Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Affected with W32.gaobot.worm.gen.u [Solved]

Started by bengaluru , Sep 20 2009 08:09 PM

  • This topic is locked This topic is locked

#61
Tweene
Posted 13 October 2009 - 11:47 PM

Tweene

    Trusted Helper

  • Malware Removal
  • 1,387 posts
OK! Well done, your logs look clean ! :)

The first thing we need to do is to remove all the tools that you have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.


The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start then Run
  • Now type ComboFix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image


Double-click OTL.exe to run it.
Click the Clean up button
Click Yes to the reboot.

Now delete any logs that you have left over on your desktop and remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

OK, lets carry out a few preventative steps to make sure you reduce the risk of further infections.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.

Automatic Updates for Windows
  • Click Start.
  • Select Settings and then Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the internet.
  • Click Apply then OK.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Keep your programs updated! Software developers update their programs to patch possible security risks. Do a scan once in a while for outdated programs using Secunia's Software Inspector.

If you prefer you can download and install Secunia Personal Software Inspector (PSI) which will help your computer stay updated.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


OK, now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month.

Anti Spyware
  • SpywareBlaster to help prevent spyware from installing in the first place. A tutorial can be found here.
  • SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here.
.

Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Next lets look at Firewalls. These help to prevent unauthorised access both to and from the internet or your local network. A firewall is considered a first line of defense in protecting private information. Below are two free firewalls to choose from, if you do not already have one. Note: You only need one firewall on your system.

Personal Firewalls~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


It is a good idea to clear out all your temp files every now and again. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

Temp File Cleaner
  • TFC A very powerful cleaning program. Note: You may have this already as part of the fixes you have run
.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Startuplite is a tool to help you stop some programs not needed when you start your computer from loading.

Then I suggest you to run a defrag with Auslogics Disk Defrag.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Lastly, to find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein and this one from Rorschach112.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you have any questions, feel free to ask them.

All the best, and stay safe!

PS : please reply one more time so that this topic can be closed, thank you.
  • 0

Advertisements

#62
bengaluru
Posted 14 October 2009 - 05:05 AM

bengaluru

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
Hi Tweene,

As recommended I ran the ComboFix and OTL and rebooted the computer. Now I lost the desktop background and unable to restore it or install any new background.

I will run the other applications and let you know how it goes.

Take care
  • 0

#63
Tweene
Posted 14 October 2009 - 12:00 PM

Tweene

    Trusted Helper

  • Malware Removal
  • 1,387 posts
Hello bengaluru


What happen when you try to set a new background ? Do you have an error message ?
What is the current background ?
  • 0

#64
bengaluru
Posted 14 October 2009 - 12:38 PM

bengaluru

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
Nothing happens, the Personalize screen disappears and there is no error message as well.. The current background is Black screen.

Edited by bengaluru, 14 October 2009 - 12:40 PM.

  • 0

#65
Tweene
Posted 14 October 2009 - 01:56 PM

Tweene

    Trusted Helper

  • Malware Removal
  • 1,387 posts
Ok, let me know if it works :

Click on the Start button
Click on Control Panel
Then choose Appearance and Personalization
Click on Personalization, and finally click on Desktop Background.

Try to set a new background.
  • 0

#66
bengaluru
Posted 14 October 2009 - 04:09 PM

bengaluru

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
Hi Tweene,

Here is the OTL Log

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
C:\Windows\Ä moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Nidhi
File delete failed. C:\Users\Nidhi\AppData\Local\Temp\~DFDB09.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 60296954 bytes
File delete failed. C:\Users\Nidhi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(261)\Content.IE5\VRQYZ12F\BJPm%2FB%3DSt4NGEwNBlU-%2FJ%3D1255478527376475%2FK%3DBR8n20Fijq0Z0gGSbCI9Ow%2FA%3D5516253%2FR%3D0%2F%2A%24,http%3A%2F%2Fca.mc882.mail.yahoo.com%2Fmc%2Fmd[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Nidhi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(261)\Content.IE5\D3TKH8Z2\BCDR%2FB%3DQhsOGEwNBkQ-%2FJ%3D1255477914285570%2FK%3DBEtb9qt3GsxfaZZo3Goc_Q%2FA%3D5516253%2FR%3D0%2F%2A%24,http%3A%2F%2Fca.mc882.mail.yahoo.com%2Fmc%2Fmd[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Nidhi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(261)\Content.IE5\D3TKH8Z2\CJyt%2FB%3DF3f4F0wNBl4-%2FJ%3D1255478348579652%2FK%3D_bDgusWecsa.SUgPlRSVkg%2FA%3D5516253%2FR%3D0%2F%2A%24,http%3A%2F%2Fca.mc882.mail.yahoo.com%2Fmc%2Fmd[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Nidhi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 69266086 bytes
->Java cache emptied: 3322880 bytes
->Google Chrome cache emptied: 10296840 bytes
->Apple Safari cache emptied: 113866568 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 154302 bytes
RecycleBin emptied: 32783229 bytes

Total Files Cleaned = 276.55 mb


OTL by OldTimer - Version 3.0.21.0 log created on 10162009_183304

Files\Folders moved on Reboot...
C:\Users\Nidhi\AppData\Local\Temp\~DFDB09.tmp moved successfully.
File\Folder C:\Users\Nidhi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(261)\Content.IE5\VRQYZ12F\BJPm%2FB%3DSt4NGEwNBlU-%2FJ%3D1255478527376475%2FK%3DBR8n20Fijq0Z0gGSbCI9Ow%2FA%3D5516253%2FR%3D0%2F%2A%24,http%3A%2F%2Fca.mc882.mail.yahoo.com%2Fmc%2Fmd[1].htm not found!
File\Folder C:\Users\Nidhi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(261)\Content.IE5\D3TKH8Z2\BCDR%2FB%3DQhsOGEwNBkQ-%2FJ%3D1255477914285570%2FK%3DBEtb9qt3GsxfaZZo3Goc_Q%2FA%3D5516253%2FR%3D0%2F%2A%24,http%3A%2F%2Fca.mc882.mail.yahoo.com%2Fmc%2Fmd[1].htm not found!
File\Folder C:\Users\Nidhi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(261)\Content.IE5\D3TKH8Z2\CJyt%2FB%3DF3f4F0wNBl4-%2FJ%3D1255478348579652%2FK%3D_bDgusWecsa.SUgPlRSVkg%2FA%3D5516253%2FR%3D0%2F%2A%24,http%3A%2F%2Fca.mc882.mail.yahoo.com%2Fmc%2Fmd[1].htm not found!

Registry entries deleted on Reboot...

Edited by bengaluru, 16 October 2009 - 04:55 PM.

  • 0

#67
Tweene
Posted 15 October 2009 - 01:48 AM

Tweene

    Trusted Helper

  • Malware Removal
  • 1,387 posts
Hi


Can you clarify this please ?

I am unable to view any of the pictures and most of my pictures names have been changed to Demetres-Pomme01.jpg and like wise. Not sure what this Demteres-Pomme is.



  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • In Extra Registry check Use SafeList
  • In the File Age drop down menu, select 30 Days
  • Make sure that both LOP Check and Purity Check are ticked
  • Under the Custom Scans box at the bottom copy and paste this into it

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.
    %PROGRAMFILES%\*.
    %systemroot%\system32\eventlog.dll
    %systemroot%\system32\scecli.dll
    %systemroot%\netlogon.dll
    %systemroot%\system32\cngaudit.dll
    %systemroot%\system32\sceclt.dll
    %systemroot%\ntelogon.dll
    %systemroot%\system32\logevent.dll

  • Click the Run Scan button.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

  • 0

#68
bengaluru
Posted 15 October 2009 - 05:00 AM

bengaluru

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
Hi Tweene,

I read a lot on the internet about the desktop dissappearance and tried a System Restore as of 12 October 2009 and Phew...got back my desktop.

This all happened when I did the clean up on OTL and when the system rebooted.

As instructed by you, I ran the OTL again and here are the Logs

OTL.log. The Extras.log is in the next post.

OTL logfile created on: 15/10/2009 6:32:40 AM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Users\Nidhi\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16890)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1013.57 Mb Total Physical Memory | 392.66 Mb Available Physical Memory | 38.74% Memory free
2.22 Gb Paging File | 1.16 Gb Available in Paging File | 52.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.18 Gb Total Space | 53.48 Gb Free Space | 53.92% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.32 Gb Free Space | 63.22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NIDHIPC
Current User Name: Nidhi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/10/15 06:31:13 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Users\Nidhi\Desktop\OTL.exe
PRC - [2009/10/05 07:11:05 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/04 09:49:05 | 02,023,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/09/23 18:28:54 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/09/23 18:28:54 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/09/23 18:28:17 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/09/21 16:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/02 15:27:36 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/09/02 15:27:36 | 00,077,360 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/07/18 06:01:10 | 00,301,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/26 21:06:32 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
PRC - [2009/03/02 21:59:26 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe
PRC - [2009/02/06 18:08:58 | 00,454,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsui.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/09 16:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/29 02:20:29 | 02,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008/09/04 21:48:26 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Users\Nidhi\AppData\Local\Google\Update\GoogleUpdate.exe
PRC - [2008/08/02 12:24:15 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2007/06/25 01:17:04 | 00,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/06/25 01:17:00 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\STacSV.exe
PRC - [2007/05/16 00:53:30 | 00,252,696 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2007/05/16 00:53:28 | 00,133,912 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2007/05/16 00:53:24 | 00,154,392 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2007/04/18 00:48:18 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/04/17 23:31:58 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/04/16 17:10:26 | 00,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/02/20 14:01:12 | 01,125,088 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/11/05 12:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
PRC - [2006/11/03 19:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/11/02 08:35:32 | 00,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2006/11/02 08:35:32 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2006/11/02 05:44:59 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2006/10/03 12:37:04 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/09/08 19:10:22 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\HidFind.exe
PRC - [2006/09/08 19:06:08 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apntex.exe
PRC - [2006/08/04 20:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/09/23 18:28:17 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/11/09 16:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Auto | Running])
SRV - [2008/08/02 12:24:15 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103 [On_Demand | Stopped])
SRV - [2008/07/27 14:00:25 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/06/19 21:18:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/06/19 21:17:50 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/06/19 21:17:49 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2007/08/24 01:17:20 | 00,265,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2007/08/24 01:15:46 | 00,291,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2007/06/25 01:17:00 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\STacSV.exe -- (STacSV [Auto | Running])
SRV - [2007/03/19 13:44:44 | 00,070,656 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2006/11/05 12:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
SRV - [2006/11/05 12:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Running])
SRV - [2006/11/02 08:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2006/11/02 05:46:13 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/09/14 15:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2006/08/04 20:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe -- (XAudioService [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/09/23 18:33:52 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2009/09/23 18:33:36 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/09/23 18:33:29 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/08/28 19:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2009/02/06 18:08:52 | 00,055,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\fssfltr.sys -- (fssfltr [Auto | Running])
DRV - [2008/05/09 21:21:06 | 00,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\RMCAST.sys -- (RMCAST [Auto | Running])
DRV - [2007/08/24 01:16:26 | 00,020,152 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2007/08/24 01:16:26 | 00,019,128 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2007/08/24 01:16:26 | 00,017,592 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2007/06/25 01:17:04 | 00,326,656 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA [On_Demand | Running])
DRV - [2007/05/16 00:53:24 | 01,674,240 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (igfx [On_Demand | Running])
DRV - [2007/04/23 13:54:50 | 00,100,488 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s115mgmt.sys -- (s115mgmt [On_Demand | Stopped])
DRV - [2007/04/23 13:54:50 | 00,098,568 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s115obex.sys -- (s115obex [On_Demand | Stopped])
DRV - [2007/04/23 13:54:48 | 00,108,680 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s115mdm.sys -- (s115mdm [On_Demand | Stopped])
DRV - [2007/04/23 13:54:48 | 00,015,112 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s115mdfl.sys -- (s115mdfl [On_Demand | Stopped])
DRV - [2007/04/23 13:54:46 | 00,083,208 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s115bus.sys -- (s115bus [On_Demand | Stopped])
DRV - [2007/04/12 20:02:56 | 00,157,184 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Windows\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2007/02/25 13:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\Windows\System32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
DRV - [2007/02/25 10:14:00 | 02,216,448 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\NETw4v32.sys -- (NETw4v32 [On_Demand | Running])
DRV - [2007/02/12 17:36:54 | 00,277,784 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastor.sys -- (iaStor [Boot | Running])
DRV - [2006/11/27 03:48:46 | 00,037,376 | ---- | M] (REDC) -- C:\Windows\System32\DRIVERS\rixdptsk.sys -- (rismxdp [Auto | Running])
DRV - [2006/11/27 03:48:44 | 00,043,520 | ---- | M] (REDC) -- C:\Windows\System32\DRIVERS\rimsptsk.sys -- (rimsptsk [Auto | Running])
DRV - [2006/11/27 03:48:44 | 00,032,256 | ---- | M] (REDC) -- C:\Windows\System32\DRIVERS\rimmptsk.sys -- (rimmptsk [Auto | Running])
DRV - [2006/11/21 08:25:44 | 00,045,568 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2006/11/02 22:43:30 | 00,986,624 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2006/11/02 22:42:18 | 00,206,848 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
DRV - [2006/11/02 22:42:08 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2006/11/02 05:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 05:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 05:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2006/11/02 05:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006/11/02 05:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 05:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Boot | Running])
DRV - [2006/11/02 05:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 05:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2006/11/02 05:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 05:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006/11/02 05:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 05:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2006/11/02 05:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2006/11/02 05:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2006/11/02 05:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2006/11/02 05:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2006/11/02 05:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2006/11/02 05:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006/11/02 05:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2006/11/02 05:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006/11/02 05:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2006/11/02 05:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 05:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 05:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 05:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 05:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2006/11/02 05:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006/11/02 05:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 05:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2006/11/02 04:55:04 | 00,071,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2006/11/02 04:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 04:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2006/11/02 04:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 04:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 04:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 04:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 03:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2006/11/02 03:36:43 | 02,028,032 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\DRIVERS\atikmdag.sys -- (R300 [On_Demand | Stopped])
DRV - [2006/11/02 03:30:55 | 00,200,704 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\e1e6032.sys -- (e1express [On_Demand | Stopped])
DRV - [2006/11/02 03:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2006/11/02 02:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2006/10/05 18:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
DRV - [2006/08/04 20:39:10 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.sys -- (XAudio [Auto | Running])
DRV - [2006/07/24 04:00:00 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/06/19 17:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2001/11/05 09:23:52 | 00,299,923 | ---- | M] (Sony Corporation) -- C:\Windows\System32\DRIVERS\sonyhcs.sys -- (sonyhcs [On_Demand | Stopped])
DRV - [2001/11/05 09:23:14 | 00,006,097 | ---- | M] (Sony Corporation) -- C:\Windows\system32\DRIVERS\sonyhcb.sys -- (sonyhcb [Boot | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://discoverbangalore.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/09 03:02:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/09/23 18:28:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/09/23 18:29:45 | 00,000,000 | ---D | M]

[2009/09/23 20:06:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/01/17 19:06:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/08/23 12:27:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/08/02 12:24:15 | 00,122,880 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2007/12/19 08:57:38 | 00,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2008/06/30 22:02:00 | 00,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2009/07/24 00:12:00 | 00,001,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml

O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe (Microsoft® Corporation)
O4 - HKCU..\Run: [CollaborationHost] C:\Windows\System32\p2phost.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\Nidhi\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [googletalk] C:\Users\Nidhi\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://ak.imgag.com/...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{deae0ace-51be-11dc-b71a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{deae0ace-51be-11dc-b71a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\ctrun\start.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nla - Service key not found. File not found
NetSvcs: Ntmssvc - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: SRService - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: LogonHours - Service key not found. File not found
NetSvcs: PCAudit - Service key not found. File not found
NetSvcs: helpsvc - Service key not found. File not found
NetSvcs: uploadmgr - Service key not found. File not found


========== Files/Folders - Created Within 30 Days ==========

[2009/10/09 09:06:08 | 00,000,000 | ---D | C] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/01 20:17:07 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2009/09/23 18:29:46 | 00,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2009/09/23 18:28:03 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8
[2009/09/20 21:52:38 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/10/04 18:12:47 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009/09/24 15:51:42 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/09/23 17:55:23 | 00,000,000 | ---D | C] -- C:\Users\Nidhi\AppData\Roaming\AVG8
[2009/10/12 10:25:53 | 00,000,000 | ---D | C] -- C:\Users\Nidhi\AppData\Roaming\Creative
[2009/09/20 21:52:47 | 00,000,000 | ---D | C] -- C:\Users\Nidhi\AppData\Roaming\Malwarebytes
[2009/10/04 18:13:38 | 00,000,000 | ---D | C] -- C:\Users\Nidhi\AppData\Roaming\Skype
[2009/10/04 18:16:57 | 00,000,000 | ---D | C] -- C:\Users\Nidhi\AppData\Roaming\skypePM
[2009/09/28 22:22:39 | 00,000,000 | ---D | C] -- C:\Users\Nidhi\AppData\Local\temp
[2009/10/04 18:13:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/09/23 18:28:07 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/10/12 14:49:33 | 00,000,000 | ---D | C] -- C:\Program Files\Creative
[2009/09/20 14:37:09 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2009/10/09 09:06:08 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/10/02 22:00:20 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/09 09:02:42 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/10/04 18:13:00 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/09/24 15:51:42 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/09/20 11:07:02 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/15 06:31:12 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Users\Nidhi\Desktop\OTL.exe
[2009/10/14 06:27:54 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/10/12 16:05:39 | 00,000,000 | ---D | C] -- C:\Windows\CtDrvInstall
[2009/10/12 10:25:54 | 00,000,000 | ---D | C] -- C:\Users\Nidhi\Documents\WebCam Center
[2009/10/09 09:07:36 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2009/10/09 09:07:35 | 00,026,600 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2009/10/05 07:11:50 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/10/05 07:11:50 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/10/05 07:11:50 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/10/05 07:11:50 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/10/04 16:44:34 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/10/03 19:48:20 | 00,000,000 | ---D | C] -- C:\_OTS
[2009/10/02 22:00:22 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/10/02 22:00:20 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/10/01 19:45:09 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/10/01 19:36:11 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/10/01 19:19:35 | 00,000,000 | ---D | C] -- C:\Combo-Fix
[2009/10/01 18:41:07 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\swsc.exe
[2009/09/28 22:04:00 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/09/28 22:04:00 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/09/28 22:04:00 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/09/28 22:03:59 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/09/28 21:48:18 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/09/23 18:38:43 | 00,000,000 | ---D | C] -- C:\$AVG8.VAULT$
[2009/09/23 18:33:53 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/09/23 18:33:52 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/09/23 18:33:36 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/09/23 18:33:29 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/09/23 18:29:53 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/09/20 21:49:20 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/09/20 11:28:44 | 00,000,000 | ---D | C] -- C:\HijackThis

========== Files - Modified Within 30 Days ==========

[2009/10/15 06:31:13 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Users\Nidhi\Desktop\OTL.exe
[2009/10/15 06:21:54 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/15 06:21:50 | 00,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/15 06:21:50 | 00,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/14 21:16:06 | 00,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2934146092-3137938891-3697879613-1000UA.job
[2009/10/14 20:45:09 | 42,836,174 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/10/14 20:45:09 | 00,027,311 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/10/14 20:32:49 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/14 20:32:37 | 10,634,52672 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/14 20:18:52 | 04,413,418 | -H-- | M] () -- C:\Users\Nidhi\AppData\Local\IconCache.db
[2009/10/12 20:49:18 | 00,305,452 | ---- | M] () -- C:\Users\Nidhi\Documents\90Stayner.pdf
[2009/10/12 16:03:32 | 00,001,534 | ---- | M] () -- C:\Windows\Ä
[2009/10/12 14:49:54 | 00,002,191 | ---- | M] () -- C:\Users\Public\Desktop\Creative WebCam Center.lnk
[2009/10/12 13:19:02 | 00,013,919 | ---- | M] () -- C:\Users\Nidhi\Documents\Chapter 2- Chem Polar bond.docx
[2009/10/09 09:07:48 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/10/09 09:03:07 | 00,001,731 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/10/05 20:59:09 | 00,727,366 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/10/05 20:59:09 | 00,626,876 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/10/05 20:59:09 | 00,110,016 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/10/05 07:11:03 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/10/05 07:11:03 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/10/05 07:11:03 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/10/05 07:11:02 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/10/04 21:46:07 | 00,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2009/10/04 19:45:02 | 00,209,464 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2009/10/04 18:16:58 | 00,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2009/10/04 18:13:02 | 00,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2009/10/01 20:17:32 | 00,001,903 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 7.0.lnk
[2009/10/01 20:17:31 | 00,001,926 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/10/01 20:10:45 | 00,000,082 | ---- | M] () -- C:\Users\Public\Documents\AcRdB7_0_9.sta
[2009/10/01 19:47:38 | 00,000,680 | ---- | M] () -- C:\Users\Nidhi\AppData\Local\d3d9caps.dat
[2009/10/01 19:36:29 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/10/01 18:20:45 | 00,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/09/29 06:33:10 | 00,074,752 | ---- | M] () -- C:\Users\Nidhi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/28 22:28:15 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/09/26 17:23:03 | 00,015,170 | ---- | M] () -- C:\Users\Nidhi\Documents\Chapter 3 Bio Notes.docx
[2009/09/24 06:57:21 | 16,601,0143 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/09/23 19:39:04 | 00,002,306 | ---- | M] () -- C:\Users\Nidhi\Documents\reregisterie.cmd
[2009/09/23 18:34:01 | 00,001,652 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk
[2009/09/23 18:33:53 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/09/23 18:33:52 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/09/23 18:33:36 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/09/23 18:33:29 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/09/23 18:30:27 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/09/21 21:43:26 | 00,026,340 | ---- | M] () -- C:\Users\Nidhi\AppData\Roaming\UserTile.png
[2009/09/20 12:09:18 | 04,813,473 | ---- | M] () -- C:\Users\Nidhi\Desktop\Nidhi Ravishankar- Zara Zara.mp3
[2009/09/20 11:42:43 | 00,002,485 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
[2009/09/20 01:16:04 | 00,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2934146092-3137938891-3697879613-1000Core.job
[2009/09/16 19:49:22 | 00,037,888 | ---- | M] () -- C:\Users\Nidhi\Documents\Chapter 1 Bio Notes.doc
[2009/09/16 19:15:56 | 00,016,346 | ---- | M] () -- C:\Users\Nidhi\Documents\Chapter 1 Bio Notes.docx
[2009/09/16 19:12:39 | 01,230,626 | ---- | M] () -- C:\Users\Nidhi\Documents\Chapter 2 Bio Notes.pdf
[2009/09/16 19:07:49 | 00,690,961 | ---- | M] () -- C:\Users\Nidhi\Documents\Chapter 1 Bio Notes.pdf
[2009/09/15 10:00:19 | 03,197,440 | ---- | M] () -- C:\Users\Nidhi\Documents\Chemistry- Chapter 1 Notes.doc

========== Files - No Company Name ==========
[2009/10/12 20:49:17 | 00,305,452 | ---- | C] () -- C:\Users\Nidhi\Documents\90Stayner.pdf
[2009/10/12 15:55:33 | 00,001,534 | ---- | C] () -- C:\Windows\Ä
[2009/10/12 14:49:54 | 00,002,191 | ---- | C] () -- C:\Users\Public\Desktop\Creative WebCam Center.lnk
[2009/10/12 13:18:55 | 00,013,919 | ---- | C] () -- C:\Users\Nidhi\Documents\Chapter 2- Chem Polar bond.docx
[2009/10/09 09:07:48 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/10/09 09:03:07 | 00,001,731 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/10/04 19:45:02 | 00,209,464 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/10/04 18:16:58 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/04 18:13:02 | 00,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2009/10/01 20:17:32 | 00,001,903 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 7.0.lnk
[2009/10/01 20:17:31 | 00,001,926 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/10/01 20:10:46 | 00,000,082 | ---- | C] () -- C:\Users\Public\Documents\AcRdB7_0_9.sta
[2009/09/28 22:04:00 | 00,229,888 | ---- | C] () -- C:\Windows\PEV.exe
[2009/09/28 22:04:00 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/09/28 22:04:00 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/09/28 22:04:00 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/09/23 19:38:29 | 00,002,306 | ---- | C] () -- C:\Users\Nidhi\Documents\reregisterie.cmd
[2009/09/23 18:34:01 | 00,001,652 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk
[2009/09/23 18:30:56 | 42,836,174 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/09/23 18:30:54 | 00,027,311 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/09/23 18:30:27 | 00,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/09/23 18:29:53 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/09/22 18:09:30 | 04,413,418 | -H-- | C] () -- C:\Users\Nidhi\AppData\Local\IconCache.db
[2009/09/22 06:24:14 | 10,634,52672 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/20 11:59:17 | 04,813,473 | ---- | C] () -- C:\Users\Nidhi\Desktop\Nidhi Ravishankar- Zara Zara.mp3
[2009/09/16 20:46:57 | 00,015,170 | ---- | C] () -- C:\Users\Nidhi\Documents\Chapter 3 Bio Notes.docx
[2009/09/16 19:49:18 | 00,037,888 | ---- | C] () -- C:\Users\Nidhi\Documents\Chapter 1 Bio Notes.doc
[2009/09/16 19:12:39 | 01,230,626 | ---- | C] () -- C:\Users\Nidhi\Documents\Chapter 2 Bio Notes.pdf
[2009/09/16 19:07:49 | 00,690,961 | ---- | C] () -- C:\Users\Nidhi\Documents\Chapter 1 Bio Notes.pdf
[2009/06/16 11:39:04 | 00,000,600 | ---- | C] () -- C:\Users\Nidhi\AppData\Roaming\winscp.rnd
[2009/06/16 11:34:42 | 00,000,600 | ---- | C] () -- C:\Users\Nidhi\AppData\Local\PUTTY.RND
[2008/11/07 23:46:47 | 00,000,680 | ---- | C] () -- C:\Users\Nidhi\AppData\Local\d3d9caps.dat
[2007/09/01 12:53:59 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/09/01 12:46:42 | 00,000,120 | ---- | C] () -- C:\Users\Nidhi\AppData\Roaming\wklnhst.dat
[2007/08/30 18:44:14 | 00,026,340 | ---- | C] () -- C:\Users\Nidhi\AppData\Roaming\UserTile.png
[2007/08/30 18:14:54 | 00,074,752 | ---- | C] () -- C:\Users\Nidhi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/30 13:22:56 | 00,130,992 | ---- | C] () -- C:\Users\Nidhi\AppData\Local\GDIPFONTCACHEV1.DAT
[2007/08/24 01:20:03 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/08/24 01:20:03 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1253.dll
[2007/08/24 01:20:02 | 00,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/24 01:19:56 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2006/11/07 15:25:58 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 06:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/17 00:36:50 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

========== LOP Check ==========

[2009/10/12 10:25:53 | 00,000,000 | ---D | M] -- C:\Users\Nidhi\AppData\Roaming
[2008/10/09 18:48:14 | 00,000,000 | ---D | M] -- C:\Users\Nidhi\AppData\Roaming\ColorCop
[2009/10/14 20:28:55 | 00,000,000 | ---D | M] -- C:\Users\Nidhi\AppData\Roaming\CopyTrans
[2009/10/14 20:28:55 | 00,000,000 | ---D | M] -- C:\Users\Nidhi\AppData\Roaming\CopyTransPhoto
[2008/03/18 10:18:50 | 00,000,000 | ---D | M] -- C:\Users\Nidhi\AppData\Roaming\CyberLink
[2009/08/21 22:51:58 | 00,000,000 | ---D | M] -- C:\Users\Nidhi\AppData\Roaming\dvdcss
[2008/08/10 18:05:47 | 00,000,000 | ---D | M] -- C:\Users\Nidhi\AppData\Roaming\Free Download Manager
[2009/10/14 20:28:56 | 00,000,000 | ---D | M] -- C:\Users\Nidhi\AppData\Roaming\iCloner
[2009/10/14 20:28:56 | 00,000,000 | ---D | M] -- C:\Users\Nidhi\AppData\Roaming\iLibs
[2009/10/14 20:28:56 | 00,000,000 | ---D | M] -- C:\Users\Nidhi\AppData\Roaming\iPod Copy Expert
[2008/04/13 16:54:13 | 00,000,000 | ---D | M] -- C:\Users\Nidhi\AppData\Roaming\LimeWire
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Users\Nidhi\AppData\Roaming\Media Center Programs
[2009/10/14 20:29:02 | 00,000,000 | ---D | M] -- C:\Users\Nidhi\AppData\Roaming\PeerNetworking
[2008/06/21 12:51:14 | 00,000,000 | ---D | M] -- C:\Users\Nidhi\AppData\Roaming\PlayFirst
[2009/01/02 11:37:07 | 00,000,000 | ---D | M] -- C:\Users\Nidhi\AppData\Roaming\Roxio
[2008/01/11 18:19:11 | 00,000,000 | ---D | M] -- C:\Users\Nidhi\AppData\Roaming\SyncGuardian
[2007/09/01 12:47:09 | 00,000,000 | ---D | M] -- C:\Users\Nidhi\AppData\Roaming\Template
[2009/09/20 01:16:04 | 00,000,856 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2934146092-3137938891-3697879613-1000Core.job
[2009/10/14 21:16:06 | 00,000,908 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2934146092-3137938891-3697879613-1000UA.job
[2009/10/14 20:32:49 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/10/05 13:31:13 | 00,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2009/10/15 06:31:13 | 00,000,000 | R--D | M] -- C:
[2009/09/26 14:06:08 | 00,000,000 | ---D | M] -- C:\$AVG8.VAULT$
[2009/10/01 19:45:09 | 00,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009/10/14 20:28:32 | 00,000,000 | ---D | M] -- C:\_OTS
[2009/10/14 06:29:35 | 00,000,000 | ---D | M] -- C:\32788R22FWJFW
[2007/09/01 03:08:37 | 00,000,000 | ---D | M] -- C:\96b05b470897b9a485877279e79325
[2008/07/24 11:03:58 | 00,000,000 | ---D | M] -- C:\Application Data
[2007/10/11 16:31:07 | 00,000,000 | ---D | M] -- C:\b475d7334160e51a080f9b2f11
[2009/09/28 22:23:52 | 00,000,000 | ---D | M] -- C:\Boot
[2009/10/14 20:28:33 | 00,000,000 | ---D | M] -- C:\Combo-Fix
[2007/08/30 18:03:32 | 00,000,000 | ---D | M] -- C:\DELL
[2007/08/24 01:12:02 | 00,000,000 | ---D | M] -- C:\doctemp
[2007/08/30 13:20:48 | 00,000,000 | -HSD | M] -- C:\Documents and Settings
[2008/08/10 13:19:26 | 00,000,000 | ---D | M] -- C:\Downloads
[2009/05/02 15:49:00 | 00,000,000 | ---D | M] -- C:\Drivers
[2008/12/08 09:56:42 | 00,000,000 | ---D | M] -- C:\found.000
[2009/02/27 05:12:30 | 00,000,000 | ---D | M] -- C:\found.001
[2009/09/20 18:38:43 | 00,000,000 | ---D | M] -- C:\HijackThis
[2007/08/30 13:23:12 | 00,000,000 | ---D | M] -- C:\Intel
[2008/08/04 16:25:14 | 00,000,000 | R--D | M] -- C:\MSOCache
[2009/10/12 14:49:33 | 00,000,000 | R--D | M] -- C:\Program Files
[2009/10/09 09:06:08 | 00,000,000 | ---D | M] -- C:\ProgramData
[2009/10/14 20:28:34 | 00,000,000 | ---D | M] -- C:\Qoobox
[2009/10/14 20:48:22 | 00,000,000 | -HSD | M] -- C:\System Volume Information
[2009/09/20 18:14:33 | 00,000,000 | R--D | M] -- C:\Users
[2009/10/14 20:34:57 | 00,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*. >
[2009/10/12 14:49:33 | 00,000,000 | R--D | M] -- C:\Program Files
[2007/11/15 18:28:43 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/09/07 21:05:58 | 00,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/09/23 18:28:07 | 00,000,000 | ---D | M] -- C:\Program Files\AVG
[2007/08/23 17:53:48 | 00,000,000 | ---D | M] -- C:\Program Files\BAE
[2008/08/30 01:23:13 | 00,000,000 | ---D | M] -- C:\Program Files\Baraha 7.0
[2009/06/15 12:16:06 | 00,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2007/08/23 17:37:49 | 00,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2008/10/09 18:35:55 | 00,000,000 | ---D | M] -- C:\Program Files\Color_Cop
[2009/10/05 06:48:18 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2007/08/23 17:25:19 | 00,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009/10/12 14:50:54 | 00,000,000 | ---D | M] -- C:\Program Files\Creative
[2007/08/23 17:50:26 | 00,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2007/08/23 17:59:28 | 00,000,000 | ---D | M] -- C:\Program Files\Dell
[2007/08/23 17:53:46 | 00,000,000 | ---D | M] -- C:\Program Files\Dell DataSafe Online
[2008/04/30 14:38:27 | 00,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2007/08/23 17:51:34 | 00,000,000 | ---D | M] -- C:\Program Files\DellSupport
[2007/08/24 01:19:50 | 00,000,000 | ---D | M] -- C:\Program Files\DellTPad
[2007/08/23 17:37:33 | 00,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2008/08/10 10:05:08 | 00,000,000 | ---D | M] -- C:\Program Files\Free Download Manager
[2008/05/06 21:44:39 | 00,000,000 | ---D | M] -- C:\Program Files\Frets on Fire
[2009/09/20 18:14:29 | 00,000,000 | ---D | M] -- C:\Program Files\Google
[2007/11/30 12:26:44 | 00,000,000 | ---D | M] -- C:\Program Files\Guitar-Online Tools
[2009/09/20 14:37:10 | 00,000,000 | ---D | M] -- C:\Program Files\HijackThis
[2009/10/12 14:50:42 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/07/30 03:09:41 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/10/09 09:06:24 | 00,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/01/23 08:52:57 | 00,000,000 | ---D | M] -- C:\Program Files\iPod Copy Expert
[2009/10/09 09:07:33 | 00,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/10/05 07:10:44 | 00,000,000 | ---D | M] -- C:\Program Files\Java
[2009/10/02 22:00:30 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/14 10:36:15 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2008/08/04 16:39:16 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/03/14 10:46:47 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Outlook Connector
[2009/09/20 18:14:30 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2008/02/29 19:52:12 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2008/08/04 16:38:55 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/09/20 18:14:31 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2007/09/01 12:10:01 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Works Suite 2001
[2008/08/04 16:36:40 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2007/08/23 17:36:24 | 00,000,000 | ---D | M] -- C:\Program Files\Modem Diagnostic Tool
[2006/11/02 08:42:32 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/09/23 20:06:19 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/09/01 08:08:06 | 00,000,000 | ---D | M] -- C:\Program Files\MSECache
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Program Files\MSN
[2007/08/23 17:33:55 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/08/23 17:37:00 | 00,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2009/07/14 12:00:51 | 00,000,000 | ---D | M] -- C:\Program Files\NOS
[2009/10/09 09:03:50 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2008/11/23 10:23:36 | 00,000,000 | ---D | M] -- C:\Program Files\Reagency
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2007/08/23 17:41:39 | 00,000,000 | ---D | M] -- C:\Program Files\Roxio
[2008/04/05 11:50:06 | 00,000,000 | ---D | M] -- C:\Program Files\Safari
[2007/08/23 17:25:02 | 00,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2009/10/04 18:13:01 | 00,000,000 | R--D | M] -- C:\Program Files\Skype
[2009/10/03 19:20:32 | 00,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2008/08/23 12:29:49 | 00,000,000 | ---D | M] -- C:\Program Files\Sun
[2009/09/20 11:07:02 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2006/11/02 09:01:55 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/11/07 21:31:59 | 00,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2007/09/02 03:16:10 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2006/11/02 08:42:32 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2007/08/24 01:17:25 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2006/11/02 08:42:32 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009/03/14 10:44:06 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/03/14 10:35:47 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2009/09/20 18:14:31 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2009/08/13 03:14:30 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2006/11/02 08:42:32 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2008/01/10 04:04:08 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2008/01/11 18:18:36 | 00,000,000 | ---D | M] -- C:\Program Files\WindSolutions
[2008/10/17 19:06:35 | 00,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/06/16 11:38:59 | 00,000,000 | ---D | M] -- C:\Program Files\WinSCP
[2009/06/16 09:31:35 | 00,000,000 | ---D | M] -- C:\Program Files\Xming
[2009/10/14 20:28:33 | 00,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %systemroot%\system32\eventlog.dll >
[2006/11/02 05:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2006/11/02 05:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >
[2006/11/02 05:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cngaudit.dll

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:82591FF7
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A2947BEA
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:73828A71

========== Files - Unicode (All) ==========
[2008/06/01 20:24:33 | 20,983,014 | ---- | C] ()(C:\Users\Nidhi\Documents\2008-05-28 ?? 21-59 ??? ??.bmp) -- C:\Users\Nidhi\Documents\2008-05-28 오후 21-59 비율로 스캔.bmp
[2008/06/01 20:19:26 | 20,983,014 | ---- | M] ()(C:\Users\Nidhi\Documents\2008-05-28 ?? 21-59 ??? ??.bmp) -- C:\Users\Nidhi\Documents\2008-05-28 오후 21-59 비율로 스캔.bmp
< End of report >
  • 0

#69
bengaluru
Posted 15 October 2009 - 05:02 AM

bengaluru

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
Here is the Extras.log

OTL Extras logfile created on: 15/10/2009 6:32:40 AM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Users\Nidhi\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16890)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1013.57 Mb Total Physical Memory | 392.66 Mb Available Physical Memory | 38.74% Memory free
2.22 Gb Paging File | 1.16 Gb Available in Paging File | 52.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.18 Gb Total Space | 53.48 Gb Free Space | 53.92% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.32 Gb Free Space | 63.22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NIDHIPC
Current User Name: Nidhi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "E:\PFiles\MSOffice\Office\msohtmed.exe" %1 File not found
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" File not found
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06573AD2-E4D1-4880-9B0C-FB80D236E056}" = lport=138 | protocol=17 | dir=in | app=system |
"{09354486-D2B6-439A-9FD3-1DF7E9FF4862}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1D4DA4BD-A7C3-4E2A-8A4B-D9993FB605A7}" = rport=139 | protocol=6 | dir=out | app=system |
"{223EBEBC-0F9F-48B7-99A6-929B77445E0F}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{23DEE50F-E73D-43E2-8E7F-1125810DD538}" = rport=137 | protocol=17 | dir=out | app=system |
"{46E51D5E-A6F4-4F01-A41D-DE3E2C4A3103}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{47F2DB99-2891-413C-BC11-D4639ECCC6C5}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{47FCE30A-9B60-4B29-B421-F91488DEE925}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4DE87E6F-19F7-4851-BBA1-0572344A88A4}" = rport=138 | protocol=17 | dir=out | app=system |
"{56AF0456-FDA8-40D0-B392-265720D4801F}" = lport=139 | protocol=6 | dir=in | app=system |
"{5CFFC33A-90E2-473B-B935-50F734EF7962}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{5D71A03D-65C4-4FB0-8794-6D32A8B032CE}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{73FE5799-269D-4D11-B674-E4AF09968E87}" = lport=445 | protocol=6 | dir=in | app=system |
"{7A8D2F98-B74C-4E60-B8F8-0C7B0EEDB2F7}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{7CF5E366-9929-4B6B-8FCA-96903B330650}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{883F24EA-72AC-483E-9A05-2B97276A7C1D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{8C183E0D-6797-42D4-823D-4D4578EE03C9}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{947E30E0-970F-4A90-990C-82EA1C6A824C}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{9C8900A5-D730-4C21-A0F2-0FF56CDA57AD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A20373DE-0760-4A39-A7CF-9887A4BBBB17}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{B005D5C5-769C-4A4D-8761-3CA8A9A3744B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C6330B89-187D-4044-9784-6D7E6AC9608D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C6A0BEB4-E652-45CD-B66D-5A44B274DE6B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C95123BE-3361-42A1-A98B-336640ADFB81}" = lport=137 | protocol=17 | dir=in | app=system |
"{D48B31BF-0462-459C-AD4D-A089A408073A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D5D0E47F-6171-40BB-BBC9-5342988DE278}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E1474348-2C86-46CC-BDD7-A1E92A88C255}" = rport=445 | protocol=6 | dir=out | app=system |
"{E37450BC-8DFB-4FE4-B256-9BDC2B4F8546}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F6E0FC5B-DEFB-49C5-AA15-EAD79E5661C1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{094C4B74-7699-4A16-98B1-68C89E7E5097}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{0C12D3F5-962B-4401-BF86-BD8803B174D3}" = protocol=6 | dir=in | app=c:\users\nidhi\appdata\local\temp\7zs8aed.tmp\symnrt.exe |
"{0CD65C69-E381-42C1-B0D2-B7147ABE5F7F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{24530690-2868-4883-99F0-D25D4B17B9A0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2F4D1598-755E-4844-B4E9-80BD88DCCB58}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{3233C955-9635-4F55-B05A-0E802C768CB0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3ACD5390-E5A9-41F0-9383-896E941BAC30}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{3DB36004-6F51-47D7-BC67-9F382781C443}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{3F4A57F9-8D8B-4AF3-941E-A19514F4B2B9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{57F97EAA-4160-421E-96CC-4B78A7DD2769}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{5C4DBBFF-23CB-43CB-B661-4858AC25641E}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{5DE2D2D2-C7E3-4DC9-AC9F-6B7695432AA9}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{60A26B05-0810-419B-8E91-FCF38923EA33}" = protocol=58 | dir=in | [email protected],-28545 |
"{6C3A5978-C1A6-4A3B-ABE8-350D0AF131E0}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{7869C9C8-1F07-4FE4-B964-801E65F88D21}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{86463E3C-96CB-4AB8-9728-D3E6E0ABABBA}" = protocol=58 | dir=out | [email protected],-28546 |
"{8DB24EB4-952A-44CD-B828-460410C0E21E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{94478197-CEA6-4C46-BF41-A95955B779D2}" = protocol=1 | dir=in | [email protected],-28543 |
"{9DBA8965-E94F-4BB3-B88E-63D1FB969416}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AE8362A1-D7AF-4430-8BAC-735A66C4392A}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{CA7E87CA-1109-4AE5-BA69-38AD303F2966}" = protocol=1 | dir=out | [email protected],-28544 |
"{DF028690-1B0B-466E-99E6-AFF671AC7283}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E7062CF3-E4A3-4795-A628-85CC6AAD4B1C}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{E842C493-D7D6-4BE4-B683-E55BC6282E18}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{E93AA58E-BE6E-493D-87CC-F828F2A202EE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F6F4FC87-F96C-4C68-864A-CC4D7F64B36C}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{FB692E2E-494B-4A4D-AC02-4FFB2957EEB9}" = dir=in | app=c:\program files\dell\mediadirect\powercinema.exe |
"{FE4E5D3B-DC73-49AF-B73B-5A8D8CF7941E}" = protocol=17 | dir=in | app=c:\users\nidhi\appdata\local\temp\7zs8aed.tmp\symnrt.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{46A8F476-BDB6-4667-A2A7-43B917220B38}" = easyOFFER 2009 TREB
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F6594CB-DA1B-4FFB-B397-CACE3D5F668B}" = Windows Live Movie Maker Beta
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-00B1-0409-0000-0000000FF1CE}" = Microsoft Save as XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B2654B32-ED0E-47AB-A2E8-0A953CCDE32A}" = easyOFFER 2008 TREB
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E8F94D-6E68-4B35-92DF-3AA6DC6A6768}" = Safari
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe SVG Viewer" = Adobe SVG Viewer
"AVG8Uninstall" = AVG Free 8.5
"Baraha 7.0_is1" = Baraha 7.0
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Color Cop_is1" = Color Cop 5.4.3
"Creative WebCam Center" = Creative WebCam Center
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Download Manager_is1" = Free Download Manager 2.5
"Google Desktop" = Google Desktop
"Guitar-Online Tools - Metronome (Demo Version)_is1" = Guitar-Online Tools - Metronome, version 2.1
"HijackThis" = HijackThis 2.0.2
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MsJavaVM" = Microsoft VM for Java
"VLC media player" = VLC media player 0.9.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.1 beta
"Works2001Setup" = Microsoft Works 2001 Setup Launcher
"Xming_is1" = Xming 6.9.0.31
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/05/2009 8:47:44 PM | Computer Name = NidhiPC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16830, time stamp
0x49ac913e, faulting module AcroPDF.dll, version 7.0.8.0, time stamp 0x446aa70a,
exception code 0xc0000005, fault offset 0x0002fdb3, process id 0x1764, application
start time 0x01c9d102aabe2e60.

Error - 09/05/2009 8:51:34 PM | Computer Name = NidhiPC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16830, time stamp
0x49ac913e, faulting module AcroPDF.dll, version 7.0.8.0, time stamp 0x446aa70a,
exception code 0xc0000005, fault offset 0x0002fdb3, process id 0x1cf0, application
start time 0x01c9d108c35dae90.

Error - 09/05/2009 8:51:37 PM | Computer Name = NidhiPC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16830, time stamp
0x49ac913e, faulting module msxml3.dll, version 8.100.1048.0, time stamp 0x48c0b992,
exception code 0xc0000005, fault offset 0x00007161, process id 0x1cf0, application
start time 0x01c9d108c35dae90.

Error - 09/05/2009 8:52:11 PM | Computer Name = NidhiPC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16830, time stamp
0x49ac913e, faulting module AcroPDF.dll, version 7.0.8.0, time stamp 0x446aa70a,
exception code 0xc0000005, fault offset 0x0002fdb3, process id 0x138c, application
start time 0x01c9d1093627f930.

Error - 09/05/2009 8:52:16 PM | Computer Name = NidhiPC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16830, time stamp
0x49ac913e, faulting module msxml3.dll, version 8.100.1048.0, time stamp 0x48c0b992,
exception code 0xc0000005, fault offset 0x00007161, process id 0x138c, application
start time 0x01c9d1093627f930.

Error - 10/05/2009 10:10:46 AM | Computer Name = NidhiPC | Source = Application Error | ID = 1000
Description = Faulting application msnmsgr.exe, version 14.0.8064.206, time stamp
0x498cf586, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x6c000001, process id 0x1348, application start time
0x01c9d16a559de700.

Error - 10/05/2009 5:16:03 PM | Computer Name = NidhiPC | Source = Application Error | ID = 1000
Description = Faulting application msnmsgr.exe, version 14.0.8064.206, time stamp
0x498cf586, faulting module UXCore.dll, version 14.0.8064.206, time stamp 0x498cdee0,
exception code 0xc0000005, fault offset 0x00066fea, process id 0x1674, application
start time 0x01c9d1a68306ff60.

Error - 10/05/2009 7:28:02 PM | Computer Name = NidhiPC | Source = Application Error | ID = 1000
Description = Faulting application msnmsgr.exe, version 14.0.8064.206, time stamp
0x498cf586, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x00001b60, process id 0x1fe0, application start time
0x01c9d1c231e3e7d0.

Error - 11/05/2009 2:14:15 PM | Computer Name = NidhiPC | Source = Application Error | ID = 1000
Description = Faulting application msnmsgr.exe, version 14.0.8064.206, time stamp
0x498cf586, faulting module UXCore.dll, version 14.0.8064.206, time stamp 0x498cdee0,
exception code 0xc0000005, fault offset 0x00069bda, process id 0xbc8, application
start time 0x01c9d22a7ad83960.

Error - 11/05/2009 5:37:07 PM | Computer Name = NidhiPC | Source = Application Error | ID = 1000
Description = Faulting application msnmsgr.exe, version 14.0.8064.206, time stamp
0x498cf586, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x00000000, process id 0x1990, application start time
0x01c9d264685d3030.

[ Media Center Events ]
Error - 06/12/2007 6:46:55 PM | Computer Name = NidhiPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 06/12/2007 10:56:53 PM | Computer Name = NidhiPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/12/2007 10:43:19 PM | Computer Name = NidhiPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/12/2007 10:54:36 PM | Computer Name = NidhiPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 18/12/2007 9:06:14 PM | Computer Name = NidhiPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 22/12/2007 10:59:14 AM | Computer Name = NidhiPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 16/04/2008 12:19:15 PM | Computer Name = NidhiPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 17/04/2008 7:46:02 AM | Computer Name = NidhiPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 18/04/2008 3:55:35 PM | Computer Name = NidhiPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 30/01/2009 6:36:31 PM | Computer Name = NidhiPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ ODiag Events ]
Error - 22/12/2008 6:21:43 PM | Computer Name = NidhiPC | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 81vb. Error code: N/A

[ OSession Events ]
Error - 22/12/2008 6:16:29 PM | Computer Name = NidhiPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1902
seconds with 180 seconds of active time. This session ended with a crash.

Error - 22/12/2008 6:17:01 PM | Computer Name = NidhiPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 22
seconds with 0 seconds of active time. This session ended with a crash.

Error - 22/12/2008 6:17:44 PM | Computer Name = NidhiPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 24
seconds with 0 seconds of active time. This session ended with a crash.

Error - 22/12/2008 6:19:03 PM | Computer Name = NidhiPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 72
seconds with 60 seconds of active time. This session ended with a crash.

Error - 22/12/2008 6:21:09 PM | Computer Name = NidhiPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 113
seconds with 60 seconds of active time. This session ended with a crash.

Error - 22/12/2008 6:23:38 PM | Computer Name = NidhiPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 22/12/2008 6:24:24 PM | Computer Name = NidhiPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

Error - 22/12/2008 10:49:11 PM | Computer Name = NidhiPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 46
seconds with 0 seconds of active time. This session ended with a crash.

Error - 22/12/2008 10:49:31 PM | Computer Name = NidhiPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/10/2009 9:01:22 AM | Computer Name = NidhiPC | Source = DCOM | ID = 10010
Description =

Error - 12/10/2009 6:17:26 PM | Computer Name = NidhiPC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:15:12 PM on 12/10/2009 was unexpected.

Error - 12/10/2009 6:24:36 PM | Computer Name = NidhiPC | Source = DCOM | ID = 10010
Description =

Error - 14/10/2009 6:31:34 AM | Computer Name = NidhiPC | Source = DCOM | ID = 10010
Description =

Error - 14/10/2009 6:31:39 AM | Computer Name = NidhiPC | Source = DCOM | ID = 10010
Description =

Error - 14/10/2009 6:01:08 PM | Computer Name = NidhiPC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 001B77A79A66. The following
error occurred: %%121. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 14/10/2009 6:14:26 PM | Computer Name = NidhiPC | Source = DCOM | ID = 10010
Description =

Error - 14/10/2009 6:55:28 PM | Computer Name = NidhiPC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:53:52 PM on 14/10/2009 was unexpected.

Error - 14/10/2009 8:18:52 PM | Computer Name = NidhiPC | Source = DCOM | ID = 10010
Description =

Error - 14/10/2009 8:38:54 PM | Computer Name = NidhiPC | Source = DCOM | ID = 10010
Description =


< End of report >
  • 0

#70
Tweene
Posted 15 October 2009 - 02:37 PM

Tweene

    Trusted Helper

  • Malware Removal
  • 1,387 posts
Hello


OK, please tell me what the current situation is :
* Now, can you download something to your desktop ?
* Are the pictures back to normal ?


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
eventlog.*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0

Advertisements

#71
bengaluru
Posted 15 October 2009 - 07:20 PM

bengaluru

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
Hi Tweene,

Yes I am able to download to my desktop. I had saved both OTL and SystemLook to my desktop. Thank you.

Yes the pictures are also back to normal. I am able to view the pictures.

However I find that my IE has become very slow. Websites do not open easily......so I am back to using Google Chrome.

Here is the SystemLook Log.

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 21:07 on 15/10/2009 by Nidhi (Administrator - Elevation successful)

========== filefind ==========

Searching for "eventlog.*"
C:\Windows\System32\eventlog.dll ------ 11776 bytes [08:43 02/11/2006] [09:46 02/11/2006] 7F15B4953378C8B5161D65C26D5FED4D
C:\Windows\System32\NDF\eventlog.etl --a--- 262144 bytes [22:33 30/08/2007] [18:11 04/10/2009] CB063FF67EDB05489761EA8CA0095B45

-=End Of File=-
  • 0

#72
Tweene
Posted 16 October 2009 - 02:53 PM

Tweene

    Trusted Helper

  • Malware Removal
  • 1,387 posts
Hello


Ok good, it was odd.

The problem is the system restore may have restored some of the suspicious file. It will be a good idea to check again.
Let's see if the first two steps can help speed up IE.


Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
[2009/10/12 16:03:32 | 00,001,534 | ---- | M] () -- C:\Windows\Ä

:Commands
[purity]
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the log
Step 2

Sorry you have to run MBAM again : you have used Malwarebytes before. If you still have it on your machine please update and run a Quick Scan. Post the scan report back here.


If you no-longer have Malwarebytes, Posted Image please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


Step 3

It would be a good idea to have an online scan to look for any remnants.

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
Step 4

Things I'd like to see in your next reply :
- the ITLog from step 1
- the malwarebyte log
- the kaspersky log
  • 0

#73
bengaluru
Posted 16 October 2009 - 04:57 PM

bengaluru

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
Hi Tweene

Here is the OTL Log

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
C:\Windows\Ä moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Nidhi
File delete failed. C:\Users\Nidhi\AppData\Local\Temp\~DFDB09.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 60296954 bytes
File delete failed. C:\Users\Nidhi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(261)\Content.IE5\VRQYZ12F\BJPm%2FB%3DSt4NGEwNBlU-%2FJ%3D1255478527376475%2FK%3DBR8n20Fijq0Z0gGSbCI9Ow%2FA%3D5516253%2FR%3D0%2F%2A%24,http%3A%2F%2Fca.mc882.mail.yahoo.com%2Fmc%2Fmd[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Nidhi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(261)\Content.IE5\D3TKH8Z2\BCDR%2FB%3DQhsOGEwNBkQ-%2FJ%3D1255477914285570%2FK%3DBEtb9qt3GsxfaZZo3Goc_Q%2FA%3D5516253%2FR%3D0%2F%2A%24,http%3A%2F%2Fca.mc882.mail.yahoo.com%2Fmc%2Fmd[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Nidhi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(261)\Content.IE5\D3TKH8Z2\CJyt%2FB%3DF3f4F0wNBl4-%2FJ%3D1255478348579652%2FK%3D_bDgusWecsa.SUgPlRSVkg%2FA%3D5516253%2FR%3D0%2F%2A%24,http%3A%2F%2Fca.mc882.mail.yahoo.com%2Fmc%2Fmd[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Nidhi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 69266086 bytes
->Java cache emptied: 3322880 bytes
->Google Chrome cache emptied: 10296840 bytes
->Apple Safari cache emptied: 113866568 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 154302 bytes
RecycleBin emptied: 32783229 bytes

Total Files Cleaned = 276.55 mb


OTL by OldTimer - Version 3.0.21.0 log created on 10162009_183304

Files\Folders moved on Reboot...
C:\Users\Nidhi\AppData\Local\Temp\~DFDB09.tmp moved successfully.
File\Folder C:\Users\Nidhi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(261)\Content.IE5\VRQYZ12F\BJPm%2FB%3DSt4NGEwNBlU-%2FJ%3D1255478527376475%2FK%3DBR8n20Fijq0Z0gGSbCI9Ow%2FA%3D5516253%2FR%3D0%2F%2A%24,http%3A%2F%2Fca.mc882.mail.yahoo.com%2Fmc%2Fmd[1].htm not found!
File\Folder C:\Users\Nidhi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(261)\Content.IE5\D3TKH8Z2\BCDR%2FB%3DQhsOGEwNBkQ-%2FJ%3D1255477914285570%2FK%3DBEtb9qt3GsxfaZZo3Goc_Q%2FA%3D5516253%2FR%3D0%2F%2A%24,http%3A%2F%2Fca.mc882.mail.yahoo.com%2Fmc%2Fmd[1].htm not found!
File\Folder C:\Users\Nidhi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(261)\Content.IE5\D3TKH8Z2\CJyt%2FB%3DF3f4F0wNBl4-%2FJ%3D1255478348579652%2FK%3D_bDgusWecsa.SUgPlRSVkg%2FA%3D5516253%2FR%3D0%2F%2A%24,http%3A%2F%2Fca.mc882.mail.yahoo.com%2Fmc%2Fmd[1].htm not found!

Registry entries deleted on Reboot...
  • 0

#74
bengaluru
Posted 17 October 2009 - 08:38 AM

bengaluru

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
Hi Tweene,

I ran the malawarebytes here is the report

Malwarebytes' Anti-Malware 1.41
Database version: 2973
Windows 6.0.6000

17/10/2009 9:16:32 AM
mbam-log-2009-10-17 (09-16-32).txt

Scan type: Quick Scan
Objects scanned: 92482
Time elapsed: 22 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by bengaluru, 17 October 2009 - 08:40 AM.

  • 0

#75
Tweene
Posted 17 October 2009 - 11:18 AM

Tweene

    Trusted Helper

  • Malware Removal
  • 1,387 posts
:)

OK, good. Please post the Kaspersky log when you have it.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP