View Full Version : Browser Redirection in FF and IE
RCL0000ZK
2010-08-31, 18:56
Hello,
Recently, in Windows 7 Ultimate x64, I noticed that I was not able to access some websites such a microsoft.com, symantec.com, avg.com, etc. I was getting redirected to another website.
Screenshots:
Screeny 1 (http://i33.tinypic.com/wm1e09.jpg)
Screeny 2 (http://i38.tinypic.com/24ou0ld.jpg)
Screeny 3 (http://i33.tinypic.com/2vl9u6f.jpg)
I also have WinXP Pro SP3 as a dual boot OS, so I cross checked it in that and the Websites were correctly accessible.
I sort of panicked and had a rough search in google.com and hence installed and ran Malwarebytes' Anti-Malware. I found out that an infected file did exist and it removed it. Its report:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4501
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
29-08-2010 8:04:22 PM
mbam-log-2010-08-29 (20-04-22).txt
Scan type: Quick scan
Objects scanned: 136387
Time elapsed: 3 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Prajwal\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
Even after that, after a couple of reboots, I did notice that, occassionally I still couldn't access microsft.com, symantec.com... This time it gave me a 403 Error. So, I also installed Spybot S&D, and did a scan (but I did not remove anything). Its report:
--- Search result list ---
Microsoft.Windows.System: [SBI $38594624] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2223402601-1988337269-3417674921-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms
Win32.Bifrost: [SBI $40BAA5FE] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2223402601-1988337269-3417674921-1000\Software\Vítima
Win32.Bifrost: [SBI $71F5C8ED] Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-2223402601-1988337269-3417674921-1000\Software\vítima\NewIdentification
After that, I can access those websites without problem. But, I'm still concerned about the security of my computer. Please help.
DDS Report
DDS (Ver_10-03-17.01) - NTFSX64
Run by Prajwal at 14:37:49.58 on 31-08-2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.91.1033.18.3063.1763 [GMT 5.5:30]
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Windows Uptime\Windows Uptime.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\NeoSmart Technologies\iReboot\iReboot.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
G:\Downloads\dds.com
C:\Windows\system32\conhost.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://search.orbitdownloader.com
mLocal Page = c:\windows\syswow64\blank.htm
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files (x86)\orbitdownloader\orbitcth.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files (x86)\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton internet security\engine\17.7.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton internet security\engine\17.7.0.12\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files (x86)\siber systems\ai roboform\roboform.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\mif5ba~1\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton internet security\engine\17.7.0.12\coIEPlg.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files (x86)\orbitdownloader\GrabPro.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files (x86)\siber systems\ai roboform\roboform.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files (x86)\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsUptime] "c:\program files (x86)\windows uptime\Windows Uptime.exe" /i
uRun: [RoboForm] "c:\program files (x86)\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [<NO NAME>]
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
mRun: [SoundMAXPnP] c:\program files (x86)\analog devices\core\smax4pnp.exe
mRun: [Ai Nap] "c:\program files (x86)\asus\ai suite\ainap\AiNap.exe"
mRun: [QFan Help] "c:\program files (x86)\asus\ai suite\qfan3\QFanHelp.exe"
mRun: [Cpu Level Up help] "c:\program files (x86)\asus\ai suite\CpuLevelUpHelp.exe"
mRun: [Display] c:\program files (x86)\apc\apc powerchute personal edition\DataCollectionLauncher.exe
mRun: [TrueImageMonitor.exe] c:\program files (x86)\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [NokiaMServer] c:\program files (x86)\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [AdobeCS5ServiceManager] "c:\program files (x86)\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files (x86)\common files\adobe\switchboard\SwitchBoard.exe
mRun: [NexusServer] "c:\program files (x86)\common files\grass valley\procoder 3\kernel\PNXSERVR.exe" -SelfLaunch
dRunOnce: [<NO NAME>]
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\apcups~1.lnk - c:\program files (x86)\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\ireboo~1.lnk - c:\program files (x86)\neosmart technologies\ireboot\iReboot.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\powerm~1.lnk - e:\programs\powermenu_1_5_1\PowerMenu.exe
uPolicies-explorer: NoStartMenuMorePrograms = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - c:\program files (x86)\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\orbitdownloader\orbitmxt.dll/204
IE: Customize Menu - file://c:\program files (x86)\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Do&wnload selected by Orbit - c:\program files (x86)\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\mif5ba~1\office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files (x86)\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files (x86)\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files (x86)\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files (x86)\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files (x86)\microsoft office\office14\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files (x86)\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
Trusted Zone: kuaiche.com\software
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [SoundMAX] c:\program files (x86)\analog devices\soundmax\soundmax.exe /tray
mRun-x64: [IAAnotif] c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun-x64: [Acronis Scheduler2 Service] "c:\program files (x86)\common files\acronis\schedule2\schedhlp.exe"
mRun-x64: [AdobeAAMUpdater-1.0] "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\users\prajwal\appdata\roaming\mozilla\firefox\profiles\febeprof.default2\
FF - component: c:\program files (x86)\adobe\adobe contribute cs5\plugins\firefoxplugin\{01a8ca0a-4c96-465b-a49b-65c46fad54f9}\components\Contribute.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\program files (x86)\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\prajwal\appdata\roaming\mozilla\firefox\profiles\febeprof.default2\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\prajwal\appdata\roaming\mozilla\firefox\profiles\febeprof.default2\extensions\{22119944-ed35-4ab1-910b-e619ea06a115}\components\rfproxy_31.dll
FF - component: c:\users\prajwal\appdata\roaming\mozilla\firefox\profiles\febeprof.default2\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\progra~2\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~2\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npContribute.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-8-21 55280]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nisx64\1107000.00c\symds64.sys [2010-6-12 433200]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nisx64\1107000.00c\symefa64.sys [2010-6-12 221232]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [2010-8-7 1477728]
R1 BHDrvx64;BHDrvx64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20100810.004\BHDrvx64.sys [2010-8-10 945200]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nisx64\1107000.00c\cchpx64.sys [2010-6-12 615040]
R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20100827.001\IDSviA64.sys [2010-8-28 463408]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nisx64\1107000.00c\ironx64.sys [2010-6-12 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nisx64\1107000.00c\symtdiv.sys [2010-6-12 451120]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\common files\acronis\cdp\afcdpsrv.exe [2010-8-7 2480048]
R2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2010-2-2 65024]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\asus\assysctrlservice\1.00.02\AsSysCtrlService.exe [2010-7-21 96896]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [2010-5-20 20968]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [2010-7-14 21480]
R2 iReboot;iReboot Background Service;c:\program files (x86)\neosmart technologies\ireboot\iRebootd.exe [2009-9-15 17408]
R2 NIS;Norton Internet Security;c:\program files (x86)\norton internet security\engine\17.7.0.12\ccsvchst.exe [2010-6-12 126392]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-8-30 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-7-9 248936]
R2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-5-10 130560]
R2 WDFME;WD File Management Engine;c:\program files (x86)\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-5-10 1858048]
R2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\western digital\wd smartware\front parlor\WDSC.exe [2010-5-10 483328]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-8-7 252512]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-8-29 132656]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclk64.sys [2009-9-15 42088]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-1-23 19544]
R3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3);c:\windows\system32\drivers\wfeaglxt.sys [2010-1-22 474496]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-5-20 393728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x64.sys [2010-2-10 19432]
S3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2010-2-26 25088]
S3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2010-2-26 19456]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SwitchBoard;SwitchBoard;c:\program files (x86)\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys [2010-2-10 16384]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam64.sys [2009-2-13 14464]
=============== Created Last 30 ================
2010-08-30 10:07:34 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-30 10:07:34 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-08-30 01:22:27 3288 ------w- C:\bootsqm.dat
2010-08-29 14:27:22 0 d-----w- c:\users\prajwal\appdata\roaming\Malwarebytes
2010-08-29 14:27:15 0 d-----w- c:\programdata\Malwarebytes
2010-08-29 14:27:14 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-29 14:27:14 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-08-26 17:37:39 0 d-----w- c:\program files\Recuva
2010-08-25 15:09:35 0 d-----w- c:\users\prajwal\appdata\roaming\Tific
2010-08-24 17:56:22 0 d-----w- c:\users\prajwal\appdata\roaming\PACE Anti-Piracy
2010-08-24 17:56:22 0 d-----w- c:\programdata\PACE Anti-Piracy
2010-08-22 16:56:58 532480 ----a-w- c:\windows\syswow64\csdshowcodc.dll
2010-08-22 16:56:58 376832 ----a-w- c:\windows\syswow64\hlDVSD.dll
2010-08-22 16:56:58 159832 ----a-w- c:\windows\syswow64\cscDVSD.dll
2010-08-21 16:38:02 0 d-----w- c:\programdata\regid.1986-12.com.adobe
2010-08-21 16:06:19 0 d-----w- c:\programdata\ALM
2010-08-21 15:55:57 55280 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2010-08-21 15:55:57 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-08-21 15:55:57 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-08-21 15:55:57 0 d-----w- c:\program files (x86)\My Company Name
2010-08-21 15:55:57 0 d-----w- c:\program files (x86)\common files\Sonic Shared
2010-08-21 15:55:57 0 d-----w- c:\program files (x86)\common files\PX Storage Engine
2010-08-21 15:54:13 0 d-----w- c:\program files\common files\Adobe
2010-08-21 15:54:09 0 d-----w- c:\program files\Adobe
2010-08-21 15:52:45 0 d-----w- c:\programdata\Adobe
2010-08-20 16:40:35 1580 ----a-w- c:\windows\system32\PDBootState
2010-08-20 16:38:18 0 d-----w- c:\programdata\Raxco
2010-08-20 16:38:18 0 d-----w- c:\program files\Raxco
2010-08-20 16:04:16 0 d-----w- c:\windows\system32\appmgmt
2010-08-20 12:56:38 1877504 ----a-w- c:\windows\system32\msxml3.dll
2010-08-20 12:56:38 1233920 ----a-w- c:\windows\syswow64\msxml3.dll
2010-08-20 12:56:14 3122688 ----a-w- c:\windows\system32\win32k.sys
2010-08-20 12:54:59 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-08-20 12:54:44 463360 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-20 12:54:44 404992 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-20 12:54:44 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-20 12:54:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-20 12:54:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-08-20 12:54:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-08-20 12:54:10 340992 ----a-w- c:\windows\system32\schannel.dll
2010-08-20 12:54:10 224256 ----a-w- c:\windows\syswow64\schannel.dll
2010-08-15 11:27:41 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-08-15 11:27:23 144384 ----a-w- c:\windows\system32\cdd.dll
2010-08-15 08:49:20 0 d-----w- c:\users\prajwal\appdata\roaming\Nokia Ovi Suite
2010-08-15 08:47:31 0 d-----w- c:\programdata\Nokia
2010-08-15 08:46:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2010-08-15 08:46:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
2010-08-15 08:45:06 0 d-----w- c:\programdata\PC Suite
2010-08-15 08:43:34 0 d-----w- c:\program files (x86)\common files\Nokia
2010-08-15 08:43:16 25600 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys
2010-08-15 08:43:16 0 d-----w- c:\program files\DIFX
2010-08-15 08:43:07 0 d-----w- c:\program files (x86)\PC Connectivity Solution
2010-08-15 08:42:55 69120 ----a-w- c:\windows\system32\nmwcdclsx64.dll
2010-08-15 08:38:24 0 d-----w- c:\programdata\NokiaInstallerCache
2010-08-15 08:38:24 0 d-----w- c:\program files (x86)\Nokia
2010-08-10 06:57:12 265992 ----a-w- c:\windows\system32\PDBoot.exe
2010-08-08 05:37:04 0 d-----w- c:\programdata\Acronis
2010-08-07 15:35:44 252512 ----a-w- c:\windows\system32\drivers\afcdp.sys
2010-08-07 15:35:43 1477728 ----a-w- c:\windows\system32\drivers\tdrpm258.sys
2010-08-07 15:35:41 943712 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-08-07 15:35:39 271456 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-08-07 14:27:24 0 d-----w- c:\program files\Western Digital
2010-08-07 14:27:24 0 d-----w- c:\program files (x86)\Western Digital
2010-08-07 14:25:33 0 d-----w- c:\programdata\Western Digital
2010-08-07 14:21:21 0 d-----w- c:\program files (x86)\common files\Futuremark Shared
2010-08-07 14:21:19 0 d-----w- c:\programdata\Futuremark
2010-08-07 14:20:51 0 d-----w- c:\program files (x86)\Futuremark
2010-08-05 17:41:54 0 d-----w- c:\program files (x86)\Microsoft Games
2010-08-05 17:41:35 0 d-----w- c:\programdata\Microsoft Games
2010-08-05 16:10:15 0 d-----w- c:\users\prajwal\appdata\roaming\Microsoft Game Studios
==================== Find3M ====================
2010-07-16 13:56:52 22 --sha-w- c:\users\prajwal\appdata\roaming\Sys6925.Config Collection.sys
2010-07-11 05:54:11 57344 ----a-w- c:\windows\syswow64\CleanMem.exe
2010-07-09 10:57:02 159336 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-09 10:57:02 1585256 ----a-w- c:\windows\system32\nvsvc64.dll
2010-07-09 10:57:02 15314024 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 10:57:02 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 07:49:02 21480 ----a-w- c:\windows\system32\drivers\cpuz134_x64.sys
2010-07-05 08:30:38 1042432 ----a-w- c:\windows\mini-KMS_Activator_v1.3_Office2010_VL_ENG.exe
2010-07-05 07:56:25 25594 ----a-w- c:\users\prajwal\appdata\roaming\SQLite3.dll
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-19 06:53:18 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 06:23:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll
2010-06-07 23:58:00 3184744 ----a-w- c:\windows\system32\nvencodemft.dll
2010-06-07 23:58:00 2890856 ----a-w- c:\windows\syswow64\nvencodemft.dll
2010-06-07 23:58:00 255592 ----a-w- c:\windows\system32\nvcod1921.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 14:38:11.59 ===============
Hi,
If any issues left do the following.
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Copy-paste following contents into custom scan -area:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\System32\Wbem\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
RCL0000ZK
2010-09-04, 18:09
FYI: Screenshot (http://i53.tinypic.com/vymoy.jpg) of OTL when I used it.
*****OTL*****
OTL logfile created on: 04-09-2010 8:03:03 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = G:\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): g:\pagefile.sys 4594 4594
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200.01 Gb Total Space | 142.62 Gb Free Space | 71.31% Space Free | Partition Type: NTFS
Drive D: | 100.01 Gb Total Space | 9.92 Gb Free Space | 9.92% Space Free | Partition Type: NTFS
Drive E: | 150.01 Gb Total Space | 69.00 Gb Free Space | 46.00% Space Free | Partition Type: NTFS
Drive F: | 150.01 Gb Total Space | 75.13 Gb Free Space | 50.08% Space Free | Partition Type: NTFS
Drive G: | 330.98 Gb Total Space | 70.29 Gb Free Space | 21.24% Space Free | Partition Type: NTFS
Drive H: | 517.72 Mb Total Space | 436.89 Mb Free Space | 84.39% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Computer Name: ZION-V2
Current User Name: Prajwal
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - G:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
PRC - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)
PRC - C:\Program Files (x86)\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe ()
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files (x86)\Windows Uptime\Windows Uptime.exe ( )
========== Modules (SafeList) ==========
MOD - G:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Raxco Software, Inc.)
SRV:64bit: - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.)
SRV:64bit: - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (WDFME) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
SRV - (WDSC) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (UpdateCenterService) -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe (NVIDIA)
SRV - (nTuneService) -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (iReboot) -- C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (APC UPS Service) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\Windows\SysNative\drivers\tdrpm258.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (cpuz134) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symtdiv.sys (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (cpuz133) -- C:\Windows\SysNative\drivers\cpuz133_x64.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.sys (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (nvoclk64) -- C:\Windows\SysNative\drivers\nvoclk64.sys (NVIDIA Corp.)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds64.sys (Symantec Corporation)
DRV:64bit: - (WFLR6654) WinFast TV2000 XP Expert (FM1216MK3) -- C:\Windows\SysNative\drivers\wfeaglxt.sys (Leadtek Research Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (cpuz132) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (Hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100810.004\BHDrvx64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100903.050\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100903.050\ENG64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100903.003\IDSviA64.sys (Symantec Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.2
FF - prefs.js..browser.startup.homepage: "http://search.orbitdownloader.com"
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010-06-16 21:03:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010-01-23 10:36:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-29 23:18:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2010-01-23 12:09:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010-08-15 14:13:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010-08-21 21:28:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-08-18 23:03:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-08-22 10:03:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010-08-15 14:13:19 | 000,000,000 | ---D | M]
[2010-01-22 19:57:41 | 000,000,000 | ---D | M] -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Extensions
[2010-09-04 19:59:44 | 000,000,000 | ---D | M] -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions
[2010-01-22 21:04:09 | 000,000,000 | ---D | M] (MacOSX Theme) -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\{00352F14-3F76-4e4d-ACFF-9976D7E4B3B9}
[2010-08-15 16:06:34 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010-09-04 19:59:36 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010-05-01 21:13:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-06-16 22:19:30 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}
[2010-09-04 19:59:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010-06-12 13:27:26 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010-01-22 21:04:09 | 000,000,000 | ---D | M] (Duplicate Tab) -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\{61ED2A9A-39EB-4AAF-BD14-06DFBE8880C3}
[2010-08-15 16:06:38 | 000,000,000 | ---D | M] (Mozilla Archive Format) -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}
[2010-08-18 22:33:13 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-06-19 19:16:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010-06-12 13:27:26 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010-01-22 21:04:08 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2010-08-18 22:33:13 | 000,000,000 | ---D | M] -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\autopager@mozilla.org
[2010-06-12 13:27:27 | 000,000,000 | ---D | M] -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\closeothertabs@florian-volk.net
[2010-09-04 19:59:38 | 000,000,000 | ---D | M] -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\foxmarks@kei.com
[2010-08-18 23:18:21 | 000,000,000 | ---D | M] -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\imageblock@hemantvats.com
[2010-08-15 16:06:33 | 000,000,000 | ---D | M] -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\LDSI_plashcor@gmail.com
[2010-01-22 21:04:10 | 000,000,000 | ---D | M] -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\OPIE@guid.customsoftwareconsult.com
[2010-01-22 21:04:10 | 000,000,000 | ---D | M] -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\quickdrag@mozilla.ktechcomputing.com
[2010-01-22 21:04:08 | 000,000,000 | ---D | M] -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\urlalias@zibada.xgm.ru
[2010-01-22 21:04:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\{00352F14-3F76-4e4d-ACFF-9976D7E4B3B9}\chrome\mozapps\extensions
[2010-05-15 20:49:23 | 000,000,000 | ---D | M] -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\kamo640c.default\extensions
[2010-01-22 21:01:20 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\kamo640c.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010-07-14 18:08:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010-07-14 18:08:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-03-27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
[2010-04-12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2010-08-21 21:22:46 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [Display] C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe (American Power Conversion Corporation)
O4 - HKLM..\Run: [NexusServer] C:\Program Files (x86)\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe ()
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WindowsUptime] C:\Program Files (x86)\Windows Uptime\Windows Uptime.exe ( )
O4:64bit: - Startup: C:\Windows\SysNative\GroupPolicy\Machine\Scripts\Startup\peerblock.dmp ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 1
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{01293143-a22e-11df-aab0-0026180866b2}\Shell - "" = AutoRun
O33 - MountPoints2\{01293143-a22e-11df-aab0-0026180866b2}\Shell\AutoRun\command - "" = K:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (PDBoot.exe) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.LAGS - lagarith.dll ( )
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\SysWow64\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.CDV5 - C:\Windows\SysWow64\cdv5codc.dll (Canopus Co., Ltd.)
Drivers32: vidc.CDVC - C:\Windows\SysWow64\cdvccodc.dll (Canopus Co., Ltd.)
Drivers32: vidc.CDVH - C:\Windows\SysWow64\cdvhcodc.dll (Canopus Co., Ltd.)
Drivers32: vidc.CLLC - C:\Windows\SysWow64\cllccodc.dll (Canopus Co., Ltd.)
Drivers32: vidc.cmic - cmiccodc.dll File not found
Drivers32: vidc.CUVC - C:\Windows\SysWow64\cuvccodc.dll (Canopus Co., Ltd.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\SysWow64\divx.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\Windows\SysWow64\hlDVSD.dll (Canopus Co., Ltd.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\Windows\SysWow64\huffyuv.dll (Disappearing Inc.)
Drivers32: VIDC.LAGS - C:\Windows\SysWow64\lagarith.dll ( )
Drivers32: VIDC.X264 - C:\Windows\SysWow64\x264vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2010-08-31 14:31:32 | 000,000,000 | ---D | C] -- C:\Users\Prajwal\AppData\Local\Adobe
[2010-08-30 15:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010-08-30 15:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010-08-29 19:57:22 | 000,000,000 | ---D | C] -- C:\Users\Prajwal\AppData\Roaming\Malwarebytes
[2010-08-29 19:57:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010-08-29 19:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010-08-29 19:57:14 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010-08-29 19:57:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010-08-26 23:07:39 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2010-08-25 20:39:35 | 000,000,000 | ---D | C] -- C:\Users\Prajwal\AppData\Roaming\Tific
[2010-08-24 23:26:22 | 000,000,000 | ---D | C] -- C:\Users\Prajwal\AppData\Roaming\PACE Anti-Piracy
[2010-08-24 23:26:22 | 000,000,000 | ---D | C] -- C:\Users\Prajwal\AppData\Local\PACE Anti-Piracy
[2010-08-24 23:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2010-08-23 19:59:44 | 000,000,000 | ---D | C] -- E:\Users\Prajwal\Documents\Delhi.10-07-08_17-17_1.02_MPEG2_DVD_PAL(Mastering)
[2010-08-22 22:50:00 | 000,000,000 | ---D | C] -- E:\Users\Prajwal\Documents\Delhi.10-07-08_17-17.02_MPEG2_DVD_PAL(Mastering)
[2010-08-22 22:26:58 | 000,532,480 | ---- | C] (Canopus Co., Ltd.) -- C:\Windows\SysWow64\csdshowcodc.dll
[2010-08-22 22:26:58 | 000,376,832 | ---- | C] (Canopus Co., Ltd.) -- C:\Windows\SysWow64\hlDVSD.dll
[2010-08-22 22:26:58 | 000,159,832 | ---- | C] (Canopus Co., Ltd.) -- C:\Windows\SysWow64\cscDVSD.dll
[2010-08-21 22:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010-08-21 21:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2010-08-21 21:29:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2010-08-21 21:26:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2010-08-21 21:25:57 | 000,055,280 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2010-08-21 21:25:57 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdralw2k.sys
[2010-08-21 21:25:57 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdr4_xp.sys
[2010-08-21 21:25:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2010-08-21 21:25:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010-08-21 21:25:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2010-08-21 21:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010-08-21 21:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010-08-21 21:23:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010-08-21 21:23:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010-08-21 21:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010-08-21 21:21:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010-08-20 22:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Raxco
[2010-08-20 22:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\Raxco
[2010-08-20 21:34:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010-08-20 18:25:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010-08-20 18:25:47 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010-08-20 18:25:47 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010-08-20 18:25:46 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010-08-20 18:25:46 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010-08-20 18:25:45 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010-08-20 18:25:28 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010-08-20 18:25:28 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010-08-20 18:24:59 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010-08-20 18:24:29 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010-08-20 18:24:29 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010-08-20 18:24:29 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010-08-15 17:31:15 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010-08-15 17:31:15 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010-08-15 17:31:15 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010-08-15 17:31:14 | 019,114,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010-08-15 17:31:14 | 014,092,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010-08-15 17:31:14 | 005,107,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2010-08-15 17:31:14 | 000,382,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2010-08-15 17:31:14 | 000,314,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2010-08-15 17:31:13 | 009,818,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2010-08-15 17:31:13 | 003,089,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010-08-15 17:31:13 | 002,892,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010-08-15 17:31:11 | 010,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010-08-15 17:31:11 | 006,116,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010-08-15 17:31:11 | 004,553,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010-08-15 17:31:11 | 002,761,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010-08-15 17:31:11 | 002,506,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010-08-15 17:31:10 | 014,513,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010-08-15 17:31:10 | 001,625,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2010-08-15 17:31:10 | 000,260,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1922.dll
[2010-08-15 17:31:10 | 000,260,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll
[2010-08-15 16:57:23 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010-08-15 16:42:16 | 000,000,000 | ---D | C] -- E:\Users\Prajwal\Documents\Ovi
[2010-08-15 14:19:20 | 000,000,000 | ---D | C] -- C:\Users\Prajwal\AppData\Roaming\Nokia Ovi Suite
[2010-08-15 14:19:19 | 000,000,000 | ---D | C] -- C:\Users\Prajwal\AppData\Roaming\Nokia
[2010-08-15 14:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia
[2010-08-15 14:15:07 | 000,000,000 | ---D | C] -- C:\Users\Prajwal\AppData\Local\NokiaAccount
[2010-08-15 14:15:07 | 000,000,000 | ---D | C] -- C:\Users\Prajwal\AppData\Local\Nokia
[2010-08-15 14:15:06 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2010-08-15 14:14:16 | 000,000,000 | ---D | C] -- C:\Users\Prajwal\AppData\Roaming\PC Suite
[2010-08-15 14:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia
[2010-08-15 14:13:16 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys
[2010-08-15 14:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010-08-15 14:13:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010-08-15 14:13:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2010-08-15 14:12:55 | 000,069,120 | ---- | C] (Nokia) -- C:\Windows\SysNative\nmwcdclsx64.dll
[2010-08-15 14:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2010-08-15 14:08:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia
[2010-08-10 12:27:12 | 000,265,992 | ---- | C] (Raxco Software, Inc.) -- C:\Windows\SysNative\PDBoot.exe
[2010-08-08 11:10:14 | 000,000,000 | ---D | C] -- C:\Users\Prajwal\AppData\Roaming\Acronis
[2010-08-08 11:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2010-08-07 21:05:44 | 000,252,512 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\afcdp.sys
[2010-08-07 21:05:43 | 001,477,728 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\tdrpm258.sys
[2010-08-07 21:05:41 | 000,943,712 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys
[2010-08-07 21:05:39 | 000,271,456 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys
[2010-08-07 21:05:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2010-08-07 21:05:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis
[2010-08-07 19:57:58 | 000,000,000 | ---D | C] -- C:\Users\Prajwal\AppData\Local\WDC
[2010-08-07 19:57:24 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2010-08-07 19:57:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital
[2010-08-07 19:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2010-08-07 19:54:14 | 000,000,000 | ---D | C] -- C:\Users\Prajwal\AppData\Local\Western Digital
[2010-08-07 19:51:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Futuremark Shared
[2010-08-07 19:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Futuremark
[2010-08-07 19:50:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark
[2010-08-05 23:11:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2010-08-05 23:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Games
[2010-08-05 21:41:35 | 000,000,000 | ---D | C] -- C:\Users\Prajwal\AppData\Local\Microsoft Game Studios
[2010-08-05 21:40:15 | 000,000,000 | ---D | C] -- C:\Users\Prajwal\AppData\Roaming\Microsoft Game Studios
[2010-02-03 16:00:40 | 000,121,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
========== Files - Modified Within 30 Days ==========
[2010-09-04 20:05:38 | 003,932,160 | -HS- | M] () -- C:\Users\Prajwal\NTUSER.DAT
[2010-09-04 19:41:05 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-09-04 19:41:05 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-09-04 19:33:18 | 3211,874,304 | -HS- | M] () -- C:\hiberfil.sys
[2010-09-04 19:33:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-09-04 19:33:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-09-02 22:09:51 | 003,259,758 | -H-- | M] () -- C:\Users\Prajwal\AppData\Local\IconCache.db
[2010-08-30 15:44:48 | 000,001,316 | ---- | M] () -- C:\Users\Prajwal\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010-08-30 15:44:48 | 000,001,292 | ---- | M] () -- C:\Users\Prajwal\Desktop\Spybot - Search & Destroy.lnk
[2010-08-30 06:52:27 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2010-08-29 19:57:18 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-08-27 00:29:01 | 000,003,061 | ---- | M] () -- E:\Users\Prajwal\Documents\DVDVideo1_DVD.nrd
[2010-08-26 22:57:20 | 000,782,154 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010-08-26 22:57:20 | 000,668,698 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010-08-26 22:57:20 | 000,126,364 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010-08-22 22:47:15 | 000,005,120 | ---- | M] () -- C:\Users\Prajwal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-08-22 10:03:02 | 004,902,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010-08-21 22:08:02 | 000,085,480 | ---- | M] () -- C:\Users\Prajwal\AppData\Local\GDIPFONTCACHEV1.DAT
[2010-08-21 18:42:29 | 000,001,580 | ---- | M] () -- C:\Windows\SysNative\PDBootState
[2010-08-18 18:40:16 | 000,001,623 | ---- | M] () -- C:\Users\Prajwal\Desktop\halo2 - Shortcut.lnk
[2010-08-15 14:16:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2010-08-15 14:16:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[2010-08-15 14:14:11 | 000,002,063 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk
[2010-08-10 12:27:12 | 000,265,992 | ---- | M] (Raxco Software, Inc.) -- C:\Windows\SysNative\PDBoot.exe
[2010-08-07 21:05:44 | 000,252,512 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\afcdp.sys
[2010-08-07 21:05:43 | 001,477,728 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\tdrpm258.sys
[2010-08-07 21:05:41 | 000,943,712 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys
[2010-08-07 21:05:39 | 000,271,456 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys
[2010-08-07 21:05:38 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\Acronis One-Click Backup.lnk
[2010-08-07 21:05:37 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Acronis True Image Home 2010.lnk
[2010-08-07 20:22:58 | 000,001,341 | ---- | M] () -- C:\Users\Prajwal\Desktop\HDBENCH.EXE - Shortcut.lnk
[2010-08-07 19:57:51 | 000,000,151 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010-08-07 19:51:33 | 000,001,182 | ---- | M] () -- C:\Users\Public\Desktop\PCMark Vantage x64.lnk
[2010-08-07 19:51:33 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\PCMark Vantage.lnk
[2010-08-05 23:08:16 | 000,000,787 | ---- | M] () -- C:\ProgramData\Microsoft Games.rar
[2010-08-05 22:49:55 | 000,001,550 | ---- | M] () -- C:\Users\Prajwal\Desktop\jv16PT.exe - Shortcut.lnk
RCL0000ZK
2010-09-04, 18:10
========== Files Created - No Company Name ==========
[2010-09-04 19:33:18 | 3211,874,304 | -HS- | C] () -- C:\hiberfil.sys
[2010-08-30 15:37:38 | 000,001,316 | ---- | C] () -- C:\Users\Prajwal\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010-08-30 15:37:38 | 000,001,292 | ---- | C] () -- C:\Users\Prajwal\Desktop\Spybot - Search & Destroy.lnk
[2010-08-30 06:52:27 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2010-08-29 19:57:18 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-08-27 00:29:01 | 000,003,061 | ---- | C] () -- E:\Users\Prajwal\Documents\DVDVideo1_DVD.nrd
[2010-08-20 22:10:35 | 000,001,580 | ---- | C] () -- C:\Windows\SysNative\PDBootState
[2010-08-18 18:40:16 | 000,001,623 | ---- | C] () -- C:\Users\Prajwal\Desktop\halo2 - Shortcut.lnk
[2010-08-15 14:16:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2010-08-15 14:16:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[2010-08-15 14:14:09 | 000,002,063 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk
[2010-08-07 21:05:37 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\Acronis One-Click Backup.lnk
[2010-08-07 21:05:37 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Acronis True Image Home 2010.lnk
[2010-08-07 20:22:58 | 000,001,341 | ---- | C] () -- C:\Users\Prajwal\Desktop\HDBENCH.EXE - Shortcut.lnk
[2010-08-07 19:57:51 | 000,000,151 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010-08-07 19:51:33 | 000,001,182 | ---- | C] () -- C:\Users\Public\Desktop\PCMark Vantage x64.lnk
[2010-08-07 19:51:33 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\PCMark Vantage.lnk
[2010-08-05 23:08:16 | 000,000,787 | ---- | C] () -- C:\ProgramData\Microsoft Games.rar
[2010-08-05 22:49:55 | 000,001,550 | ---- | C] () -- C:\Users\Prajwal\Desktop\jv16PT.exe - Shortcut.lnk
[2010-07-16 19:26:52 | 000,000,022 | -HS- | C] () -- C:\Users\Prajwal\AppData\Roaming\Sys6925.Config Collection.sys
[2010-07-05 13:26:25 | 000,025,594 | ---- | C] () -- C:\Users\Prajwal\AppData\Roaming\SQLite3.dll
[2010-06-27 23:15:39 | 000,787,760 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010-06-27 19:17:19 | 000,000,000 | ---- | C] () -- C:\Windows\SMMVSplitter.INI
[2010-03-13 22:25:02 | 000,000,917 | ---- | C] () -- C:\Users\Prajwal\AppData\Roaming\coreavc.ini
[2010-02-08 22:52:18 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010-02-03 15:59:22 | 000,005,120 | ---- | C] () -- C:\Users\Prajwal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-03 15:57:07 | 002,378,752 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2010-02-03 15:57:07 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010-02-03 15:57:07 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010-02-03 15:57:06 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2010-02-03 15:57:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010-02-03 15:57:06 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010-02-03 15:57:05 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010-02-03 15:57:05 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010-02-02 18:47:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-02-02 15:12:37 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\pavedius.dll
[2010-01-23 10:13:20 | 000,006,158 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010-01-22 11:34:35 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010-01-22 11:34:35 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010-01-22 11:34:32 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010-01-22 11:34:32 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010-01-22 11:19:05 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010-01-22 11:09:00 | 000,007,603 | ---- | C] () -- C:\Users\Prajwal\AppData\Local\Resmon.ResmonCfg
[2009-07-14 05:12:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-14 02:33:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007-04-17 15:34:40 | 000,135,716 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010-08-30 06:52:27 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2010-09-04 19:33:18 | 3211,874,304 | -HS- | M] () -- C:\hiberfil.sys
[2010-02-11 20:50:41 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-02-11 20:50:41 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010-01-21 18:43:56 | 000,000,000 | ---- | M] () -- C:\N.txt
< %systemroot%\Fonts\*.com >
[2009-07-14 11:02:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009-07-14 11:02:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009-07-14 11:02:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009-07-14 11:02:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009-06-11 02:19:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2009-07-10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2009-07-14 10:24:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010-01-22 10:43:40 | 000,000,221 | -HS- | M] () -- C:\Users\Prajwal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
[2009-06-11 02:50:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
[2010-08-15 17:32:42 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010-08-15 17:32:43 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010-04-06 20:08:10 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010-04-06 20:08:10 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010-08-15 17:32:43 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
< %systemroot%\System32\Wbem\*.* >
[2009-06-11 02:44:40 | 000,001,261 | ---- | M] () -- C:\Windows\SysWOW64\wbem\aaclient.mof
[2009-06-11 02:57:50 | 000,001,092 | ---- | M] () -- C:\Windows\SysWOW64\wbem\authfwcfg.mof
[2009-06-11 02:45:23 | 000,003,007 | ---- | M] () -- C:\Windows\SysWOW64\wbem\auxiliarydisplayapi.mof
[2009-07-14 02:19:02 | 000,002,544 | ---- | M] () -- C:\Windows\SysWOW64\wbem\auxiliarydisplaycpl.mof
[2009-06-11 03:16:51 | 000,002,626 | ---- | M] () -- C:\Windows\SysWOW64\wbem\BthMtpEnum.mof
[2009-07-14 02:04:51 | 000,032,626 | ---- | M] () -- C:\Windows\SysWOW64\wbem\cli.mof
[2009-07-14 02:04:51 | 002,815,350 | ---- | M] () -- C:\Windows\SysWOW64\wbem\cliegaliases.mof
[2009-06-11 03:16:24 | 000,000,693 | ---- | M] () -- C:\Windows\SysWOW64\wbem\DevicePairingHandler.mof
[2009-06-11 03:13:44 | 000,001,239 | ---- | M] () -- C:\Windows\SysWOW64\wbem\dimsjob.mof
[2009-06-11 03:13:46 | 000,001,284 | ---- | M] () -- C:\Windows\SysWOW64\wbem\dimsroam.mof
[2009-06-11 02:50:02 | 000,006,072 | ---- | M] () -- C:\Windows\SysWOW64\wbem\dot3.mof
[2009-06-11 03:16:13 | 000,003,685 | ---- | M] () -- C:\Windows\SysWOW64\wbem\drvinst.mof
[2009-06-11 02:50:37 | 000,001,197 | ---- | M] () -- C:\Windows\SysWOW64\wbem\DShowRdpFilter.mof
[2009-06-11 03:12:35 | 000,001,300 | ---- | M] () -- C:\Windows\SysWOW64\wbem\eaimeapi.mof
[2009-07-14 06:45:19 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\esscli.dll
[2009-07-14 06:45:20 | 000,605,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\fastprox.dll
[2009-06-11 03:16:24 | 000,000,656 | ---- | M] () -- C:\Windows\SysWOW64\wbem\fdSSDP.mof
[2009-06-11 03:04:15 | 000,000,716 | ---- | M] () -- C:\Windows\SysWOW64\wbem\fdWNet.mof
[2009-06-11 03:16:24 | 000,000,656 | ---- | M] () -- C:\Windows\SysWOW64\wbem\fdWSD.mof
[2009-06-11 02:59:21 | 000,001,913 | ---- | M] () -- C:\Windows\SysWOW64\wbem\firewallapi.mof
[2009-06-11 03:04:09 | 000,000,702 | ---- | M] () -- C:\Windows\SysWOW64\wbem\FunDisc.mof
[2009-06-11 02:59:08 | 000,001,081 | ---- | M] () -- C:\Windows\SysWOW64\wbem\fwcfg.mof
[2009-07-14 02:19:12 | 000,482,504 | ---- | M] () -- C:\Windows\SysWOW64\wbem\hbaapi.mof
[2009-06-11 02:52:56 | 000,032,098 | ---- | M] () -- C:\Windows\SysWOW64\wbem\IMAPIv2-Base.mof
[2009-06-11 02:52:57 | 000,002,073 | ---- | M] () -- C:\Windows\SysWOW64\wbem\IMAPIv2-FileSystemSupport.mof
[2009-06-11 02:52:57 | 000,000,759 | ---- | M] () -- C:\Windows\SysWOW64\wbem\IMAPIv2-LegacyShim.mof
[2009-06-11 02:58:35 | 000,001,278 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ipsecsvc.mof
[2009-07-14 02:19:14 | 000,019,872 | ---- | M] () -- C:\Windows\SysWOW64\wbem\iscsidsc.mof
[2009-07-14 02:19:12 | 000,111,923 | ---- | M] () -- C:\Windows\SysWOW64\wbem\iscsihba.mof
[2009-07-14 02:19:15 | 000,046,042 | ---- | M] () -- C:\Windows\SysWOW64\wbem\iscsiprf.mof
[2009-07-14 02:19:15 | 000,004,503 | ---- | M] () -- C:\Windows\SysWOW64\wbem\iscsirem.mof
[2009-06-11 03:10:20 | 000,008,758 | ---- | M] () -- C:\Windows\SysWOW64\wbem\kerberos.mof
[2009-06-11 02:54:47 | 000,001,570 | ---- | M] () -- C:\Windows\SysWOW64\wbem\l2gpstore.mof
[2009-06-11 03:11:38 | 000,002,334 | ---- | M] () -- C:\Windows\SysWOW64\wbem\L2SecHC.mof
[2009-06-11 03:03:12 | 000,013,780 | ---- | M] () -- C:\Windows\SysWOW64\wbem\lsasrv.mof
[2009-06-11 02:43:52 | 000,000,698 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mmc.mof
[2009-07-14 06:44:24 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\mofcomp.exe
[2009-07-14 06:45:41 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\mofd.dll
[2009-06-11 02:58:14 | 000,001,088 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mpsdrv.mof
[2009-06-11 02:59:09 | 000,001,900 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mpssvc.mof
[2009-07-14 02:15:27 | 000,001,518 | ---- | M] () -- C:\Windows\SysWOW64\wbem\msfeeds.mof
[2009-07-14 02:15:27 | 000,001,574 | ---- | M] () -- C:\Windows\SysWOW64\wbem\msfeedsbs.mof
[2009-06-11 02:53:05 | 000,004,599 | ---- | M] () -- C:\Windows\SysWOW64\wbem\msiscsi.mof
[2009-06-11 02:49:00 | 000,001,199 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mstsc.mof
[2009-06-11 02:47:44 | 000,002,054 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mstscax.mof
[2009-06-11 03:10:28 | 000,007,721 | ---- | M] () -- C:\Windows\SysWOW64\wbem\msv1_0.mof
[2009-06-11 03:16:43 | 000,001,710 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mswmdm.mof
[2009-06-11 02:59:24 | 000,001,259 | ---- | M] () -- C:\Windows\SysWOW64\wbem\nci.mof
[2009-06-11 02:48:06 | 000,001,131 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ncsi.mof
[2009-06-11 03:02:42 | 000,001,117 | ---- | M] () -- C:\Windows\SysWOW64\wbem\netprofm.mof
[2009-06-11 02:51:09 | 000,000,683 | ---- | M] () -- C:\Windows\SysWOW64\wbem\networkitemfactory.mof
[2009-06-11 02:51:27 | 000,000,631 | ---- | M] () -- C:\Windows\SysWOW64\wbem\networkmap.mof
[2009-06-11 03:16:16 | 000,003,681 | ---- | M] () -- C:\Windows\SysWOW64\wbem\newdev.mof
[2009-06-11 03:03:17 | 000,003,914 | ---- | M] () -- C:\Windows\SysWOW64\wbem\nlasvc.mof
[2009-06-11 02:59:35 | 000,002,873 | ---- | M] () -- C:\Windows\SysWOW64\wbem\nlsvc.mof
[2009-06-11 02:58:29 | 000,001,266 | ---- | M] () -- C:\Windows\SysWOW64\wbem\nshipsec.mof
[2009-07-14 01:55:40 | 000,014,328 | ---- | M] () -- C:\Windows\SysWOW64\wbem\OfflineFilesWmiProvider.mof
[2009-07-14 01:55:40 | 000,014,328 | ---- | M] () -- C:\Windows\SysWOW64\wbem\OfflineFilesWmiProvider_Uninstall.mof
[2009-06-11 03:04:10 | 000,004,815 | ---- | M] () -- C:\Windows\SysWOW64\wbem\onex.mof
[2009-06-11 03:04:28 | 000,001,836 | ---- | M] () -- C:\Windows\SysWOW64\wbem\p2p-collab.mof
[2009-06-11 03:04:28 | 000,002,380 | ---- | M] () -- C:\Windows\SysWOW64\wbem\p2p-mesh.mof
[2009-06-11 03:04:28 | 000,002,297 | ---- | M] () -- C:\Windows\SysWOW64\wbem\p2p-pnrp.mof
[2009-06-11 03:16:17 | 000,001,060 | ---- | M] () -- C:\Windows\SysWOW64\wbem\pnpsetup.mof
[2009-07-14 06:46:12 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\PolicMan.dll
[2009-07-14 02:04:45 | 000,012,150 | ---- | M] () -- C:\Windows\SysWOW64\wbem\PolicMan.mof
[2009-06-11 02:58:32 | 000,001,275 | ---- | M] () -- C:\Windows\SysWOW64\wbem\polstore.mof
[2009-06-11 03:16:48 | 000,005,105 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledeviceapi.mof
[2009-06-11 03:16:48 | 000,003,202 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledeviceclassextension.mof
[2009-06-11 03:16:48 | 000,001,777 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledeviceconnectapi.mof
[2009-06-11 03:16:51 | 000,003,490 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledevicetypes.mof
[2009-06-11 03:17:01 | 000,001,760 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledevicewiacompat.mof
[2009-06-11 03:16:48 | 000,003,092 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledevicewmdrm.mof
[2009-06-11 03:10:31 | 000,001,994 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ppcRsopCompSchema.mof
[2009-06-11 03:10:31 | 000,001,990 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ppcRsopUserSchema.mof
[2009-06-11 03:04:47 | 000,002,302 | ---- | M] () -- C:\Windows\SysWOW64\wbem\qmgr.mof
[2009-07-14 06:46:12 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\RacWmiProv.dll
[2009-07-14 01:59:26 | 000,003,032 | ---- | M] () -- C:\Windows\SysWOW64\wbem\RacWmiProv.mof
[2009-06-11 03:09:54 | 000,000,623 | ---- | M] () -- C:\Windows\SysWOW64\wbem\rawxml.xsl
[2009-06-11 02:55:06 | 000,001,312 | ---- | M] () -- C:\Windows\SysWOW64\wbem\rdpcore.mof
[2009-06-11 02:55:22 | 000,001,157 | ---- | M] () -- C:\Windows\SysWOW64\wbem\rdpencom.mof
[2009-06-11 02:56:11 | 000,001,122 | ---- | M] () -- C:\Windows\SysWOW64\wbem\rdpendp.mof
[2009-07-14 03:15:46 | 000,111,698 | ---- | M] () -- C:\Windows\SysWOW64\wbem\regevent.mof
[2009-06-11 02:48:39 | 000,062,541 | ---- | M] () -- C:\Windows\SysWOW64\wbem\samsrv.mof
[2009-06-11 03:12:55 | 000,004,357 | ---- | M] () -- C:\Windows\SysWOW64\wbem\scersop.mof
[2009-06-11 03:10:42 | 000,001,075 | ---- | M] () -- C:\Windows\SysWOW64\wbem\schannel.mof
[2009-06-11 03:07:43 | 000,002,684 | ---- | M] () -- C:\Windows\SysWOW64\wbem\SchedSvc.mof
[2009-07-14 02:19:02 | 000,002,544 | ---- | M] () -- C:\Windows\SysWOW64\wbem\sensorscpl.mof
[2009-07-14 11:02:32 | 000,083,607 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ServiceModel.mof
[2009-07-14 11:02:32 | 000,000,896 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ServiceModel.mof.uninstall
[2009-06-11 02:44:03 | 000,012,702 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ServiceModel35.mof
[2009-06-11 02:44:03 | 000,000,684 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ServiceModel35.mof.uninstall
[2009-06-11 03:16:18 | 000,003,689 | ---- | M] () -- C:\Windows\SysWOW64\wbem\setupapi.mof
[2009-06-11 03:10:30 | 000,002,583 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ssdpsrv.mof
[2009-07-14 06:46:15 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\stdprov.dll
[2009-06-11 02:45:18 | 000,003,066 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tcpip.mof
[2009-06-11 03:09:54 | 000,006,000 | ---- | M] () -- C:\Windows\SysWOW64\wbem\texttable.xsl
[2009-06-11 03:09:54 | 000,002,766 | ---- | M] () -- C:\Windows\SysWOW64\wbem\textvaluelist.xsl
[2009-06-11 02:50:42 | 000,001,236 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tsmf.mof
[2009-06-11 03:10:17 | 000,000,964 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tspkg.mof
[2009-06-11 03:16:23 | 000,003,692 | ---- | M] () -- C:\Windows\SysWOW64\wbem\umpnpmgr.mof
[2009-07-14 02:00:11 | 000,061,056 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vds.mof
[2009-07-14 06:46:17 | 000,138,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\vdswmi.dll
[2009-07-14 06:46:17 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\viewprov.dll
[2009-07-14 02:00:11 | 000,060,468 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vss.mof
[2009-07-14 06:46:17 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\vsswmi.dll
[2009-07-14 06:46:17 | 000,300,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemcntl.dll
[2009-07-14 06:46:17 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemdisp.dll
[2009-07-14 05:00:03 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemdisp.tlb
[2009-07-14 06:46:17 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemprox.dll
[2009-07-14 06:46:17 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemsvc.dll
[2009-06-11 03:10:18 | 000,001,103 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wdigest.mof
[2009-06-11 02:59:23 | 000,001,083 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WFAPIGP.mof
[2009-06-11 03:02:34 | 000,000,822 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WFP.MOF
[2009-07-14 02:38:27 | 000,002,136 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wfs.mof
[2009-07-14 02:11:27 | 000,003,146 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WgxInstalledGame.mof
[2009-07-14 02:58:48 | 000,004,120 | ---- | M] () -- C:\Windows\SysWOW64\wbem\whqlprov.mof
[2009-07-14 06:47:54 | 000,102,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\Win32_Tpm.dll
[2009-07-14 02:07:33 | 000,001,756 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wininit.mof
[2009-06-11 02:58:34 | 000,001,270 | ---- | M] () -- C:\Windows\SysWOW64\wbem\winipsec.mof
[2009-07-14 06:44:45 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WinMgmt.exe
[2009-06-11 03:18:04 | 000,001,545 | ---- | M] () -- C:\Windows\SysWOW64\wbem\Winsat.mof
[2009-06-11 03:18:04 | 000,000,487 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WinsatUninstall.mof
[2009-06-11 03:11:37 | 000,012,880 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wlan.mof
[2009-07-14 06:44:46 | 000,115,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WMIADAP.exe
[2009-07-14 06:46:19 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiApRpl.dll
[2009-07-14 06:44:46 | 000,395,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WMIC.exe
[2009-07-14 06:46:19 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WMICOOKR.dll
[2009-07-14 06:46:19 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiDcPrv.dll
[2009-07-14 06:46:19 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPerfClass.dll
[2009-06-11 03:01:02 | 000,000,980 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WmiPerfClass.mof
[2009-07-14 06:46:19 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPerfInst.dll
[2009-06-11 03:01:03 | 000,000,804 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WmiPerfInst.mof
[2009-07-14 06:44:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
[2009-07-14 06:46:19 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wmiutils.dll
[2009-06-11 03:04:42 | 000,004,887 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wmp.mof
[2009-06-11 02:57:13 | 000,001,368 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpc.mof
[2009-07-14 02:10:53 | 000,021,677 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpcsprov.mof
[2009-06-11 02:57:11 | 000,000,470 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpcuninst.mof
[2009-06-11 03:16:51 | 000,002,759 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdbusenum.mof
[2009-06-11 03:16:51 | 000,002,821 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdcomp.mof
[2009-06-11 03:16:51 | 000,002,737 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdfs.mof
[2009-06-11 03:16:52 | 000,003,011 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdmtp.mof
[2009-06-11 03:17:00 | 000,003,319 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdshext.mof
[2009-06-11 03:17:00 | 000,003,063 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WPDShServiceObj.mof
[2009-06-11 03:16:49 | 000,002,987 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdsp.mof
[2009-06-11 03:17:00 | 000,003,740 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdwcn.mof
[2009-07-14 02:04:57 | 000,005,360 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wscenter.mof
[2009-06-11 03:09:43 | 000,001,072 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wscmisetup.mof
[2009-06-11 03:18:33 | 000,002,348 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WSDApi.mof
[2009-06-11 03:10:28 | 000,004,430 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WsmAuto.mof
[2009-06-11 02:52:23 | 000,000,723 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wzcdlg.mof
[2009-06-11 03:09:55 | 000,002,866 | ---- | M] () -- C:\Windows\SysWOW64\wbem\xsl-mappings.xml
[2009-06-11 03:12:07 | 000,001,253 | ---- | M] () -- C:\Windows\SysWOW64\wbem\xwizards.mof
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
========== Alternate Data Streams ==========
@Alternate Data Stream - 1177 bytes -> C:\Users\Prajwal\AppData\Local\Temp:3QVz91uQrVVe7i5SDpQkT0xIi
< End of report >
*****Extras*****
OTL Extras logfile created on: 04-09-2010 8:03:03 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = G:\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): g:\pagefile.sys 4594 4594
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200.01 Gb Total Space | 142.62 Gb Free Space | 71.31% Space Free | Partition Type: NTFS
Drive D: | 100.01 Gb Total Space | 9.92 Gb Free Space | 9.92% Space Free | Partition Type: NTFS
Drive E: | 150.01 Gb Total Space | 69.00 Gb Free Space | 46.00% Space Free | Partition Type: NTFS
Drive F: | 150.01 Gb Total Space | 75.13 Gb Free Space | 50.08% Space Free | Partition Type: NTFS
Drive G: | 330.98 Gb Total Space | 70.29 Gb Free Space | 21.24% Space Free | Partition Type: NTFS
Drive H: | 517.72 Mb Total Space | 436.89 Mb Free Space | 84.39% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Computer Name: ZION-V2
Current User Name: Prajwal
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- File not found
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4145EAA7-9B87-4F13-8D12-BEB3BE55561D}" = WD SmartWare
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{48FE73F3-4C3A-4871-BCD0-A7726A08BD64}" = Hex Workshop v6
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B7607FC8-72AD-486D-B6B7-A402D5876309}" = PerfectDisk 11 Professional
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"HashTab" = HashTab 3.0.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"MediaInfo" = MediaInfo 0.7.33
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva
"Registry Workshop" = Registry Workshop
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{10CD702D-CEB4-4602-B0B0-B921181A7916}" = Setup
"{1373559F-6DC6-44EA-9079-6ABDCCE8CDAD}" = OviMPlatform
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14F06853-8A15-4731-BBDC-C9B40A866A63}" = Virtual VCR
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 20
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{28FB7853-A6ED-4F67-8635-9F0E863FC0AD}" = WinFast Codec-TS SDK
"{29F563F4-8807-4496-8463-441EAA0E96AB}" = PC Connectivity Solution
"{2D10FC46-1D96-44C4-8855-85F21B9B011E}" = Ovi Desktop Sync Engine
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{418EC9DD-25EE-4C3F-8827-B7AA9B26405B}" = WinFast Multimedia Driver Installation
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{663118ED-6E80-45D6-9484-6830798B8B86}" = ProCoder 3
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{772E9146-D676-4869-A298-047FF2A2B92D}" = Canopus Codec Option
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{8070452B-15D6-4169-B9B9-FCC3B54588AD}" = Nokia Ovi Suite
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}" = LIVE gaming on Windows Runtime Version 1.0.6027
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A9461747-B8C2-446E-B335-B39385284226}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software
"{95140000-0048-0409-0000-0000000FF1CE}" = Microsoft Outlook Hotmail Connector 32-bit
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A0E0340-C3D7-42D1-96D4-64179FD456AE}" = WinFast De-interlace SDK
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A0D65C73-F2C5-432F-8788-90F8A2E99B98}" = Nokia Ovi Suite Software Updater
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF9848E2-5F19-4E49-9E6E-044FBDC28404}" = WinFast TT-SB SDK
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B2096B-B13E-408E-8985-BD07463D5487}" = PS_AIO_02_ProductContext
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help
"{C92C584E-C781-475E-A8E2-C67D993A6B95}" = WinFast PVR2
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E2486DE6-CC2E-48C0-AD20-C2C142FA1636}" = APC PowerChute Personal Edition v2.2
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE5926BD-9590-48A3-AB1E-C1C49575823D}" = C7200
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F241EC95-C81A-466E-8006-6B0B364B07A0}" = PCMark Vantage
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.20)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AI RoboForm" = AI RoboForm (All Users)
"AviSynth" = AviSynth 2.5
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CleanMem" = CleanMem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"EasyBCD" = EasyBCD 1.7.2
"Free Video Dub_is1" = Free Video Dub version 1.8
"HaaliMkx" = Haali Media Splitter
"Halo 2" = Halo 2 for Windows Vista
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"iReboot" = iReboot 1.1.1
"jv16 PowerTools 2010" = jv16 PowerTools 2010
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.8.0
"LinX" = LinX
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"MeGUI" = MeGUI (remove only)
"MKVtoolnix" = MKVtoolnix 4.1.1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"mv61xxDriver" = marvell 61xx
"NIS" = Norton Internet Security
"Nokia Ovi Suite" = Nokia Ovi Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Orbit_is1" = Orbit Downloader
"Rainmeter" = Rainmeter (remove only)
"RAMRush_is1" = RAMRush 1.0.6.917
"SolveigMM Video Splitter" = SolveigMM Video Splitter
"SpeedFan" = SpeedFan (remove only)
"uberOptions" = uberOptions 4.80.5
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.0
"Windows Uptime_is1" = Windows Uptime 1.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Hi,
That looks quite ok. Have those issues you described earlier stayed away?
RCL0000ZK
2010-09-09, 15:07
Hello.
First of all, this is a late reply because, I had to be sure before actually posting anything.
No. There are no such symptoms present now. I guess, its all fixed. But, Spybot S&D shows two registry entries about that 'virus or whatever it is'. Is that 'okay'?
Thankyou
Hi,
Let Spybot fix those entries, reboot and run scan again. Let me know if Spybot still finds those items (post back the report in that case).
RCL0000ZK
2010-09-14, 19:45
Hello,
For you question: No. The entry does not reoccur. After clearing the entries and tracing cookies through Spybot S&D(few days ago), none of the entries reoccur. Infact, Spybot does not report anything now. So, all's okay according to Spybot.
Now for the interesting part (for you and scary part for me :mad: )
I boot into Windows 7 today.
I try to go to hardocp.com and hardforum.com. I can't. I get the 403-Forbidden Error. Then I try symantec.com, microsoft.com and avg.com. It works without any problem.
I boot to Windows XP SP3(my other dual boot OS). Try hardocp.com, hardforum.com and it works without any problem.
I again boot into Windows 7 and try hardocp.com and hardforum.com and now I get "The server at www.hardocp.com is taking too long to respond."
Is my computer "undetectable" hacked??
Hi,
Please provide new OTL.txt log like you did above.
Also, please download MBRCheck (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.
1. Right click MBRCheck.exe and select run as administrator to run it.
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log in your reply.
RCL0000ZK
2010-09-16, 05:07
I tried those two URLs today and it worked without any problem.
***OTL.txt***
OTL logfile created on: 16-09-2010 7:26:56 AM - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = G:\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy
3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): g:\pagefile.sys 4594 4594
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200.01 Gb Total Space | 141.24 Gb Free Space | 70.62% Space Free | Partition Type: NTFS
Drive D: | 100.01 Gb Total Space | 8.61 Gb Free Space | 8.61% Space Free | Partition Type: NTFS
Drive E: | 150.01 Gb Total Space | 68.95 Gb Free Space | 45.97% Space Free | Partition Type: NTFS
Drive F: | 150.01 Gb Total Space | 67.58 Gb Free Space | 45.05% Space Free | Partition Type: NTFS
Drive G: | 330.98 Gb Total Space | 64.16 Gb Free Space | 19.38% Space Free | Partition Type: NTFS
Drive H: | 517.72 Mb Total Space | 436.89 Mb Free Space | 84.39% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Computer Name: ZION-V2
Current User Name: Prajwal
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - G:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
PRC - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)
PRC - C:\Program Files (x86)\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe ()
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files (x86)\Windows Uptime\Windows Uptime.exe ( )
========== Modules (SafeList) ==========
MOD - G:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Raxco Software, Inc.)
SRV:64bit: - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.)
SRV:64bit: - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (WDFME) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
SRV - (WDSC) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (UpdateCenterService) -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe (NVIDIA)
SRV - (nTuneService) -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (iReboot) -- C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (APC UPS Service) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\Windows\SysNative\drivers\tdrpm258.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (cpuz134) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symtdiv.sys (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (cpuz133) -- C:\Windows\SysNative\drivers\cpuz133_x64.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.sys (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (nvoclk64) -- C:\Windows\SysNative\drivers\nvoclk64.sys (NVIDIA Corp.)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds64.sys (Symantec Corporation)
DRV:64bit: - (WFLR6654) WinFast TV2000 XP Expert (FM1216MK3) -- C:\Windows\SysNative\drivers\wfeaglxt.sys (Leadtek Research Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (cpuz132) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (Hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100901.003\BHDrvx64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100915.022\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100915.022\ENG64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100914.003\IDSviA64.sys (Symantec Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.2
FF - prefs.js..browser.startup.homepage: "http://search.orbitdownloader.com"
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010-06-16 21:03:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010-01-23 10:36:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-29 23:18:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010-08-15 14:13:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010-08-21 21:28:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2010-01-23 12:09:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-09-09 22:00:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-09-09 22:00:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010-08-15 14:13:19 | 000,000,000 | ---D | M]
[2010-01-22 19:57:41 | 000,000,000 | ---D | M] -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Extensions
[2010-09-14 19:11:54 | 000,000,000 | ---D | M] -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions
[2010-01-22 21:04:09 | 000,000,000 | ---D | M] (MacOSX Theme) -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\{00352F14-3F76-4e4d-ACFF-9976D7E4B3B9}
[2010-08-15 16:06:34 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010-09-04 19:59:36 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010-05-01 21:13:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-09-04 19:59:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010-09-10 21:18:07 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010-01-22 21:04:09 | 000,000,000 | ---D | M] (Duplicate Tab) -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\{61ED2A9A-39EB-4AAF-BD14-06DFBE8880C3}
[2010-09-10 21:15:05 | 000,000,000 | ---D | M] (Mozilla Archive Format) -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}
[2010-08-18 22:33:13 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-06-19 19:16:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010-06-12 13:27:26 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010-01-22 21:04:08 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2010-08-18 22:33:13 | 000,000,000 | ---D | M] -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\autopager@mozilla.org
[2010-06-12 13:27:27 | 000,000,000 | ---D | M] -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\closeothertabs@florian-volk.net
[2010-09-04 19:59:38 | 000,000,000 | ---D | M] -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\foxmarks@kei.com
[2010-08-18 23:18:21 | 000,000,000 | ---D | M] -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\imageblock@hemantvats.com
[2010-08-15 16:06:33 | 000,000,000 | ---D | M] -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\LDSI_plashcor@gmail.com
[2010-01-22 21:04:10 | 000,000,000 | ---D | M] -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\OPIE@guid.customsoftwareconsult.com
[2010-01-22 21:04:10 | 000,000,000 | ---D | M] -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\quickdrag@mozilla.ktechcomputing.com
[2010-01-22 21:04:08 | 000,000,000 | ---D | M] -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\urlalias@zibada.xgm.ru
[2010-01-22 21:04:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.default2\extensions\{00352F14-3F76-4e4d-ACFF-9976D7E4B3B9}\chrome\mozapps\extensions
[2010-05-15 20:49:23 | 000,000,000 | ---D | M] -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\kamo640c.default\extensions
[2010-01-22 21:01:20 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Prajwal\AppData\Roaming\Mozilla\Firefox\Profiles\kamo640c.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010-07-14 18:08:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010-07-14 18:08:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-03-27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
[2010-04-12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2010-09-10 21:43:36 | 000,419,283 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14466 more lines...
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [Display] C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe (American Power Conversion Corporation)
O4 - HKLM..\Run: [NexusServer] C:\Program Files (x86)\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe ()
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WindowsUptime] C:\Program Files (x86)\Windows Uptime\Windows Uptime.exe ( )
O4:64bit: - Startup: C:\Windows\SysNative\GroupPolicy\Machine\Scripts\Startup\peerblock.dmp ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 1
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{01293143-a22e-11df-aab0-0026180866b2}\Shell - "" = AutoRun
O33 - MountPoints2\{01293143-a22e-11df-aab0-0026180866b2}\Shell\AutoRun\command - "" = K:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (PDBoot.exe) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.LAGS - lagarith.dll ( )
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\SysWow64\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.CDV5 - C:\Windows\SysWow64\cdv5codc.dll (Canopus Co., Ltd.)
Drivers32: vidc.CDVC - C:\Windows\SysWow64\cdvccodc.dll (Canopus Co., Ltd.)
Drivers32: vidc.CDVH - C:\Windows\SysWow64\cdvhcodc.dll (Canopus Co., Ltd.)
Drivers32: vidc.CLLC - C:\Windows\SysWow64\cllccodc.dll (Canopus Co., Ltd.)
Drivers32: vidc.cmic - cmiccodc.dll File not found
Drivers32: vidc.CUVC - C:\Windows\SysWow64\cuvccodc.dll (Canopus Co., Ltd.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\SysWow64\divx.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\Windows\SysWow64\hlDVSD.dll (Canopus Co., Ltd.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\Windows\SysWow64\huffyuv.dll (Disappearing Inc.)
Drivers32: VIDC.LAGS - C:\Windows\SysWow64\lagarith.dll ( )
Drivers32: VIDC.X264 - C:\Windows\SysWow64\x264vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2010-09-11 22:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2010-09-10 14:52:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PythonForS60
[2010-09-09 17:40:04 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010-08-31 14:31:32 | 000,000,000 | ---D | C] -- C:\Users\Prajwal\AppData\Local\Adobe
[2010-08-30 15:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010-08-30 15:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010-08-29 19:57:22 | 000,000,000 | ---D | C] -- C:\Users\Prajwal\AppData\Roaming\Malwarebytes
[2010-08-29 19:57:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010-08-29 19:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010-08-29 19:57:14 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010-08-29 19:57:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010-08-26 23:07:39 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2010-08-25 20:39:35 | 000,000,000 | ---D | C] -- C:\Users\Prajwal\AppData\Roaming\Tific
[2010-08-24 23:26:22 | 000,000,000 | ---D | C] -- C:\Users\Prajwal\AppData\Roaming\PACE Anti-Piracy
[2010-08-24 23:26:22 | 000,000,000 | ---D | C] -- C:\Users\Prajwal\AppData\Local\PACE Anti-Piracy
[2010-08-24 23:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2010-08-23 19:59:44 | 000,000,000 | ---D | C] -- E:\Users\Prajwal\Documents\Delhi.10-07-08_17-17_1.02_MPEG2_DVD_PAL(Mastering)
[2010-08-22 22:50:00 | 000,000,000 | ---D | C] -- E:\Users\Prajwal\Documents\Delhi.10-07-08_17-17.02_MPEG2_DVD_PAL(Mastering)
[2010-08-22 22:26:58 | 000,532,480 | ---- | C] (Canopus Co., Ltd.) -- C:\Windows\SysWow64\csdshowcodc.dll
[2010-08-22 22:26:58 | 000,376,832 | ---- | C] (Canopus Co., Ltd.) -- C:\Windows\SysWow64\hlDVSD.dll
[2010-08-22 22:26:58 | 000,159,832 | ---- | C] (Canopus Co., Ltd.) -- C:\Windows\SysWow64\cscDVSD.dll
[2010-08-21 22:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010-08-21 21:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2010-08-21 21:29:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2010-08-21 21:26:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2010-08-21 21:25:57 | 000,055,280 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2010-08-21 21:25:57 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdralw2k.sys
[2010-08-21 21:25:57 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdr4_xp.sys
[2010-08-21 21:25:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2010-08-21 21:25:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010-08-21 21:25:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2010-08-21 21:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010-08-21 21:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010-08-21 21:23:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010-08-21 21:23:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010-08-21 21:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010-08-21 21:21:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010-08-20 22:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Raxco
[2010-08-20 22:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\Raxco
[2010-08-20 21:34:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010-08-20 18:25:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010-08-20 18:25:47 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010-08-20 18:25:47 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010-08-20 18:25:46 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010-08-20 18:25:46 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010-08-20 18:25:45 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010-08-20 18:25:28 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010-08-20 18:25:28 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010-08-20 18:24:59 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010-08-20 18:24:29 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010-08-20 18:24:29 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010-08-20 18:24:29 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010-02-03 16:00:40 | 000,121,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
========== Files - Modified Within 30 Days ==========
[2010-09-16 07:30:00 | 008,126,464 | -HS- | M] () -- C:\Users\Prajwal\NTUSER.DAT
[2010-09-16 07:08:03 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-09-16 07:08:03 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-09-16 07:00:20 | 3211,874,304 | -HS- | M] () -- C:\hiberfil.sys
[2010-09-16 07:00:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-09-16 07:00:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-09-15 19:41:15 | 003,135,664 | -H-- | M] () -- C:\Users\Prajwal\AppData\Local\IconCache.db
[2010-09-11 22:49:43 | 000,782,154 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010-09-11 22:49:43 | 000,668,698 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010-09-11 22:49:43 | 000,126,364 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010-09-11 22:23:31 | 000,002,130 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2010-09-10 21:43:36 | 000,419,283 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010-09-10 21:38:00 | 000,001,292 | ---- | M] () -- C:\Users\Prajwal\Desktop\Spybot - Search & Destroy.lnk
[2010-09-10 14:55:21 | 000,000,023 | ---- | M] () -- C:\Windows\sign.ini
[2010-09-10 14:52:04 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\PyS60 Application Packager.lnk
[2010-09-10 13:00:55 | 483,897,896 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010-08-30 15:44:48 | 000,001,316 | ---- | M] () -- C:\Users\Prajwal\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010-08-29 19:57:18 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-08-27 00:29:01 | 000,003,061 | ---- | M] () -- E:\Users\Prajwal\Documents\DVDVideo1_DVD.nrd
[2010-08-22 22:47:15 | 000,005,120 | ---- | M] () -- C:\Users\Prajwal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-08-22 10:03:02 | 004,902,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010-08-21 22:08:02 | 000,085,480 | ---- | M] () -- C:\Users\Prajwal\AppData\Local\GDIPFONTCACHEV1.DAT
[2010-08-21 21:22:46 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100910-214336.backup
[2010-08-21 18:42:29 | 000,001,580 | ---- | M] () -- C:\Windows\SysNative\PDBootState
[2010-08-18 18:40:16 | 000,001,623 | ---- | M] () -- C:\Users\Prajwal\Desktop\halo2 - Shortcut.lnk
========== Files Created - No Company Name ==========
[2010-09-16 07:00:20 | 3211,874,304 | -HS- | C] () -- C:\hiberfil.sys
[2010-09-11 22:23:31 | 000,002,130 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2010-09-10 14:55:21 | 000,000,023 | ---- | C] () -- C:\Windows\sign.ini
[2010-09-10 14:52:03 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\PyS60 Application Packager.lnk
[2010-09-10 13:00:54 | 483,897,896 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010-08-30 15:37:38 | 000,001,316 | ---- | C] () -- C:\Users\Prajwal\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010-08-30 15:37:38 | 000,001,292 | ---- | C] () -- C:\Users\Prajwal\Desktop\Spybot - Search & Destroy.lnk
[2010-08-29 19:57:18 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-08-27 00:29:01 | 000,003,061 | ---- | C] () -- E:\Users\Prajwal\Documents\DVDVideo1_DVD.nrd
[2010-08-20 22:10:35 | 000,001,580 | ---- | C] () -- C:\Windows\SysNative\PDBootState
[2010-08-18 18:40:16 | 000,001,623 | ---- | C] () -- C:\Users\Prajwal\Desktop\halo2 - Shortcut.lnk
[2010-08-07 19:57:51 | 000,000,151 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010-08-05 23:08:16 | 000,000,787 | ---- | C] () -- C:\ProgramData\Microsoft Games.rar
[2010-07-16 19:26:52 | 000,000,022 | -HS- | C] () -- C:\Users\Prajwal\AppData\Roaming\Sys6925.Config Collection.sys
[2010-07-05 13:26:25 | 000,025,594 | ---- | C] () -- C:\Users\Prajwal\AppData\Roaming\SQLite3.dll
[2010-06-27 23:15:39 | 000,787,760 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010-06-27 19:17:19 | 000,000,000 | ---- | C] () -- C:\Windows\SMMVSplitter.INI
[2010-03-13 22:25:02 | 000,000,917 | ---- | C] () -- C:\Users\Prajwal\AppData\Roaming\coreavc.ini
[2010-02-08 22:52:18 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010-02-03 15:59:22 | 000,005,120 | ---- | C] () -- C:\Users\Prajwal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-03 15:57:07 | 002,378,752 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2010-02-03 15:57:07 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010-02-03 15:57:07 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010-02-03 15:57:06 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2010-02-03 15:57:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010-02-03 15:57:06 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010-02-03 15:57:05 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010-02-03 15:57:05 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010-02-02 18:47:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-02-02 15:12:37 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\pavedius.dll
[2010-01-23 10:13:20 | 000,006,158 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010-01-22 11:34:35 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010-01-22 11:34:35 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010-01-22 11:34:32 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010-01-22 11:34:32 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010-01-22 11:19:05 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010-01-22 11:09:00 | 000,007,603 | ---- | C] () -- C:\Users\Prajwal\AppData\Local\Resmon.ResmonCfg
[2009-07-14 05:12:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-14 02:33:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007-04-17 15:34:40 | 000,135,716 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
RCL0000ZK
2010-09-16, 05:09
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010-09-16 07:00:20 | 3211,874,304 | -HS- | M] () -- C:\hiberfil.sys
[2010-02-11 20:50:41 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-02-11 20:50:41 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010-01-21 18:43:56 | 000,000,000 | ---- | M] () -- C:\N.txt
< %systemroot%\Fonts\*.com >
[2009-07-14 11:02:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009-07-14 11:02:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009-07-14 11:02:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009-07-14 11:02:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009-06-11 02:19:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2009-07-10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2009-07-14 10:24:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010-01-22 10:43:40 | 000,000,221 | -HS- | M] () -- C:\Users\Prajwal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
[2009-06-11 02:50:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
[2010-08-15 17:32:42 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010-08-15 17:32:43 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010-04-06 20:08:10 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010-04-06 20:08:10 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010-08-15 17:32:43 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
< %systemroot%\System32\Wbem\*.* >
[2009-06-11 02:44:40 | 000,001,261 | ---- | M] () -- C:\Windows\SysWOW64\wbem\aaclient.mof
[2009-06-11 02:57:50 | 000,001,092 | ---- | M] () -- C:\Windows\SysWOW64\wbem\authfwcfg.mof
[2009-06-11 02:45:23 | 000,003,007 | ---- | M] () -- C:\Windows\SysWOW64\wbem\auxiliarydisplayapi.mof
[2009-07-14 02:19:02 | 000,002,544 | ---- | M] () -- C:\Windows\SysWOW64\wbem\auxiliarydisplaycpl.mof
[2009-06-11 03:16:51 | 000,002,626 | ---- | M] () -- C:\Windows\SysWOW64\wbem\BthMtpEnum.mof
[2009-07-14 02:04:51 | 000,032,626 | ---- | M] () -- C:\Windows\SysWOW64\wbem\cli.mof
[2009-07-14 02:04:51 | 002,815,350 | ---- | M] () -- C:\Windows\SysWOW64\wbem\cliegaliases.mof
[2009-06-11 03:16:24 | 000,000,693 | ---- | M] () -- C:\Windows\SysWOW64\wbem\DevicePairingHandler.mof
[2009-06-11 03:13:44 | 000,001,239 | ---- | M] () -- C:\Windows\SysWOW64\wbem\dimsjob.mof
[2009-06-11 03:13:46 | 000,001,284 | ---- | M] () -- C:\Windows\SysWOW64\wbem\dimsroam.mof
[2009-06-11 02:50:02 | 000,006,072 | ---- | M] () -- C:\Windows\SysWOW64\wbem\dot3.mof
[2009-06-11 03:16:13 | 000,003,685 | ---- | M] () -- C:\Windows\SysWOW64\wbem\drvinst.mof
[2009-06-11 02:50:37 | 000,001,197 | ---- | M] () -- C:\Windows\SysWOW64\wbem\DShowRdpFilter.mof
[2009-06-11 03:12:35 | 000,001,300 | ---- | M] () -- C:\Windows\SysWOW64\wbem\eaimeapi.mof
[2009-07-14 06:45:19 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\esscli.dll
[2009-07-14 06:45:20 | 000,605,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\fastprox.dll
[2009-06-11 03:16:24 | 000,000,656 | ---- | M] () -- C:\Windows\SysWOW64\wbem\fdSSDP.mof
[2009-06-11 03:04:15 | 000,000,716 | ---- | M] () -- C:\Windows\SysWOW64\wbem\fdWNet.mof
[2009-06-11 03:16:24 | 000,000,656 | ---- | M] () -- C:\Windows\SysWOW64\wbem\fdWSD.mof
[2009-06-11 02:59:21 | 000,001,913 | ---- | M] () -- C:\Windows\SysWOW64\wbem\firewallapi.mof
[2009-06-11 03:04:09 | 000,000,702 | ---- | M] () -- C:\Windows\SysWOW64\wbem\FunDisc.mof
[2009-06-11 02:59:08 | 000,001,081 | ---- | M] () -- C:\Windows\SysWOW64\wbem\fwcfg.mof
[2009-07-14 02:19:12 | 000,482,504 | ---- | M] () -- C:\Windows\SysWOW64\wbem\hbaapi.mof
[2009-06-11 02:52:56 | 000,032,098 | ---- | M] () -- C:\Windows\SysWOW64\wbem\IMAPIv2-Base.mof
[2009-06-11 02:52:57 | 000,002,073 | ---- | M] () -- C:\Windows\SysWOW64\wbem\IMAPIv2-FileSystemSupport.mof
[2009-06-11 02:52:57 | 000,000,759 | ---- | M] () -- C:\Windows\SysWOW64\wbem\IMAPIv2-LegacyShim.mof
[2009-06-11 02:58:35 | 000,001,278 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ipsecsvc.mof
[2009-07-14 02:19:14 | 000,019,872 | ---- | M] () -- C:\Windows\SysWOW64\wbem\iscsidsc.mof
[2009-07-14 02:19:12 | 000,111,923 | ---- | M] () -- C:\Windows\SysWOW64\wbem\iscsihba.mof
[2009-07-14 02:19:15 | 000,046,042 | ---- | M] () -- C:\Windows\SysWOW64\wbem\iscsiprf.mof
[2009-07-14 02:19:15 | 000,004,503 | ---- | M] () -- C:\Windows\SysWOW64\wbem\iscsirem.mof
[2009-06-11 03:10:20 | 000,008,758 | ---- | M] () -- C:\Windows\SysWOW64\wbem\kerberos.mof
[2009-06-11 02:54:47 | 000,001,570 | ---- | M] () -- C:\Windows\SysWOW64\wbem\l2gpstore.mof
[2009-06-11 03:11:38 | 000,002,334 | ---- | M] () -- C:\Windows\SysWOW64\wbem\L2SecHC.mof
[2009-06-11 03:03:12 | 000,013,780 | ---- | M] () -- C:\Windows\SysWOW64\wbem\lsasrv.mof
[2009-06-11 02:43:52 | 000,000,698 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mmc.mof
[2009-07-14 06:44:24 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\mofcomp.exe
[2009-07-14 06:45:41 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\mofd.dll
[2009-06-11 02:58:14 | 000,001,088 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mpsdrv.mof
[2009-06-11 02:59:09 | 000,001,900 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mpssvc.mof
[2009-07-14 02:15:27 | 000,001,518 | ---- | M] () -- C:\Windows\SysWOW64\wbem\msfeeds.mof
[2009-07-14 02:15:27 | 000,001,574 | ---- | M] () -- C:\Windows\SysWOW64\wbem\msfeedsbs.mof
[2009-06-11 02:53:05 | 000,004,599 | ---- | M] () -- C:\Windows\SysWOW64\wbem\msiscsi.mof
[2009-06-11 02:49:00 | 000,001,199 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mstsc.mof
[2009-06-11 02:47:44 | 000,002,054 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mstscax.mof
[2009-06-11 03:10:28 | 000,007,721 | ---- | M] () -- C:\Windows\SysWOW64\wbem\msv1_0.mof
[2009-06-11 03:16:43 | 000,001,710 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mswmdm.mof
[2009-06-11 02:59:24 | 000,001,259 | ---- | M] () -- C:\Windows\SysWOW64\wbem\nci.mof
[2009-06-11 02:48:06 | 000,001,131 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ncsi.mof
[2009-06-11 03:02:42 | 000,001,117 | ---- | M] () -- C:\Windows\SysWOW64\wbem\netprofm.mof
[2009-06-11 02:51:09 | 000,000,683 | ---- | M] () -- C:\Windows\SysWOW64\wbem\networkitemfactory.mof
[2009-06-11 02:51:27 | 000,000,631 | ---- | M] () -- C:\Windows\SysWOW64\wbem\networkmap.mof
[2009-06-11 03:16:16 | 000,003,681 | ---- | M] () -- C:\Windows\SysWOW64\wbem\newdev.mof
[2009-06-11 03:03:17 | 000,003,914 | ---- | M] () -- C:\Windows\SysWOW64\wbem\nlasvc.mof
[2009-06-11 02:59:35 | 000,002,873 | ---- | M] () -- C:\Windows\SysWOW64\wbem\nlsvc.mof
[2009-06-11 02:58:29 | 000,001,266 | ---- | M] () -- C:\Windows\SysWOW64\wbem\nshipsec.mof
[2009-07-14 01:55:40 | 000,014,328 | ---- | M] () -- C:\Windows\SysWOW64\wbem\OfflineFilesWmiProvider.mof
[2009-07-14 01:55:40 | 000,014,328 | ---- | M] () -- C:\Windows\SysWOW64\wbem\OfflineFilesWmiProvider_Uninstall.mof
[2009-06-11 03:04:10 | 000,004,815 | ---- | M] () -- C:\Windows\SysWOW64\wbem\onex.mof
[2009-06-11 03:04:28 | 000,001,836 | ---- | M] () -- C:\Windows\SysWOW64\wbem\p2p-collab.mof
[2009-06-11 03:04:28 | 000,002,380 | ---- | M] () -- C:\Windows\SysWOW64\wbem\p2p-mesh.mof
[2009-06-11 03:04:28 | 000,002,297 | ---- | M] () -- C:\Windows\SysWOW64\wbem\p2p-pnrp.mof
[2009-06-11 03:16:17 | 000,001,060 | ---- | M] () -- C:\Windows\SysWOW64\wbem\pnpsetup.mof
[2009-07-14 06:46:12 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\PolicMan.dll
[2009-07-14 02:04:45 | 000,012,150 | ---- | M] () -- C:\Windows\SysWOW64\wbem\PolicMan.mof
[2009-06-11 02:58:32 | 000,001,275 | ---- | M] () -- C:\Windows\SysWOW64\wbem\polstore.mof
[2009-06-11 03:16:48 | 000,005,105 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledeviceapi.mof
[2009-06-11 03:16:48 | 000,003,202 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledeviceclassextension.mof
[2009-06-11 03:16:48 | 000,001,777 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledeviceconnectapi.mof
[2009-06-11 03:16:51 | 000,003,490 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledevicetypes.mof
[2009-06-11 03:17:01 | 000,001,760 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledevicewiacompat.mof
[2009-06-11 03:16:48 | 000,003,092 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledevicewmdrm.mof
[2009-06-11 03:10:31 | 000,001,994 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ppcRsopCompSchema.mof
[2009-06-11 03:10:31 | 000,001,990 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ppcRsopUserSchema.mof
[2009-06-11 03:04:47 | 000,002,302 | ---- | M] () -- C:\Windows\SysWOW64\wbem\qmgr.mof
[2009-07-14 06:46:12 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\RacWmiProv.dll
[2009-07-14 01:59:26 | 000,003,032 | ---- | M] () -- C:\Windows\SysWOW64\wbem\RacWmiProv.mof
[2009-06-11 03:09:54 | 000,000,623 | ---- | M] () -- C:\Windows\SysWOW64\wbem\rawxml.xsl
[2009-06-11 02:55:06 | 000,001,312 | ---- | M] () -- C:\Windows\SysWOW64\wbem\rdpcore.mof
[2009-06-11 02:55:22 | 000,001,157 | ---- | M] () -- C:\Windows\SysWOW64\wbem\rdpencom.mof
[2009-06-11 02:56:11 | 000,001,122 | ---- | M] () -- C:\Windows\SysWOW64\wbem\rdpendp.mof
[2009-07-14 03:15:46 | 000,111,698 | ---- | M] () -- C:\Windows\SysWOW64\wbem\regevent.mof
[2009-06-11 02:48:39 | 000,062,541 | ---- | M] () -- C:\Windows\SysWOW64\wbem\samsrv.mof
[2009-06-11 03:12:55 | 000,004,357 | ---- | M] () -- C:\Windows\SysWOW64\wbem\scersop.mof
[2009-06-11 03:10:42 | 000,001,075 | ---- | M] () -- C:\Windows\SysWOW64\wbem\schannel.mof
[2009-06-11 03:07:43 | 000,002,684 | ---- | M] () -- C:\Windows\SysWOW64\wbem\SchedSvc.mof
[2009-07-14 02:19:02 | 000,002,544 | ---- | M] () -- C:\Windows\SysWOW64\wbem\sensorscpl.mof
[2009-07-14 11:02:32 | 000,083,607 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ServiceModel.mof
[2009-07-14 11:02:32 | 000,000,896 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ServiceModel.mof.uninstall
[2009-06-11 02:44:03 | 000,012,702 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ServiceModel35.mof
[2009-06-11 02:44:03 | 000,000,684 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ServiceModel35.mof.uninstall
[2009-06-11 03:16:18 | 000,003,689 | ---- | M] () -- C:\Windows\SysWOW64\wbem\setupapi.mof
[2009-06-11 03:10:30 | 000,002,583 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ssdpsrv.mof
[2009-07-14 06:46:15 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\stdprov.dll
[2009-06-11 02:45:18 | 000,003,066 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tcpip.mof
[2009-06-11 03:09:54 | 000,006,000 | ---- | M] () -- C:\Windows\SysWOW64\wbem\texttable.xsl
[2009-06-11 03:09:54 | 000,002,766 | ---- | M] () -- C:\Windows\SysWOW64\wbem\textvaluelist.xsl
[2009-06-11 02:50:42 | 000,001,236 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tsmf.mof
[2009-06-11 03:10:17 | 000,000,964 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tspkg.mof
[2009-06-11 03:16:23 | 000,003,692 | ---- | M] () -- C:\Windows\SysWOW64\wbem\umpnpmgr.mof
[2009-07-14 02:00:11 | 000,061,056 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vds.mof
[2009-07-14 06:46:17 | 000,138,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\vdswmi.dll
[2009-07-14 06:46:17 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\viewprov.dll
[2009-07-14 02:00:11 | 000,060,468 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vss.mof
[2009-07-14 06:46:17 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\vsswmi.dll
[2009-07-14 06:46:17 | 000,300,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemcntl.dll
[2009-07-14 06:46:17 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemdisp.dll
[2009-07-14 05:00:03 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemdisp.tlb
[2009-07-14 06:46:17 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemprox.dll
[2009-07-14 06:46:17 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemsvc.dll
[2009-06-11 03:10:18 | 000,001,103 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wdigest.mof
[2009-06-11 02:59:23 | 000,001,083 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WFAPIGP.mof
[2009-06-11 03:02:34 | 000,000,822 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WFP.MOF
[2009-07-14 02:38:27 | 000,002,136 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wfs.mof
[2009-07-14 02:11:27 | 000,003,146 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WgxInstalledGame.mof
[2009-07-14 02:58:48 | 000,004,120 | ---- | M] () -- C:\Windows\SysWOW64\wbem\whqlprov.mof
[2009-07-14 06:47:54 | 000,102,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\Win32_Tpm.dll
[2009-07-14 02:07:33 | 000,001,756 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wininit.mof
[2009-06-11 02:58:34 | 000,001,270 | ---- | M] () -- C:\Windows\SysWOW64\wbem\winipsec.mof
[2009-07-14 06:44:45 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WinMgmt.exe
[2009-06-11 03:18:04 | 000,001,545 | ---- | M] () -- C:\Windows\SysWOW64\wbem\Winsat.mof
[2009-06-11 03:18:04 | 000,000,487 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WinsatUninstall.mof
[2009-06-11 03:11:37 | 000,012,880 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wlan.mof
[2009-07-14 06:44:46 | 000,115,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WMIADAP.exe
[2009-07-14 06:46:19 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiApRpl.dll
[2009-07-14 06:44:46 | 000,395,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WMIC.exe
[2009-07-14 06:46:19 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WMICOOKR.dll
[2009-07-14 06:46:19 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiDcPrv.dll
[2009-07-14 06:46:19 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPerfClass.dll
[2009-06-11 03:01:02 | 000,000,980 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WmiPerfClass.mof
[2009-07-14 06:46:19 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPerfInst.dll
[2009-06-11 03:01:03 | 000,000,804 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WmiPerfInst.mof
[2009-07-14 06:44:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
[2009-07-14 06:46:19 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wmiutils.dll
[2009-06-11 03:04:42 | 000,004,887 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wmp.mof
[2009-06-11 02:57:13 | 000,001,368 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpc.mof
[2009-07-14 02:10:53 | 000,021,677 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpcsprov.mof
[2009-06-11 02:57:11 | 000,000,470 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpcuninst.mof
[2009-06-11 03:16:51 | 000,002,759 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdbusenum.mof
[2009-06-11 03:16:51 | 000,002,821 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdcomp.mof
[2009-06-11 03:16:51 | 000,002,737 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdfs.mof
[2009-06-11 03:16:52 | 000,003,011 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdmtp.mof
[2009-06-11 03:17:00 | 000,003,319 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdshext.mof
[2009-06-11 03:17:00 | 000,003,063 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WPDShServiceObj.mof
[2009-06-11 03:16:49 | 000,002,987 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdsp.mof
[2009-06-11 03:17:00 | 000,003,740 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdwcn.mof
[2009-07-14 02:04:57 | 000,005,360 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wscenter.mof
[2009-06-11 03:09:43 | 000,001,072 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wscmisetup.mof
[2009-06-11 03:18:33 | 000,002,348 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WSDApi.mof
[2009-06-11 03:10:28 | 000,004,430 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WsmAuto.mof
[2009-06-11 02:52:23 | 000,000,723 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wzcdlg.mof
[2009-06-11 03:09:55 | 000,002,866 | ---- | M] () -- C:\Windows\SysWOW64\wbem\xsl-mappings.xml
[2009-06-11 03:12:07 | 000,001,253 | ---- | M] () -- C:\Windows\SysWOW64\wbem\xwizards.mof
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
========== Alternate Data Streams ==========
@Alternate Data Stream - 1177 bytes -> C:\Users\Prajwal\AppData\Local\Temp:3QVz91uQrVVe7i5SDpQkT0xIi
< End of report >
*****MBRCheck, version 1.2.3*****
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x000001fd
Kernel Drivers (total 184):
0x02E66000 \SystemRoot\system32\ntoskrnl.exe
0x02E1D000 \SystemRoot\system32\hal.dll
0x00BCD000 \SystemRoot\system32\kdcom.dll
0x00CFE000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D42000 \SystemRoot\system32\PSHED.dll
0x00D56000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E8C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F30000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F3F000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F96000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F9F000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00FA9000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FDC000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FE9000 \SystemRoot\System32\drivers\partmgr.sys
0x00E00000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E09000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E15000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E2A000 \SystemRoot\System32\drivers\volmgrx.sys
0x00CC0000 \SystemRoot\System32\drivers\mountmgr.sys
0x0104D000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01169000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01174000 \SystemRoot\system32\drivers\fltmgr.sys
0x011C0000 \SystemRoot\system32\drivers\fileinfo.sys
0x01209000 \SystemRoot\system32\drivers\NISx64\1107000.00C\SYMDS64.SYS
0x01277000 \SystemRoot\system32\drivers\NISx64\1107000.00C\SYMEFA64.SYS
0x012B2000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01446000 \SystemRoot\System32\Drivers\Ntfs.sys
0x012BE000 \SystemRoot\System32\Drivers\msrpc.sys
0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0131C000 \SystemRoot\System32\Drivers\cng.sys
0x0141A000 \SystemRoot\System32\drivers\pcw.sys
0x0142B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016AE000 \SystemRoot\system32\drivers\ndis.sys
0x017A0000 \SystemRoot\system32\drivers\NETIO.SYS
0x01600000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x0162B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01AAC000 \SystemRoot\system32\DRIVERS\timntr.sys
0x01B95000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01BA5000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01C5C000 \SystemRoot\system32\DRIVERS\tdrpm258.sys
0x01DC8000 \SystemRoot\System32\Drivers\spldr.sys
0x01DD0000 \SystemRoot\SysWOW64\speedfan.sys
0x01C00000 \SystemRoot\system32\DRIVERS\snapman.sys
0x01A00000 \SystemRoot\System32\drivers\rdyboost.sys
0x01C44000 \SystemRoot\System32\Drivers\mup.sys
0x01DD7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01A3A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01DE0000 \SystemRoot\system32\DRIVERS\disk.sys
0x01A74000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x04413000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0443D000 \SystemRoot\System32\Drivers\NISx64\1107000.00C\SRTSP64.SYS
0x01675000 \SystemRoot\system32\drivers\NISx64\1107000.00C\Ironx64.SYS
0x015E9000 \SystemRoot\system32\drivers\NISx64\1107000.00C\SRTSPX64.SYS
0x047C5000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x04600000 \SystemRoot\System32\Drivers\Null.SYS
0x044C3000 \SystemRoot\System32\Drivers\Beep.SYS
0x045EE000 \SystemRoot\System32\drivers\vga.sys
0x013AF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0169C000 \SystemRoot\System32\drivers\watchdog.sys
0x01DF6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01435000 \SystemRoot\system32\drivers\rdpencdd.sys
0x013D4000 \SystemRoot\system32\drivers\rdprefmp.sys
0x013DD000 \SystemRoot\System32\Drivers\Msfs.SYS
0x013E8000 \SystemRoot\System32\Drivers\Npfs.SYS
0x011D4000 \SystemRoot\system32\DRIVERS\tdx.sys
0x011F2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03079000 \SystemRoot\System32\Drivers\NISx64\1107000.00C\SYMTDIV.SYS
0x030EF000 \SystemRoot\system32\drivers\afd.sys
0x03179000 \SystemRoot\System32\DRIVERS\netbt.sys
0x031BE000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x031C7000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03000000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x03014000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x03026000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03035000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04871000 \SystemRoot\system32\drivers\vpcvmm.sys
0x048C8000 \SystemRoot\system32\DRIVERS\termdd.sys
0x048DC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0492D000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04939000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x04E5B000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x04ED1000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x04EF6000 \SystemRoot\System32\drivers\discache.sys
0x04F05000 \SystemRoot\system32\drivers\csc.sys
0x04F88000 \SystemRoot\System32\Drivers\dfsc.sys
0x050D3000 \SystemRoot\system32\drivers\NISx64\1107000.00C\ccHPx64.sys
0x0516F000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04C0F000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100901.003\BHDrvx64.sys
0x04CFC000 \SystemRoot\SysWow64\drivers\AsIO.sys
0x04D02000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04D28000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0F49A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x1012C000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x0542E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05522000 \SystemRoot\System32\drivers\dxgmms1.sys
0x05568000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x05575000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x055CB000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x055DC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x1012E000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x0F400000 \SystemRoot\system32\drivers\wfeaglxt.sys
0x10192000 \SystemRoot\system32\drivers\ks.sys
0x05400000 \SystemRoot\system32\drivers\BdaSup.SYS
0x05404000 \SystemRoot\system32\drivers\ksthunk.sys
0x0540A000 \SystemRoot\system32\DRIVERS\fdc.sys
0x05417000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x0541F000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x101D5000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x101E5000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0F474000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04D3E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04D4A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04D79000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04D94000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04DB5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04DCF000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x04DDA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04DE9000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x05180000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x051BD000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x05428000 \SystemRoot\system32\DRIVERS\swenum.sys
0x051EC000 \SystemRoot\system32\DRIVERS\nvoclk64.sys
0x05000000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05012000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x04C00000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x0542A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0502F000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x0506B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x050C5000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x04FA6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05AEF000 \SystemRoot\system32\drivers\ADIHdAud.sys
0x05B68000 \SystemRoot\system32\drivers\portcls.sys
0x05BA5000 \SystemRoot\system32\drivers\drmk.sys
0x05BC7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05BD5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05BEE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05A00000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05A1D000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x05A30000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x05A3E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05A4B000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x05A5F000 \SystemRoot\System32\Drivers\usbvideo.sys
0x05A8D000 \SystemRoot\system32\drivers\usbaudio.sys
0x05AA8000 \SystemRoot\System32\Drivers\crashdmp.sys
0x044CA000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05AB6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00040000 \SystemRoot\System32\win32k.sys
0x05AC9000 \SystemRoot\System32\drivers\Dxapi.sys
0x05AD5000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00510000 \SystemRoot\System32\TSDDD.dll
0x00770000 \SystemRoot\System32\cdd.dll
0x00840000 \SystemRoot\System32\ATMFD.DLL
0x04FBB000 \SystemRoot\system32\drivers\luafv.sys
0x04FDE000 \SystemRoot\system32\drivers\WudfPf.sys
0x04E00000 \SystemRoot\System32\Drivers\DefragFS.SYS
0x04E25000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04E3A000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x05C28000 \SystemRoot\system32\drivers\HTTP.sys
0x05CF0000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05D0E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05D26000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05D53000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x05DA1000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05DC4000 \SystemRoot\system32\DRIVERS\aksdf.sys
0x049BA000 \SystemRoot\system32\DRIVERS\afcdp.sys
0x04800000 \SystemRoot\System32\Drivers\fastfat.SYS
0x05DD4000 \??\C:\Windows\system32\drivers\cpuz133_x64.sys
0x05DDD000 \??\C:\Windows\system32\drivers\cpuz134_x64.sys
0x01000000 \??\C:\Windows\system32\drivers\hardlock.sys
0x08E00000 \SystemRoot\system32\drivers\peauth.sys
0x08EA6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x08EB1000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x08EDE000 \SystemRoot\System32\drivers\tcpipreg.sys
0x08EF0000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08F58000 \SystemRoot\System32\DRIVERS\srv.sys
0x08FEE000 \??\C:\Program Files\PeerBlock\pbfilter.sys
0x04609000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100915.022\EX64.SYS
0x05C00000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100915.022\ENG64.SYS
0x04944000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100914.003\IDSvia64.sys
0x77880000 \Windows\System32\ntdll.dll
0x482E0000 \Windows\System32\smss.exe
0xFFBA0000 \Windows\System32\apisetschema.dll
Processes (total 91):
0 System Idle Process
4 System
552 C:\Windows\System32\smss.exe
760 csrss.exe
844 C:\Windows\System32\wininit.exe
860 csrss.exe
904 C:\Windows\System32\winlogon.exe
952 C:\Windows\System32\services.exe
968 C:\Windows\System32\lsass.exe
976 C:\Windows\System32\lsm.exe
608 C:\Windows\System32\svchost.exe
736 C:\Windows\System32\nvvsvc.exe
756 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\svchost.exe
1288 C:\Windows\System32\svchost.exe
1392 C:\Windows\System32\svchost.exe
1476 C:\Windows\System32\nvvsvc.exe
1624 C:\Windows\System32\spoolsv.exe
1660 C:\Windows\System32\svchost.exe
1776 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1788 C:\Program Files\PeerBlock\peerblock.exe
1828 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
1864 C:\Windows\System32\AEADISRV.EXE
1892 C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
1980 C:\Windows\System32\taskhost.exe
1688 C:\Windows\System32\dwm.exe
1564 C:\Windows\explorer.exe
2136 C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
2144 C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
2180 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2216 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
2316 C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
2376 C:\Windows\SysWOW64\svchost.exe
2408 C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe
2488 C:\Windows\System32\svchost.exe
2512 C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
2576 C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
2664 C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
2716 C:\Windows\System32\svchost.exe
2744 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2772 C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
2784 C:\Program Files\Windows Sidebar\sidebar.exe
1696 C:\Program Files (x86)\Windows Uptime\Windows Uptime.exe
1268 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
1372 C:\Windows\System32\svchost.exe
2252 C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
2704 C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
2768 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
3036 C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
3092 C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
3312 WmiPrvSE.exe
3360 C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
3436 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
3452 C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
3504 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3664 C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
3736 C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
3820 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
4256 C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
4372 C:\Windows\System32\svchost.exe
4408 C:\Windows\System32\SearchIndexer.exe
4492 C:\Windows\System32\svchost.exe
4940 C:\Program Files (x86)\NeoSmart Technologies\iReboot\iReboot.exe
4948 C:\Program Files\Logitech\SetPoint\SetPoint.exe
5052 C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
3080 C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
3276 C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
3280 C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
4792 C:\Program Files (x86)\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe
5628 C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
5904 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
5448 C:\Windows\System32\svchost.exe
312 C:\Program Files\Windows Media Player\wmpnetwk.exe
2160 C:\Windows\System32\taskeng.exe
5776 C:\Windows\System32\cmd.exe
4404 C:\Windows\System32\conhost.exe
1412 C:\Program Files (x86)\Internet Explorer\ielowutil.exe
5892 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1524 C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
3076 C:\Windows\System32\svchost.exe
5876 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
3040 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\SearchProtocolHost.exe
4640 C:\Windows\System32\SearchFilterHost.exe
4608 C:\Windows\System32\audiodg.exe
2008 dllhost.exe
4684 dllhost.exe
864 C:\Users\Prajwal\Desktop\MBRCheck.exe
2128 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000032`0053f800 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000004b`00bd1600 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000070`811b4200 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000096`01794e00 (NTFS)
\\.\H: --> \\.\PhysicalDrive0 at offset 0x000000e8`c057fe00 (NTFS)
PhysicalDrive0 Model Number: ST31000528AS, Rev: CC35
Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
Thankyou
Looks good. If no issues left it's time for the final steps :)
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
A To disable the System Restore feature:
1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.
B. Reboot.
C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.
Double-click OTL.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.