Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware:unable to open some sites on browsers


  • This topic is locked This topic is locked
6 replies to this topic

#1 gggg_hhhh

gggg_hhhh

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 22 October 2009 - 11:24 AM

i was directed here by garmanma who analysed the problem and insisted me to post a dds log here Topic referenced is here: http://www.bleepingcomputer.com/forums/t/265375/malwareunable-to-open-some-sites-on-browsers/ ~ OB . below is my problem description and the dds log

i seem to be having a problem with the browsers here.i am unable to open sites such as youtube,beemp3 and many other video or other media sites.i have chrome ,mozilla firefox and ie8 as my browsers.however somesites that don't open in chrome or ie8 do open in firefox.i suppose it has something to do with a malware attack coz my recent visit to certain movie site led to some threat alerts from my antivirus (eset nod32).i have vista basic.this has left me paralysed with no access to sites that i frequently visit.hope someone comes forward and put me out of this misery.


.........................................<>...............................

DDS (Ver_09-10-13.01) - NTFSx86
Run by KATALYST at 10:40:34.99 on 22-10-2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6001.1.1252.91.1033.18.3069.1536 [GMT 5.5:30]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Hpservice.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\vistasrv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBVista.exe
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lkcitdl.exe
C:\Windows\system32\lkads.exe
C:\Windows\system32\lktsrv.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\Windows\system32\nisvcloc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Windows\System32\TUProgSt.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBVista.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\WinPVR\WinPVR.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\KARTHIK\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=83&bd=Pavilion&pf=cnnb
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=83&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=83&bd=Pavilion&pf=cnnb
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
dRunOnce: []
mExplorerRun: [] 1 (0x1)
StartupFolder: c:\users\karthik\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\karthik\appdata\roaming\micros~1\windows\startm~1\programs\startup\online~1.lnk - c:\program files\online wallpaper changer\OnlineWallpaper.exe
StartupFolder: c:\users\karthik\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\users\karthik\appdata\roaming\micros~1\windows\startm~1\programs\startup\winflip.lnk - c:\program files\wflip050\WinFlip.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-in\local\search.html
IE: >>> DIAL <<< - file://c:\windows\numb.htm
IE: Download ALL with IDA
IE: Download with IDA
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C}
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {A573D71B-951B-4BAD-B8CC-708AE84769C9} - {32CA105A-BD6C-4AFC-B4D9-346262E9F483}
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
TCP: {A0324AB2-A3E3-46D3-AE8E-96AB0AE1A5D9} = 192.168.10.1,223.223.0.0
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
LSA: Notification Packages = scecli DPPWDFLT

================= FIREFOX ===================

FF - ProfilePath - c:\users\karthik\appdata\roaming\mozilla\firefox\profiles\f5vthkgp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.in/
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPLV82Win32.dll
FF - plugin: c:\users\karthik\appdata\local\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\karthik\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\drivers\Amddfltr.sys [2008-12-14 15416]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f691e717\AEstSrv.exe [2008-12-14 73728]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-20 472320]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-19 19456]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-6-17 341328]
R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-7-30 185640]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-10-14 604488]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-3-27 595248]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-17 193840]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 52736]
R3 iscFlash;iscFlash;c:\swsetup\sp44706\iscflash.sys [2009-6-16 13312]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-1 81296]
R3 TridVid;GEMINI 5600AI Analog plus Digital Video;c:\windows\system32\drivers\TridVid.sys [2009-6-17 151936]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-3-27 40752]
S0 AFS;AFS;c:\windows\system32\drivers\AFS.SYS [2008-12-22 77004]
S2 gupdate1ca45e7354a3ca0;Google Update Service (gupdate1ca45e7354a3ca0);c:\program files\google\update\GoogleUpdate.exe [2009-10-5 133104]
S2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2006-4-14 28933976]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2006-11-2 9216]
S3 GoogleDesktopManager-090809-085438;Google Desktop Manager 5.9.909.8267;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-10-6 30192]
S4 Qwataclts;Qwataclts; [x]

=============== Created Last 30 ================

2009-10-21 11:55 --d----- c:\program files\GameSpy Arcade
2009-10-19 09:05 --d----- c:\program files\Trend Micro
2009-10-19 08:29 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-10-18 17:27 40,960 a------- c:\windows\system32\onlinewpset.ocx
2009-10-18 17:27 2,656 a------- c:\windows\system32\onlinewpset.lib
2009-10-18 17:27 1,013 a------- c:\windows\system32\onlinewpset.exp
2009-10-18 17:27 --d----- c:\program files\Online Wallpaper Changer
2009-10-17 16:04 --d----- c:\program files\Wisdom-soft AutoScreenRecorder 3 Pro
2009-10-17 14:43 --d----- c:\users\karthik\appdata\roaming\Video Wallpaper
2009-10-17 13:10 --d----- c:\program files\VideoLAN
2009-10-17 12:13 --d----- c:\users\karthik\appdata\roaming\ADPHONE
2009-10-17 12:13 --d----- c:\program files\ADPHONE3
2009-10-14 13:40 604,488 a------- c:\windows\system32\TUProgSt.exe
2009-10-14 13:40 29,000 a------- c:\windows\system32\uxtuneup.dll
2009-10-14 13:40 17,224 a------- c:\windows\system32\authuitu.dll
2009-10-14 13:40 361,288 a------- c:\windows\system32\TuneUpDefragService.exe
2009-10-14 06:34 213,504 a------- c:\windows\system32\msv1_0.dll
2009-10-14 06:09 3,597,896 a------- c:\windows\system32\ntkrnlpa.exe
2009-10-14 06:09 3,546,184 a------- c:\windows\system32\ntoskrnl.exe
2009-10-14 05:57 61,440 a------- c:\windows\system32\msasn1.dll
2009-10-14 05:57 144,896 a------- c:\windows\system32\drivers\srv2.sys
2009-10-14 05:57 604,672 a------- c:\windows\system32\WMSPDMOD.DLL
2009-10-13 06:58 --d----- c:\program files\Devnz
2009-10-13 06:41 --d----- c:\program files\MsDVR
2009-10-13 06:21 --d----- c:\program files\WinPVR(8)
2009-10-12 03:42 --d----- c:\users\karthik\appdata\roaming\Stardock
2009-10-12 03:42 -cd-h--- c:\programdata\{2C0895CF-C7CF-4FF0-B3B8-C0518C9E3418}
2009-10-12 03:42 -cd-h--- c:\progra~2\{2C0895CF-C7CF-4FF0-B3B8-C0518C9E3418}
2009-10-12 03:42 --d----- c:\programdata\Stardock
2009-10-12 03:42 --d----- c:\progra~2\Stardock
2009-10-11 13:07 --d-h--- c:\programdata\{8227D5D4-E2F9-4B81-98FA-54E4E78F5238}
2009-10-11 13:07 --d-h--- c:\progra~2\{8227D5D4-E2F9-4B81-98FA-54E4E78F5238}
2009-10-11 10:11 --d----- c:\program files\YSDYNAMICS
2009-10-06 00:17 --d----- c:\program files\SecondLife
2009-10-03 10:53 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-10-02 19:44 118,390 a--shr-- c:\windows\system32\OEMLOGO.bmp
2009-10-02 19:44 628 a--shr-- c:\windows\system32\oeminfo.ini
2009-10-01 23:10 172,032 a------- c:\windows\system32\poweroff.exe
2009-10-01 19:27 445 a------- c:\windows\asr.INI
2009-09-28 21:51 --d----- c:\programdata\Adobe Systems
2009-09-28 15:41 24 a------- c:\windows\ShellIcon32.dll
2009-09-28 15:41 --d----- c:\programdata\Remote Desktop Control 2
2009-09-28 15:41 --d----- c:\program files\Remote Desktop Control 2
2009-09-28 15:41 --d----- c:\progra~2\Remote Desktop Control 2

==================== Find3M ====================

2009-10-19 10:48 2,484 a------- c:\windows\bthservsdp.dat
2009-09-21 17:38 240,128 a------- c:\windows\system32\uxtheme.dll
2009-09-21 17:38 615,424 a------- c:\windows\system32\themeui.dll
2009-09-21 14:48 22,227,456 a------- c:\windows\system32\imageres.dll
2009-09-12 01:33 581 a------- c:\program files\explorer.exe.lnk
2009-09-11 04:20 2,560 a------- c:\windows\_MSRSTRT.EXE
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-10 10:48 93,552 a------- c:\windows\help\oem\scripts\RegRestore.exe
2009-09-10 10:48 12,288 a------- c:\windows\help\oem\scripts\BackgroundCopyManager1_5.dll
2009-09-10 10:48 9,728 a------- c:\windows\help\oem\scripts\BackgroundCopyManager.DLL
2009-09-08 03:00 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-08 03:00 51,200 a------- c:\windows\inf\infpub.dat
2009-08-27 19:02 833,024 a------- c:\windows\system32\wininet.dll
2009-08-27 18:59 78,336 a------- c:\windows\system32\ieencode.dll
2009-08-27 16:28 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-08-14 21:59 104,960 a------- c:\windows\system32\netiohlp.dll
2009-08-14 21:59 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 19:46 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 19:46 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 19:46 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 19:46 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 19:46 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 19:46 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 19:46 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-11 19:51 17,160 a------- c:\windows\help\oem\scripts\HC_RegistrationRecovery.exe
2009-08-01 00:03 249,856 -------- c:\windows\Setup1.exe
2009-08-01 00:03 73,216 a------- c:\windows\ST6UNST.EXE
2009-07-25 17:41 86,016 a------- c:\windows\inf\infstor.dat
2009-06-02 17:48 56 a---h--- c:\programdata\ezsidmv.dat
2009-06-02 17:48 56 a---h--- c:\progra~2\ezsidmv.dat
2008-12-18 07:27 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 08:27 174 a--sh--- c:\program files\desktop.ini
2006-11-02 18:09 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 18:09 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 18:09 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 18:09 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 14:50 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 14:50 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 14:50 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 14:50 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-03-26 21:32 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-03-26 21:32 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-03-26 21:32 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-12-27 20:42 22 a--sh--- c:\windows\sminst\HPCD.sys

============= FINISH: 10:41:22.51 =============

HOPE SOMEONE REPLIES ASAP
THANKS IN ADVANCE
"\GGGG_HHHH/"

Edited by Orange Blossom, 22 October 2009 - 07:59 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:27 AM

Posted 31 October 2009 - 10:53 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 gggg_hhhh

gggg_hhhh
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 03 November 2009 - 10:34 AM

thanks for replying temp .here are the logs you have asked for.hope i get a quick reply next time .sorry for the delay in the reply

thanks in advance
gggg_hhhh

OTL logfile created on: 03-11-2009 20:53:59 - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Users\KARTHIK\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.38% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.81 Gb Total Space | 61.02 Gb Free Space | 27.26% Space Free | Partition Type: NTFS
Drive D: | 9.08 Gb Total Space | 1.59 Gb Free Space | 17.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 728.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 665.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 608.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 483.62 Mb Total Space | 393.07 Mb Free Space | 81.28% Space Free | Partition Type: FAT

Computer Name: KATALYST
Current User Name: KARTHIK
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009-11-03 20:51:45 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Users\KARTHIK\Desktop\OTL.exe
PRC - [2009-11-01 22:32:34 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-10-14 13:40:34 | 00,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
PRC - [2009-10-09 23:54:55 | 00,919,024 | ---- | M] (Google Inc.) -- C:\Users\KARTHIK\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2009-10-09 23:54:55 | 00,919,024 | ---- | M] (Google Inc.) -- C:\Users\KARTHIK\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2009-10-09 23:54:55 | 00,919,024 | ---- | M] (Google Inc.) -- C:\Users\KARTHIK\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2009-10-09 23:54:55 | 00,919,024 | ---- | M] (Google Inc.) -- C:\Users\KARTHIK\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2009-10-09 23:54:55 | 00,919,024 | ---- | M] (Google Inc.) -- C:\Users\KARTHIK\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2009-07-30 20:59:42 | 00,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2009-07-14 16:29:24 | 00,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
PRC - [2009-05-24 13:27:45 | 00,288,368 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2009-05-24 13:27:45 | 00,124,536 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2009-03-03 07:46:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\WmiPrvSE.exe
PRC - [2009-02-15 00:30:19 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008-12-17 20:08:57 | 00,214,560 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2008-12-17 20:08:53 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008-10-29 11:59:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-06-12 22:17:01 | 00,042,168 | ---- | M] (Antony Lewis) -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2008-05-21 17:22:18 | 00,483,328 | ---- | M] () -- C:\Program Files\WFlip050\WinFlip.exe
PRC - [2008-05-15 11:26:58 | 00,116,112 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
PRC - [2008-05-15 11:26:54 | 00,292,248 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
PRC - [2008-05-15 11:26:38 | 00,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2008-04-17 00:25:02 | 00,221,239 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_f691e717\stacsv.exe
PRC - [2008-04-17 00:25:02 | 00,221,239 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_f691e717\stacsv.exe
PRC - [2008-04-17 00:22:28 | 00,442,433 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008-04-16 02:10:10 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2008-04-11 21:34:54 | 00,685,360 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2008-04-04 00:03:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2008-03-28 14:47:20 | 00,667,648 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2008-03-28 14:47:20 | 00,667,648 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2008-03-27 07:57:52 | 00,595,248 | ---- | M] (Validity Sensors, Inc.) -- C:\WINDOWS\System32\vfsFPService.exe
PRC - [2008-03-27 03:56:56 | 00,341,328 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe
PRC - [2008-03-19 05:54:58 | 00,019,456 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\System32\hpservice.exe
PRC - [2008-03-14 21:15:10 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2008-03-13 08:54:52 | 00,699,456 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpAgent.exe
PRC - [2008-03-13 08:54:52 | 00,302,144 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe
PRC - [2008-02-27 03:43:22 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008-02-20 11:08:46 | 00,472,320 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2008-02-20 11:06:58 | 01,443,072 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008-02-12 10:35:54 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_f691e717\AEstSrv.exe
PRC - [2008-01-26 06:35:30 | 00,148,832 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2008-01-21 08:04:48 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WUDFHost.exe
PRC - [2008-01-21 08:04:39 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedssync.exe
PRC - [2008-01-21 08:03:24 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2008-01-21 08:03:00 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008-01-21 08:02:59 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mobsync.exe
PRC - [2008-01-18 01:01:32 | 00,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008-01-18 01:01:22 | 01,033,512 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007-12-12 01:45:04 | 00,012,800 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe
PRC - [2007-11-20 20:14:58 | 00,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2007-11-02 07:12:38 | 00,554,288 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
PRC - [2007-09-26 19:04:40 | 00,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PRC - [2007-09-23 11:31:24 | 00,221,184 | ---- | M] (Stardock Corporation) -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\VistaSrv.exe
PRC - [2007-09-12 17:58:26 | 00,099,752 | ---- | M] () -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBVista.exe
PRC - [2007-09-12 17:58:26 | 00,099,752 | ---- | M] () -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBVista.exe
PRC - [2007-08-23 05:01:16 | 00,080,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
PRC - [2007-07-18 00:43:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2007-07-18 00:43:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2007-07-13 02:13:40 | 00,996,952 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\agent.exe
PRC - [2007-05-18 11:21:12 | 01,101,824 | ---- | M] () -- C:\Program Files\WinPVR\WinPVR.exe
PRC - [2007-04-30 19:43:54 | 03,450,608 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2007-02-21 17:15:52 | 00,056,096 | ---- | M] (National Instruments Corp.) -- C:\WINDOWS\System32\nisvcloc.exe
PRC - [2007-02-14 22:54:06 | 00,207,648 | ---- | M] (National Instruments, Inc.) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2007-02-14 22:49:16 | 00,064,288 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\System32\lktsrv.exe
PRC - [2007-02-14 22:48:56 | 00,056,096 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\System32\lkads.exe
PRC - [2007-01-22 11:38:44 | 00,695,136 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\System32\lkcitdl.exe
PRC - [2007-01-09 14:55:00 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2006-11-23 15:10:42 | 00,056,928 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2005-02-19 23:30:32 | 00,980,992 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe


========== Modules (SafeList) ==========

MOD - [2009-11-03 20:51:45 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Users\KARTHIK\Desktop\OTL.exe
MOD - [2008-05-02 21:52:18 | 00,045,056 | ---- | M] () -- C:\Program Files\WFlip050\WFHook.dll
MOD - [2008-03-13 08:54:50 | 00,461,888 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpOFeedb.dll
MOD - [2008-01-21 08:03:14 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2007-04-30 19:18:50 | 00,112,400 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\DockShellHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (Qwataclts)
SRV - [2009-10-14 13:40:34 | 00,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009-10-14 13:40:23 | 00,361,288 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009-10-06 20:08:55 | 00,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-090809-085438)
SRV - [2009-10-05 23:54:55 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca45e7354a3ca0)
SRV - [2009-07-30 20:59:42 | 00,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2009-07-26 02:16:21 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009-07-15 11:48:20 | 00,029,000 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009-05-28 23:04:21 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-05-24 13:27:45 | 00,288,368 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2009-02-15 00:30:17 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008-07-27 23:33:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008-06-20 06:44:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008-06-20 06:44:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008-06-20 06:44:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008-05-15 11:26:58 | 00,116,112 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched)
SRV - [2008-05-15 11:26:54 | 00,292,248 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc)
SRV - [2008-04-17 00:25:02 | 00,221,239 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_f691e717\stacsv.exe -- (STacSV)
SRV - [2008-04-16 02:10:10 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008-04-04 00:03:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx)
SRV - [2008-03-28 14:47:20 | 00,667,648 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2008-03-27 07:57:52 | 00,595,248 | ---- | M] (Validity Sensors, Inc.) -- C:\WINDOWS\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2008-03-27 03:56:56 | 00,341,328 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008-03-19 05:54:58 | 00,019,456 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\System32\hpservice.exe -- (hpsrv)
SRV - [2008-03-13 08:54:52 | 00,302,144 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2008-02-27 03:43:22 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008-02-20 11:14:52 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2008-02-20 11:08:46 | 00,472,320 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008-02-12 10:35:54 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_f691e717\AEstSrv.exe -- (AESTFilters)
SRV - [2008-01-26 06:35:30 | 00,148,832 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2008-01-21 08:05:20 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008-01-21 08:03:00 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-12-12 01:45:04 | 00,012,800 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007-09-23 11:31:24 | 00,221,184 | ---- | M] (Stardock Corporation) -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\VistaSrv.exe -- (WindowBlinds)
SRV - [2007-07-24 05:03:06 | 00,181,800 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007-02-21 17:15:52 | 00,056,096 | ---- | M] (National Instruments Corp.) -- C:\Windows\System32\nisvcloc.exe -- (niSvcLoc)
SRV - [2007-02-14 22:54:06 | 00,207,648 | ---- | M] (National Instruments, Inc.) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2007-02-14 22:49:16 | 00,064,288 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\System32\lktsrv.exe -- (lkTimeSync)
SRV - [2007-02-14 22:48:56 | 00,056,096 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\System32\lkads.exe -- (lkClassAds)
SRV - [2007-01-29 15:19:48 | 01,007,616 | ---- | M] (Macrovision Corporation) -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2007-01-22 11:38:44 | 00,695,136 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\System32\lkcitdl.exe -- (LkCitadelServer)
SRV - [2007-01-09 14:55:00 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo)
SRV - [2007-01-05 13:41:10 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2006-12-23 17:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006-11-02 15:15:35 | 00,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regedt32.exe -- (NOD32FiXTemDono)
SRV - [2006-10-27 02:33:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006-10-27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006-10-26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006-04-14 22:37:20 | 28,933,976 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2006-04-14 22:35:58 | 00,240,416 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2006-04-14 22:34:54 | 00,087,840 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005-11-14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005-10-14 16:20:20 | 00,045,272 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)


========== Driver Services (SafeList) ==========

DRV - [2009-06-16 13:00:16 | 00,013,312 | ---- | M] (Insyde Software) -- C:\SWSetup\sp44706\iscflash.sys -- (iscFlash)
DRV - [2009-05-09 01:14:20 | 00,014,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009-02-24 18:42:14 | 00,116,736 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008-12-22 19:29:00 | 00,077,004 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS.SYS -- (AFS)
DRV - [2008-08-14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008-07-21 18:34:36 | 00,121,872 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\kl1.sys -- (kl1)
DRV - [2008-05-24 21:09:10 | 00,073,728 | ---- | M] (EZB Systems, Inc.) -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2008-04-28 00:37:44 | 00,909,824 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2008-04-17 00:28:24 | 00,379,904 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008-04-15 04:26:18 | 00,170,000 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s)
DRV - [2008-04-15 00:35:08 | 00,118,784 | ---- | M] (Realtek Corporation ) -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008-04-01 16:44:00 | 00,081,296 | ---- | M] (JMicron Technology Corp.) -- C:\WINDOWS\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008-03-28 16:54:16 | 03,544,064 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008-03-28 01:42:12 | 00,024,424 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008-03-28 01:41:34 | 00,034,664 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008-03-27 07:58:08 | 00,040,752 | ---- | M] (Validity Sensors, Inc.) -- C:\WINDOWS\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008-03-01 05:43:38 | 01,202,560 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008-02-20 11:11:16 | 00,033,800 | ---- | M] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2008-02-20 11:02:22 | 00,029,704 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\easdrv.sys -- (easdrv)
DRV - [2008-02-20 11:01:30 | 00,039,944 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys -- (eamon)
DRV - [2008-02-01 14:11:58 | 00,080,936 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2008-01-24 02:53:12 | 00,052,736 | ---- | M] (ENE TECHNOLOGY INC.) -- C:\WINDOWS\System32\drivers\enecir.sys -- (enecir)
DRV - [2008-01-21 08:02:53 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008-01-21 08:02:53 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008-01-21 08:02:52 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008-01-21 08:02:52 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008-01-21 08:02:52 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008-01-21 08:02:52 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008-01-21 08:02:51 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008-01-21 08:02:51 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008-01-21 08:02:50 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008-01-21 08:02:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60)
DRV - [2008-01-21 08:02:50 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008-01-21 08:02:49 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008-01-21 08:02:49 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008-01-21 08:02:49 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008-01-21 08:02:49 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008-01-21 08:02:49 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008-01-21 08:02:48 | 00,987,648 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2008-01-21 08:02:48 | 00,654,336 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2008-01-21 08:02:48 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008-01-21 08:02:48 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008-01-21 08:02:48 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008-01-21 08:02:47 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008-01-21 08:02:47 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008-01-21 08:02:46 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008-01-21 08:02:45 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008-01-21 08:02:21 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008-01-21 08:02:21 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008-01-21 08:02:21 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008-01-18 01:01:26 | 00,196,784 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008-01-08 02:12:04 | 00,015,416 | ---- | M] (Advanced Micro Devices) -- C:\Windows\system32\DRIVERS\Amddfltr.sys -- (Amddfltr)
DRV - [2007-07-11 23:00:22 | 00,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007-06-19 05:42:04 | 00,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007-04-09 14:35:34 | 00,151,936 | ---- | M] (Trident Multimedia Technologies Co.,Ltd) -- C:\WINDOWS\System32\drivers\TridVid.sys -- (TridVid)
DRV - [2007-02-21 10:00:00 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2006-11-02 15:20:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006-11-02 15:20:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006-11-02 15:20:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006-11-02 15:20:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006-11-02 15:20:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006-11-02 15:20:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006-11-02 15:20:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006-11-02 15:20:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006-11-02 15:20:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006-11-02 15:19:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006-11-02 15:19:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006-11-02 13:55:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid)
DRV - [2006-11-02 13:54:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006-11-02 13:54:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006-11-02 13:54:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006-11-02 13:54:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006-11-02 13:54:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006-11-02 13:06:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006-11-02 13:00:56 | 00,429,056 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006-11-02 13:00:53 | 00,464,384 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006-11-02 12:07:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006-10-30 01:53:12 | 00,007,680 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie)
DRV - [2006-01-21 04:16:33 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\Windows\system32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2004-06-10 20:42:38 | 00,015,429 | ---- | M] ( ) -- C:\WINDOWS\System32\drivers\Sacm2A.sys -- (USBCM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-21-3751347439-4158551215-55152052-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKU\S-1-5-21-3751347439-4158551215-55152052-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3751347439-4158551215-55152052-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-3751347439-4158551215-55152052-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3751347439-4158551215-55152052-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3751347439-4158551215-55152052-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3751347439-4158551215-55152052-1004\S-1-5-21-3751347439-4158551215-55152052-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.in/"
FF - prefs.js..extensions.enabledItems: idabarff@westbyte.com:1.2
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-09-02 18:35:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-11-01 22:32:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-11-01 22:32:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2008-12-17 21:23:09 | 00,000,000 | ---D | M] -- C:\Users\KARTHIK\AppData\Roaming\Mozilla\Extensions
[2008-12-17 21:23:09 | 00,000,000 | ---D | M] -- C:\Users\KARTHIK\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-11-03 13:50:55 | 00,000,000 | ---D | M] -- C:\Users\KARTHIK\AppData\Roaming\Mozilla\Firefox\Profiles\f5vthkgp.default\extensions
[2009-09-03 13:04:23 | 00,000,000 | ---D | M] -- C:\Users\KARTHIK\AppData\Roaming\Mozilla\Firefox\Profiles\f5vthkgp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2001-10-11 06:36:30 | 00,000,000 | ---D | M] -- C:\Users\KARTHIK\AppData\Roaming\Mozilla\Firefox\Profiles\f5vthkgp.default\extensions\idabarff@westbyte.com
[2009-10-26 02:17:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-11-01 22:32:41 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-11-01 22:32:34 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009-11-01 22:32:34 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009-10-06 20:09:25 | 00,119,808 | ---- | M] (Google) -- C:\Program Files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
[2007-04-10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009-01-16 19:17:04 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2007-02-08 10:48:16 | 00,028,448 | ---- | M] (National Instruments) -- C:\Program Files\Mozilla Firefox\plugins\NPLV82Win32.dll
[2009-11-01 22:32:36 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006-10-26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2009-08-13 18:56:32 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009-08-13 18:56:32 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009-08-13 18:56:32 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009-08-13 18:56:32 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009-08-13 18:56:32 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009-10-06 20:09:27 | 00,002,020 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\googledesktop.xml
[2009-08-13 18:56:32 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009-08-13 18:56:32 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (797 bytes) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-3751347439-4158551215-55152052-1004\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-3751347439-4158551215-55152052-1004\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3751347439-4158551215-55152052-1004..\Run: [Google Update] C:\Users\KARTHIK\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-3751347439-4158551215-55152052-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [] File not found
O4 - HKU\S-1-5-18..\RunOnce: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [] File not found
O4 - HKU\S-1-5-20..\RunOnce: [] File not found
O4 - Startup: C:\Users\KARTHIK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\KARTHIK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O4 - Startup: C:\Users\KARTHIK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinFlip.lnk = C:\Program Files\WFlip050\WinFlip.exe ()
O4 - Startup: C:\Users\NEELAM RAMESH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BLISS OnlineUpdate(DO).lnk = C:\Program Files\DO Advisor\OnlineUpdate(DO).exe (MargAhead Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-3751347439-4158551215-55152052-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3751347439-4158551215-55152052-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-21-3751347439-4158551215-55152052-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-3751347439-4158551215-55152052-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-3751347439-4158551215-55152052-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3751347439-4158551215-55152052-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-IN\local\search.html ()
O8 - Extra context menu item: >>> DIAL <<< - C:\Windows\numb.htm ()
O8 - Extra context menu item: Download ALL with IDA - Reg Error: Value error. File not found
O8 - Extra context menu item: Download with IDA - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3751347439-4158551215-55152052-1004\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3751347439-4158551215-55152052-1004\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-3751347439-4158551215-55152052-1004\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - c:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WBSrv: DllName - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-06-17 06:54:44 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003-08-12 01:27:37 | 00,000,209 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1608845a-9f23-11de-9626-002186c8eb44}\Shell\AutoRun\command - "" = J:\folder.tmp\tmp.exe -- File not found
O33 - MountPoints2\{1608845a-9f23-11de-9626-002186c8eb44}\Shell\explore\command - "" = J:\folder.tmp\tmp.exe -- File not found
O33 - MountPoints2\{1608845a-9f23-11de-9626-002186c8eb44}\Shell\open\command - "" = J:\folder.tmp\tmp.exe -- File not found
O33 - MountPoints2\{2301c7c4-ddfa-11dd-b86c-00238b14d674}\Shell\AutoRun\command - "" = F:\sxs.exe -- File not found
O33 - MountPoints2\{2301c7c4-ddfa-11dd-b86c-00238b14d674}\Shell\explore\Command - "" = F:\sxs.exe -- File not found
O33 - MountPoints2\{2301c7c4-ddfa-11dd-b86c-00238b14d674}\Shell\open\Command - "" = F:\sxs.exe -- File not found
O33 - MountPoints2\{657c5e56-d6e3-11dd-9943-00238b14d674}\Shell\AutoRun\command - "" = F:\sxs.exe -- File not found
O33 - MountPoints2\{657c5e56-d6e3-11dd-9943-00238b14d674}\Shell\explore\Command - "" = F:\sxs.exe -- File not found
O33 - MountPoints2\{657c5e56-d6e3-11dd-9943-00238b14d674}\Shell\open\Command - "" = F:\sxs.exe -- File not found
O33 - MountPoints2\{98cb1777-25af-11de-bb9e-cf8adff66b7e}\Shell\AuToPlay\commaND - "" = F:\wpjn.pif -- File not found
O33 - MountPoints2\{98cb1777-25af-11de-bb9e-cf8adff66b7e}\Shell\AutoRun\command - "" = F:\wpjn.pif -- File not found
O33 - MountPoints2\{98cb1777-25af-11de-bb9e-cf8adff66b7e}\Shell\expLOrE\COmmAND - "" = F:\wpjn.pif -- File not found
O33 - MountPoints2\{98cb1777-25af-11de-bb9e-cf8adff66b7e}\Shell\open\COMmand - "" = F:\wpjn.pif -- File not found
O33 - MountPoints2\{b0b6fe1a-b77b-11d5-a602-002186c8eb44}\Shell - "" = Autorun
O33 - MountPoints2\{b0b6fe1a-b77b-11d5-a602-002186c8eb44}\Shell\Open\command - "" = H:\chrome.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009-11-03 20:53:10 | 00,527,872 | ---- | C] (OldTimer Tools) -- C:\Users\KARTHIK\Desktop\OTL.exe
[2009-11-02 15:11:22 | 00,000,000 | ---D | C] -- C:\Users\KARTHIK\Desktop\hjhj
[2009-10-28 22:20:42 | 00,000,000 | ---D | C] -- C:\Users\KARTHIK\Desktop\ECE
[2009-10-28 16:53:30 | 00,000,000 | ---D | C] -- C:\Users\KARTHIK\AppData\Roaming\GetRightToGo
[2009-10-27 03:18:04 | 00,053,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009-10-27 03:18:04 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009-10-27 03:18:03 | 02,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009-10-27 03:18:03 | 01,929,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009-10-27 03:17:03 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009-10-27 03:17:03 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009-10-27 03:17:03 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009-10-27 03:16:42 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009-10-27 03:16:42 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009-10-23 21:21:32 | 00,000,000 | ---D | C] -- C:\Windows\'Full Speed' Internet Booster + Performance Tests
[2009-10-23 21:21:32 | 00,000,000 | ---D | C] -- C:\Program Files\'Full Speed' Internet Booster + Performance Tests
[2009-10-23 18:18:12 | 00,000,000 | ---D | C] -- C:\Windows\Time Stopper
[2009-10-23 18:18:12 | 00,000,000 | ---D | C] -- C:\Program Files\Time Stopper
[2009-10-22 13:15:31 | 00,000,000 | ---D | C] -- C:\Program Files\Camtech
[2009-10-22 13:14:51 | 00,000,000 | ---D | C] -- C:\Users\KARTHIK\AppData\Roaming\Camtech
[2009-10-21 11:55:23 | 00,000,000 | ---D | C] -- C:\Program Files\GameSpy Arcade
[2009-10-19 09:05:43 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009-10-19 08:29:30 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009-10-18 16:08:53 | 00,000,000 | ---D | C] -- C:\Users\KARTHIK\AppData\Local\Threat Expert
[2009-10-17 16:04:41 | 00,000,000 | ---D | C] -- C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Pro
[2009-10-17 14:43:52 | 00,000,000 | ---D | C] -- C:\Users\KARTHIK\AppData\Roaming\Video Wallpaper
[2009-10-17 13:11:21 | 00,000,000 | ---D | C] -- C:\Users\KARTHIK\AppData\Roaming\vlc
[2009-10-17 13:10:10 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009-10-17 12:15:34 | 00,000,000 | ---D | C] -- C:\Users\KARTHIK\Documents\ADPHONE
[2009-10-17 12:13:42 | 00,000,000 | ---D | C] -- C:\Users\KARTHIK\AppData\Roaming\ADPHONE
[2009-10-17 12:13:25 | 00,000,000 | ---D | C] -- C:\Program Files\ADPHONE3
[2009-10-17 12:11:43 | 00,000,000 | ---D | C] -- C:\Users\KARTHIK\AppData\Local\Downloaded Installations
[2009-10-15 11:44:24 | 00,000,000 | ---D | C] -- C:\Users\KARTHIK\Desktop\desk theme
[2009-10-14 13:40:33 | 00,604,488 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
[2009-10-14 13:40:28 | 00,029,000 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2009-10-14 13:40:28 | 00,017,224 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2009-10-14 13:40:23 | 00,361,288 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TuneUpDefragService.exe
[2009-10-14 07:08:01 | 03,584,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009-10-14 07:08:00 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009-10-14 07:07:55 | 00,833,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009-10-14 07:07:51 | 01,174,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009-10-14 07:07:44 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009-10-14 07:07:37 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009-10-14 07:07:34 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009-10-14 07:07:32 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009-10-14 07:07:31 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009-10-14 07:07:28 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009-10-14 07:07:27 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009-10-14 07:07:26 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009-10-14 07:07:24 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009-10-14 07:07:24 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009-10-14 07:07:22 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009-10-14 07:07:21 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009-10-14 06:34:38 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009-10-14 06:09:16 | 03,597,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009-10-14 06:09:13 | 03,546,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009-10-14 05:57:50 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
[2009-10-14 05:57:45 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009-10-14 05:57:38 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2009-10-13 06:58:46 | 00,000,000 | ---D | C] -- C:\Program Files\Devnz
[2009-10-13 06:41:31 | 00,000,000 | ---D | C] -- C:\Program Files\MsDVR
[2009-10-13 06:21:06 | 00,000,000 | ---D | C] -- C:\Program Files\WinPVR(8)
[2009-10-12 03:42:42 | 00,000,000 | ---D | C] -- C:\Users\KARTHIK\AppData\Roaming\Stardock
[2009-10-12 03:42:26 | 00,000,000 | -H-D | C] -- C:\ProgramData\{2C0895CF-C7CF-4FF0-B3B8-C0518C9E3418}
[2009-10-12 03:42:26 | 00,000,000 | -H-D | C] -- C:\ProgramData\{2C0895CF-C7CF-4FF0-B3B8-C0518C9E3418}
[2009-10-12 03:42:13 | 00,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2009-10-12 03:42:13 | 00,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2009-10-12 01:11:41 | 00,000,000 | ---D | C] -- C:\Users\KARTHIK\Documents\Stardock
[2009-10-11 13:07:16 | 00,000,000 | -H-D | C] -- C:\ProgramData\{8227D5D4-E2F9-4B81-98FA-54E4E78F5238}
[2009-10-11 13:07:16 | 00,000,000 | -H-D | C] -- C:\ProgramData\{8227D5D4-E2F9-4B81-98FA-54E4E78F5238}
[2009-10-11 10:11:01 | 00,000,000 | ---D | C] -- C:\Program Files\YSDYNAMICS
[2009-10-11 07:04:13 | 00,000,000 | ---D | C] -- C:\Users\KARTHIK\Documents\DESKX
[2009-10-06 20:18:44 | 00,000,000 | ---D | C] -- C:\Users\KARTHIK\Documents\My Google Gadgets
[2009-10-06 00:20:01 | 00,000,000 | ---D | C] -- C:\Users\KARTHIK\AppData\Roaming\SecondLife
[2009-10-06 00:20:01 | 00,000,000 | ---D | C] -- C:\Users\KARTHIK\AppData\Local\SecondLife
[2009-10-06 00:17:09 | 00,000,000 | ---D | C] -- C:\Program Files\SecondLife
[2009-07-13 22:25:52 | 00,015,429 | ---- | C] ( ) -- C:\Windows\System32\drivers\Sacm2A.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009-11-03 20:55:00 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2B056949-1EFE-4583-B630-5F4715B0340C}.job
[2009-11-03 20:55:00 | 00,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{798421DB-0BB3-49D2-975A-61C0CEE18C1A}.job
[2009-11-03 20:54:10 | 06,291,456 | -HS- | M] () -- C:\Users\KARTHIK\ntuser.dat
[2009-11-03 20:51:45 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Users\KARTHIK\Desktop\OTL.exe
[2009-11-03 20:35:34 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009-11-03 20:35:34 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009-11-03 20:28:00 | 00,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3751347439-4158551215-55152052-1004UA.job
[2009-11-03 20:06:03 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009-11-03 20:00:02 | 00,000,508 | ---- | M] () -- C:\Windows\tasks\1-Click Maintenance.job
[2009-11-03 19:06:00 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009-11-03 18:37:45 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2009-11-03 18:35:38 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009-11-02 22:28:01 | 00,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3751347439-4158551215-55152052-1004Core.job
[2009-11-02 19:36:33 | 00,000,155 | ---- | M] () -- C:\Windows\winamp.ini
[2009-11-02 16:58:10 | 00,060,423 | ---- | M] () -- C:\Users\KARTHIK\Desktop\Picture3.jpg
[2009-11-02 16:56:33 | 00,013,154 | ---- | M] () -- C:\Users\KARTHIK\Desktop\Picture2.png
[2009-11-02 16:44:56 | 00,037,608 | ---- | M] () -- C:\Users\KARTHIK\Desktop\Picture1.jpg
[2009-11-02 15:10:32 | 00,684,567 | ---- | M] () -- C:\Users\KARTHIK\Desktop\attachments_2009_11_02.zip
[2009-11-01 22:05:51 | 00,000,269 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2009-11-01 22:02:44 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009-11-01 22:02:29 | 32,189,56288 | -HS- | M] () -- C:\hiberfil.sys
[2009-11-01 01:05:41 | 00,002,484 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009-11-01 01:05:37 | 00,524,288 | -HS- | M] () -- C:\Users\KARTHIK\ntuser.dat{7d037fa7-b78f-11de-bd24-002186c8eb44}.TMContainer00000000000000000001.regtrans-ms
[2009-11-01 01:05:37 | 00,065,536 | -HS- | M] () -- C:\Users\KARTHIK\ntuser.dat{7d037fa7-b78f-11de-bd24-002186c8eb44}.TM.blf
[2009-11-01 01:05:30 | 03,880,284 | -H-- | M] () -- C:\Users\KARTHIK\AppData\Local\IconCache.db
[2009-11-01 00:07:05 | 00,649,990 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009-11-01 00:07:05 | 00,124,218 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009-11-01 00:07:04 | 00,760,648 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009-10-31 23:46:39 | 00,143,872 | ---- | M] () -- C:\Users\KARTHIK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-10-31 22:57:19 | 00,016,408 | ---- | M] () -- C:\Users\KARTHIK\Desktop\NETGEAR_WGR614v9.cfg
[2009-10-31 20:30:27 | 00,115,197 | ---- | M] () -- C:\Users\KARTHIK\Desktop\ottawa-foils.pdf
[2009-10-31 19:24:25 | 00,001,404 | ---- | M] () -- C:\Users\KARTHIK\Desktop\SANDEEP_AGRA-PC - Shortcut.lnk
[2009-10-31 00:24:56 | 00,000,000 | ---- | M] () -- C:\Users\KARTHIK\Documents\103109_002456.mpg
[2009-10-28 22:39:41 | 00,030,527 | -H-- | M] () -- C:\Windows\System32\midwrap3402.deu
[2009-10-28 22:39:41 | 00,000,044 | ---- | M] () -- C:\Windows\Kbpiano2.ini
[2009-10-28 22:29:31 | 00,111,596 | ---- | M] () -- C:\Users\KARTHIK\Desktop\et.pdf
[2009-10-28 22:20:19 | 00,518,633 | ---- | M] () -- C:\Users\KARTHIK\Desktop\ECE.rar
[2009-10-28 21:59:22 | 00,482,942 | ---- | M] () -- C:\Users\KARTHIK\Desktop\ElectSyl.pdf
[2009-10-27 23:54:36 | 01,279,858 | ---- | M] () -- C:\Users\KARTHIK\Desktop\moonscape124pk.zip
[2009-10-27 15:58:25 | 00,000,000 | ---- | M] () -- C:\Users\KARTHIK\Documents\102709_155824.mpg
[2009-10-23 21:19:16 | 00,000,000 | ---- | M] () -- C:\Users\KARTHIK\Documents\102309_211916.mpg
[2009-10-23 19:06:55 | 00,001,862 | ---- | M] () -- C:\Users\KARTHIK\Desktop\PIANITO.lnk
[2009-10-22 22:57:55 | 00,000,445 | ---- | M] () -- C:\Windows\asr.INI
[2009-10-22 12:08:17 | 00,001,848 | ---- | M] () -- C:\Users\Public\Desktop\Halo.lnk
[2009-10-22 10:48:31 | 00,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKARTHIK.job
[2009-10-20 19:35:04 | 00,001,866 | ---- | M] () -- C:\Users\Public\Desktop\Halo Trial.lnk
[2009-10-19 11:03:25 | 00,007,620 | ---- | M] () -- C:\Users\KARTHIK\AppData\Local\d3d9caps.dat
[2009-10-18 16:03:34 | 00,002,098 | ---- | M] () -- C:\Users\KARTHIK\Desktop\Google Chrome.lnk
[2009-10-18 14:26:57 | 00,000,000 | ---- | M] () -- C:\Users\KARTHIK\Documents\101809_142656.mpg
[2009-10-17 08:08:46 | 00,005,163 | ---- | M] () -- C:\Users\KARTHIK\Documents\fav.m3u
[2009-10-16 03:28:00 | 00,000,000 | ---- | M] () -- C:\Users\KARTHIK\Documents\101609_032800.mpg
[2009-10-14 13:40:34 | 00,604,488 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
[2009-10-14 13:40:23 | 00,361,288 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TuneUpDefragService.exe
[2009-10-13 07:56:20 | 00,001,849 | ---- | M] () -- C:\Users\KARTHIK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2009-10-13 07:21:53 | 02,305,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009-10-13 07:19:31 | 00,524,288 | -HS- | M] () -- C:\Users\KARTHIK\ntuser.dat{7d037fa7-b78f-11de-bd24-002186c8eb44}.TMContainer00000000000000000002.regtrans-ms
[2009-10-13 07:10:46 | 00,524,288 | -HS- | M] () -- C:\Users\KARTHIK\ntuser.dat{ddffc342-9cbc-11de-a054-001e68f56e19}.TMContainer00000000000000000001.regtrans-ms
[2009-10-13 07:10:46 | 00,065,536 | -HS- | M] () -- C:\Users\KARTHIK\ntuser.dat{ddffc342-9cbc-11de-a054-001e68f56e19}.TM.blf
[2009-10-10 04:11:27 | 00,000,040 | ---- | M] () -- C:\Windows\iltwain.ini
[2009-10-10 01:40:25 | 00,000,000 | ---- | M] () -- C:\Users\KARTHIK\Documents\101009_014025.mpg
[2009-10-10 00:10:27 | 00,000,000 | ---- | M] () -- C:\Users\KARTHIK\Documents\101009_001027.mpg
[2009-10-06 17:59:57 | 00,000,000 | ---- | M] () -- C:\Users\KARTHIK\Documents\100609_175957.mpg
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009-11-02 16:58:09 | 00,060,423 | ---- | C] () -- C:\Users\KARTHIK\Desktop\Picture3.jpg
[2009-11-02 16:56:32 | 00,013,154 | ---- | C] () -- C:\Users\KARTHIK\Desktop\Picture2.png
[2009-11-02 16:44:55 | 00,037,608 | ---- | C] () -- C:\Users\KARTHIK\Desktop\Picture1.jpg
[2009-11-02 14:27:50 | 00,684,567 | ---- | C] () -- C:\Users\KARTHIK\Desktop\attachments_2009_11_02.zip
[2009-10-31 22:57:17 | 00,016,408 | ---- | C] () -- C:\Users\KARTHIK\Desktop\NETGEAR_WGR614v9.cfg
[2009-10-31 20:30:27 | 00,115,197 | ---- | C] () -- C:\Users\KARTHIK\Desktop\ottawa-foils.pdf
[2009-10-31 19:24:25 | 00,001,404 | ---- | C] () -- C:\Users\KARTHIK\Desktop\SANDEEP_AGRA-PC - Shortcut.lnk
[2009-10-31 00:24:56 | 00,000,000 | ---- | C] () -- C:\Users\KARTHIK\Documents\103109_002456.mpg
[2009-10-28 22:29:24 | 00,111,596 | ---- | C] () -- C:\Users\KARTHIK\Desktop\et.pdf
[2009-10-28 22:18:18 | 00,518,633 | ---- | C] () -- C:\Users\KARTHIK\Desktop\ECE.rar
[2009-10-28 21:59:15 | 00,482,942 | ---- | C] () -- C:\Users\KARTHIK\Desktop\ElectSyl.pdf
[2009-10-27 23:54:09 | 01,279,858 | ---- | C] () -- C:\Users\KARTHIK\Desktop\moonscape124pk.zip
[2009-10-27 15:58:25 | 00,000,000 | ---- | C] () -- C:\Users\KARTHIK\Documents\102709_155824.mpg
[2009-10-23 21:19:16 | 00,000,000 | ---- | C] () -- C:\Users\KARTHIK\Documents\102309_211916.mpg
[2009-10-23 19:06:55 | 00,001,862 | ---- | C] () -- C:\Users\KARTHIK\Desktop\PIANITO.lnk
[2009-10-23 19:04:40 | 00,000,044 | ---- | C] () -- C:\Windows\Kbpiano2.ini
[2009-10-23 19:04:39 | 00,030,527 | -H-- | C] () -- C:\Windows\System32\midwrap3402.deu
[2009-10-22 12:08:17 | 00,001,848 | ---- | C] () -- C:\Users\Public\Desktop\Halo.lnk
[2009-10-22 10:46:20 | 03,880,284 | -H-- | C] () -- C:\Users\KARTHIK\AppData\Local\IconCache.db
[2009-10-21 17:02:19 | 00,000,330 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForKARTHIK.job
[2009-10-20 19:35:04 | 00,001,866 | ---- | C] () -- C:\Users\Public\Desktop\Halo Trial.lnk
[2009-10-19 11:25:39 | 32,189,56288 | -HS- | C] () -- C:\hiberfil.sys
[2009-10-18 16:03:34 | 00,002,098 | ---- | C] () -- C:\Users\KARTHIK\Desktop\Google Chrome.lnk
[2009-10-18 14:26:57 | 00,000,000 | ---- | C] () -- C:\Users\KARTHIK\Documents\101809_142656.mpg
[2009-10-16 03:28:00 | 00,000,000 | ---- | C] () -- C:\Users\KARTHIK\Documents\101609_032800.mpg
[2009-10-14 13:56:54 | 00,000,508 | ---- | C] () -- C:\Windows\tasks\1-Click Maintenance.job
[2009-10-13 07:56:20 | 00,001,849 | ---- | C] () -- C:\Users\KARTHIK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2009-10-13 07:19:31 | 00,524,288 | -HS- | C] () -- C:\Users\KARTHIK\ntuser.dat{7d037fa7-b78f-11de-bd24-002186c8eb44}.TMContainer00000000000000000002.regtrans-ms
[2009-10-13 07:19:31 | 00,524,288 | -HS- | C] () -- C:\Users\KARTHIK\ntuser.dat{7d037fa7-b78f-11de-bd24-002186c8eb44}.TMContainer00000000000000000001.regtrans-ms
[2009-10-13 07:19:31 | 00,065,536 | -HS- | C] () -- C:\Users\KARTHIK\ntuser.dat{7d037fa7-b78f-11de-bd24-002186c8eb44}.TM.blf
[2009-10-10 01:40:25 | 00,000,000 | ---- | C] () -- C:\Users\KARTHIK\Documents\101009_014025.mpg
[2009-10-10 00:10:27 | 00,000,000 | ---- | C] () -- C:\Users\KARTHIK\Documents\101009_001027.mpg
[2009-10-06 17:59:57 | 00,000,000 | ---- | C] () -- C:\Users\KARTHIK\Documents\100609_175957.mpg
[2009-10-05 23:55:09 | 00,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009-10-05 23:55:08 | 00,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009-10-02 19:44:29 | 00,000,628 | RHS- | C] () -- C:\Windows\System32\oeminfo.ini
[2009-10-01 19:27:16 | 00,000,445 | ---- | C] () -- C:\Windows\asr.INI
[2009-09-28 15:41:21 | 00,000,024 | ---- | C] () -- C:\Windows\ShellIcon32.dll
[2009-09-12 01:33:08 | 00,000,581 | ---- | C] () -- C:\Program Files\explorer.exe.lnk
[2009-07-23 18:37:37 | 00,000,040 | ---- | C] () -- C:\Windows\iltwain.ini
[2009-07-13 22:25:52 | 00,053,693 | ---- | C] () -- C:\Windows\UNDPX2A.sys
[2009-06-22 19:15:48 | 00,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009-06-17 21:03:54 | 00,028,672 | ---- | C] () -- C:\Windows\System32\VendorCmdRW.dll
[2009-06-02 17:48:41 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009-05-14 20:33:38 | 00,009,709 | ---- | C] () -- C:\Windows\System32\msgphd.dll
[2009-05-14 20:33:38 | 00,009,709 | ---- | C] () -- C:\Windows\System32\msgpd.dll
[2009-05-07 16:34:16 | 00,000,006 | -HS- | C] () -- C:\Users\KARTHIK\AppData\Roaming\desktop.ini
[2009-05-07 16:34:16 | 00,000,006 | -HS- | C] () -- C:\Users\KARTHIK\AppData\Local\desktop.ini
[2009-04-25 15:29:17 | 00,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009-04-25 12:36:30 | 00,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2009-04-18 16:29:41 | 00,016,036 | ---- | C] () -- C:\Users\KARTHIK\AppData\Roaming\UserTile.png
[2009-03-26 22:19:29 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009-03-10 13:47:27 | 00,000,000 | ---- | C] () -- C:\Users\KARTHIK\AppData\Local\FnF4.txt
[2009-01-06 17:01:59 | 00,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2008-12-22 19:00:38 | 00,000,235 | ---- | C] () -- C:\Users\KARTHIK\AppData\Roaming\devices.xml
[2008-12-22 19:00:38 | 00,000,012 | ---- | C] () -- C:\Users\KARTHIK\AppData\Roaming\settings.xml
[2008-12-18 22:31:03 | 00,007,620 | ---- | C] () -- C:\Users\KARTHIK\AppData\Local\d3d9caps.dat
[2008-12-17 20:11:40 | 00,000,155 | ---- | C] () -- C:\Windows\winamp.ini
[2008-12-17 20:10:05 | 00,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008-12-15 12:59:12 | 00,143,872 | ---- | C] () -- C:\Users\KARTHIK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-12-15 09:26:50 | 00,000,000 | ---- | C] () -- C:\Users\KARTHIK\AppData\Local\QSwitch.txt
[2008-12-15 09:26:50 | 00,000,000 | ---- | C] () -- C:\Users\KARTHIK\AppData\Local\DSwitch.txt
[2008-12-15 09:26:50 | 00,000,000 | ---- | C] () -- C:\Users\KARTHIK\AppData\Local\AtStart.txt
[2008-12-15 09:26:44 | 00,104,560 | ---- | C] () -- C:\Users\KARTHIK\AppData\Local\GDIPFONTCACHEV1.DAT
[2008-06-17 07:35:18 | 00,001,135 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008-03-28 14:49:10 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008-02-20 11:11:16 | 00,033,800 | ---- | C] () -- C:\Windows\System32\drivers\epfwtdir.sys
[2007-11-15 05:47:34 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll
[2007-02-21 10:00:00 | 00,004,096 | ---- | C] () -- C:\Windows\System32\drivers\cvintdrv.sys
[2006-11-02 18:18:00 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006-11-02 18:05:51 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006-11-02 18:05:51 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006-11-02 18:05:51 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006-11-02 18:05:51 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006-11-02 15:53:31 | 00,000,620 | ---- | C] () -- C:\Windows\win.ini
[2006-11-02 15:53:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006-11-02 13:10:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-03-08 23:28:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006-01-21 08:11:28 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2006-01-21 04:16:10 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:52B72A7C
@Alternate Data Stream - 64 bytes -> C:\Users\KARTHIK\Documents\100501_231115.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\KARTHIK\Documents\082009_222827.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\KARTHIK\Documents\081609_133115.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\KARTHIK\Documents\081009_021907.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\KARTHIK\Documents\080909_224100.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\KARTHIK\Documents\080309_015935.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\KARTHIK\Documents\080209_034812.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\KARTHIK\Documents\072709_213215.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\KARTHIK\Documents\071709_184024.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\KARTHIK\Documents\062109_010114.mpg:TOC.WMV
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:206E2596
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:AFFC859A
< End of report >


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>


OTL Extras logfile created on: 03-11-2009 20:53:59 - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Users\KARTHIK\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.38% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.81 Gb Total Space | 61.02 Gb Free Space | 27.26% Space Free | Partition Type: NTFS
Drive D: | 9.08 Gb Total Space | 1.59 Gb Free Space | 17.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 728.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 665.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 608.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 483.62 Mb Total Space | 393.07 Mb Free Space | 81.28% Space Free | Partition Type: FAT

Computer Name: KATALYST
Current User Name: KARTHIK
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-3751347439-4158551215-55152052-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"2705:TCP" = 2705:TCP:*:enabled:IntelliAdmin_Net

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2705:TCP" = 2705:TCP:*:enabled:IntelliAdmin_Net

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2603FEAA-E276-4120-8024-BA6C37503D8D}" = lport=8001 | protocol=17 | dir=in | name=express talk rtp incoming audio (udp) |
"{28AC38A8-5984-4FE0-BAC4-11916960C829}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{28E921FF-AE18-4D09-8F5B-68D6462DE306}" = lport=8000 | protocol=17 | dir=in | name=express talk rtp incoming audio (udp) |
"{2B8C3439-6426-4ED9-8C9B-937740CB2617}" = lport=139 | protocol=6 | dir=in | app=system |
"{3C94EE0E-D0B9-46F6-AB84-7AA04996CCFB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{457FC91D-A10B-4E4E-A810-B87DC22D187F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{46A6B26B-1226-4C26-88DE-32FAF1FD4ABF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{486776E3-FD11-461A-9B65-B9766BB88A10}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4F49DFE3-2880-495F-8FCA-0D1AD7868392}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{715645DA-9503-41AE-B740-766FF30694CB}" = rport=139 | protocol=6 | dir=out | app=system |
"{849D44D5-F773-4D7E-93BD-701E419DFBD3}" = rport=445 | protocol=6 | dir=out | app=system |
"{88ED86F5-D558-489D-9C0E-A32B95BCFF82}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{96778626-3761-46D1-B9D0-C03F87B8722E}" = rport=137 | protocol=17 | dir=out | app=system |
"{99266A64-161D-47F7-9A4E-CA1A70925315}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{9ABCB8AA-C0B8-44AF-BFD7-D9BF04820A3D}" = lport=138 | protocol=17 | dir=in | app=system |
"{A36470A2-5794-4345-BAFB-A8CE643FDCAA}" = lport=8006 | protocol=17 | dir=in | name=express talk rtp incoming audio (udp) |
"{AB5C97F5-0FB3-4D0A-9D7F-45D1984900C0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B53AC3A7-2D8E-41B2-A84F-AD42779AE03C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B6768C31-B98D-4DBD-8D75-F079AC0BD1A2}" = lport=8004 | protocol=17 | dir=in | name=express talk rtp incoming audio (udp) |
"{BA7C5FBC-728B-4C40-B383-14B453A67E4B}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{BBD43831-EBCE-43D5-A093-E40831A69F9B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BFA2CEAB-15AB-4635-BC02-B9F039BEA54C}" = lport=8005 | protocol=17 | dir=in | name=express talk rtp incoming audio (udp) |
"{CA64DD1F-A547-4ABE-B533-158468249D92}" = lport=8002 | protocol=17 | dir=in | name=express talk rtp incoming audio (udp) |
"{E0693B0F-87C6-4847-A99F-87FC8CDD43C0}" = lport=445 | protocol=6 | dir=in | app=system |
"{F0913686-8D8D-4B36-BC7D-6CF131409CD4}" = rport=138 | protocol=17 | dir=out | app=system |
"{F0A9F249-4982-4248-B76B-6B9B5DF4E8F6}" = lport=137 | protocol=17 | dir=in | app=system |
"{F2857304-5ED0-4603-B2AC-078722ABC8BA}" = lport=8003 | protocol=17 | dir=in | name=express talk rtp incoming audio (udp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0495446F-15C4-4FC2-B1DA-5278CCA425EE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{14F9852B-2FB2-4301-80FA-185E4B18B1A7}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{19C940A0-4D74-49AD-9BBB-ABD23BEC599F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{1F9DF9EA-C0AD-41D9-ADA4-509E9FA1374C}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{49CAFB31-C342-4BE8-8C76-8674E2B10622}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{4A536F4C-ADA4-47EB-9316-2173B1484D54}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{631E296A-F0DD-44F0-A27D-5FF2FB74865E}" = protocol=17 | dir=in | app=c:\users\karthik\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{66BEADDF-332E-4D49-95F8-A5574A756CB6}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6B246044-1AE4-4E2F-A935-979F9F07DBDB}" = protocol=6 | dir=in | app=c:\users\karthik\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{6CBEF19F-F4DE-4B2E-A001-881652CB5457}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{7461A892-7446-425E-870D-5E88BB421450}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{76CAD8B7-36BE-4168-BB20-63C9FA24E856}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"{85797613-2558-446E-8B0D-018EC1A5925D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{899102BB-8CF7-4582-89C4-9A0E83799622}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{94B3FF5F-FDDC-4BC9-8154-67D288D102B0}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{B55A024F-C5F3-4439-936C-AEDBE3BA1402}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B58ECAFD-12B4-4C89-B060-F01E9222316E}" = protocol=17 | dir=in | app=c:\users\karthik\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{BA88C3C3-FEC0-4F26-AC63-78DD4EA0E23D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BACC141C-E7C6-4F5D-A869-CF41784DFB65}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"{C9449902-F93B-4432-9707-6503A9FECE66}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{CF1A812C-4942-458F-8DCE-6EC6D2032A4A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D7797EEF-09C1-428F-813D-B22757B9E1D0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DA87D49A-E2B7-49F7-8AC9-0D7ABC2134C3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E18CAC77-CEED-4C6F-A0AB-6498F1793694}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E238C565-5A72-4CA1-BCCB-E586648F52D1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E2E42356-408E-455E-8E56-87149BFB1EF7}" = protocol=6 | dir=in | app=c:\users\karthik\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{FBCE638F-4985-4923-B71E-9646BED7B795}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"TCP Query User{1F25F02A-B3C3-4A89-A7C8-F54DD46097E5}C:\program files\stardock\object desktop\desktopx\desktopx builder.exe" = protocol=6 | dir=in | app=c:\program files\stardock\object desktop\desktopx\desktopx builder.exe |
"TCP Query User{31654DF1-76A2-42FC-ACF9-1D05BD360B49}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{343EB318-0845-4CE0-8C99-5645FC75038F}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{3E414E53-7AA7-4463-BE75-80C57B4DCFF4}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{4EF3F4CD-76DA-47F1-88AE-205BA2F941FF}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{5AB9E8B7-96F3-4338-8D99-585154DEBFCF}C:\program files\wipeer\wipeer.exe" = protocol=6 | dir=in | app=c:\program files\wipeer\wipeer.exe |
"TCP Query User{65C0C1DE-F1B6-4F7C-B810-71BED311CCEE}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{66B12D16-40F4-4B94-B3D8-681D9242450B}C:\program files\adobe\flex builder 3\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\adobe\flex builder 3\jre\bin\javaw.exe |
"TCP Query User{8213A855-700C-477E-B95D-6AE617E4CE68}C:\program files\microsoft games\halo trial\halo.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo trial\halo.exe |
"TCP Query User{85D2BC22-9C91-4A6D-94D7-29E63E5F6654}C:\age of empire-ii\empires2.exe" = protocol=6 | dir=in | app=c:\age of empire-ii\empires2.exe |
"TCP Query User{8C541E1F-A993-4FAB-B128-665793DF5014}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe |
"TCP Query User{8F0C9933-713B-4766-A4E7-8E0ED6D510E0}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{916737B5-E402-4E95-8EAC-8708E4BA0E46}C:\program files\pocket tanks\pockettanks.exe" = protocol=6 | dir=in | app=c:\program files\pocket tanks\pockettanks.exe |
"TCP Query User{99C778D0-B80C-4267-AD1E-C9BD9BFB136B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{9C3A37B5-B9F3-43DC-B903-7FB3F03B9023}C:\program files\novalogic\delta force black hawk down\dfbhd.exe" = protocol=6 | dir=in | app=c:\program files\novalogic\delta force black hawk down\dfbhd.exe |
"TCP Query User{9E5C5E2F-E611-41C5-AC28-E456FEA916F4}C:\aoe-r2r\empires.exe" = protocol=6 | dir=in | app=c:\aoe-r2r\empires.exe |
"TCP Query User{A3AF5241-9D59-4F2C-AFB5-E5ACE680BFCB}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{E63080BA-F627-4E60-9060-1A6355A699FA}C:\program files\java\jre1.6.0_05\launch4j-tmp\frinika.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_05\launch4j-tmp\frinika.exe |
"TCP Query User{E63AB322-834D-4AB6-B641-3619607F1C4B}C:\program files\nch swift sound\talk\talk.exe" = protocol=6 | dir=in | app=c:\program files\nch swift sound\talk\talk.exe |
"TCP Query User{E832ED76-C5C2-4A90-808E-57EAB68D028E}C:\program files\microsoft games\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo\halo.exe |
"TCP Query User{F27EC52F-6563-4D94-83C0-4C63B1D8AF5B}C:\program files\google\google desktop search\googledesktop.exe" = protocol=6 | dir=in | app=c:\program files\google\google desktop search\googledesktop.exe |
"UDP Query User{023C51A7-3B7F-453D-B7A7-A6CA1F9E6787}C:\program files\wipeer\wipeer.exe" = protocol=17 | dir=in | app=c:\program files\wipeer\wipeer.exe |
"UDP Query User{0E5C3DCB-6607-4056-A49F-70AC0D5D17E5}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{0F7FC981-7953-4BE7-B8D0-6C6EA9BCAFDA}C:\program files\microsoft games\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo\halo.exe |
"UDP Query User{20E49137-08B3-4209-96BF-E061D7B305CF}C:\program files\pocket tanks\pockettanks.exe" = protocol=17 | dir=in | app=c:\program files\pocket tanks\pockettanks.exe |
"UDP Query User{2980F540-8895-4169-A462-E68DE44096CB}C:\program files\stardock\object desktop\desktopx\desktopx builder.exe" = protocol=17 | dir=in | app=c:\program files\stardock\object desktop\desktopx\desktopx builder.exe |
"UDP Query User{2ACC18BC-D962-436B-A8F7-D86179F47ED9}C:\program files\java\jre1.6.0_05\launch4j-tmp\frinika.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_05\launch4j-tmp\frinika.exe |
"UDP Query User{2F760358-0328-437D-A0D0-D67C907ECF36}C:\aoe-r2r\empires.exe" = protocol=17 | dir=in | app=c:\aoe-r2r\empires.exe |
"UDP Query User{3AED2A31-0793-4AAB-8262-A6E45044DB9D}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{622E5E6D-1A0C-439E-B7BC-3A07445294DB}C:\age of empire-ii\empires2.exe" = protocol=17 | dir=in | app=c:\age of empire-ii\empires2.exe |
"UDP Query User{68533B49-2E21-4FB7-8944-BA41A86E4385}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{6B954F3A-8459-4783-8E36-C8C54D74C61F}C:\program files\microsoft games\halo trial\halo.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo trial\halo.exe |
"UDP Query User{6F9E4B03-104B-4198-A88C-D8ABFD665048}C:\program files\novalogic\delta force black hawk down\dfbhd.exe" = protocol=17 | dir=in | app=c:\program files\novalogic\delta force black hawk down\dfbhd.exe |
"UDP Query User{7CDE5CCB-CBC5-4393-A39E-6A8771D12CCC}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe |
"UDP Query User{81C644E4-2194-4054-B438-01F077431B79}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"UDP Query User{ADBD3060-EB15-4C8B-AD3F-9BC3FD4EFD85}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{B1B4C8B8-6B13-448A-A609-35AC8B06610E}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{B8F09AFB-1B78-45E7-9C49-DF6713300112}C:\program files\adobe\flex builder 3\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\adobe\flex builder 3\jre\bin\javaw.exe |
"UDP Query User{C58F1725-4F53-469C-A932-586EA0E06556}C:\program files\google\google desktop search\googledesktop.exe" = protocol=17 | dir=in | app=c:\program files\google\google desktop search\googledesktop.exe |
"UDP Query User{D2F356A3-A8CA-4115-8031-9181085E7A7D}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{E265676F-0EFD-478B-A41B-9B5D5FBFF9E4}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{E2ED14C7-57DA-4866-9669-92AEBD8C7BD3}C:\program files\nch swift sound\talk\talk.exe" = protocol=17 | dir=in | app=c:\program files\nch swift sound\talk\talk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{024D1716-9F42-0039-06E5-F4279D6C4382}" = CCC Help Russian
"{04556846-E511-3FE9-E824-3588075C8036}" = Catalyst Control Center Graphics Full Existing
"{047DB692-BBD4-4768-91CC-ABD418B494B8}" = NI USI 1.4.1
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05CD72BE-7783-AAB9-0C05-2D8DBD2DD444}" = Catalyst Control Center Localization Dutch
"{0612E132-33FF-4488-9C31-F8D485D6866D}" = Catalyst Control Center Graphics Light
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B3DB1B2-404C-AAA8-B32E-E65520EDE74D}" = CCC Help Polish
"{0C92ADEE-9554-4163-8AA3-13B2D1673014}" = NI Multisim Analog Devices Edition 10.0
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0F80CE43-8ACA-4B44-AF4C-A04893DD30E3}" = Battery Life
"{10504622-2818-C312-55CC-A72D36A31DBC}" = CCC Help Swedish
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1E06D48E-5448-4BCC-9F87-9FB4EBD59898}" = SA30xx Media Converter
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{25F138F7-89D9-4836-A9F5-642DEA06564C}" = NI LabWindows/CVI 8.1 Run-Time Engine
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{289CDCBA-1E82-460A-9DCA-E9FB6BAC1A42}" = SA30xx Device Manager
"{28C3E5E6-5ACA-408D-9A46-089C5334EC97}" = HP Help and Support
"{2A34320A-56F9-9C4F-D325-77AC8A54C8B6}" = Catalyst Control Center Localization Japanese
"{2A8C5C0E-DC54-46BF-92AE-A062C63A1033}" = Nero 7 Essentials
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2C9FF444-79C0-C0C4-7B21-0E77C872AF53}" = CCC Help Danish
"{2CA3E0A5-9281-6E67-1843-A6CC0B00BD74}" = Catalyst Control Center Localization French
"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{31775690-0E29-2AB1-75DE-C406152CBD1D}" = Catalyst Control Center Localization Chinese Standard
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3466C4D1-508A-0E36-EB05-2E53766F27E0}" = CCC Help Italian
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{38DCD6F5-C4DC-25E5-C113-0A909558FC2C}" = CCC Help Norwegian
"{38E7D1E1-F724-4662-BFC4-B49A37493937}" = AdminMagic
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA160E2-066B-8D77-FCF4-F001F236E8E7}" = CCC Help Spanish
"{3FA93E4C-CB3B-4B25-B091-9DB0FCC56A74}" = Catalyst Control Center - Branding
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{431CED44-A6D3-4E4A-2B76-04D1A861FCCE}" = Catalyst Control Center Localization Swedish
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{45FA54F6-8574-49D2-9E2D-0BDDE6237822}" = NI LabVIEW Run-Time Engine 8.2.1
"{475144D0-A4D6-C553-42B5-7BB60FCEF9EC}" = Catalyst Control Center Localization German
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49BA6327-744C-3D20-16DB-6E98BF66D0FD}" = Catalyst Control Center Localization Danish
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4B4D411D-E363-7E6B-68C3-C8E2EF02B7C6}" = CCC Help Chinese Traditional
"{4BFA6EEB-AAED-4334-8E98-A907DE4DD5CF}" = AMD Driver Support for HP 3D DriverGuard
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{50DB0F17-4180-31F7-F26B-B40CBA8BA6E0}" = CCC Help German
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{5396C246-53B5-4BBA-62DC-8308C7357EFE}" = Catalyst Control Center Localization Polish
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54CAEF60-0258-2D8E-F01F-24BC689EA8A9}" = Catalyst Control Center Localization Portuguese
"{5535426F-E814-4B34-9B36-726E9DBEB7A7}" = NI Logos 4.7
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{560BB29B-41C5-88E4-4847-B4B1DDB47B9B}" = Catalyst Control Center Localization Czech
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{57700DD3-0C10-4CE6-95BA-630284EE2CB1}" = NI License Manager
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{59748B12-406B-7EA4-355D-3BBD62E97C69}" = Catalyst Control Center Localization Turkish
"{5B4E5823-7265-9A19-A871-36E75824F7BE}" = CCC Help French
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EBC76DA-573E-7D96-A6F8-F4B9DE97A15F}" = Catalyst Control Center Localization Greek
"{623AD94E-1621-5AA1-BD6D-0EF08C9D7851}" = Catalyst Control Center Core Implementation
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D2737AE-8898-4BE1-AE46-555B7DB540A8}" = NI MDF Support
"{6DBCFFF6-2A7B-4AE4-8FC8-1216442E2814}" = CCC Help Korean
"{6F7D11DC-DE87-45C8-A37E-A35B724FC771}" = NI Help Assistant
"{6FCBD7F7-6A29-089F-E5DB-E33EFCF306CD}" = Catalyst Control Center Localization Spanish
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{762D9F20-593B-436E-CAC3-B3D9F4DA7A90}" = Catalyst Control Center Localization Chinese Traditional
"{78231F18-FD98-4B03-A932-DE9329594D08}" = NI TDMS
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7D974ACA-4EE5-412C-8E6A-A5B57B305727}" = ESET NOD32 Antivirus
"{7E3668CB-1228-416E-B721-C2FA3247B985}" = NI LabVIEW Real-Time FIFO for Runtime
"{80C2AD19-97A2-C829-38DE-5FD5B47F122B}" = ATI Catalyst Install Manager
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110305887}" = Diner Dash
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8436F8D7-AA62-83DA-3BC5-E04871BF5F61}" = CCC Help Portuguese
"{84F40C39-1E61-B3A7-833A-3A376AB53394}" = CCC Help Japanese
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{931FB38C-D5D4-4DBD-3723-50140A67F276}" = CCC Help Turkish
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{96A959C9-51E1-C920-A9FA-269BB462A940}" = CCC Help Czech
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A102E7E3-2A4E-F509-3EF6-019F45C83196}" = CCC Help Dutch
"{A1809BC4-3DD9-4AB6-BE8A-609703214CF6}_is1" = IdentaFone Pro
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A57222BD-51E3-7765-A008-9B6428402A59}" = CCC Help Hungarian
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A8ACD338-255C-B53D-7F19-ED7293B291E8}" = Catalyst Control Center Localization Norwegian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AAD72731-807A-4B79-AE05-9190B7002B7B}" = ProtectSmart Hard Drive Protection
"{AB9354BD-E732-4501-AFBD-6D8EA97F9E58}" = Winamp Goes 3D v1.51 (Light)
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AE72E414-0935-4AC8-B7D6-12E3039BEC13}" = DigitalPersona Personal 3.0.1
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B23893E9-A7B6-4CDE-A525-8CD9EFB193A9}" = X-Men™ - The Official Game
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBC783B7-8725-3B1C-B49A-BA7F09391251}" = Google Talk Plugin
"{BD41A0CF-79B4-98D8-B9B9-3DE8BEC8A861}" = Catalyst Control Center Localization Finnish
"{BFAA820A-C7D8-42AE-A3BA-CE118F3F0802}" = NI Service Locator
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4B2636B-D76D-7C23-3010-99E96693F0B5}" = Catalyst Control Center Graphics Previews Vista
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C9E9386A-7E81-796A-3465-8471A239A8A0}" = CCC Help Chinese Standard
"{CA4498C8-5146-E527-27A7-1B4F81C9BF05}" = CCC Help Thai
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6FAEBB1-90E0-4CF8-9A41-9087E6789D11}" = NI EULA Depot
"{D7E6CA4D-E79E-41A8-A633-8FB9BE3DB67C}" = FlashPoint
"{D9CACA34-F803-4844-9B31-A593EA870C8E}" = BumpTop
"{DA13BA57-3F22-469A-A616-B06FFE8A207F}" = WinPVR
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DBB7664B-6BAD-43F9-95E8-3D3E4E3FE9C4}" = ADPHONE3
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DEC3A80C-49D3-2885-2A03-3FBA61A5D40F}" = Catalyst Control Center Localization Italian
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E0B276B1-97D7-7AD2-548F-248A7745A1ED}" = CCC Help Greek
"{e0e56e21-55de-4f77-a109-1baa72348743}" = Python 3.0
"{E2ADC6FA-4233-54E6-29EC-E60EAD096A50}" = Catalyst Control Center Localization Hungarian
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3EA025D-29A0-530C-9CA7-DBB5C49BB6DB}" = Skins
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E8991297-B702-44AA-ABAA-02C12045D8E9}" = NI Uninstaller
"{E96FFA19-E94B-D32B-E103-E78A0877245A}" = Catalyst Control Center Localization Thai
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EAE4AD65-89F2-3DE8-DF46-CCB34393CAA0}" = Catalyst Control Center Localization Russian
"{EE3D717C-D93F-2A2B-F641-F59F48E11895}" = ccc-utility
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F3BD8E81-C020-44F9-B014-1E0214D23556}" = SA30xx Media Converter
"{F447BD4C-65C3-A6D9-8A5F-5E822E32E1BC}" = Catalyst Control Center Localization Korean
"{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}" = HP User Guides 0102
"{F48FEA7A-2B87-8270-927C-20A0E7E5EBC2}" = CCC Help English
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCC92CBC-F520-A906-C002-9A6236308916}" = Catalyst Control Center Graphics Full New
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FEC99680-66C4-C8C7-084B-2FB1B257777C}" = CCC Help Finnish
"{FEEDAB32-F937-8319-D3F1-FFFC98C2111E}" = ccc-core-static
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Flex Builder 3" = Adobe Flex Builder 3
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Advanced Sound Recorder_is1" = Advanced Sound Recorder v6.0
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Aldo's Pianito" = Aldo's Pianito
"Any Wallpaper_is1" = Any Wallpaper 1.1.1
"AOL Toolbar" = AOL Toolbar 5.0
"aVis" = aVis
"Azureus Vuze" = Azureus Vuze
"Business Contact Manager for Outlook 2007" = Business Contact Manager for Outlook 2007
"Chess Nx_is1" = Chess Nx v6
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAO 3.5" = DAO 3.5
"Delta Force - Black Hawk Down" = Delta Force - Black Hawk Down
"DesktopX" = DesktopX
"DivXCodec" = DivX 4.02 Codec
"DO Advisor" = DO Advisor
"Edison 4" = Edison 4
"eMusic Promotion" = eMusic - 50 Free MP3 offer
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1" = NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up
"ExpressDial" = Express Dial
"EzGenerator" = EzGenerator 3.0
"FlexiMusic Composer_is1" = FlexiMusic Composer
"Frinika_is1" = Frinika 0.4.0
"GameSpy Arcade" = GameSpy Arcade
"G-Force" = G-Force
"Google Desktop" = Google Desktop
"Graboid Video" = Graboid Video 1.6
"GraphCalc v4.0.1_is1" = GraphCalc v4.0.1
"GritTec's Noise Cancellation v1,43" = GritTec's Noise Cancellation v1,43
"Halo" = Microsoft Halo
"Halo Trial" = Microsoft Halo Trial
"HijackThis" = HijackThis 2.0.2
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HyperVRE_is1" = HyperVRE 1.9.1
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{B23893E9-A7B6-4CDE-A525-8CD9EFB193A9}" = X-Men™ - The Official Game
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"Letter Chase Typing Tutor_is1" = Letter Chase Typing Tutor 5.3
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"MagicScore_is1" = MagicScore
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MixPad" = MixPad
"Monopoly" = Monopoly
"Monopoly Here & Now Edition" = Monopoly Here & Now Edition (remove only)
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"Need For Speed III" = Need For Speed III
"NI Uninstaller" = National Instruments Software
"ObjectDock" = ObjectDock
"Offline Downloader" = Offline Downloader
"Passion Audio Player_is1" = Passion Audio Player v2.5
"PianoFX STUDIO 4.0_is1" = PianoFX STUDIO 4.0
"Pocket Tanks_is1" = Pocket Tanks v1.3
"PROHYBRIDR" = 2007 Microsoft Office system
"RealPlayer 6.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.71
"ROP Freeware" = ROP Freeware
"SecondLife" = SecondLife (remove only)
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"Software Midi Keyboard v1.8 Demo" = Software Midi Keyboard v1.8 Demo
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"ST6UNST #1" = System Update
"ST6UNST #2" = Pinxy's Ascii Art Generator v1.2
"ST6UNST #3" = Musical Instrument Simulator_Mapper
"Super TextTwist" = Super TextTwist (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"System Update - II" = System Update - II
"Talk" = Express Talk
"TeamViewer 4" = TeamViewer 4
"Time Stopper2.00" = Time Stopper
"Tina Pro for Windows - Demo" = Tina Pro for Windows - Demo
"TruVoice" = Lernout & Hauspie TruVoice for Microsoft Agent
"Turbo C++ 3.0" = Turbo C++ 3.0
"UltraISO_is1" = UltraISO Premium V9.3
"VB Runtime" = VB Runtime
"Virtual Drive Creator_is1" = Virtual Drive Creator V2.1.3
"VistaGlazz_is1" = VistaGlazz 1.2
"VistaVisualMaster" = Vista Visual Master
"VLC media player" = VLC media player 1.0.2
"WallCalendar Component Version 2.1" = WallCalendar Component Version 2.1
"WavePad" = WavePad Sound Editor
"WebCam Looker" = WebCam Looker
"WebSTAR DPC2100 Uninstall" = Scientific-Atlanta WebSTAR 2000 series Cable Modem
"WhiteCap" = WhiteCap
"WildTangent hp Master Uninstall" = My HP Games
"Winamp" = Winamp (remove only)
"WindowBlinds" = WindowBlinds
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-5
"WinRAR archiver" = WinRAR archiver
"Wipeer_is1" = Wipeer version 0.73
"Wisdom-soft Set up ASR 3.1 Pro" = Wisdom-soft Set up ASR 3.1 Pro
"WordWeb" = WordWeb
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3751347439-4158551215-55152052-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Google Chrome" = Google Chrome
"IntelliAdmin.Internet" = IntelliAdmin Internet Edition - Remove

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:27 AM

Posted 03 November 2009 - 04:40 PM

Hi,

127.0.0.1 activate.adobe.com


The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

http://www.trendmicro.com/vinfo/grayware/v...=CRCK_KEYGEN.BB

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

http://blog.trendmicro.com/crack-sites-dis...rux-and-fakeav/


When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a lot of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.


If you still need assistance please remove all cracked software from your system. Namely the:
  • Adobe Products
.

Please run a scan with Malwarebytes:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

As well as a scan with Win32kDiag:
Download and run Win32kDiag:Could you tell me more precisely what "don't open" means? Do you get an error message when you visit the page? Does the site stay blank? Do you get redirected to another site?
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 gggg_hhhh

gggg_hhhh
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 06 November 2009 - 03:47 AM

thanks for the prompt reply temp .i had previously performed a mbam scan which removed most of the infections .this was suggested by garmanma.i also ran win32kdiag.exe previously and posted the log in my previos topic . anyways i repeated the two steps and here are the log files of mbam and win32kdiag.by "some websites dont open i meant some websites such as youtube.com ,digg.com,and most flash websites dont open on chrome browser.while there are websites that dont open on mozilla as well . both the browsers perfectly before but all of a sudden the laptop started to freeze abruptly.this happened ocassionally . however when i ran root repeal as suggested by garmanma ,it happened once again ,the screen just froze and the system crashed.so it seemed obvious for me that there is a deep rooted infection .

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<MBAM>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Malwarebytes' Anti-Malware 1.41
Database version: 3109
Windows 6.0.6001 Service Pack 1

06-11-2009 14:01:10
mbam-log-2009-11-06 (14-01-10).txt

Scan type: Quick Scan
Objects scanned: 115247
Time elapsed: 8 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<WIN32KDIAG>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Running from: C:\Users\KARTHIK\Desktop\Win32kDiag.exe

Log file at : C:\Users\KARTHIK\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Cannot access: C:\Windows\bthservsdp.dat

[1] 2009-11-06 11:40:59 2484 C:\Windows\bthservsdp.dat ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-11-06 11:44:12 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2009-11-06 11:43:57 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2009-11-06 11:43:57 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2009-11-06 11:43:57 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl

[1] 2009-11-06 11:45:06 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl ()





Finished!

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:27 AM

Posted 06 November 2009 - 05:05 AM

Hi,

not all rootkit detectors work equally well on all systems. If rootrepeal is crashing please try to change the following settings and run it again:
Hi,

there may be some interference from other programs. Please try RootRepeal again, but before the scan do the following:
Please start RootRepeal, and, before doing anything else, try changing the "Disk Access Level" in the Settings->Options dialog. Try moving it to the "Special" or "High" level. Also, click on the Files tab, and uncheck "Use lowest level for MBR check". Please let me know if this fixes the problem.

If that doesn't fix the problem please try to run gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:27 AM

Posted 11 November 2009 - 05:38 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users