/20 12:44:47 | 00,000,000 | --SD | M]
Microsoft Help -> C:\ProgramData\Microsoft Help -> [2009/09/20 18:14:31 | 00,000,000 | ---D | M]
Spybot - Search & Destroy -> C:\ProgramData\Spybot - Search & Destroy -> [2009/09/28 18:42:20 | 00,000,000 | ---D | M]
Symantec -> C:\ProgramData\Symantec -> [2009/10/02 20:53:15 | 00,000,000 | ---D | M]
Yahoo! Companion -> C:\ProgramData\Yahoo! Companion -> [2009/09/20 18:14:33 | 00,000,000 | ---D | M]
Roaming -> C:\Users\Nidhi\AppData\Roaming -> [2009/09/23 17:55:23 | 00,000,000 | ---D | M]
AVG8 -> C:\Users\Nidhi\AppData\Roaming\AVG8 -> [2009/09/23 17:55:23 | 00,000,000 | ---D | M]
Malwarebytes -> C:\Users\Nidhi\AppData\Roaming\Malwarebytes -> [2009/09/20 21:52:47 | 00,000,000 | ---D | M]
Microsoft -> C:\Users\Nidhi\AppData\Roaming\Microsoft -> [2009/09/16 20:53:35 | 00,000,000 | --SD | M]
Mozilla -> C:\Users\Nidhi\AppData\Roaming\Mozilla -> [2009/09/23 20:06:13 | 00,000,000 | ---D | M]
Local -> C:\Users\Nidhi\AppData\Local -> [2009/10/01 19:47:38 | 00,000,000 | ---D | M]
MediaDirect -> C:\Users\Nidhi\AppData\Local\MediaDirect -> [2009/09/20 18:14:33 | 00,000,000 | ---D | M]
Microsoft -> C:\Users\Nidhi\AppData\Local\Microsoft -> [2009/09/16 20:53:35 | 00,000,000 | ---D | M]
Microsoft Help -> C:\Users\Nidhi\AppData\Local\Microsoft Help -> [2009/09/20 18:14:33 | 00,000,000 | ---D | M]
temp -> C:\Users\Nidhi\AppData\Local\temp -> [2009/10/02 22:57:51 | 00,000,000 | ---D | M]
Common Files -> C:\Program Files\Common Files -> [2009/10/01 19:32:19 | 00,000,000 | ---D | M]
Symantec Shared -> C:\Program Files\Common Files\Symantec Shared -> [2009/10/02 20:53:15 | 00,000,000 | ---D | M]
Program Files -> C:\Program Files -> [2009/10/02 22:00:20 | 00,000,000 | R--D | M]
AVG -> C:\Program Files\AVG -> [2009/09/23 18:28:07 | 00,000,000 | ---D | M]
Common Files -> C:\Program Files\Common Files -> [2009/10/01 19:32:19 | 00,000,000 | ---D | M]
Google -> C:\Program Files\Google -> [2009/09/20 18:14:29 | 00,000,000 | ---D | M]
HijackThis -> C:\Program Files\HijackThis -> [2009/09/20 14:37:10 | 00,000,000 | ---D | M]
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/10/02 22:00:30 | 00,000,000 | ---D | M]
Microsoft Silverlight -> C:\Program Files\Microsoft Silverlight -> [2009/09/20 18:14:30 | 00,000,000 | ---D | M]
Microsoft Works -> C:\Program Files\Microsoft Works -> [2009/09/20 18:14:31 | 00,000,000 | ---D | M]
Mozilla Firefox -> C:\Program Files\Mozilla Firefox -> [2009/09/23 20:06:19 | 00,000,000 | ---D | M]
Spybot - Search & Destroy -> C:\Program Files\Spybot - Search & Destroy -> [2009/09/24 16:01:09 | 00,000,000 | ---D | M]
Trend Micro -> C:\Program Files\Trend Micro -> [2009/09/20 11:07:02 | 00,000,000 | ---D | M]
Windows Mail -> C:\Program Files\Windows Mail -> [2009/09/20 18:14:31 | 00,000,000 | ---D | M]
OTS.exe -> C:\Users\Nidhi\Desktop\OTS.exe -> [2009/10/02 22:36:53 | 00,519,168 | ---- | C] (OldTimer Tools)
RootRepeal.exe -> C:\Users\Nidhi\Desktop\RootRepeal.exe -> [2009/10/02 22:27:50 | 00,472,064 | ---- | C] ( )
mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2009/10/02 22:00:22 | 00,038,224 | ---- | C] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2009/10/02 22:00:20 | 00,019,160 | ---- | C] (Malwarebytes Corporation)
mbam-setup.exe -> C:\Users\Nidhi\Desktop\mbam-setup.exe -> [2009/10/02 21:56:20 | 04,045,528 | ---- | C] (Malwarebytes Corporation									)
TFC.exe -> C:\Users\Nidhi\Desktop\TFC.exe -> [2009/10/02 21:19:23 | 00,271,872 | ---- | C] (OldTimer Tools)
Adobe -> C:\ProgramData\Adobe -> [2009/10/01 20:17:07 | 00,000,000 | ---D | C]
$RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2009/10/01 19:45:09 | 00,000,000 | -HSD | C]
temp -> C:\Windows\temp -> [2009/10/01 19:36:11 | 00,000,000 | ---D | C]
CF28910.exe -> C:\Windows\System32\CF28910.exe -> [2009/10/01 19:19:35 | 00,320,000 | ---- | C] (Microsoft Corporation)
Combo-Fix -> C:\Combo-Fix -> [2009/10/01 19:19:35 | 00,000,000 | ---D | C]
swsc.exe -> C:\Windows\System32\swsc.exe -> [2009/10/01 18:41:07 | 00,031,744 | ---- | C] (Microsoft Corporation)
SWREG.exe -> C:\Windows\SWREG.exe -> [2009/09/28 22:04:00 | 00,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> C:\Windows\SWSC.exe -> [2009/09/28 22:04:00 | 00,136,704 | ---- | C] (SteelWerX)
NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2009/09/28 22:04:00 | 00,031,232 | ---- | C] (NirSoft)
SWXCACLS.exe -> C:\Windows\SWXCACLS.exe -> [2009/09/28 22:03:59 | 00,212,480 | ---- | C] (SteelWerX)
Qoobox -> C:\Qoobox -> [2009/09/28 21:48:18 | 00,000,000 | ---D | C]
Avenger -> C:\Avenger -> [2009/09/28 18:45:18 | 00,000,000 | ---D | C]
Spybot - Search & Destroy -> C:\ProgramData\Spybot - Search & Destroy -> [2009/09/24 15:51:42 | 00,000,000 | ---D | C]
$AVG8.VAULT$ -> C:\$AVG8.VAULT$ -> [2009/09/23 18:38:43 | 00,000,000 | ---D | C]
avgrsstx.dll -> C:\Windows\System32\avgrsstx.dll -> [2009/09/23 18:33:53 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.)
avgtdix.sys -> C:\Windows\System32\drivers\avgtdix.sys -> [2009/09/23 18:33:52 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.)
avgldx86.sys -> C:\Windows\System32\drivers\avgldx86.sys -> [2009/09/23 18:33:36 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.)
avgmfx86.sys -> C:\Windows\System32\drivers\avgmfx86.sys -> [2009/09/23 18:33:29 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.)
Avg -> C:\Windows\System32\drivers\Avg -> [2009/09/23 18:29:53 | 00,000,000 | ---D | C]
AVG Security Toolbar -> C:\ProgramData\AVG Security Toolbar -> [2009/09/23 18:29:46 | 00,000,000 | ---D | C]
avg8 -> C:\ProgramData\avg8 -> [2009/09/23 18:28:03 | 00,000,000 | ---D | C]
avg_free_stb_all_8_32_cnet.exe -> C:\Users\Nidhi\Desktop\avg_free_stb_all_8_32_cnet.exe -> [2009/09/23 17:55:27 | 00,848,712 | ---- | C] (AVG Technologies)
mysetup.exe -> C:\Users\Nidhi\Desktop\mysetup.exe -> [2009/09/21 18:11:06 | 04,045,528 | ---- | C] (Malwarebytes Corporation									)
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2009/09/20 21:52:38 | 00,000,000 | ---D | C]
ERDNT -> C:\Windows\ERDNT -> [2009/09/20 21:49:20 | 00,000,000 | ---D | C]
HijackThis -> C:\HijackThis -> [2009/09/20 11:28:44 | 00,000,000 | ---D | C]
L2SecHC.dll -> C:\Windows\System32\L2SecHC.dll -> [2009/09/10 07:34:26 | 00,123,904 | ---- | C] (Microsoft Corporation)
wlansec.dll -> C:\Windows\System32\wlansec.dll -> [2009/09/10 07:34:25 | 00,297,984 | ---- | C] (Microsoft Corporation)
wlanmsm.dll -> C:\Windows\System32\wlanmsm.dll -> [2009/09/10 07:34:25 | 00,290,816 | ---- | C] (Microsoft Corporation)
wlansvc.dll -> C:\Windows\System32\wlansvc.dll -> [2009/09/10 07:34:24 | 00,502,272 | ---- | C] (Microsoft Corporation)
wlanhlp.dll -> C:\Windows\System32\wlanhlp.dll -> [2009/09/10 07:34:23 | 00,067,584 | ---- | C] (Microsoft Corporation)
wlanapi.dll -> C:\Windows\System32\wlanapi.dll -> [2009/09/10 07:34:23 | 00,047,104 | ---- | C] (Microsoft Corporation)
tcpip.sys -> C:\Windows\System32\drivers\tcpip.sys -> [2009/09/10 07:33:54 | 00,813,568 | ---- | C] (Microsoft Corporation)
netio.sys -> C:\Windows\System32\drivers\netio.sys -> [2009/09/10 07:33:53 | 00,213,592 | ---- | C] (Microsoft Corporation)
netiohlp.dll -> C:\Windows\System32\netiohlp.dll -> [2009/09/10 07:33:50 | 00,103,936 | ---- | C] (Microsoft Corporation)
tcpipcfg.dll -> C:\Windows\System32\tcpipcfg.dll -> [2009/09/10 07:33:47 | 00,167,424 | ---- | C] (Microsoft Corporation)
netiougc.exe -> C:\Windows\System32\netiougc.exe -> [2009/09/10 07:33:46 | 00,022,016 | ---- | C] (Microsoft Corporation)
ARP.EXE -> C:\Windows\System32\ARP.EXE -> [2009/09/10 07:33:46 | 00,019,968 | ---- | C] (Microsoft Corporation)
ROUTE.EXE -> C:\Windows\System32\ROUTE.EXE -> [2009/09/10 07:33:46 | 00,017,920 | ---- | C] (Microsoft Corporation)
MRINFO.EXE -> C:\Windows\System32\MRINFO.EXE -> [2009/09/10 07:33:46 | 00,011,264 | ---- | C] (Microsoft Corporation)
TCPSVCS.EXE -> C:\Windows\System32\TCPSVCS.EXE -> [2009/09/10 07:33:46 | 00,009,728 | ---- | C] (Microsoft Corporation)
NETSTAT.EXE -> C:\Windows\System32\NETSTAT.EXE -> [2009/09/10 07:33:45 | 00,027,136 | ---- | C] (Microsoft Corporation)
netevent.dll -> C:\Windows\System32\netevent.dll -> [2009/09/10 07:33:45 | 00,015,360 | ---- | C] (Microsoft Corporation)
finger.exe -> C:\Windows\System32\finger.exe -> [2009/09/10 07:33:45 | 00,010,240 | ---- | C] (Microsoft Corporation)
HOSTNAME.EXE -> C:\Windows\System32\HOSTNAME.EXE -> [2009/09/10 07:33:45 | 00,008,704 | ---- | C] (Microsoft Corporation)
WMVCORE.DLL -> C:\Windows\System32\WMVCORE.DLL -> [2009/09/10 07:28:54 | 02,433,536 | ---- | C] (Microsoft Corporation)
mf.dll -> C:\Windows\System32\mf.dll -> [2009/09/10 07:28:53 | 02,855,424 | ---- | C] (Microsoft Corporation)
mfps.dll -> C:\Windows\System32\mfps.dll -> [2009/09/10 07:28:51 | 00,098,816 | ---- | C] (Microsoft Corporation)
rrinstaller.exe -> C:\Windows\System32\rrinstaller.exe -> [2009/09/10 07:28:51 | 00,052,736 | ---- | C] (Microsoft Corporation)
mfpmp.exe -> C:\Windows\System32\mfpmp.exe -> [2009/09/10 07:28:51 | 00,024,576 | ---- | C] (Microsoft Corporation)
mferror.dll -> C:\Windows\System32\mferror.dll -> [2009/09/10 07:28:50 | 00,002,048 | ---- | C] (Microsoft Corporation)
jscript.dll -> C:\Windows\System32\jscript.dll -> [2009/09/10 07:24:27 | 00,512,000 | ---- | C] (Microsoft Corporation)
 
[Files/Folders - Modified Within 30 Days]
18 C:\Users\Nidhi\Documents\*.tmp files -> C:\Users\Nidhi\Documents\*.tmp -> 
ntuser.dat -> C:\Users\Nidhi\ntuser.dat -> [2009/10/02 23:08:40 | 03,932,160 | -HS- | M] ()
OTS.exe -> C:\Users\Nidhi\Desktop\OTS.exe -> [2009/10/02 22:37:03 | 00,519,168 | ---- | M] (OldTimer Tools)
settings.dat -> C:\Users\Nidhi\Desktop\settings.dat -> [2009/10/02 22:31:23 | 00,000,000 | ---- | M] ()
RootRepeal.exe -> C:\Users\Nidhi\Desktop\RootRepeal.exe -> [2009/10/02 22:31:08 | 00,472,064 | ---- | M] ( )
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2009/10/02 22:19:36 | 00,003,456 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2009/10/02 22:19:36 | 00,003,456 | -H-- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2009/10/02 22:19:34 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2009/10/02 22:19:29 | 00,067,584 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/10/02 22:19:27 | 10,634,52672 | -HS- | M] ()
IconCache.db -> C:\Users\Nidhi\AppData\Local\IconCache.db -> [2009/10/02 22:18:06 | 04,195,236 | -H-- | M] ()
GoogleUpdateTaskUserS-1-5-21-2934146092-3137938891-3697879613-1000UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2934146092-3137938891-3697879613-1000UA.job -> [2009/10/02 22:16:03 | 00,000,908 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/10/02 22:00:25 | 00,000,823 | ---- | M] ()
mbam-setup.exe -> C:\Users\Nidhi\Desktop\mbam-setup.exe -> [2009/10/02 21:58:16 | 04,045,528 | ---- | M] (Malwarebytes Corporation									)
TFC.exe -> C:\Users\Nidhi\Desktop\TFC.exe -> [2009/10/02 21:19:27 | 00,271,872 | ---- | M] (OldTimer Tools)
Inherit.exe -> C:\Users\Nidhi\Desktop\Inherit.exe -> [2009/10/02 21:09:53 | 00,085,504 | ---- | M] ()
incavi.avm -> C:\Windows\System32\drivers\Avg\incavi.avm -> [2009/10/02 17:38:49 | 42,186,641 | ---- | M] ()
microavi.avg -> C:\Windows\System32\drivers\Avg\microavi.avg -> [2009/10/02 17:38:49 | 00,004,566 | ---- | M] ()
Adobe Reader 7.0.lnk -> C:\Users\Public\Desktop\Adobe Reader 7.0.lnk -> [2009/10/01 20:17:32 | 00,001,903 | ---- | M] ()
Adobe Reader Speed Launch.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> [2009/10/01 20:17:31 | 00,001,926 | ---- | M] ()
AcRdB7_0_9.sta -> C:\Users\Public\Documents\AcRdB7_0_9.sta -> [2009/10/01 20:10:45 | 00,000,082 | ---- | M] ()
d3d9caps.dat -> C:\Users\Nidhi\AppData\Local\d3d9caps.dat -> [2009/10/01 19:47:38 | 00,000,680 | ---- | M] ()
system.ini -> C:\Windows\system.ini -> [2009/10/01 19:36:29 | 00,000,215 | ---- | M] ()
CF28910.exe -> C:\Windows\System32\CF28910.exe -> [2009/10/01 19:18:36 | 00,320,000 | ---- | M] (Microsoft Corporation)
Combo-Fix.exe -> C:\Users\Nidhi\Desktop\Combo-Fix.exe -> [2009/10/01 18:42:23 | 03,324,272 | R--- | M] ()
miniavi.avg -> C:\Windows\System32\drivers\Avg\miniavi.avg -> [2009/10/01 18:20:45 | 00,492,629 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Nidhi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/09/29 06:33:10 | 00,074,752 | ---- | M] ()
hosts -> C:\Windows\System32\drivers\etc\hosts -> [2009/09/28 22:28:15 | 00,000,027 | ---- | M] ()
Chapter 3 Bio Notes.docx -> C:\Users\Nidhi\Documents\Chapter 3 Bio Notes.docx -> [2009/09/26 17:23:03 | 00,015,170 | ---- | M] ()
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2009/09/26 14:42:50 | 00,623,972 | ---- | M] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2009/09/26 14:42:50 | 00,109,172 | ---- | M] ()
PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2009/09/26 14:42:49 | 00,716,948 | ---- | M] ()
Win32kDiag.exe -> C:\Users\Nidhi\Desktop\Win32kDiag.exe -> [2009/09/25 06:18:21 | 00,047,616 | ---- | M] ()
Spybot - Search & Destroy.lnk -> C:\Users\Nidhi\Desktop\Spybot - Search & Destroy.lnk -> [2009/09/24 15:51:58 | 00,001,060 | ---- | M] ()
MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2009/09/24 06:57:21 | 16,601,0143 | ---- | M] ()
reregisterie.cmd -> C:\Users\Nidhi\Documents\reregisterie.cmd -> [2009/09/23 19:39:04 | 00,002,306 | ---- | M] ()
AVG Free 8.5.lnk -> C:\Users\Public\Desktop\AVG Free 8.5.lnk -> [2009/09/23 18:34:01 | 00,001,652 | ---- | M] ()
avgrsstx.dll -> C:\Windows\System32\avgrsstx.dll -> [2009/09/23 18:33:53 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgtdix.sys -> C:\Windows\System32\drivers\avgtdix.sys -> [2009/09/23 18:33:52 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgldx86.sys -> C:\Windows\System32\drivers\avgldx86.sys -> [2009/09/23 18:33:36 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgmfx86.sys -> C:\Windows\System32\drivers\avgmfx86.sys -> [2009/09/23 18:33:29 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.)
avi7.avg -> C:\Windows\System32\drivers\Avg\avi7.avg -> [2009/09/23 18:30:27 | 06,061,540 | ---- | M] ()
avg_free_stb_all_8_32_cnet.exe -> C:\Users\Nidhi\Desktop\avg_free_stb_all_8_32_cnet.exe -> [2009/09/23 17:54:56 | 00,848,712 | ---- | M] (AVG Technologies)
Safari.lnk -> C:\Users\Public\Desktop\Safari.lnk -> [2009/09/21 22:38:39 | 00,002,281 | ---- | M] ()
UserTile.png -> C:\Users\Nidhi\AppData\Roaming\UserTile.png -> [2009/09/21 21:43:26 | 00,026,340 | ---- | M] ()
mysetup.exe -> C:\Users\Nidhi\Desktop\mysetup.exe -> [2009/09/21 18:13:21 | 04,045,528 | ---- | M] (Malwarebytes Corporation									)
Nidhi Ravishankar- Zara Zara.mp3 -> C:\Users\Nidhi\Desktop\Nidhi Ravishankar- Zara Zara.mp3 -> [2009/09/20 12:09:18 | 04,813,473 | ---- | M] ()
QuickSet.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk -> [2009/09/20 11:42:43 | 00,002,485 | ---- | M] ()
GoogleUpdateTaskUserS-1-5-21-2934146092-3137938891-3697879613-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2934146092-3137938891-3697879613-1000Core.job -> [2009/09/20 01:16:04 | 00,000,856 | ---- | M] ()
Chapter 1 Bio Notes.doc -> C:\Users\Nidhi\Documents\Chapter 1 Bio Notes.doc -> [2009/09/16 19:49:22 | 00,037,888 | ---- | M] ()
Chapter 1 Bio Notes.docx -> C:\Users\Nidhi\Documents\Chapter 1 Bio Notes.docx -> [2009/09/16 19:15:56 | 00,016,346 | ---- | M] ()
Chapter 2 Bio Notes.pdf -> C:\Users\Nidhi\Documents\Chapter 2 Bio Notes.pdf -> [2009/09/16 19:12:39 | 01,230,626 | ---- | M] ()
Chapter 1 Bio Notes.pdf -> C:\Users\Nidhi\Documents\Chapter 1 Bio Notes.pdf -> [2009/09/16 19:07:49 | 00,690,961 | ---- | M] ()
Chemistry- Chapter 1 Notes.doc -> C:\Users\Nidhi\Documents\Chemistry- Chapter 1 Notes.doc -> [2009/09/15 10:00:19 | 03,197,440 | ---- | M] ()
Chapter 1 Physics Notes Concepts of Motion.docx -> C:\Users\Nidhi\Documents\Chapter 1 Physics Notes Concepts of Motion.docx -> [2009/09/14 18:34:43 | 00,027,571 | ---- | M] ()
Physics Chapter 1 Notes Concepts of Motion.doc -> C:\Users\Nidhi\Documents\Physics Chapter 1 Notes Concepts of Motion.doc -> [2009/09/14 07:43:04 | 00,059,904 | ---- | M] ()
PEV.exe -> C:\Windows\PEV.exe -> [2009/09/14 02:12:36 | 00,229,888 | ---- | M] ()
Chemistry- Chapter 1 Notes.docx -> C:\Users\Nidhi\Documents\Chemistry- Chapter 1 Notes.docx -> [2009/09/11 19:53:14 | 00,147,892 | ---- | M] ()
Chapter_1_-__Structure_&_Bonding.doc -> C:\Users\Nidhi\Documents\Chapter_1_-__Structure_&_Bonding.doc -> [2009/09/11 19:51:28 | 03,183,616 | ---- | M] ()
Chapter_1_-__Structure_&_Bonding.pdf -> C:\Users\Nidhi\Documents\Chapter_1_-__Structure_&_Bonding.pdf -> [2009/09/10 17:40:09 | 03,601,510 | ---- | M] ()
Timetable.doc -> C:\Users\Nidhi\Documents\Timetable.doc -> [2009/09/10 15:16:46 | 00,044,032 | ---- | M] ()
Timetable.docx -> C:\Users\Nidhi\Documents\Timetable.docx -> [2009/09/10 15:16:26 | 00,014,600 | ---- | M] ()
Bio150- Course Syllabus.pdf -> C:\Users\Nidhi\Documents\Bio150- Course Syllabus.pdf -> [2009/09/10 15:07:39 | 00,298,477 | ---- | M] ()
mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation)
 
[Files - No Company Name]
settings.dat -> C:\Users\Nidhi\Desktop\settings.dat -> [2009/10/02 22:31:23 | 00,000,000 | ---- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/10/02 22:00:25 | 00,000,823 | ---- | C] ()
Inherit.exe -> C:\Users\Nidhi\Desktop\Inherit.exe -> [2009/10/02 21:09:53 | 00,085,504 | ---- | C] ()
Adobe Reader 7.0.lnk -> C:\Users\Public\Desktop\Adobe Reader 7.0.lnk -> [2009/10/01 20:17:32 | 00,001,903 | ---- | C] ()
Adobe Reader Speed Launch.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> [2009/10/01 20:17:31 | 00,001,926 | ---- | C] ()
AcRdB7_0_9.sta -> C:\Users\Public\Documents\AcRdB7_0_9.sta -> [2009/10/01 20:10:46 | 00,000,082 | ---- | C] ()
Combo-Fix.exe -> C:\Users\Nidhi\Desktop\Combo-Fix.exe -> [2009/10/01 18:41:26 | 03,324,272 | R--- | C] ()
PEV.exe -> C:\Windows\PEV.exe -> [2009/09/28 22:04:00 | 00,229,888 | ---- | C] ()
sed.exe -> C:\Windows\sed.exe -> [2009/09/28 22:04:00 | 00,098,816 | ---- | C] ()
grep.exe -> C:\Windows\grep.exe -> [2009/09/28 22:04:00 | 00,080,412 | ---- | C] ()
zip.exe -> C:\Windows\zip.exe -> [2009/09/28 22:04:00 | 00,068,096 | ---- | C] ()
avenger.exe -> C:\Users\Nidhi\Desktop\avenger.exe -> [2009/09/28 18:31:17 | 00,731,136 | ---- | C] ()
Win32kDiag.exe -> C:\Users\Nidhi\Desktop\Win32kDiag.exe -> [2009/09/25 06:18:20 | 00,047,616 | ---- | C] ()
Spybot - Search & Destroy.lnk -> C:\Users\Nidhi\Desktop\Spybot - Search & Destroy.lnk -> [2009/09/24 15:51:58 | 00,001,060 | ---- | C] ()
reregisterie.cmd -> C:\Users\Nidhi\Documents\reregisterie.cmd -> [2009/09/23 19:38:29 | 00,002,306 | ---- | C] ()
AVG Free 8.5.lnk -> C:\Users\Public\Desktop\AVG Free 8.5.lnk -> [2009/09/23 18:34:01 | 00,001,652 | ---- | C] ()
incavi.avm -> C:\Windows\System32\drivers\Avg\incavi.avm -> [2009/09/23 18:30:56 | 42,186,641 | ---- | C] ()
microavi.avg -> C:\Windows\System32\drivers\Avg\microavi.avg -> [2009/09/23 18:30:54 | 00,004,566 | ---- | C] ()
miniavi.avg -> C:\Windows\System32\drivers\Avg\miniavi.avg -> [2009/09/23 18:30:27 | 00,492,629 | ---- | C] ()
avi7.avg -> C:\Windows\System32\drivers\Avg\avi7.avg -> [2009/09/23 18:29:53 | 06,061,540 | ---- | C] ()
IconCache.db -> C:\Users\Nidhi\AppData\Local\IconCache.db -> [2009/09/22 18:09:30 | 04,195,236 | -H-- | C] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/09/22 06:24:14 | 10,634,52672 | -HS- | C] ()
Nidhi Ravishankar- Zara Zara.mp3 -> C:\Users\Nidhi\Desktop\Nidhi Ravishankar- Zara Zara.mp3 -> [2009/09/20 11:59:17 | 04,813,473 | ---- | C] ()
Chapter 3 Bio Notes.docx -> C:\Users\Nidhi\Documents\Chapter 3 Bio Notes.docx -> [2009/09/16 20:46:57 | 00,015,170 | ---- | C] ()
Chapter 1 Bio Notes.doc -> C:\Users\Nidhi\Documents\Chapter 1 Bio Notes.doc -> [2009/09/16 19:49:18 | 00,037,888 | ---- | C] ()
Chapter 2 Bio Notes.pdf -> C:\Users\Nidhi\Documents\Chapter 2 Bio Notes.pdf -> [2009/09/16 19:12:39 | 01,230,626 | ---- | C] ()
Chapter 1 Bio Notes.pdf -> C:\Users\Nidhi\Documents\Chapter 1 Bio Notes.pdf -> [2009/09/16 19:07:49 | 00,690,961 | ---- | C] ()
Chapter 1 Bio Notes.docx -> C:\Users\Nidhi\Documents\Chapter 1 Bio Notes.docx -> [2009/09/14 17:19:52 | 00,016,346 | ---- | C] ()
Chemistry- Chapter 1 Notes.doc -> C:\Users\Nidhi\Documents\Chemistry- Chapter 1 Notes.doc -> [2009/09/14 07:43:48 | 03,197,440 | ---- | C] ()
Physics Chapter 1 Notes Concepts of Motion.doc -> C:\Users\Nidhi\Documents\Physics Chapter 1 Notes Concepts of Motion.doc -> [2009/09/14 07:43:02 | 00,059,904 | ---- | C] ()
Chapter 1 Physics Notes Concepts of Motion.docx -> C:\Users\Nidhi\Documents\Chapter 1 Physics Notes Concepts of Motion.docx -> [2009/09/12 10:47:27 | 00,027,571 | ---- | C] ()
Chapter_1_-__Structure_&_Bonding.doc -> C:\Users\Nidhi\Documents\Chapter_1_-__Structure_&_Bonding.doc -> [2009/09/10 20:24:19 | 03,183,616 | ---- | C] ()
Chemistry- Chapter 1 Notes.docx -> C:\Users\Nidhi\Documents\Chemistry- Chapter 1 Notes.docx -> [2009/09/10 18:01:28 | 00,147,892 | ---- | C] ()
Chapter_1_-__Structure_&_Bonding.pdf -> C:\Users\Nidhi\Documents\Chapter_1_-__Structure_&_Bonding.pdf -> [2009/09/10 17:40:08 | 03,601,510 | ---- | C] ()
Timetable.doc -> C:\Users\Nidhi\Documents\Timetable.doc -> [2009/09/10 15:16:45 | 00,044,032 | ---- | C] ()
Timetable.docx -> C:\Users\Nidhi\Documents\Timetable.docx -> [2009/09/10 15:16:24 | 00,014,600 | ---- | C] ()
Bio150- Course Syllabus.pdf -> C:\Users\Nidhi\Documents\Bio150- Course Syllabus.pdf -> [2009/09/10 15:07:38 | 00,298,477 | ---- | C] ()
wlan.tmf -> C:\Windows\System32\wlan.tmf -> [2009/09/10 07:34:24 | 01,657,350 | ---- | C] ()
winscp.rnd -> C:\Users\Nidhi\AppData\Roaming\winscp.rnd -> [2009/06/16 11:39:04 | 00,000,600 | ---- | C] ()
PUTTY.RND -> C:\Users\Nidhi\AppData\Local\PUTTY.RND -> [2009/06/16 11:34:42 | 00,000,600 | ---- | C] ()
d3d9caps.dat -> C:\Users\Nidhi\AppData\Local\d3d9caps.dat -> [2008/11/07 23:46:47 | 00,000,680 | ---- | C] ()
ODBC.INI -> C:\Windows\ODBC.INI -> [2007/09/01 12:53:59 | 00,000,376 | ---- | C] ()
wklnhst.dat -> C:\Users\Nidhi\AppData\Roaming\wklnhst.dat -> [2007/09/01 12:46:42 | 00,000,120 | ---- | C] ()
UserTile.png -> C:\Users\Nidhi\AppData\Roaming\UserTile.png -> [2007/08/30 18:44:14 | 00,026,340 | ---- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Nidhi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2007/08/30 18:14:54 | 00,074,752 | ---- | C] ()
GDIPFONTCACHEV1.DAT -> C:\Users\Nidhi\AppData\Local\GDIPFONTCACHEV1.DAT -> [2007/08/30 13:22:56 | 00,130,992 | ---- | C] ()
igfxTMM.dll -> C:\Windows\System32\igfxTMM.dll -> [2007/08/24 01:20:03 | 00,249,856 | ---- | C] ()
igfxCoIn_v1253.dll -> C:\Windows\System32\igfxCoIn_v1253.dll -> [2007/08/24 01:20:03 | 00,204,800 | ---- | C] ()
igmedkrn.dll -> C:\Windows\System32\igmedkrn.dll -> [2007/08/24 01:20:02 | 00,910,304 | ---- | C] ()
rixdicon.dll -> C:\Windows\System32\rixdicon.dll -> [2007/08/24 01:19:56 | 00,016,480 | ---- | C] ()
px.ini -> C:\Windows\System32\px.ini -> [2006/11/07 15:25:58 | 00,000,000 | ---- | C] ()
desktop.ini -> C:\Program Files\desktop.ini -> [2006/11/02 08:50:50 | 00,000,174 | -HS- | C] ()
sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 08:35:32 | 00,005,632 | ---- | C] ()
atitmmxx.dll -> C:\Windows\System32\atitmmxx.dll -> [2006/11/02 06:25:44 | 00,159,744 | ---- | C] ()
win.ini -> C:\Windows\win.ini -> [2006/11/02 06:23:31 | 00,000,219 | ---- | C] ()
system.ini -> C:\Windows\system.ini -> [2006/11/02 06:23:31 | 00,000,215 | ---- | C] ()
pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 03:40:29 | 00,013,750 | ---- | C] ()
CddbPlaylist2Roxio.dll -> C:\Windows\System32\CddbPlaylist2Roxio.dll -> [2006/09/17 00:36:50 | 00,520,192 | ---- | C] ()
CddbFileTaggerRoxio.dll -> C:\Windows\System32\CddbFileTaggerRoxio.dll -> [2006/09/17 00:36:50 | 00,204,800 | ---- | C] ()
 
[File - Lop Check]
 
[File - Purity Scan]
 
[Custom Scans]
< %systemroot%\*. /s /r >
5 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> 
1 C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp files -> C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp -> 
 
[Files/Folders - Unicode - All]
C:\Users\Nidhi\Documents\2008-05-28 ?? 21-59 ??? ??.bmp -> C:\Users\Nidhi\Documents\2008-05-28 오후 21-59 비율로 스캔.bmp -> [2008/06/01 20:19:26 | 20,983,014 | ---- | M] ()
C:\Users\Nidhi\Documents\2008-05-28 ?? 21-59 ??? ??.bmp -> C:\Users\Nidhi\Documents\2008-05-28 오후 21-59 비율로 스캔.bmp -> [2008/06/01 20:24:33 | 20,983,014 | ---- | C] ()
 
[HardLinks - Junction Points - Mount Points - Symbolic Links]
C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.16868_none_05136bbbd8da5cfa\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.16868_none_05136bbbd8da5cfa ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.21065_none_0599dfcaf1fae401\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.21065_none_0599dfcaf1fae401 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.18270_none_06e6d825d6103f24\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.18270_none_06e6d825d6103f24 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.22447_none_0797e8a0ef0f39a3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.22447_none_0797e8a0ef0f39a3 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6002.18049_none_08f6be51d31621ab\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6002.18049_none_08f6be51d31621ab ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6002.22150_none_096c8896ec43f957\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6002.22150_none_096c8896ec43f957 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.16884_none_83e02be57bf1f0b4\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.16884_none_83e02be57bf1f0b4 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.21082_none_8467a03e95119112\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.21082_none_8467a03e95119112 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.18288_none_85ca6bb37914e701\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.18288_none_85ca6bb37914e701 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.22468_none_8669aa3c92224c10\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.22468_none_8669aa3c92224c10 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.18064_none_87c27e31762e9c0e\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.18064_none_87c27e31762e9c0e ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.22170_none_883d49e88f57f26d\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.22170_none_883d49e88f57f26d ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.18091_none_87a35e9f02db5bf5\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.18091_none_87a35e9f02db5bf5 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22200_none_888d4c521bb0e416\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22200_none_888d4c521bb0e416 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.16908_en-us_80aa46aabe6988cc\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.16908_en-us_80aa46aabe6988cc ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.21108_en-us_8133bb97d7875bd8\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.21108_en-us_8133bb97d7875bd8 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.18311_en-us_827eb35ebb9e844d\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.18311_en-us_827eb35ebb9e844d ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.22497_en-us_82b7d285d4f79ba9\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.22497_en-us_82b7d285d4f79ba9 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.18091_en-us_840ea5e6b905b8f9\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.18091_en-us_840ea5e6b905b8f9 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.22200_en-us_84f89399d1db411a\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.22200_en-us_84f89399d1db411a ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.16908_none_54bd3631b81fb89b\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.16908_none_54bd3631b81fb89b ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21108_none_5546ab1ed13d8ba7\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21108_none_5546ab1ed13d8ba7 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22497_none_56cac20cceadcb78\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22497_none_56cac20cceadcb78 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.16908_en-us_f28bf998a1c9cb0c\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.16908_en-us_f28bf998a1c9cb0c ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.21108_en-us_f3156e85bae79e18\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.21108_en-us_f3156e85bae79e18 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.18311_en-us_f460664c9efec68d\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.18311_en-us_f460664c9efec68d ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.22497_en-us_f4998573b857dde9\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.22497_en-us_f4998573b857dde9 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.18091_en-us_f5f058d49c65fb39\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.18091_en-us_f5f058d49c65fb39 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.22200_en-us_f6da4687b53b835a\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.22200_en-us_f6da4687b53b835a ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6000.16865_none_80bdcfa6fa29e6c3\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6000.16865_none_80bdcfa6fa29e6c3 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6000.21061_none_8143436c134b5473\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6000.21061_none_8143436c134b5473 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.18266_none_82a50e96f74f910b\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.18266_none_82a50e96f74f910b ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.22443_none_83414c42105faa15\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.22443_none_83414c42105faa15 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6002.18045_none_84a021f2f466921d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6002.18045_none_84a021f2f466921d ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6002.22146_none_852abf080d834b3e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6002.22146_none_852abf080d834b3e ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\be1ae9d467d31f99e4c451bfdbd8940c\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16700_none_0a3bfb69f525d803\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16700_none_0a3bfb69f525d803 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\be1ae9d467d31f99e4c451bfdbd8940c\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20856_none_0a958a550e669b8c\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20856_none_0a958a550e669b8c ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\be1ae9d467d31f99e4c451bfdbd8940c\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18089_none_0bd4bb63f2852f64\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18089_none_0bd4bb63f2852f64 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\be1ae9d467d31f99e4c451bfdbd8940c\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22201_none_0cacd7250b692215\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22201_none_0cacd7250b692215 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\be1ae9d467d31f99e4c451bfdbd8940c\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16700_none_0a3ffc91f5223d5f\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16700_none_0a3ffc91f5223d5f ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\be1ae9d467d31f99e4c451bfdbd8940c\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20856_none_0a998b7d0e6300e8\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20856_none_0a998b7d0e6300e8 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\be1ae9d467d31f99e4c451bfdbd8940c\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18089_none_0bd8bc8bf28194c0\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18089_none_0bd8bc8bf28194c0 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\be1ae9d467d31f99e4c451bfdbd8940c\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22201_none_0cb0d84d0b658771\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22201_none_0cb0d84d0b658771 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16711_none_ebd662c7164a156d\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16711_none_ebd662c7164a156d ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20868_none_ec30f1fc2f89f24d\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20868_none_ec30f1fc2f89f24d ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16711_none_b2f30b79d9aa8cd1\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16711_none_b2f30b79d9aa8cd1 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20868_none_b34d9aaef2ea69b1\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20868_none_b34d9aaef2ea69b1 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18099_none_b48acb29d70acadb\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18099_none_b48acb29d70acadb ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22212_none_b563e734efedd6e3\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22212_none_b563e734efedd6e3 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16711_none_ded59a427f534c40\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16711_none_ded59a427f534c40 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20868_none_df30297798932920\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20868_none_df30297798932920 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18099_none_e06d59f27cb38a4a\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18099_none_e06d59f27cb38a4a ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22212_none_e14675fd95969652\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22212_none_e14675fd95969652 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.16711_none_8d4999ae54b931f5\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.16711_none_8d4999ae54b931f5 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.20868_none_8da428e36df90ed5\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.20868_none_8da428e36df90ed5 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16711_none_fff8e71ba4b3b364\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16711_none_fff8e71ba4b3b364 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20868_none_00537650bdf39044\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20868_none_00537650bdf39044 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18099_none_0190a6cba213f16e\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18099_none_0190a6cba213f16e ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22212_none_0269c2d6baf6fd76\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22212_none_0269c2d6baf6fd76 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16711_none_f9a209f56e9f2db7\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16711_none_f9a209f56e9f2db7 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20868_none_f9fc992a87df0a97\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20868_none_f9fc992a87df0a97 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16711_none_95d642ad8484b3e5\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16711_none_95d642ad8484b3e5 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20868_none_9630d1e29dc490c5\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20868_none_9630d1e29dc490c5 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247 ->  -> Unknown point type
C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_2dcc82dc361eff27\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_2dcc82dc361eff27 ->  -> Unknown point type
capilock.dat -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\capilock.dat -> HardLink
 
[Alternate Data Streams]
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:73828A71
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A2947BEA
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:82591FF7
< End of report >

Edited by bengaluru, 03 October 2009 - 06:49 AM.

#28
Tweene

Posted 03 October 2009 - 11:34 AM

Trusted Helper

Malware Removal
1,387 posts

Hi

Ok, let's try another anti rootkit scan.

Step 1

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\] > -> HKEY_USERS\S-1-5-21-2934146092-3137938891-3697879613-1000\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YN -> "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> Reg Error: Key error. []
[Files/Folders - Created Within 30 Days]
NY -> Symantec -> C:\ProgramData\Symantec
NY -> CF28910.exe -> C:\Windows\System32\CF28910.exe
[Files/Folders - Modified Within 30 Days]
NY -> 18 C:\Users\Nidhi\Documents\*.tmp files -> C:\Users\Nidhi\Documents\*.tmp
NY -> CF28910.exe -> C:\Windows\System32\CF28910.exe
[Purity]
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

Step 2

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

There is a small chance this application may crash your computer so save any work you have open.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

Step 3

Please post the log of OTS (first step) and the gmer log.

Also, please give me some updates concerning your computer ? Do you have something unusual ?

#29
bengaluru

Posted 03 October 2009 - 12:07 PM

Member

Topic Starter
Member
143 posts

Thanks Tweene.

I will get back with the log reports.

What do you mean by "your computer might crash" ? Hope nothing serious.

With regard to the computer, I am still unable to open IE or firefox. and some of the antivirus/malaware/ hijackThis programs do not open and I still get the error message " you dont have appropriate permission to access this item". I am using Safari or Google chrome to browse the internet and post these replies.

Other than the above, the system seems slow.

Thanks

#30
Tweene

Posted 03 October 2009 - 01:23 PM

Trusted Helper

Malware Removal
1,387 posts

With regard to the computer, I am still unable to open IE or firefox. and some of the antivirus/malaware/ hijackThis programs do not open and I still get the error message " you dont have appropriate permission to access this item".

For the programs that don't want to play (spybot for example) please do the following :

Download this program and drag each of the exe files (not the shortcuts) that you are unable to run into Inherit.exe.

Then wait for it to say "OK"

For every programs that don't want to run/open, just drag the exe file into inherit.exe

For example, for firefox drag this file
C:\Program Files\Mozilla Firefox\firefox.exe
into Inherit.exe

I'll wait for the logs of OTS and Gmer