Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected by Generic.Virtob


  • This topic is locked This topic is locked
12 replies to this topic

#1 sourabhbhambri

sourabhbhambri

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 17 January 2010 - 03:22 AM

respected sir/mam,
i would like to bring to your kind attention the problem i have been facing in my system fr past 2-3 days.
i accidenty downloaded an infected file on my desktop from local intranet.it was having shape of a folder so i tried to open it but couldn't do so after some time i realised that a file named "chrome" was created on the desktop itself.i tried to delete it but error message saying words like "file already open in someother place".so i came to know it was a virus and was multiplying within itself . i tried a number of ways to solve the problem on my own.
i read (from net)that combofix should be downloaded from site (bleepingcomputer.com ) itself so i made an account .i followed the link provided and was able to download combofix but when i had run it , i was not able to get any of bluecoloured screens (which should be there );it gave me an error saying !! not safe !! and process got aborted.I had switched off firewall,malware,spyware,bitdefender (antivirus) but couldn't get help.
the problem with system is existence of that virus it make copies of itself in every folder of computer with the name of specific folder and cause problem in system.for instance folder "acads" will have the same virus with name acads only and is referred to as an application by the system. i asked a friend with same problem and he was able to solve it with combofix only.
but since combofix is itself a problem(doesn't run on the system).earlier it said that it is not from site itself so download it from the site .but it was not so.(i downloaded it from site many a times to get positive response sometime).
today i was able to delete the chrome file as i delted it before could start replicating itself ( i did it fast as soon as computer started).i patiently deleted it's copies in the system without having accidently running them.but still computer doesn't respond as it used to .the infection is so extensive that bitdefender virus alerts keep buzzing me regarding the worm named "Generic.Virtob.1.(some set of numeric and alphanumeric letters)".this set is different for all cases but basic name is the same.these files are moved to quarantine by it.
i scanned all drives so as to give you a better picture of the problem.
also a file name "com surrogate "was about to function or stopped function and windows was busy finding solution to it.some 2-3 programs also stopped in the process. even due to some reason gmail is also said by the laptop as not a safe site and shows "certificate error".
also virus was sending some messages to people using my gtalk.the messages constituted a web address.so i uninstalled gtalk(google talk) from the laptop
please stop these problems

i would be really grateful to you if you can help me out with this problem i have no hope left.
thanking you
yours sincerely
sourabh bhambri
student
Bits Pilani,pilani
Rajasthan,333031
India

**************************************************************************************************************
dds.txt shows the following
**************************************************************************************************************

DDS (Ver_09-12-01.01) - NTFSx86
Run by abcd at 12:50:11.13 on 01-01-2007
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.65.1033.18.1978.891 [GMT 5.5:30]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
SP: BitDefender Antispyware *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\aestsrv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\niSvcLoc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -kbdx
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\wercon.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\helppane.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\abcd\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://h1.ripway.com/poojasharma/index.html
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=91&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=91&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyServer = 172.30.3.3:8080
uInternet Settings,ProxyOverride = <local>
uWinlogon: Shell=explorer.exe,c:\recycler\s-1-5-21-1405839388-0974707950-545627294-7905\nissan.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
uRun: [Internet Security Service] c:\restore\s-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
uRun: [Yahoo Messengger] c:\users\abcd\desktop\chrome.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce

"software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce

"software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce

"software\cyberlink\youcam\2.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce

"software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector"

updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\users\abcd\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12

\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-in\local\search.html
IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

============= SERVICES / DRIVERS ===============

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_e7ea6efc\AEstSrv.exe [2009-7-29 77824]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-7-2 82568]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-8-12 108864]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-4-29 54784]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-7-15 112128]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2008-7-17 139264]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-21 100184]

=============== Created Last 30 ================

2010-01-16 15:12:14 0 d-----w- C:\32788R22FWJFW.0.tmp
2010-01-10 04:57:30 195456 ------w- c:\windows\system32\MpSigStub.exe
2010-01-09 16:31:21 0 d-----w- c:\program files\ibibo
2010-01-08 13:16:09 0 d-----w- c:\users\abcd\appdata\roaming\Uniblue
2010-01-04 05:48:38 0 d-----w- c:\program files\Cypress
2010-01-01 11:40:19 0 d-----w- c:\programdata\EscapeTheMuseum
2009-12-30 07:48:47 0 d-----w- c:\users\abcd\appdata\roaming\iWin
2009-12-24 10:15:31 0 d-----w- c:\programdata\PlayFirst
2009-12-17 07:44:38 0 d-----w- c:\users\abcd\appdata\roaming\hpqLog
2009-12-16 10:41:25 0 d-----w- c:\programdata\MumboJumbo
2009-12-16 06:57:32 0 d-----w- c:\programdata\Gogii
2009-12-15 15:25:42 0 d-----w- c:\program files\Atheros
2009-12-15 15:24:52 0 d-----w- c:\programdata\Atheros
2009-11-28 03:23:02 0 d-sh--w- c:\users\abcd\Phone Browser
2009-11-28 03:21:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2009-11-28 03:20:05 0 d-----w- c:\programdata\PC Suite
2009-11-28 03:16:25 0 d-----w- c:\program files\common files\PCSuite
2009-11-28 03:16:25 0 d-----w- c:\program files\common files\Nokia
2009-11-28 03:14:55 0 d-----w- c:\program files\PC Connectivity Solution
2009-11-28 02:57:46 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-11-21 18:10:42 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-21 18:02:27 0 d-----w- c:\program files\MSXML 4.0
2009-11-21 15:04:33 2868224 ----a-w- c:\windows\system32\mf.dll
2009-11-21 15:04:25 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-11-21 15:04:25 270848 ----a-w- c:\windows\system32\schannel.dll
2009-11-21 15:04:25 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-11-21 15:04:25 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-11-21 15:04:24 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-11-21 15:04:23 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-11-21 15:04:22 9728 ----a-w- c:\windows\system32\lsass.exe
2009-11-21 15:04:22 72704 ----a-w- c:\windows\system32\secur32.dll
2009-11-21 15:04:17 443392 ----a-w- c:\windows\system32\win32spl.dll
2009-11-21 15:03:02 2927104 ----a-w- c:\windows\explorer.exe
2009-11-21 15:01:58 71680 ----a-w- c:\windows\system32\atl.dll
2009-11-21 15:01:56 296960 ----a-w- c:\windows\system32\gdi32.dll
2009-11-21 15:01:53 1191936 ----a-w- c:\windows\system32\msxml3.dll
2009-11-21 15:01:51 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-11-21 15:01:49 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-11-21 15:01:46 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-11-21 14:57:37 1334272 ----a-w- c:\windows\system32\msxml6.dll
2009-11-21 14:57:33 1645568 ----a-w- c:\windows\system32\connect.dll
2009-11-15 17:28:43 318976 ----a-w- c:\windows\system32\CF23618.exe
2009-11-10 11:38:48 0 d-----w- c:\programdata\WinZip
2009-11-10 11:37:02 0 d-----w- c:\programdata\Google
2009-11-03 04:06:41 0 d-sh--r- C:\RESTORE
2009-10-28 09:56:12 645120 ----a-w- c:\windows\system32\config.gms
2009-10-28 04:27:48 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-10-28 04:27:47 0 d-----w- c:\program files\Nokia
2009-10-28 04:26:57 0 d-----w- c:\programdata\Installations
2009-10-15 12:53:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-11 06:38:21 0 d-----w- c:\users\abcd\appdata\roaming\hte
2009-10-11 05:06:46 211247250 ----a-w- c:\windows\MEMORY.DMP
2009-10-11 05:05:30 0 d-----w- c:\program files\GLOBEtrotter Software Inc
2009-10-11 05:00:05 0 d-----w- C:\Modeltech_6.1d
2009-10-11 03:16:33 0 d-----w- c:\users\abcd\appdata\roaming\SynaptiCAD
2009-10-11 02:50:35 8968 ----a-w- c:\windows\system32\KL2DLL.DLL
2009-10-11 02:50:35 7440 ----a-w- c:\windows\system32\ppmon.dll
2009-10-11 02:50:35 28848 ----a-w- c:\windows\system32\drivers\USBkey.sys
2009-10-11 02:50:35 24576 ----a-w- c:\windows\system32\KL2DLL32.DLL
2009-10-11 02:50:35 24136 ----a-w- c:\windows\system32\ppmon.exe
2009-10-11 02:50:31 372224 ----a-w- c:\windows\system32\flexlm.cpl
2009-10-11 02:48:24 0 d-----w- C:\SynaptiCAD
2009-09-24 08:10:13 41324 ----a-w- c:\windows\system32\winio.sys
2009-09-24 08:09:48 80 ----a-w- c:\windows\matlab.ini
2009-09-23 16:34:07 0 d-----w- c:\users\abcd\appdata\roaming\MathWorks
2009-09-23 16:23:34 0 d-----w- C:\MATLAB701
2009-09-17 12:23:42 0 d-----w- c:\users\abcd\tora
2009-09-17 12:23:24 1101824 ----a-w- c:\users\abcd\tora.exe
2009-09-17 12:15:08 286720 ------w- c:\windows\Setup1.exe
2009-09-17 12:15:07 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-09-17 12:15:04 1597 ----a-w- c:\windows\ST6UNST.000
2009-09-14 16:10:02 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-09-14 16:09:48 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-09-14 16:09:37 48640 ----a-w- c:\windows\system32\wuapp.exe
2009-09-14 16:09:37 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-08-30 08:43:55 0 d-----w- c:\program files\National Instruments
2009-08-27 10:11:01 0 d-----w- c:\program files\OrcadLite
2009-08-27 10:10:25 324096 ----a-w- c:\windows\IsUninst.exe
2009-08-26 17:29:31 1409 ----a-w- c:\windows\system\ARIALSC.fot
2009-08-26 17:28:29 1409 ----a-w- c:\windows\system\TIMCYR.fot
2009-08-26 17:27:28 1409 ----a-w- c:\windows\system\PORGRK2.fot
2009-08-26 17:22:23 691712 ----a-w- c:\windows\wweb32.dll
2009-08-26 17:22:23 0 d-----w- c:\program files\WordWeb
2009-08-26 15:01:06 318976 ----a-w- c:\windows\system32\CF13194.exe
2009-08-26 14:58:40 247296 ----a-w- c:\windows\PEV.exe
2009-08-26 14:58:26 318976 ----a-w- c:\windows\system32\CF12476.exe
2009-08-25 18:51:24 0 d-----w- c:\programdata\WindowsSearch
2009-08-23 05:49:00 0 d-----w- c:\programdata\BitDefender
2009-08-23 05:34:13 0 d-----w- c:\program files\common files\BitDefender
2009-08-20 15:10:43 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-08-20 15:04:07 0 d-----w- c:\program files\Microsoft Visual Studio 8
2009-08-11 11:55:17 0 d-----w- c:\program files\DC++
2009-08-05 17:09:59 0 d-----w- c:\program files\The KMPlayer
2009-08-03 05:04:05 850 ----a-w- c:\windows\system32\ProductTweaks.xml
2009-08-03 05:04:04 385 ----a-w- c:\windows\system32\user_gensett.xml
2009-08-03 04:59:46 0 d-----w- c:\windows\system32\logs
2009-08-03 04:59:25 0 d-----w- c:\program files\common files\MSSoap
2009-08-03 04:59:07 0 d-----w- c:\program files\BitDefender
2009-07-30 16:33:06 0 d-----w- c:\windows\system32\URTTEMP
2009-07-30 15:26:46 0 d-----w- c:\programdata\JollyBear
2009-07-29 18:31:50 0 d-sh--w- C:\$RECYCLE.BIN
2009-07-29 18:28:26 0 d-----w- c:\program files\muvee Technologies
2009-07-29 18:28:19 0 d-----w- c:\program files\common files\muvee Technologies
2009-07-29 18:23:38 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-07-29 18:23:19 89088 ------w- c:\windows\system32\atl71.dll
2009-07-29 18:22:53 0 d-----w- c:\programdata\Motorola
2009-07-29 18:22:46 0 d-----w- c:\program files\SoftStylus
2009-07-29 18:18:55 0 d-----w- c:\program files\IDT
2009-07-29 18:18:45 125 ----a-w- c:\windows\xUninstall.bat
2009-07-29 18:17:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-07-29 18:16:50 110080 ----a-w- c:\windows\system32\JmCrIcon.dll
2009-07-29 18:16:50 0 d-----w- c:\windows\JMCR_DIR
2009-07-29 18:15:41 9728 ----a-w- c:\windows\system32\RtNicProp32.dll
2009-07-29 18:15:41 123904 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-07-29 18:15:40 0 d-----w- c:\program files\Realtek
2009-07-29 18:15:27 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-07-29 18:15:18 0 d-----w- c:\program files\Apoint2K
2009-07-29 18:13:55 920088 ----a-w- c:\windows\system32\igxpun.exe
2009-07-29 18:13:55 319456 ----a-w- c:\windows\system32\difxapi.dll
2009-07-29 18:13:55 0 d-----w- c:\windows\system32\Lang
2009-07-29 18:13:08 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-07-29 18:12:55 0 d-----w- C:\Intel
2009-07-29 18:12:39 873310 ----a-w- c:\windows\system32\oem6.inf
2009-07-29 18:12:18 0 d-----w- c:\windows\system32\no-NO
2009-07-29 18:12:16 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2009-07-29 18:12:15 87328 ----a-w- c:\windows\system32\bcmwlcoi.dll
2009-07-29 18:12:15 3813376 ----a-w- c:\windows\system32\bcmihvsrv.dll
2009-07-29 18:12:15 3506176 ----a-w- c:\windows\system32\bcmihvui.dll
2009-07-29 18:12:15 1326584 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2009-07-29 18:12:14 0 d-----w- c:\program files\Broadcom
2009-07-29 18:11:24 54824 ------w- c:\windows\system32\agrsmdel.exe
2009-07-29 18:11:08 0 d-----w- c:\windows\Options
2009-07-29 06:38:18 0 d-----w- c:\users\abcd\appdata\roaming\WildTangent
2009-07-29 06:07:49 0 d-----w- c:\users\abcd\appdata\roaming\HP TCS
2009-07-29 06:06:32 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_Presario CQ40 Notebook PC_Y5335KV_0U_QCND9150NWP_E506536-

372_4A_I3607_SCompal_V99.97_F.31_T090203_WV2-1_L409_M1979_J250_7Intel_867A_92.00_#090729_N10EC8136;14E44315_(NL050PA#ACJ)_XMOBILE_CN10_Z_2F.31.MRK
2008-10-23 16:29:27 0 d-----w- c:\program files\SMINST
2008-10-23 16:19:05 0 d-----w- c:\program files\HP
2008-10-23 16:08:09 0 d-----w- c:\windows\Downloaded Installations
2008-10-23 15:45:29 0 d-----w- c:\programdata\AOL
2008-10-23 15:14:54 0 d-----w- c:\programdata\Temp
2008-10-23 15:14:54 0 d-----w- c:\programdata\CyberLink
2008-10-23 15:04:15 0 d-----w- c:\programdata\Adobe
2008-10-23 14:52:07 0 d-----w- c:\windows\system32\Adobe
2008-10-23 14:41:44 0 d-----w- c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-10-23 14:41:32 0 d-----w- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2008-10-23 14:41:10 422 ----a-w- c:\windows\system32\mapisvc.inf
2008-10-23 14:40:37 0 d-----w- c:\program files\Microsoft Small Business
2008-10-23 14:38:37 0 d-----w- c:\program files\Microsoft SQL Server
2008-10-23 14:36:52 0 d-----w- c:\windows\PCHEALTH
2008-10-23 14:35:53 0 d-----w- c:\windows\SHELLNEW
2008-10-23 14:35:28 0 d-----w- c:\programdata\Microsoft Help
2008-10-23 14:19:39 625152 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2008-10-23 14:19:39 565248 ----a-w- c:\windows\system32\emdmgmt.dll
2008-10-23 14:19:39 45056 ----a-w- c:\windows\system32\dataclen.dll
2008-10-23 14:19:39 36864 ----a-w- c:\windows\system32\cdd.dll
2008-10-23 14:19:39 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2008-10-23 14:18:43 0 d-----w- c:\programdata\WildTangent
2008-10-23 14:18:43 0 d-----w- c:\program files\HP Games
2008-10-23 14:18:43 0 d-----r- c:\program files\Online Services
2008-10-23 14:18:33 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2008-10-23 14:18:33 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2008-10-23 14:18:33 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2008-10-23 14:17:25 28160 ----a-w- c:\windows\system32\Apphlpdm.dll
2008-10-23 14:17:24 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2008-10-23 14:16:57 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2008-10-23 14:16:29 16768 ----a-w- c:\windows\system32\drivers\HpqKbFiltr.sys
2008-10-23 14:16:29 1419232 ----a-w- c:\windows\system32\drivers\wdfcoinstaller01005.dll
2008-10-23 14:16:28 987136 ----a-w- c:\windows\system32\BttnCmn.dll
2008-10-23 14:16:28 1560576 ----a-w- c:\windows\system32\BttnCmns_64.dll
2008-10-23 14:16:28 1560576 ----a-w- c:\windows\system32\BttnCmns.dll
2008-10-23 14:15:56 827392 ----a-w- c:\windows\system32\wininet.dll
2008-10-23 14:15:54 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2008-10-23 14:14:58 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2008-10-23 14:13:52 9127 ----a-w- c:\windows\system32\RacUR.xml
2008-10-23 14:13:52 885248 ----a-w- c:\windows\system32\RacEngn.dll
2008-10-23 14:13:52 153 ----a-w- c:\windows\system32\RacUREx.xml
2008-10-23 14:13:34 891448 ----a-w- c:\windows\system32\drivers\tcpip.sys
2008-10-23 14:13:33 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2008-10-23 14:13:33 3600952 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-10-23 14:13:33 3549240 ----a-w- c:\windows\system32\ntoskrnl.exe
2008-10-23 14:13:33 15360 ----a-w- c:\windows\system32\pacerprf.dll
2008-10-23 14:12:56 180224 ----a-w- c:\windows\system32\scrobj.dll
2008-10-23 14:12:56 176128 ----a-w- c:\windows\system32\wscript.exe
2008-10-23 14:12:56 172032 ----a-w- c:\windows\system32\scrrun.dll
2008-10-23 14:12:56 135168 ----a-w- c:\windows\system32\wshom.ocx
2008-10-23 14:12:56 135168 ----a-w- c:\windows\system32\cscript.exe
2008-10-23 14:12:55 90112 ----a-w- c:\windows\system32\wshext.dll
2008-10-23 14:12:55 430080 ----a-w- c:\windows\system32\vbscript.dll
2008-10-23 14:12:37 1314816 ----a-w- c:\windows\system32\quartz.dll
2008-10-23 14:11:26 738304 ----a-w- c:\windows\system32\inetcomm.dll
2008-10-23 14:11:09 269312 ----a-w- c:\windows\system32\es.dll
2008-10-23 14:10:54 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2008-10-23 14:05:55 39936 ----a-w- c:\windows\system32\drivers\hidclass.sys
2008-10-23 14:04:53 87552 ----a-w- c:\windows\system32\SearchFilterHost.exe
2008-10-23 14:03:26 0 d-----w- c:\windows\panther
2008-10-23 14:03:11 0 d-----w- c:\programdata\Norton
2008-10-23 14:02:52 0 d-----w- c:\programdata\NortonInstaller
2008-10-23 14:02:52 0 d-----w- c:\program files\NortonInstaller
2008-10-23 14:01:38 0 d-----w- c:\programdata\Hewlett-Packard
2008-10-23 14:01:27 0 d-----w- c:\program files\Hewlett-Packard Company
2008-10-23 13:56:52 0 d--h--w- C:\HP
2008-10-23 13:40:01 0 d-sh--w- c:\windows\Installer
2008-10-23 13:28:01 12 ----a-w- c:\windows\bthservsdp.dat
2008-09-09 13:19:22 150040 ----a-w- c:\windows\system32\igfxtray.exe
2008-09-09 13:19:20 256536 ----a-w- c:\windows\system32\igfxsrvc.exe
2008-09-09 13:19:16 154136 ----a-w- c:\windows\system32\igfxpers.exe
2008-09-09 13:19:14 178712 ----a-w- c:\windows\system32\igfxext.exe
2008-09-09 13:19:10 670232 ----a-w- c:\windows\system32\igfxcfg.exe
2008-09-09 13:19:08 178712 ----a-w- c:\windows\system32\hkcmd.exe
2008-09-02 14:36:26 36064 ----a-w- c:\windows\system32\iglhxs32.vp
2008-09-02 13:25:04 147456 ----a-w- c:\windows\system32\igfxCoIn_v1554.dll
2008-09-02 13:17:14 3379200 ----a-w- c:\windows\system32\igdumd32.dll
2008-09-02 13:17:10 2472448 ----a-w- c:\windows\system32\drivers\igdkmd32.sys
2008-09-02 13:16:00 445796 ----a-w- c:\windows\system32\igcompkrng500.bin
2008-09-02 13:15:58 147172 ----a-w- c:\windows\system32\igfcg550.bin
2008-09-02 13:15:56 2026604 ----a-w- c:\windows\system32\igkrng500.bin
2008-09-02 13:15:04 536576 ----a-w- c:\windows\system32\igdumdx32.dll
2008-09-02 13:10:54 2195456 ----a-w- c:\windows\system32\igd10umd32.dll
2008-09-02 13:04:46 2342912 ----a-w- c:\windows\system32\ig4dev32.dll
2008-09-02 13:04:12 3878912 ----a-w- c:\windows\system32\ig4icd32.dll
2008-09-02 12:59:02 258048 ----a-w- c:\windows\system32\igfxrsve.lrc
2008-09-02 12:59:02 253952 ----a-w- c:\windows\system32\igfxrtrk.lrc
2008-09-02 12:59:02 237568 ----a-w- c:\windows\system32\igfxrtha.lrc
2008-09-02 12:59:00 270336 ----a-w- c:\windows\system32\igfxrptg.lrc
2008-09-02 12:59:00 266240 ----a-w- c:\windows\system32\igfxrrus.lrc
2008-09-02 12:59:00 258048 ----a-w- c:\windows\system32\igfxrsky.lrc
2008-09-02 12:59:00 253952 ----a-w- c:\windows\system32\igfxrslv.lrc
2008-09-02 12:56:10 258048 ----a-w- c:\windows\system32\igfxTMM.dll
2008-09-02 12:55:50 69632 ----a-w- c:\windows\system32\oemdspif.dll
2008-09-02 12:55:42 217088 ----a-w- c:\windows\system32\igfxpph.dll
2008-09-02 12:55:34 24576 ----a-w- c:\windows\system32\igfxexps.dll
2008-09-02 12:55:32 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2008-09-02 12:55:22 52224 ----a-w- c:\windows\system32\igfxsrvc.dll
2008-09-02 12:55:06 135168 ----a-w- c:\windows\system32\igfxdo.dll
2008-09-02 12:54:58 106496 ----a-w- c:\windows\system32\hccutils.dll
2008-09-02 12:54:52 5672960 ----a-w- c:\windows\system32\igfxress.dll
2008-09-02 12:54:52 249856 ----a-w- c:\windows\system32\igfxrenu.lrc
2008-09-02 12:54:52 221184 ----a-w- c:\windows\system32\igfxdev.dll
2008-09-02 12:49:12 2096 ----a-w- c:\windows\system32\iglhxo32.vp
2008-09-02 12:49:12 2096 ----a-w- c:\windows\system32\iglhxc32.vp
2008-08-12 13:10:52 228672 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2008-08-12 13:10:32 108864 ----a-w- c:\windows\system32\drivers\bdfm.sys
2008-07-21 10:53:02 100184 ----a-w- c:\windows\system32\drivers\jmcr.sys
2008-07-15 08:20:24 112128 ----a-w- c:\windows\system32\drivers\IntcHdmi.sys
2008-07-15 08:20:12 4608 ----a-w- c:\windows\system32\HdmiCoin.dll
2008-07-02 07:37:02 82568 ----a-w- c:\windows\system32\drivers\BDVEDISK.sys
2008-06-11 00:16:00 13312 ----a-w- c:\windows\HPModemVersion.dll
2008-06-09 14:33:04 0 d-----w- C:\SwSetup
2008-06-06 15:40:05 333203 --sha-r- C:\bootmgr
2008-06-06 15:40:05 0 d-sh--w- C:\boot
2008-04-29 01:54:58 54784 ----a-w- c:\windows\system32\drivers\enecir.sys
2008-04-23 13:04:48 176128 ----a-w- c:\windows\system32\txmlutil.dll
2008-03-04 21:58:20 2314332 ----a-w- c:\windows\system32\libmmd.dll
2008-03-04 21:58:18 569344 ----a-w- c:\windows\system32\HIGHGUI.DLL
2008-03-04 21:58:16 774144 ----a-w- c:\windows\system32\CVAUX.DLL
2008-03-04 21:58:16 217088 ----a-w- c:\windows\system32\libguide40.dll
2008-03-04 21:58:16 1691648 ----a-w- c:\windows\system32\CV.DLL
2008-02-29 23:13:38 1202560 ----a-w- c:\windows\system32\drivers\AGRSM.sys
2008-02-29 23:07:24 54824 ----a-w- c:\windows\agrsmdel.exe
2008-01-31 23:14:36 166448 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2008-01-21 03:30:08 6656 ----a-w- c:\windows\system32\drivers\errdev.sys
2008-01-21 03:27:51 45568 ----a-w- c:\windows\system32\drivers\blbdrive.sys
2008-01-21 03:26:49 386616 ----a-w- c:\windows\system32\drivers\MegaSR.sys
2008-01-21 02:43:50 0 d-----w- C:\PerfLogs
2008-01-21 02:34:56 705536 ----a-w- c:\windows\system32\imagesp1.dll
2008-01-21 02:33:59 936960 ----a-w- c:\windows\system32\gpedit.dll
2008-01-21 02:32:59 88064 ----a-w- c:\windows\system32\wiascanprofiles.dll
2008-01-21 02:05:40 458752 ----a-w- c:\windows\system32\InstallPackage_ETW.Log.perf
2008-01-21 02:05:40 393216 ----a-w- c:\windows\system32\InstallPackage_ETW.Log.dpx
2008-01-19 16:53:36 100546 ----a-w- c:\windows\system32\Vxdif.dll
2007-12-11 19:40:56 13312 ------w- c:\windows\system32\agrscoin.dll
2007-12-11 19:15:04 12800 ----a-w- c:\windows\system32\agrsmsvc.exe
2007-06-08 02:41:12 831048 ----a-w- c:\windows\system32\WudfUpdate_01005.dll
2007-03-29 17:30:40 203264 ----a-r- c:\windows\system32\CddbCdda.dll
2007-02-22 05:45:56 137216 ----a-w- c:\windows\system32\drivers\nmwcd.sys
2007-02-22 05:45:14 8320 ----a-w- c:\windows\system32\drivers\nmwcdc.sys
2007-02-22 05:45:14 12288 ----a-w- c:\windows\system32\drivers\nmwcdcm.sys
2007-02-22 05:45:14 12288 ----a-w- c:\windows\system32\drivers\nmwcdcj.sys
2007-02-22 05:45:12 65536 ----a-w- c:\windows\system32\nmwcdcocls.dll
2007-01-31 09:20:32 913408 ----a-w- c:\windows\system32\xreglib.dll
2007-01-01 05:45:43 0 d-----w- C:\ComboFix
2007-01-01 05:45:42 336384 ----a-w- c:\windows\system32\CF6627.exe
2006-12-31 19:29:41 0 d-----w- c:\users\abcd\appdata\roaming\BitDefender
2006-12-31 18:58:32 336384 ----a-w- c:\windows\system32\CF10906.exe
2006-12-31 18:31:44 336384 ----a-w- c:\windows\system32\CF5652.exe
2006-12-31 18:31:02 336384 ----a-w- c:\windows\system32\CF5515.exe

==================== Find3M ====================

2009-10-11 05:05:37 6656 ----a-w- c:\windows\system32\haspvdd.dll
2009-10-11 05:05:37 47616 ----a-w- c:\windows\system32\drivers\Haspnt.sys
2009-10-11 05:05:37 453632 ----a-w- c:\windows\system32\drivers\hardlock.sys
2009-07-11 19:32:52 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:32:52 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:32:52 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:29:04 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-06-15 15:24:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20:27 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20:00 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52:13 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-10 12:12:29 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-10 12:07:30 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-06-04 12:34:04 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-04-23 12:43:04 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42:53 636928 ----a-w- c:\windows\system32\localspl.dll
2009-03-17 03:38:46 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38:44 24064 ----a-w- c:\windows\system32\amxread.dll
2008-12-16 02:42:39 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2008-10-23 14:14:42 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-10-23 14:14:40 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2008-10-23 14:14:40 28728 ----a-w- c:\windows\system32\drivers\msahci.sys
2008-10-23 14:14:40 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2008-10-23 14:14:40 20024 ----a-w- c:\windows\system32\drivers\viaide.sys
2008-10-23 14:14:40 19000 ----a-w- c:\windows\system32\drivers\cmdide.sys
2008-10-23 14:14:40 17976 ----a-w- c:\windows\system32\drivers\intelide.sys
2008-10-23 14:14:40 17976 ----a-w- c:\windows\system32\drivers\amdide.sys
2008-10-23 14:14:40 17464 ----a-w- c:\windows\system32\drivers\aliide.sys
2008-10-23 14:14:40 16440 ----a-w- c:\windows\system32\drivers\pciide.sys
2008-10-23 14:14:40 110136 ----a-w- c:\windows\system32\drivers\ataport.sys
2008-10-23 14:06:56 1695744 ----a-w- c:\windows\system32\gameux.dll
2008-10-23 14:06:42 246840 ----a-w- c:\windows\system32\clfs.sys
2008-10-23 14:04:53 87552 ----a-w- c:\windows\system32\mssitlb.dll
2008-09-24 00:21:20 5984 ------w- c:\windows\fonts\TTXTURK.FON
2008-09-18 04:56:07 125952 ----a-w- c:\windows\system32\wersvc.dll
2008-09-18 04:56:02 147456 ----a-w- c:\windows\system32\Faultrep.dll
2008-09-11 23:27:06 96368 ----a-w- c:\windows\fonts\HP PSG.ttf
2008-09-11 11:54:44 389120 ----a-w- c:\windows\system32\drivers\stwrt.sys
2008-09-11 11:54:14 404480 ----a-w- c:\windows\system32\stcplx.dll
2008-09-11 11:53:10 671744 ----a-w- c:\windows\system32\stapo.dll
2008-09-11 11:51:34 168960 ----a-w- c:\windows\system32\staco.dll
2008-09-11 11:50:38 446556 ----a-w- c:\windows\sttray.exe
2008-09-11 11:50:12 427008 ----a-w- c:\windows\system32\stapi32.dll
2008-09-11 11:49:54 2875392 ----a-w- c:\windows\system32\stlang.dll
2008-09-11 11:48:58 532480 ----a-w- c:\windows\system32\idtmini1.exe
2008-08-28 03:40:11 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll
2008-08-28 03:40:11 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2008-08-28 03:40:09 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2008-08-27 01:05:41 212480 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2008-06-27 15:53:06 376832 ----a-w- c:\windows\system32\aestecap.dll
2008-06-27 15:53:02 73728 ----a-w- c:\windows\system32\AESTCom.dll
2008-06-27 15:53:00 53248 ----a-w- c:\windows\system32\aestaren.dll
2008-06-27 15:53:00 133632 ----a-w- c:\windows\system32\aestacap.dll
2008-06-06 03:27:13 38912 ----a-w- c:\windows\system32\xolehlp.dll
2008-06-06 03:27:05 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2008-01-21 02:36:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2008-01-21 02:36:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2008-01-21 02:34:56 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2008-01-21 02:33:59 83968 ----a-w- c:\windows\system32\hlink.dll
2008-01-21 02:32:59 293376 ----a-w- c:\windows\system32\psisdecd.dll
2007-12-10 15:44:00 98816 ----a-w- c:\windows\fonts\ARHERMANN.ttf
2007-12-10 15:44:00 80620 ----a-w- c:\windows\fonts\ARJULIAN.ttf
2007-12-10 15:44:00 73312 ----a-w- c:\windows\fonts\ARESSENCE.ttf
2007-12-10 15:44:00 45856 ----a-w- c:\windows\fonts\ARDESTINE.ttf
2007-12-10 15:43:58 97364 ----a-w- c:\windows\fonts\ARDECODE.ttf
2007-12-10 15:43:58 88184 ----a-w- c:\windows\fonts\ARCENA.ttf
2007-12-10 15:43:58 72364 ----a-w- c:\windows\fonts\ARCHRISTY.ttf
2007-12-10 15:43:58 295148 ----a-w- c:\windows\fonts\ARDARLING.ttf
2007-12-10 15:43:58 177360 ----a-w- c:\windows\fonts\ARDELANEY.ttf
2007-12-10 15:43:56 57344 ----a-w- c:\windows\fonts\ARBONNIE.ttf
2007-12-10 15:43:56 212912 ----a-w- c:\windows\fonts\ARBLANCA.ttf
2007-12-10 15:43:56 153044 ----a-w- c:\windows\fonts\ARCARTER.ttf
2007-03-12 10:05:48 79652 ----a-w- c:\windows\fonts\ARBERKLEY.ttf
2006-12-31 19:30:57 86016 ----a-w- c:\windows\inf\infstor.dat
2006-12-31 19:30:57 51200 ----a-w- c:\windows\inf\infpub.dat
2006-12-31 19:30:56 143360 ----a-w- c:\windows\inf\infstrng.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 12:35:34 30808 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2006-11-02 12:35:34 29779 ----a-w- c:\windows\fonts\GlobalSerif.CompositeFont
2006-11-02 12:35:34 26489 ----a-w- c:\windows\fonts\GlobalSansSerif.CompositeFont
2006-11-02 12:35:34 26040 ----a-w- c:\windows\fonts\GlobalMonospace.CompositeFont
2006-11-02 12:35:06 2048 ----a-w- c:\windows\system32\dfsrres.dll
2006-11-02 12:33:57 94784 ----a-w- c:\windows\twain.dll
2006-11-02 09:51:12 167528 ----a-w- c:\windows\system32\drivers\pcmcia.sys
2006-11-02 09:50:35 98408 ----a-w- c:\windows\system32\drivers\ulsata.sys
2006-11-02 09:50:35 106088 ----a-w- c:\windows\system32\drivers\ql40xx.sys
2006-11-02 09:50:19 45160 ----a-w- c:\windows\system32\drivers\nfrd960.sys
2006-11-02 09:50:17 41576 ----a-w- c:\windows\system32\drivers\iirsp.sys
2006-11-02 09:50:16 76392 ----a-w- c:\windows\system32\drivers\sbp2port.sys
2006-11-02 09:50:11 71272 ----a-w- c:\windows\system32\drivers\djsvs.sys
2006-11-02 09:50:09 35944 ----a-w- c:\windows\system32\drivers\iteraid.sys
2006-11-02 09:50:07 35944 ----a-w- c:\windows\system32\drivers\iteatapi.sys
2006-11-02 09:50:05 35944 ----a-w- c:\windows\system32\drivers\symc8xx.sys
2006-11-02 09:50:03 34920 ----a-w- c:\windows\system32\drivers\sym_u3.sys
2006-11-02 09:49:59 33384 ----a-w- c:\windows\system32\drivers\Mraid35x.sys
2006-11-02 09:49:56 31848 ----a-w- c:\windows\system32\drivers\sym_hi.sys

============= FINISH: 12:51:57.41 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 sourabhbhambri

sourabhbhambri
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 20 January 2010 - 01:12 PM

respected sir,
i have a problem in my system. antivirus (bitdefender ) shows that syste32 fies are affected by generic.virtob.1.(something).
this something varies from file to file and is an numeric and alphanumeric charcter combination
. other files also exist which are infected.i had performed deepscan of bidefender any times but it is unable to delete some files. i want that it should be removed from the system. combofix doesn't run on the system . i download it from your site but it says that it doesn't belong to the site and download it from there only.!!!! wacko.gif
i had posted a similar post few days before (plz read that);the reason why i'm giving a new post is that i wasn't able to run "clean files" option. but after reinstallation i'm able to do so thumbup.gif . so i have tackled majority of problems with that but rest can't be done from my side so i need your help

i was not able to upload zipped file so uploaded text file directly. please see to it.
thanking you
yours
sourabh
bits pilani
pilani,rajasthan
india


DDS (Ver_09-12-01.01) - NTFSx86
Run by abcd at 23:16:09.26 on 20-01-2010
Internet Explorer: 7.0.6001.18000

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\aestsrv.exe
C:\Windows\system32\agrsmsvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\niSvcLoc.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Internet Explorer\ieuser.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DC++\DCPlusPlus.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\abcd\Desktop\dds.scr
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=91&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=91&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyServer = 172.30.3.3:8080
uInternet Settings,ProxyOverride = <local>
uWinlogon: Shell=explorer.exe,c:\recycler\s-1-5-21-1405839388-0974707950-545627294-7905\nissan.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
uRun: [Internet Security Service] c:\restore\s-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
uRun: [Yahoo Messengger] c:\users\abcd\desktop\chrome.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-in\local\search.html
IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

============= SERVICES / DRIVERS ===============

R? Arrakis3;BitDefender Arrakis Server
R? JMCR;JMCR
S? AESTFilters;Andrea ST Filters Service
S? bdfm;bdfm
S? BDVEDISK;BDVEDISK
S? Com4QLBEx;Com4QLBEx
S? enecir;ENE CIR Receiver
S? IntcHdmiAddService;Intel® High Definition Audio HDMI
S? Recovery Service for Windows;Recovery Service for Windows

=============== Created Last 30 ================

2010-01-19 09:39:48 336384 ----a-w- c:\windows\system32\CF19765.exe
2010-01-19 09:39:48 0 d-----w- C:\ComboFix
2010-01-18 17:06:35 336384 ----a-w- c:\windows\system32\CF21761.exe
2010-01-18 16:08:11 0 d-----w- c:\program files\DC++
2010-01-16 15:12:14 0 d-----w- C:\32788R22FWJFW.0.tmp
2010-01-10 04:57:30 195456 ------w- c:\windows\system32\MpSigStub.exe
2010-01-09 16:31:21 0 d-----w- c:\program files\ibibo
2010-01-08 13:16:09 0 d-----w- c:\users\abcd\appdata\roaming\Uniblue
2010-01-04 05:48:38 0 d-----w- c:\program files\Cypress
2010-01-01 11:40:19 0 d-----w- c:\programdata\EscapeTheMuseum
2009-12-30 07:48:47 0 d-----w- c:\users\abcd\appdata\roaming\iWin
2009-12-24 10:15:31 0 d-----w- c:\programdata\PlayFirst

==================== Find3M ====================

2009-11-28 03:21:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2009-11-28 02:57:46 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-11-15 17:27:03 336384 ----a-w- c:\windows\system32\CF23618.exe
2008-10-23 14:14:42 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-12-31 19:30:57 86016 ----a-w- c:\windows\inf\infstor.dat
2006-12-31 19:30:57 51200 ----a-w- c:\windows\inf\infpub.dat
2006-12-31 19:30:56 143360 ----a-w- c:\windows\inf\infstrng.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-10-23 14:14:41 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 23:16:47.93 ===============

Attached Files


Edited by Orange Blossom, 20 January 2010 - 07:27 PM.
Merged topics. ~ OB


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:46 PM

Posted 23 January 2010 - 10:00 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
[We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:46 PM

Posted 29 January 2010 - 05:59 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:46 PM

Posted 05 February 2010 - 09:42 AM

Hi,

topic reopened, please post the logs I asked for.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 sourabhbhambri

sourabhbhambri
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 06 February 2010 - 09:43 AM

hi,
within the ****'s i'm pasting the contents to distinguish them from one another.

otl.txt had the following contents
*****************************************************************************************************************************

OTL logfile created on: 04-02-2010 19:20:19 - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\abcd\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 112.34 Gb Total Space | 12.32 Gb Free Space | 10.96% Space Free | Partition Type: NTFS
Drive D: | 11.25 Gb Total Space | 1.80 Gb Free Space | 16.05% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 54.70 Gb Total Space | 1.57 Gb Free Space | 2.87% Space Free | Partition Type: NTFS
Drive G: | 54.60 Gb Total Space | 1.01 Gb Free Space | 1.85% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ABCD-PC
Current User Name: abcd
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-02-04 19:19:33 | 000,567,296 | ---- | M] (OldTimer Tools) -- C:\Users\abcd\Desktop\OTL.exe
PRC - [2009-11-10 17:07:02 | 000,171,448 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
PRC - [2009-10-11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-09-01 10:41:28 | 000,499,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2009-07-18 08:42:12 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe
PRC - [2009-07-01 15:44:34 | 000,632,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2009-04-30 15:58:44 | 000,229,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
PRC - [2008-10-29 11:59:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008-10-06 22:24:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008-09-24 05:51:52 | 000,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2008-09-11 17:22:52 | 000,237,650 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\stacsv.exe
PRC - [2008-09-11 17:20:38 | 000,467,036 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008-09-10 12:00:00 | 000,525,664 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2008-09-09 18:49:20 | 000,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2008-09-09 18:49:16 | 000,154,136 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008-09-09 18:49:08 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008-08-15 11:03:08 | 001,523,712 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
PRC - [2008-08-14 20:14:28 | 000,737,280 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
PRC - [2008-08-13 19:13:36 | 000,425,984 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
PRC - [2008-08-13 19:06:28 | 000,393,216 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2008-08-02 04:44:02 | 000,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2008-07-02 16:20:55 | 000,116,064 | ---- | M] (AOL LLC) -- c:\Program Files\AOL\AOL Toolbar 5.0\AolTbServer.exe
PRC - [2008-06-30 04:40:18 | 000,241,734 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe
PRC - [2008-06-27 21:23:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\AEstSrv.exe
PRC - [2008-04-04 00:03:26 | 000,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2008-01-21 22:39:26 | 000,237,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
PRC - [2008-01-21 08:04:38 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2008-01-21 08:03:22 | 000,643,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008-01-21 08:03:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007-12-12 00:45:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007-10-25 22:53:36 | 000,069,632 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApntEx.exe
PRC - [2007-09-12 20:10:38 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApMsgFwd.exe
PRC - [2007-06-18 15:10:32 | 000,288,768 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2007-06-15 16:55:00 | 000,300,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2007-05-09 04:54:20 | 000,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2006-10-27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006-10-26 20:24:54 | 000,098,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2006-04-14 22:37:20 | 028,933,976 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2003-05-01 03:00:22 | 000,049,152 | ---- | M] (National Instruments) -- C:\Windows\System32\niSvcLoc.exe


========== Modules (SafeList) ==========

MOD - [2010-02-04 19:19:33 | 000,567,296 | ---- | M] (OldTimer Tools) -- C:\Users\abcd\Desktop\OTL.exe
MOD - [2008-01-21 08:03:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
SRV - File not found [On_Demand | Stopped] -- -- (GoogleDesktopManager)
SRV - [2009-04-30 15:58:44 | 000,229,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2008-10-06 22:24:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008-09-11 17:22:52 | 000,237,650 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\stacsv.exe -- (STacSV)
SRV - [2008-08-15 11:03:08 | 001,523,712 | ---- | M] (BitDefender S. R. L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV)
SRV - [2008-08-13 19:06:28 | 000,393,216 | ---- | M] (BitDefender SRL) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2008-08-13 15:04:46 | 000,151,552 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2008-07-17 13:06:56 | 000,139,264 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3)
SRV - [2008-06-30 04:40:18 | 000,241,734 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2008-06-27 21:23:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\AEstSrv.exe -- (AESTFilters)
SRV - [2008-06-16 20:32:28 | 000,114,688 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008-05-06 03:55:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008-04-04 00:03:26 | 000,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx)
SRV - [2008-01-21 08:03:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-12-12 00:45:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007-06-15 16:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006-10-27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006-10-26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006-10-26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006-04-14 22:37:20 | 028,933,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2006-04-14 22:35:58 | 000,240,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2006-04-14 22:34:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005-10-14 16:20:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2004-10-22 15:54:18 | 000,094,208 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004-02-25 14:14:06 | 000,626,688 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License manager)
SRV - [2003-05-01 03:00:22 | 000,049,152 | ---- | M] (National Instruments) [Auto | Running] -- C:\Windows\System32\niSvcLoc.exe -- (niSvcLoc)


========== Driver Services (SafeList) ==========

DRV - [2009-10-11 10:35:37 | 000,453,632 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2009-10-11 10:35:37 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2009-07-29 23:42:10 | 001,326,584 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008-10-23 19:44:40 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008-10-23 19:44:40 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008-10-23 19:44:40 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008-09-11 17:24:44 | 000,389,120 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008-09-02 18:47:10 | 002,472,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008-08-14 18:55:04 | 000,132,800 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2008-08-12 18:40:52 | 000,228,672 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2008-08-12 18:40:32 | 000,108,864 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfm.sys -- (bdfm)
DRV - [2008-07-22 21:12:34 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008-07-21 16:23:02 | 000,100,184 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008-07-15 13:50:24 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008-07-02 13:07:02 | 000,082,568 | ---- | M] (BitDefender S.R.L.) [Kernel | Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys -- (BDVEDISK)
DRV - [2008-04-29 07:24:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008-03-01 04:43:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008-02-26 17:12:40 | 000,008,448 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys -- (BDSelfPr)
DRV - [2008-02-01 04:44:36 | 000,166,448 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008-01-21 08:02:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008-01-21 08:02:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008-01-21 08:02:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008-01-21 08:02:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008-01-21 08:02:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008-01-21 08:02:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008-01-21 08:02:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008-01-21 08:02:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008-01-21 08:02:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008-01-21 08:02:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008-01-21 08:02:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008-01-21 08:02:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008-01-21 08:02:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008-01-21 08:02:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008-01-21 08:02:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008-01-21 08:02:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008-01-21 08:02:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008-01-21 08:02:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008-01-21 08:02:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008-01-21 08:02:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008-01-21 08:02:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008-01-21 08:02:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2008-01-21 08:02:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2007-06-19 05:42:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007-02-22 11:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007-02-22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007-02-22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007-02-22 11:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2006-11-02 15:20:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006-11-02 15:20:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006-11-02 15:20:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006-11-02 15:20:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006-11-02 15:20:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006-11-02 15:20:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006-11-02 15:20:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006-11-02 15:20:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006-11-02 15:20:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006-11-02 15:19:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006-11-02 15:19:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006-11-02 13:55:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006-11-02 13:54:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006-11-02 13:54:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006-11-02 13:54:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006-11-02 13:54:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006-11-02 13:54:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006-11-02 13:06:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006-11-02 13:00:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2006-11-02 12:07:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2003-07-29 10:00:00 | 000,007,140 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2001-11-13 14:17:26 | 000,041,324 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\winio.sys -- (WINIO)
DRV - [2001-06-21 21:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2001-06-21 21:39:02 | 000,020,032 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [1998-07-10 04:31:00 | 000,007,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ds1410d.sys -- (DS1410D)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cnnb


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1923450497-971095460-558320130-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cnnb
IE - HKU\S-1-5-21-1923450497-971095460-558320130-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1923450497-971095460-558320130-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1923450497-971095460-558320130-1003\S-1-5-21-1923450497-971095460-558320130-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1923450497-971095460-558320130-1003\S-1-5-21-1923450497-971095460-558320130-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1923450497-971095460-558320130-1003\S-1-5-21-1923450497-971095460-558320130-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.30.3.3:8080

FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\tbextension\ [2007-01-01 00:58:44 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010-02-04 18:53:11 | 000,000,710 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 ZieF.pl
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-1923450497-971095460-558320130-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKU\S-1-5-21-1923450497-971095460-558320130-1003\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (BitDefender)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe File not found
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1923450497-971095460-558320130-1003..\Run: [Internet Security Service] c:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe ()
O4 - HKU\S-1-5-21-1923450497-971095460-558320130-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1923450497-971095460-558320130-1003..\Run: [Yahoo Messengger] C:\Users\abcd\Desktop\chrome.exe File not found
O4 - Startup: C:\Users\abcd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-IN\local\search.html ()
O8 - Extra context menu item: &WordWeb... - C:\Windows\wweb32.dll (Antony Lewis)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1923450497-971095460-558320130-1003\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-1923450497-971095460-558320130-1003\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.24.2.71
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1923450497-971095460-558320130-1003 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1923450497-971095460-558320130-1003 Winlogon: Shell - (C:\RECYCLER\S-1-5-21-1405839388-0974707950-545627294-7905\nissan.exe) - C:\RECYCLER\S-1-5-21-1405839388-0974707950-545627294-7905\nissan.exe (Avira GmbH)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\abcd\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\abcd\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-19 03:13:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008-08-06 11:03:14 | 000,196,608 | RH-- | M] () - D:\autoply.exe -- [ NTFS ]
O32 - AutoRun File - [2010-01-15 11:16:22 | 000,000,096 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008-08-06 11:03:14 | 000,196,608 | RH-- | M] () - F:\autoply.exe -- [ NTFS ]
O32 - AutoRun File - [2010-01-15 11:16:22 | 000,000,096 | RHS- | M] () - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-01-15 11:16:22 | 000,000,096 | RHS- | M] () - G:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{48f369a1-81de-11de-bf95-00235a3f95f8}\Shell\AutoRun\command - "" = H:\F\UCK\FK.exe -- File not found
O33 - MountPoints2\{48f369a1-81de-11de-bf95-00235a3f95f8}\Shell\open\command - "" = H:\F\UCK\FK.exe -- File not found
O33 - MountPoints2\{9f9b6a82-7cef-11de-a2a9-00235a3f95f8}\Shell\AutoRun\command - "" = H:\ime\moje.exe -- File not found
O33 - MountPoints2\{9f9b6a82-7cef-11de-a2a9-00235a3f95f8}\Shell\explore\command - "" = H:\ime\moje.exe -- File not found
O33 - MountPoints2\{9f9b6a82-7cef-11de-a2a9-00235a3f95f8}\Shell\open\command - "" = H:\ime\moje.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008-01-21 08:16:39 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: SENTINEL - C:\Windows\System32\SNTI386.DLL (Rainbow Technologies, Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010-02-04 19:15:58 | 000,567,296 | ---- | C] (OldTimer Tools) -- C:\Users\abcd\Desktop\OTL.exe
[2010-02-02 19:15:55 | 000,000,000 | ---D | C] -- C:\Users\abcd\Desktop\itech lab
[2010-02-01 13:24:11 | 000,000,000 | ---D | C] -- C:\Users\abcd\Desktop\pc
[2010-01-31 22:57:26 | 000,000,000 | ---D | C] -- C:\Users\abcd\Desktop\Art of Living
[2010-01-31 22:56:39 | 000,000,000 | ---D | C] -- C:\Users\abcd\Desktop\Analog
[2010-01-31 22:56:31 | 000,000,000 | ---D | C] -- C:\Users\abcd\Desktop\Analog Electronics
[2010-01-30 13:50:26 | 000,000,000 | ---D | C] -- C:\Users\abcd\AppData\Roaming\gtk-2.0
[2010-01-30 13:42:05 | 000,000,000 | ---D | C] -- C:\Program Files\Pidgin
[2010-01-28 17:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010-01-27 22:44:05 | 000,000,000 | ---D | C] -- C:\Users\abcd\Desktop\itech-1
[2010-01-27 21:13:45 | 000,000,000 | ---D | C] -- C:\Users\abcd\Desktop\hca founders day 2k10
[2010-01-27 20:54:12 | 000,000,000 | ---D | C] -- C:\Users\abcd\Desktop\seeta aur geeta
[2010-01-27 20:51:43 | 000,000,000 | ---D | C] -- C:\Users\abcd\Desktop\elephant pics
[2010-01-27 20:50:34 | 000,000,000 | ---D | C] -- C:\Users\abcd\Desktop\movies and songs
[2010-01-24 19:46:09 | 000,000,000 | ---D | C] -- C:\Users\abcd\Desktop\images
[2010-01-24 13:03:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2010-01-24 12:53:15 | 000,000,000 | ---D | C] -- C:\Users\abcd\Documents\Flex Builder 3
[2010-01-24 12:49:50 | 000,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry
[2010-01-24 12:49:02 | 000,000,000 | -H-D | C] -- C:\Users\abcd\InstallAnywhere
[2010-01-24 12:28:20 | 459,792,184 | ---- | C] (Macrovision) -- C:\Users\abcd\Desktop\FB3_win.exe
[2010-01-22 21:58:34 | 000,000,000 | ---D | C] -- C:\Users\abcd\AppData\Roaming\.purple
[2010-01-22 21:55:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\GTK
[2010-01-21 18:39:20 | 000,000,000 | ---D | C] -- C:\Users\abcd\Desktop\web enabled instrus
[2010-01-20 13:15:08 | 000,000,000 | ---D | C] -- C:\Users\abcd\Desktop\before cleaning
[2010-01-19 20:59:18 | 000,000,000 | ---D | C] -- C:\Users\abcd\Desktop\NTPC
[2010-01-19 15:09:48 | 000,336,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF19765.exe
[2010-01-19 15:09:48 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010-01-18 22:36:35 | 000,336,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF21761.exe
[2010-01-18 22:36:21 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010-01-18 21:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\DC++
[2010-01-16 20:42:14 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.0.tmp
[2010-01-14 00:12:40 | 000,000,000 | ---D | C] -- C:\Users\abcd\Documents\Downloads
[2010-01-10 23:04:24 | 000,000,000 | ---D | C] -- C:\Users\abcd\Desktop\AnE
[2010-01-10 10:27:30 | 000,195,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010-01-09 22:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\ibibo
[2010-01-09 20:25:25 | 000,000,000 | ---D | C] -- C:\Users\abcd\Desktop\intelligent machines
[2010-01-08 19:07:51 | 000,000,000 | ---D | C] -- C:\Users\abcd\Desktop\automated exptation
[2010-01-08 19:07:40 | 000,000,000 | ---D | C] -- C:\Users\abcd\Desktop\intelligent expts
[2010-01-08 19:07:10 | 000,000,000 | ---D | C] -- C:\Users\abcd\Desktop\web based monitoring
[2010-01-08 18:46:09 | 000,000,000 | ---D | C] -- C:\Users\abcd\AppData\Roaming\Uniblue
[2010-01-08 18:28:39 | 000,000,000 | ---D | C] -- C:\Users\abcd\Desktop\Intelligent_Instrumentation
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-02-04 19:23:29 | 007,340,032 | -HS- | M] () -- C:\Users\abcd\NTUSER.DAT
[2010-02-04 19:19:33 | 000,567,296 | ---- | M] (OldTimer Tools) -- C:\Users\abcd\Desktop\OTL.exe
[2010-02-04 19:00:55 | 000,647,086 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010-02-04 19:00:55 | 000,123,374 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010-02-04 19:00:54 | 000,756,644 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010-02-04 18:53:30 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2010-02-04 18:53:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010-02-04 18:53:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010-02-04 18:53:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-02-04 18:53:11 | 000,000,710 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010-02-04 18:53:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-02-04 18:53:06 | 2075,086,848 | -HS- | M] () -- C:\hiberfil.sys
[2010-02-04 17:14:17 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010-02-04 17:14:07 | 000,524,288 | -HS- | M] () -- C:\Users\abcd\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010-02-04 17:14:07 | 000,065,536 | -HS- | M] () -- C:\Users\abcd\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010-02-04 17:13:49 | 003,482,972 | -H-- | M] () -- C:\Users\abcd\AppData\Local\IconCache.db
[2010-02-04 16:47:11 | 000,000,162 | -H-- | M] () -- C:\Users\abcd\Desktop\~$ftcopy.docx
[2010-02-03 20:43:47 | 000,248,320 | ---- | M] () -- C:\Users\abcd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-01 22:15:25 | 008,199,348 | ---- | M] () -- C:\Users\abcd\Desktop\bintera sanam.WMV
[2010-02-01 22:14:17 | 023,533,568 | ---- | M] () -- C:\Users\abcd\Desktop\chandi jaisa rang hain tera.avi
[2010-02-01 13:30:55 | 000,110,592 | ---- | M] () -- C:\Users\abcd\Desktop\CHE_C441_835_C.doc
[2010-02-01 13:30:54 | 000,046,592 | ---- | M] () -- C:\Users\abcd\Desktop\CHE_C441_835_C_2007_2.doc
[2010-01-30 13:42:12 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\Pidgin.lnk
[2010-01-29 21:54:12 | 004,587,344 | ---- | M] () -- C:\Users\abcd\Desktop\Yes Boss - Chand Tare.mp3
[2010-01-28 16:52:43 | 000,006,080 | ---- | M] () -- C:\Users\abcd\AppData\Local\d3d9caps.dat
[2010-01-25 20:36:41 | 000,058,485 | ---- | M] () -- C:\Users\abcd\Desktop\newone.zip
[2010-01-25 20:36:31 | 000,928,759 | ---- | M] () -- C:\Users\abcd\Desktop\attachments.zip
[2010-01-24 12:45:51 | 459,792,184 | ---- | M] (Macrovision) -- C:\Users\abcd\Desktop\FB3_win.exe
[2010-01-23 15:29:39 | 000,070,204 | ---- | M] () -- C:\Users\abcd\Desktop\541106464-8835744-tickets.pdf
[2010-01-20 23:18:23 | 000,000,000 | ---- | M] () -- C:\Users\abcd\settings.dat
[2010-01-20 23:18:20 | 000,491,520 | ---- | M] ( ) -- C:\Users\abcd\Desktop\RootRepeal.exe
[2010-01-20 23:17:55 | 000,001,707 | ---- | M] () -- C:\Users\abcd\Desktop\Attach.rar
[2010-01-20 23:14:09 | 000,544,768 | ---- | M] () -- C:\Users\abcd\Desktop\dds.scr
[2010-01-20 17:30:07 | 000,012,002 | ---- | M] () -- C:\Users\abcd\Desktop\3-2.docx
[2010-01-19 15:09:42 | 000,336,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF19765.exe
[2010-01-18 22:36:27 | 000,336,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF21761.exe
[2010-01-18 21:26:43 | 000,001,974 | ---- | M] () -- C:\Users\abcd\Desktop\HP Update.lnk
[2010-01-15 11:16:22 | 000,000,096 | RHS- | M] () -- C:\Users\abcd\Desktop\autorun.ini
[2010-01-14 00:17:08 | 000,171,424 | ---- | M] () -- C:\Users\abcd\Desktop\wd-idsattributes-current.pdf
[2010-01-14 00:12:23 | 000,001,997 | ---- | M] () -- C:\Users\abcd\Desktop\Google Chrome.lnk
[2010-01-12 17:02:02 | 000,048,188 | ---- | M] () -- C:\Users\abcd\Desktop\stlouis.9.98.pdf
[2010-01-10 22:32:18 | 000,500,736 | ---- | M] () -- C:\Users\abcd\Desktop\analog_lect1.ppt
[2010-01-09 22:29:46 | 004,782,787 | ---- | M] () -- C:\Users\abcd\Desktop\2003-Space-Communicatino-tsou.pdf
[2010-01-09 20:16:14 | 001,154,649 | ---- | M] () -- C:\Users\abcd\Desktop\ie_sdk.pdf
[2010-01-09 20:10:26 | 000,155,382 | ---- | M] () -- C:\Users\abcd\Desktop\Techcon_System_Intelligent_Module.pdf
[2010-01-09 20:04:13 | 000,061,195 | ---- | M] () -- C:\Users\abcd\Desktop\nips01b.pdf
[2010-01-09 19:14:52 | 000,261,353 | ---- | M] () -- C:\Users\abcd\Desktop\Chapter_37_Intelligent_Tutoring_Systems.pdf
[2010-01-08 21:00:03 | 002,338,655 | ---- | M] () -- C:\Users\abcd\Desktop\handbook of instru and controls(ic-v2.pdf
[2010-01-08 20:58:33 | 001,432,644 | ---- | M] () -- C:\Users\abcd\Desktop\handbook of instru and controls(ic-v1.pdf
[2010-01-08 20:56:22 | 000,344,249 | ---- | M] () -- C:\Users\abcd\Desktop\DigiLinux.pdf
[2010-01-08 20:53:02 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForabcd.job
[2010-01-08 18:32:05 | 000,008,192 | ---- | M] () -- C:\Users\abcd\Desktop\PCI-20377W.rwd
[2010-01-07 16:40:56 | 000,000,553 | ---- | M] () -- C:\Users\abcd\Desktop\radio freq - Shortcut.lnk
[2010-01-07 15:46:05 | 000,013,950 | ---- | M] () -- C:\Users\abcd\Desktop\softcopy.docx
[2010-01-06 18:14:20 | 000,309,099 | ---- | M] () -- C:\Users\abcd\Desktop\Melbourne_Principles.pdf
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-02-04 16:47:11 | 000,000,162 | -H-- | C] () -- C:\Users\abcd\Desktop\~$ftcopy.docx
[2010-02-01 22:15:23 | 008,199,348 | ---- | C] () -- C:\Users\abcd\Desktop\bintera sanam.WMV
[2010-02-01 22:14:13 | 023,533,568 | ---- | C] () -- C:\Users\abcd\Desktop\chandi jaisa rang hain tera.avi
[2010-02-01 13:30:55 | 000,110,592 | ---- | C] () -- C:\Users\abcd\Desktop\CHE_C441_835_C.doc
[2010-02-01 13:30:53 | 000,046,592 | ---- | C] () -- C:\Users\abcd\Desktop\CHE_C441_835_C_2007_2.doc
[2010-01-30 13:42:12 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\Pidgin.lnk
[2010-01-29 21:54:08 | 004,587,344 | ---- | C] () -- C:\Users\abcd\Desktop\Yes Boss - Chand Tare.mp3
[2010-01-25 20:36:41 | 000,058,485 | ---- | C] () -- C:\Users\abcd\Desktop\newone.zip
[2010-01-25 20:36:29 | 000,928,759 | ---- | C] () -- C:\Users\abcd\Desktop\attachments.zip
[2010-01-23 15:29:33 | 000,070,204 | ---- | C] () -- C:\Users\abcd\Desktop\541106464-8835744-tickets.pdf
[2010-01-20 23:18:23 | 000,000,000 | ---- | C] () -- C:\Users\abcd\settings.dat
[2010-01-20 23:17:55 | 000,001,707 | ---- | C] () -- C:\Users\abcd\Desktop\Attach.rar
[2010-01-19 22:07:40 | 000,000,000 | ---- | C] () -- C:\Users\abcd\AppData\Local\QSwitch.txt
[2010-01-19 22:07:40 | 000,000,000 | ---- | C] () -- C:\Users\abcd\AppData\Local\DSwitch.txt
[2010-01-19 22:07:39 | 000,000,000 | ---- | C] () -- C:\Users\abcd\AppData\Local\AtStart.txt
[2010-01-18 21:26:43 | 000,001,974 | ---- | C] () -- C:\Users\abcd\Desktop\HP Update.lnk
[2010-01-15 11:16:22 | 000,000,096 | RHS- | C] () -- C:\Users\abcd\Desktop\autorun.ini
[2010-01-14 00:17:08 | 000,171,424 | ---- | C] () -- C:\Users\abcd\Desktop\wd-idsattributes-current.pdf
[2010-01-14 00:12:23 | 000,001,997 | ---- | C] () -- C:\Users\abcd\Desktop\Google Chrome.lnk
[2010-01-12 17:02:02 | 000,048,188 | ---- | C] () -- C:\Users\abcd\Desktop\stlouis.9.98.pdf
[2010-01-10 22:32:18 | 000,500,736 | ---- | C] () -- C:\Users\abcd\Desktop\analog_lect1.ppt
[2010-01-09 22:29:45 | 004,782,787 | ---- | C] () -- C:\Users\abcd\Desktop\2003-Space-Communicatino-tsou.pdf
[2010-01-09 20:16:13 | 001,154,649 | ---- | C] () -- C:\Users\abcd\Desktop\ie_sdk.pdf
[2010-01-09 20:10:26 | 000,155,382 | ---- | C] () -- C:\Users\abcd\Desktop\Techcon_System_Intelligent_Module.pdf
[2010-01-09 20:04:12 | 000,061,195 | ---- | C] () -- C:\Users\abcd\Desktop\nips01b.pdf
[2010-01-09 19:14:24 | 000,261,353 | ---- | C] () -- C:\Users\abcd\Desktop\Chapter_37_Intelligent_Tutoring_Systems.pdf
[2010-01-08 21:00:03 | 002,338,655 | ---- | C] () -- C:\Users\abcd\Desktop\handbook of instru and controls(ic-v2.pdf
[2010-01-08 20:58:33 | 001,432,644 | ---- | C] () -- C:\Users\abcd\Desktop\handbook of instru and controls(ic-v1.pdf
[2010-01-08 20:56:22 | 000,344,249 | ---- | C] () -- C:\Users\abcd\Desktop\DigiLinux.pdf
[2010-01-08 18:32:05 | 000,008,192 | ---- | C] () -- C:\Users\abcd\Desktop\PCI-20377W.rwd
[2010-01-07 16:40:56 | 000,000,553 | ---- | C] () -- C:\Users\abcd\Desktop\radio freq - Shortcut.lnk
[2010-01-07 15:46:04 | 000,013,950 | ---- | C] () -- C:\Users\abcd\Desktop\softcopy.docx
[2010-01-06 18:14:20 | 000,309,099 | ---- | C] () -- C:\Users\abcd\Desktop\Melbourne_Principles.pdf
[2009-12-19 14:56:29 | 000,000,021 | ---- | C] () -- C:\ProgramData\hpqp.txt
[2009-12-17 13:17:56 | 000,000,179 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009-10-11 10:35:37 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2009-10-11 10:35:31 | 000,007,328 | ---- | C] () -- C:\Windows\System32\drivers\ds1410d.sys
[2009-10-11 10:35:19 | 000,000,178 | ---- | C] () -- C:\Windows\_delis43.ini
[2009-10-11 08:20:35 | 000,028,848 | ---- | C] () -- C:\Windows\System32\drivers\USBkey.sys
[2009-10-11 08:20:35 | 000,024,576 | ---- | C] () -- C:\Windows\System32\KL2DLL32.DLL
[2009-10-11 08:20:35 | 000,008,968 | ---- | C] () -- C:\Windows\System32\KL2DLL.DLL
[2009-10-11 08:20:35 | 000,007,440 | ---- | C] () -- C:\Windows\System32\ppmon.dll
[2009-09-24 13:40:13 | 000,041,324 | ---- | C] () -- C:\Windows\System32\winio.sys
[2009-09-24 13:39:48 | 000,000,080 | ---- | C] () -- C:\Windows\matlab.ini
[2009-08-26 22:54:14 | 000,211,285 | ---- | C] () -- C:\Windows\XWI321.DLL
[2009-08-26 22:54:14 | 000,058,759 | ---- | C] () -- C:\Windows\XWI321TE.DLL
[2009-08-26 22:54:14 | 000,000,091 | ---- | C] () -- C:\Windows\Oxford.ini
[2009-08-17 22:35:34 | 000,006,080 | ---- | C] () -- C:\Users\abcd\AppData\Local\d3d9caps.dat
[2009-07-30 15:53:15 | 000,248,320 | ---- | C] () -- C:\Users\abcd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-07-29 23:56:37 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009-07-29 23:56:29 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009-07-29 23:56:08 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009-07-29 23:55:39 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009-07-29 23:54:42 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009-07-29 23:53:52 | 000,000,286 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009-07-29 23:42:16 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2008-10-23 20:52:38 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008-10-23 20:47:45 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008-10-23 20:46:10 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008-10-23 20:45:02 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008-09-02 18:55:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1554.dll
[2008-07-15 13:50:12 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008-04-23 18:34:48 | 000,176,128 | ---- | C] () -- C:\Windows\System32\txmlutil.dll
[2007-03-29 23:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll
[2007-01-31 14:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2006-11-02 13:10:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003-07-29 10:00:00 | 000,007,140 | ---- | C] () -- C:\Windows\System32\drivers\cvintdrv.sys

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008-01-21 08:04:07 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2008-01-21 08:04:07 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2008-01-21 08:04:26 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008-01-21 08:04:22 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2008-01-21 08:02:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008-01-21 08:02:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008-01-21 08:02:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006-11-02 15:19:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008-01-21 08:02:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008-01-21 08:02:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006-11-02 15:19:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008-10-23 19:44:40 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\drivers\atapi.sys
[2008-10-23 19:44:40 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2008-10-23 19:44:40 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2008-10-23 19:44:40 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2008-10-23 19:44:40 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006-11-02 15:16:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006-11-02 15:16:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007-05-18 10:04:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
[2008-07-17 13:06:54 | 000,001,536 | ---- | M] () MD5=CAA9BBBE220DDB97B81FAC66321B513B -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll

< MD5 for: IASTORV.SYS >
[2008-01-21 08:02:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008-01-21 08:02:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008-01-21 08:02:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006-11-02 15:21:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008-01-21 08:03:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008-01-21 08:03:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006-11-02 15:20:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008-01-21 08:02:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008-01-21 08:02:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008-01-21 08:02:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008-01-21 08:04:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008-01-21 08:04:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\abcd\Desktop\PranavMistry_2009I_480.mp4:TOC.WMV
< End of report >



********************************************************************************************************************************

extras.txt had the foll. contents
*******************************************************************************************************************
OTL Extras logfile created on: 04-02-2010 19:20:19 - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\abcd\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 112.34 Gb Total Space | 12.32 Gb Free Space | 10.96% Space Free | Partition Type: NTFS
Drive D: | 11.25 Gb Total Space | 1.80 Gb Free Space | 16.05% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 54.70 Gb Total Space | 1.57 Gb Free Space | 2.87% Space Free | Partition Type: NTFS
Drive G: | 54.60 Gb Total Space | 1.01 Gb Free Space | 1.85% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ABCD-PC
Current User Name: abcd
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BB02EB69-4975-416D-B004-524FC3DE424D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B998283-8863-43CD-98AF-9FD7FF22CD8B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{24A08FD6-8E90-4507-9792-C637D35730E1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{2AB5BED1-8EA1-4897-AB6A-EE69D1C9DC9E}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{59ED385E-B3BB-4418-9D05-5F55AFEA31F1}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{75F30BBF-B230-4BFB-ACA1-6103DD0D22F2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8A5AB6EA-7B7D-4E8A-B270-5670ECC59C17}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{96996F69-36B7-4B37-940D-51E28751C637}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{1B237EC3-6D9D-43D5-8B0B-345F0AFFA2ED}C:\program files\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
"TCP Query User{45FE3AFB-8B4E-4791-8914-5643C44C97F9}C:\program files\national instruments\labview 7.1\labview.exe" = protocol=6 | dir=in | app=c:\program files\national instruments\labview 7.1\labview.exe |
"TCP Query User{49686EBF-910D-4564-829F-37AC2937CC26}C:\synapticad\bin\syncad.exe" = protocol=6 | dir=in | app=c:\synapticad\bin\syncad.exe |
"TCP Query User{E05DF9EB-B93F-43D8-AC8E-5AB814646B33}C:\program files\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
"UDP Query User{78E10E49-9B0A-4705-82C5-2D0BDE14C1A8}C:\program files\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
"UDP Query User{8C9F7495-3C75-4082-8331-EFCC65B9A925}C:\program files\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
"UDP Query User{BFD14A52-1B42-4CCF-9879-1381EBD51903}C:\program files\national instruments\labview 7.1\labview.exe" = protocol=17 | dir=in | app=c:\program files\national instruments\labview 7.1\labview.exe |
"UDP Query User{F0F37BD7-EE64-4FFA-8AF9-7686AD88C4D6}C:\synapticad\bin\syncad.exe" = protocol=17 | dir=in | app=c:\synapticad\bin\syncad.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03178905-E40F-4FF3-AD16-D9310A89D8A6}" = NI Distribution Information - PDS English
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{1061DF04-CF33-40B0-8360-D07C9BBEB122}" = HP Wireless Assistant
"{11964613-805F-432D-A12B-169554B793E7}" = Nokia Connectivity Cable Driver
"{11A8F66F-7B73-422C-88B6-7187BEF92AE7}" = NI LabVIEW 7.1 Core Essentials
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{251F8A77-7ACB-47BB-98CE-9F671B69D90F}" = NI Example Finder 2.0
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2878CD7B-FD12-4ADE-9B90-11DF678EF18C}" = NI Instrument IO Assistant for LabVIEW 7.1
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{362882AE-E40A-4435-B214-6420634C401F}" = Microsoft Visual C++ Toolkit 2003
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3E0E6066-A687-448D-BFC4-D58BE3399C3B}" = SoftStylus
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{46893F4E-733A-426D-80BE-929A5A269646}" = NI LVBrokerAux71
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{518930BE-7875-4547-B026-20B92F695781}" = NI LabVIEW Run-Time Engine 7.1
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54CED721-471C-4F40-914C-4630DE07CE8D}" = NI LVBroker
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{607C8C4E-5FEC-4656-9DA1-3D6D6B7DE0ED}" = NI LabVIEW Advanced Analysis 7.1
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7EB0D766-982D-4187-88A7-6E0780BAA69F}" = NI LabVIEW Professional Tools 7.1
"{84D0BDE5-5871-4EC8-8D31-63354170BF55}" = NI LabVIEW Picture Control and CIN Tools 7.1
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8ACF317C-CA66-4363-AEBF-A073B124AA1A}" = BitDefender Total Security 2009
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{94435A21-A597-41AC-85BA-680E8348EB50}" = NI LabVIEW Application Builder 7.1
"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A3A9DA06-D9B8-47BE-8179-3AADEB19582A}" = NI Uninstaller
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007
"{B9E3A0D6-5882-43F3-8B3B-23DFB0765F5D}" = PSoC programmer 3.05
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C4CF43CE-94AE-498E-9EB1-C804E05CB3CA}" = HP User Guides 0125
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{D3BA79B7-823E-437A-A7E0-BDB2CB62C7BE}" = NI LabVIEW 7.1
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EC60B018-251A-47E7-A838-CECB70AE46EF}" = NI LabVIEW Service Locator 1.0
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{FCC9BA43-E00A-4269-B0CA-6708ED300914}" = NI LabVIEW Full 7.1
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"170FD164AF1BA6E3F14358DC40AD662EAC143DA4" = Windows Driver Package - Cypress (PSoCUSB) USB (03/13/2008 3.02.0000.4)
"1B5CC3552F168910394E0E089A3F2305E85B9A7F" = Windows Driver Package - Cypress USB Driver for MiniProg3 (03/13/2008 3.02.0000.4)
"27304B7288183824B5B4718F7F2EFA06580DA7C7" = Windows Driver Package - Cypress (PSoCUSB) USB (03/13/2008 3.02.0000.4)
"4077F884D1BB007055BDB83B621D87220A73F30F" = Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
"765F47B50E3B28B1ABA02154DD1D95FA7DDE40AC" = Windows Driver Package - Cypress (PSoCUSB) USB (03/13/2008 3.02.0000.4)
"77B697784113BDBEBE012B20BF379782DE787F6F" = Windows Driver Package - Cypress (PSoCUSB) USB (03/13/2008 3.02.0000.4)
"977ADDA8D54D9A9C4714C708673C9840063B42A2" = Windows Driver Package - Cypress (PSoCUSB) USB (03/13/2008 3.02.0000.4)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Flex Builder 3" = Adobe Flex Builder 3
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AOL Toolbar" = AOL Toolbar 5.0
"ApexDC++" = ApexDC++ 1.2.0
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Business Contact Manager for Outlook 2007" = Business Contact Manager for Outlook 2007
"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DC++" = DC++ 0.698
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GLOBEtrotter FLEXid Drivers" = GLOBEtrotter FLEXid Drivers
"Google Desktop" = Google Desktop
"GTK 2.0" = GTK+ Runtime 2.12.1 rev b (remove only)
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B9E3A0D6-5882-43F3-8B3B-23DFB0765F5D}" = PSoC programmer 3.05
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MTI ModelSim SE 6.1d Deinstall Key" = ModelSim SE 6.1d
"MTI ModelSim SE 6.1d Evaluation Deinstall Key" = ModelSim SE 6.1d Evaluation
"NI Uninstaller" = National Instruments Software
"Nokia PC Suite" = Nokia PC Suite
"Orcad Family Release 9.2 Lite Edition" = Orcad Family Release 9.2 Lite Edition
"Pidgin" = Pidgin
"PRJPRO" = Microsoft Office Project Professional 2007
"Rainbow Sentinel Driver" = Sentinel System Driver
"ST6UNST #1" = TORA
"SynaptiCAD Product Suite" = SynaptiCAD Product Suite
"The KMPlayer" = The KMPlayer (remove only)
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver
"WordWeb" = WordWeb

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1923450497-971095460-558320130-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28-01-2010 13:28:14 | Computer Name = abcd-PC | Source = Application Hang | ID = 1002
Description = The program winzip32.exe version 24.0.8252.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1440 Start Time: 01caa03f3db9b930 Termination Time: 0

Error - 29-01-2010 08:20:50 | Computer Name = abcd-PC | Source = Application Hang | ID = 1002
Description = The program KMPlayer.exe version 2.9.4.1433 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: f20 Start Time: 01caa0db7eaf1d80 Termination Time: 23

Error - 30-01-2010 08:41:44 | Computer Name = abcd-PC | Source = Application Hang | ID = 1002
Description = The program KMPlayer.exe version 2.9.4.1433 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1038 Start Time: 01caa1a61bce6290 Termination Time: 24

Error - 01-02-2010 10:35:00 | Computer Name = abcd-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18000, time stamp
0x47918f11, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc0000005, fault offset 0x00043387, process id 0x1750, application
start time 0x01caa34a25340510.

Error - 02-02-2010 09:47:22 | Computer Name = abcd-PC | Source = Application Error | ID = 1000
Description = Faulting application MultimediaPlayer.exe, version 6.84.211.2, time
stamp 0x46724801, faulting module ntdll.dll, version 6.0.6001.18000, time stamp
0x4791a7a6, exception code 0xc0000374, fault offset 0x000b015d, process id 0x14d0,
application start time 0x01caa40e33e93f70.

Error - 02-02-2010 09:47:35 | Computer Name = abcd-PC | Source = Application Error | ID = 1000
Description = Faulting application MultimediaPlayer.exe, version 6.84.211.2, time
stamp 0x46724801, faulting module ntdll.dll, version 6.0.6001.18000, time stamp
0x4791a7a6, exception code 0xc0000374, fault offset 0x000b015d, process id 0x1690,
application start time 0x01caa40e41868200.

Error - 02-02-2010 09:49:42 | Computer Name = abcd-PC | Source = Application Error | ID = 1000
Description = Faulting application MultimediaPlayer.exe, version 6.84.211.2, time
stamp 0x46724801, faulting module ntdll.dll, version 6.0.6001.18000, time stamp
0x4791a7a6, exception code 0xc0000374, fault offset 0x000b015d, process id 0x8f8,
application start time 0x01caa40e88bacf50.

Error - 02-02-2010 09:50:15 | Computer Name = abcd-PC | Source = Application Error | ID = 1000
Description = Faulting application MultimediaPlayer.exe, version 6.84.211.2, time
stamp 0x46724801, faulting module ntdll.dll, version 6.0.6001.18000, time stamp
0x4791a7a6, exception code 0xc0000374, fault offset 0x000b015d, process id 0xe1c,
application start time 0x01caa40ea4c27810.

Error - 02-02-2010 11:00:42 | Computer Name = abcd-PC | Source = Application Hang | ID = 1002
Description = The program KMPlayer.exe version 2.9.4.1433 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 16ec Start Time: 01caa41870f69110 Termination Time: 36

Error - 02-02-2010 11:09:45 | Computer Name = abcd-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp
0x4907e242, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc0000374, fault offset 0x000b015d, process id 0xa54, application
start time 0x01caa00c2dd942a2.

[ System Events ]
Error - 15-01-2010 11:27:49 | Computer Name = abcd-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 15-01-2010 12:32:24 | Computer Name = abcd-PC | Source = HTTP | ID = 15016
Description =

Error - 15-01-2010 12:34:01 | Computer Name = abcd-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 15-01-2010 12:34:01 | Computer Name = abcd-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 15-01-2010 12:34:01 | Computer Name = abcd-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 15-01-2010 12:37:09 | Computer Name = abcd-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30F7103C&REV_00\4&26a7b9ec&0&00E4)
disappeared from the system without first being prepared for removal.

Error - 15-01-2010 12:37:09 | Computer Name = abcd-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30F7103C&REV_00\4&26a7b9ec&0&02E4)
disappeared from the system without first being prepared for removal.

Error - 15-01-2010 12:37:09 | Computer Name = abcd-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30F7103C&REV_00\4&26a7b9ec&0&03E4)
disappeared from the system without first being prepared for removal.

Error - 15-01-2010 12:37:09 | Computer Name = abcd-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30F7103C&REV_00\4&26a7b9ec&0&04E4)
disappeared from the system without first being prepared for removal.

Error - 15-01-2010 12:40:08 | Computer Name = abcd-PC | Source = HTTP | ID = 15016
Description =


< End of report >
**********************************************************************************************************

#7 sourabhbhambri

sourabhbhambri
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 06 February 2010 - 10:00 AM

the
QUOTE
********************************************************************************
************************************************



are from my side and were not in the files . u may use them to distinguish the 2 files as i said so earlier

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:46 PM

Posted 08 February 2010 - 11:35 AM

Hi,

please run a scan with gmer as well:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 sourabhbhambri

sourabhbhambri
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 09 February 2010 - 05:35 AM

hi,
the results are as follows:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-09 16:02:54
Windows 6.0.6001 Service Pack 1
Running: u1w6mxbt.exe; Driver: C:\Users\abcd\AppData\Local\Temp\kxldrpob.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\winlogon.exe[292] ntdll.dll!NtCreateFile 77778008 5 Bytes CALL 7FFA3F81
.text C:\Windows\system32\winlogon.exe[292] ntdll.dll!NtCreateProcess 777780C8 5 Bytes CALL 7FFA4010
.text C:\Windows\system32\winlogon.exe[292] ntdll.dll!NtCreateProcessEx 777780D8 5 Bytes CALL 7FFA401D
.text C:\Windows\system32\winlogon.exe[292] ntdll.dll!NtOpenFile 777787E8 5 Bytes CALL 7FFA4006
.text C:\Windows\system32\winlogon.exe[292] ntdll.dll!NtQueryInformationProcess 77778A88 5 Bytes CALL 7FFA405E
.text C:\Windows\system32\winlogon.exe[292] ntdll.dll!NtCreateUserProcess 77779438 5 Bytes CALL 7FFA402A
.text C:\Windows\system32\wininit.exe[372] ntdll.dll!NtCreateFile 77778008 5 Bytes CALL 7FF93F81
.text C:\Windows\system32\wininit.exe[372] ntdll.dll!NtCreateProcess 777780C8 5 Bytes CALL 7FF94010
.text C:\Windows\system32\wininit.exe[372] ntdll.dll!NtCreateProcessEx 777780D8 5 Bytes CALL 7FF9401D
.text C:\Windows\system32\wininit.exe[372] ntdll.dll!NtOpenFile 777787E8 5 Bytes CALL 7FF94006
.text C:\Windows\system32\wininit.exe[372] ntdll.dll!NtQueryInformationProcess 77778A88 5 Bytes CALL 7FF9405E
.text C:\Windows\system32\wininit.exe[372] ntdll.dll!NtCreateUserProcess 77779438 5 Bytes CALL 7FF9402A
.text C:\Windows\system32\services.exe[448] ntdll.dll!NtCreateFile 77778008 5 Bytes CALL 7FF93F81
.text C:\Windows\system32\services.exe[448] ntdll.dll!NtCreateProcess 777780C8 5 Bytes CALL 7FF94010
.text C:\Windows\system32\services.exe[448] ntdll.dll!NtCreateProcessEx 777780D8 5 Bytes CALL 7FF9401D
.text C:\Windows\system32\services.exe[448] ntdll.dll!NtOpenFile 777787E8 5 Bytes CALL 7FF94006
.text C:\Windows\system32\services.exe[448] ntdll.dll!NtQueryInformationProcess 77778A88 5 Bytes CALL 7FF9405E
.text C:\Windows\system32\services.exe[448] ntdll.dll!NtCreateUserProcess 77779438 5 Bytes CALL 7FF9402A
.text C:\Windows\system32\lsass.exe[472] ntdll.dll!NtCreateFile 77778008 5 Bytes CALL 7FF93F81
.text C:\Windows\system32\lsass.exe[472] ntdll.dll!NtCreateProcess 777780C8 5 Bytes CALL 7FF94010
.text C:\Windows\system32\lsass.exe[472] ntdll.dll!NtCreateProcessEx 777780D8 5 Bytes CALL 7FF9401D
.text C:\Windows\system32\lsass.exe[472] ntdll.dll!NtOpenFile 777787E8 5 Bytes CALL 7FF94006
.text C:\Windows\system32\lsass.exe[472] ntdll.dll!NtQueryInformationProcess 77778A88 5 Bytes CALL 7FF9405E
.text C:\Windows\system32\lsass.exe[472] ntdll.dll!NtCreateUserProcess 77779438 5 Bytes CALL 7FF9402A
.text C:\Windows\system32\lsm.exe[480] ntdll.dll!NtCreateFile 77778008 5 Bytes CALL 7FF93F81
.text C:\Windows\system32\lsm.exe[480] ntdll.dll!NtCreateProcess 777780C8 5 Bytes CALL 7FF94010
.text C:\Windows\system32\lsm.exe[480] ntdll.dll!NtCreateProcessEx 777780D8 5 Bytes CALL 7FF9401D
.text C:\Windows\system32\lsm.exe[480] ntdll.dll!NtOpenFile 777787E8 5 Bytes CALL 7FF94006
.text C:\Windows\system32\lsm.exe[480] ntdll.dll!NtQueryInformationProcess 77778A88 5 Bytes CALL 7FF9405E
.text C:\Windows\system32\lsm.exe[480] ntdll.dll!NtCreateUserProcess 77779438 5 Bytes CALL 7FF9402A
.text C:\Windows\system32\svchost.exe[612] ntdll.dll!NtCreateFile 77778008 5 Bytes CALL 7FF93F81
.text C:\Windows\system32\svchost.exe[612] ntdll.dll!NtCreateProcess 777780C8 5 Bytes CALL 7FF94010
.text C:\Windows\system32\svchost.exe[612] ntdll.dll!NtCreateProcessEx 777780D8 5 Bytes CALL 7FF9401D
.text C:\Windows\system32\svchost.exe[612] ntdll.dll!NtOpenFile 777787E8 5 Bytes CALL 7FF94006
.text C:\Windows\system32\svchost.exe[612] ntdll.dll!NtQueryInformationProcess 77778A88 5 Bytes CALL 7FF9405E
.text C:\Windows\system32\svchost.exe[612] ntdll.dll!NtCreateUserProcess 77779438 5 Bytes CALL 7FF9402A
.text C:\Windows\system32\svchost.exe[668] ntdll.dll!NtCreateFile 77778008 5 Bytes CALL 7FF93F81
.text C:\Windows\system32\svchost.exe[668] ntdll.dll!NtCreateProcess 777780C8 5 Bytes CALL 7FF94010
.text C:\Windows\system32\svchost.exe[668] ntdll.dll!NtCreateProcessEx 777780D8 5 Bytes CALL 7FF9401D
.text C:\Windows\system32\svchost.exe[668] ntdll.dll!NtOpenFile 777787E8 5 Bytes CALL 7FF94006
.text C:\Windows\system32\svchost.exe[668] ntdll.dll!NtQueryInformationProcess 77778A88 5 Bytes CALL 7FF9405E
.text C:\Windows\system32\svchost.exe[668] ntdll.dll!NtCreateUserProcess 77779438 5 Bytes CALL 7FF9402A
.text C:\Windows\System32\svchost.exe[708] ntdll.dll!NtCreateFile 77778008 5 Bytes CALL 7FF93F81
.text C:\Windows\System32\svchost.exe[708] ntdll.dll!NtCreateProcess 777780C8 5 Bytes CALL 7FF94010
.text C:\Windows\System32\svchost.exe[708] ntdll.dll!NtCreateProcessEx 777780D8 5 Bytes CALL 7FF9401D
.text C:\Windows\System32\svchost.exe[708] ntdll.dll!NtOpenFile 777787E8 5 Bytes CALL 7FF94006
.text C:\Windows\System32\svchost.exe[708] ntdll.dll!NtQueryInformationProcess 77778A88 5 Bytes CALL 7FF9405E
.text C:\Windows\System32\svchost.exe[708] ntdll.dll!NtCreateUserProcess 77779438 5 Bytes CALL 7FF9402A
.text C:\Windows\System32\svchost.exe[788] ntdll.dll!NtCreateFile 77778008 5 Bytes CALL 7FF93F81
.text C:\Windows\System32\svchost.exe[788] ntdll.dll!NtCreateProcess 777780C8 5 Bytes CALL 7FF94010
.text C:\Windows\System32\svchost.exe[788] ntdll.dll!NtCreateProcessEx 777780D8 5 Bytes CALL 7FF9401D
.text C:\Windows\System32\svchost.exe[788] ntdll.dll!NtOpenFile 777787E8 5 Bytes CALL 7FF94006
.text C:\Windows\System32\svchost.exe[788] ntdll.dll!NtQueryInformationProcess 77778A88 5 Bytes CALL 7FF9405E
.text C:\Windows\System32\svchost.exe[788] ntdll.dll!NtCreateUserProcess 77779438 5 Bytes CALL 7FF9402A
.text C:\Windows\system32\svchost.exe[812] ntdll.dll!NtCreateFile 77778008 5 Bytes CALL 7FF93F81
.text C:\Windows\system32\svchost.exe[812] ntdll.dll!NtCreateProcess 777780C8 5 Bytes CALL 7FF94010
.text C:\Windows\system32\svchost.exe[812] ntdll.dll!NtCreateProcessEx 777780D8 5 Bytes CALL 7FF9401D
.text C:\Windows\system32\svchost.exe[812] ntdll.dll!NtOpenFile 777787E8 5 Bytes CALL 7FF94006
.text C:\Windows\system32\svchost.exe[812] ntdll.dll!NtQueryInformationProcess 77778A88 5 Bytes CALL 7FF9405E
.text C:\Windows\system32\svchost.exe[812] ntdll.dll!NtCreateUserProcess 77779438 5 Bytes CALL 7FF9402A
.text C:\Windows\system32\svchost.exe[872] ntdll.dll!NtCreateFile 77778008 5 Bytes CALL 7FF93F81
.text C:\Windows\system32\svchost.exe[872] ntdll.dll!NtCreateProcess 777780C8 5 Bytes CALL 7FF94010
.text C:\Windows\system32\svchost.exe[872] ntdll.dll!NtCreateProcessEx 777780D8 5 Bytes CALL 7FF9401D
.text C:\Windows\system32\svchost.exe[872] ntdll.dll!NtOpenFile 777787E8 5 Bytes CALL 7FF94006
.text C:\Windows\system32\svchost.exe[872] ntdll.dll!NtQueryInformationProcess 77778A88 5 Bytes CALL 7FF9405E
.text C:\Windows\system32\svchost.exe[872] ntdll.dll!NtCreateUserProcess 77779438 5 Bytes CALL 7FF9402A
.text C:\Windows\system32\wbem\wmiprvse.exe[996] ntdll.dll!NtCreateFile 77778008 5 Bytes CALL 7FF93F81
.text C:\Windows\system32\wbem\wmiprvse.exe[996] ntdll.dll!NtCreateProcess 777780C8 5 Bytes CALL 7FF94010
.text C:\Windows\system32\wbem\wmiprvse.exe[996] ntdll.dll!NtCreateProcessEx 777780D8 5 Bytes CALL 7FF9401D
.text C:\Windows\system32\wbem\wmiprvse.exe[996] ntdll.dll!NtOpenFile 777787E8 5 Bytes CALL 7FF94006
.text C:\Windows\system32\wbem\wmiprvse.exe[996] ntdll.dll!NtQueryInformationProcess 77778A88 5 Bytes CALL 7FF9405E
.text C:\Windows\system32\wbem\wmiprvse.exe[996] ntdll.dll!NtCreateUserProcess 77779438 5 Bytes CALL 7FF9402A
.text C:\Windows\Explorer.EXE[1164] ntdll.dll!NtCreateFile 77778008 5 Bytes CALL 7FFA3F81
.text C:\Windows\Explorer.EXE[1164] ntdll.dll!NtCreateProcess 777780C8 5 Bytes CALL 7FFA4010
.text C:\Windows\Explorer.EXE[1164] ntdll.dll!NtCreateProcessEx 777780D8 5 Bytes CALL 7FFA401D
.text C:\Windows\Explorer.EXE[1164] ntdll.dll!NtOpenFile 777787E8 5 Bytes CALL 7FFA4006
.text C:\Windows\Explorer.EXE[1164] ntdll.dll!NtQueryInformationProcess 77778A88 5 Bytes CALL 7FFA405E
.text C:\Windows\Explorer.EXE[1164] ntdll.dll!NtCreateUserProcess 77779438 5 Bytes CALL 7FFA402A
.text C:\Windows\system32\csrss.exe[1520] ntdll.dll!NtCreateFile 77778008 5 Bytes CALL 7FFA3F81
.text C:\Windows\system32\csrss.exe[1520] ntdll.dll!NtCreateProcess 777780C8 5 Bytes CALL 7FFA4010
.text C:\Windows\system32\csrss.exe[1520] ntdll.dll!NtCreateProcessEx 777780D8 5 Bytes CALL 7FFA401D
.text C:\Windows\system32\csrss.exe[1520] ntdll.dll!NtOpenFile 777787E8 5 Bytes CALL 7FFA4006
.text C:\Windows\system32\csrss.exe[1520] ntdll.dll!NtQueryInformationProcess 77778A88 5 Bytes CALL 7FFA405E
.text C:\Windows\system32\csrss.exe[1520] ntdll.dll!NtCreateUserProcess 77779438 5 Bytes CALL 7FFA402A
.text C:\Users\abcd\Desktop\u1w6mxbt.exe[1536] ntdll.dll!NtCreateFile 77778008 5 Bytes CALL 7FFA3F81
.text C:\Users\abcd\Desktop\u1w6mxbt.exe[1536] ntdll.dll!NtCreateProcess 777780C8 5 Bytes CALL 7FFA4010
.text C:\Users\abcd\Desktop\u1w6mxbt.exe[1536] ntdll.dll!NtCreateProcessEx 777780D8 5 Bytes CALL 7FFA401D
.text C:\Users\abcd\Desktop\u1w6mxbt.exe[1536] ntdll.dll!NtOpenFile 777787E8 5 Bytes CALL 7FFA4006
.text C:\Users\abcd\Desktop\u1w6mxbt.exe[1536] ntdll.dll!NtQueryInformationProcess 77778A88 5 Bytes CALL 7FFA405E
.text C:\Users\abcd\Desktop\u1w6mxbt.exe[1536] ntdll.dll!NtCreateUserProcess 77779438 5 Bytes CALL 7FFA402A

---- Services - GMER 1.0.15 ----

Service C:\Windows\System32\alg.exe? (*** hidden *** ) [MANUAL] ALG <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00218668db6a
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247e4be701
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247e4be701@0022fdf88a2b 0x66 0x95 0x43 0xBF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247e4be701@002669c2366b 0x55 0x61 0x37 0x40 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00218668db6a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00247e4be701 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00247e4be701@0022fdf88a2b 0x66 0x95 0x43 0xBF ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00247e4be701@002669c2366b 0x55 0x61 0x37 0x40 ...

---- Files - GMER 1.0.15 ----

File C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe (size mismatch) 143360/125952 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-security-licensing-slc_31bf3856ad364e35_6.0.6001.18000_none_4e777d79f985fac8\SLsvc.exe (size mismatch) 2640896/2623488 bytes executable
File C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\SearchIndexer.exe (size mismatch) 457216/439808 bytes executable

---- EOF - GMER 1.0.15 ----


#10 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:46 PM

Posted 13 February 2010 - 02:13 AM

Hi sourabhbhambri,


Myrti is not available right now, I will be helping you with the continued support.


Step1
  1. If you already have Combofix, please delete that copy and download it again as it's being updated regularly.
  2. Please visit this webpage for download links, and instructions for running the tool:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix
  3. If you have Windows Vista, you can skip the recovery console step...in Vista it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista installation disc.
    If Windows doesn't start correctly, you can use these tools to repair startup problems.
  4. Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix.
  5. Click Yes to allow Combofix to continue scanning for malware.
  6. When done, a log will be produced (or locate it in C:\ComboFix.txt). Please post that log in your next reply.
  7. Do not mouse click on Combofix while it is running. That may cause it to stall.



Step2

Please download Malwarebytes' Anti-Malware from Here or Here
  1. Double Click mbam-setup.exe to install the application.
  2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  3. If an update is found, it will download and install the latest version.
  4. Once the program has loaded, select "Perform Quick Scan", then click Scan.
  5. The scan may take some time to finish,so please be patient.
  6. When the scan is complete, click OK, then Show Results to view the results.
  7. Make sure that everything is checked, and click Remove Selected.
  8. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  9. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
  10. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  11. You can refer to this tutorial

Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


In your next reply, please post back:


1.ComboFix log
2.MBAM log Thanks

#11 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:46 PM

Posted 20 February 2010 - 02:11 AM


Due to Lack of feedback, this topic is now Closed.

Everyone else please start a new topic in the Hijackthis-Malware Removal forum.

Edited by sundavis, 20 February 2010 - 02:12 AM.


#12 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:46 PM

Posted 20 February 2010 - 11:49 AM

Reopen this topic at the request of OP.

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:46 PM

Posted 06 March 2010 - 04:20 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users