Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 36

Thread: mallware trouble

  1. #11
    Senior Member
    Join Date
    Nov 2008
    Posts
    113

    Default

    mbam log

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.23.02

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Sai SGK :: HOMEPC [administrator]

    23-09-2012 17:51:20
    mbam-log-2012-09-23 (17-51-20).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 243693
    Time elapsed: 4 minute(s), 8 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    ESET scan results

    C:\Qoobox\Quarantine\C\Users\Sai SGK\AppData\Local\TempDIR\BetterInstaller.exe.vir a variant of Win32/Somoto.A application
    C:\Users\Sai SGK\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120225162001888.rsc multiple threats
    C:\Users\Sai SGK\Desktop\New folder (4)\MediaInfo_GUI_0.7.52_Windows_i386.exe Win32/OpenCandy application
    C:\Users\Sai SGK\Desktop\New folder (4)\windows.7.codec.pack.v3.6.0.setup.exe probably a variant of Win32/Toolbar.Widgi application

  2. #12
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,
    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:

      ClearJavaCache::

      File::
      C:\Users\Sai SGK\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120225162001888.rsc
      C:\Users\Sai SGK\Desktop\New folder (4)\MediaInfo_GUI_0.7.52_Windows_i386.exe
      C:\Users\Sai SGK\Desktop\New folder (4)\windows.7.codec.pack.v3.6.0.setup.exe
    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix may request an update; please allow it.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    ----------

    Please post the new ComboFix log and let me know how your system is running now.

  3. #13
    Senior Member
    Join Date
    Nov 2008
    Posts
    113

    Default

    here is the combofix log

    ComboFix 12-09-24.03 - Sai SGK 25-09-2012 14:58:30.3.4 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.91.1033.18.3255.2248 [GMT 5.5:30]
    Running from: c:\users\Sai SGK\Desktop\ComboFix.exe
    Command switches used :: c:\users\Sai SGK\Desktop\CFScript.txt
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    FILE ::
    "c:\users\Sai SGK\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120225162001888.rsc"
    "c:\users\Sai SGK\Desktop\New folder (4)\MediaInfo_GUI_0.7.52_Windows_i386.exe"
    "c:\users\Sai SGK\Desktop\New folder (4)\windows.7.codec.pack.v3.6.0.setup.exe"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Sai SGK\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120225162001888.rsc
    c:\users\Sai SGK\Desktop\New folder (4)\MediaInfo_GUI_0.7.52_Windows_i386.exe
    c:\users\Sai SGK\Desktop\New folder (4)\windows.7.codec.pack.v3.6.0.setup.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-25 to 2012-09-25 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-25 09:33 . 2012-09-25 09:33 -------- d-----w- c:\users\Sai SGK\AppData\Local\temp
    2012-09-25 09:33 . 2012-09-25 09:33 -------- d-----w- c:\users\user\AppData\Local\temp
    2012-09-25 09:33 . 2012-09-25 09:33 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-09-25 09:21 . 2012-09-18 19:29 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F815AA95-0BA8-49AF-A0EF-A8F2EE455DB3}\mpengine.dll
    2012-09-24 10:07 . 2012-09-24 10:07 -------- d-----w- c:\program files\ConvertHelper
    2012-09-23 12:31 . 2012-09-23 12:31 -------- d-----w- c:\program files\ESET
    2012-09-23 12:14 . 2012-09-23 12:14 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\Malwarebytes
    2012-09-23 12:13 . 2012-09-23 12:13 -------- d-----w- c:\programdata\Malwarebytes
    2012-09-23 12:13 . 2012-09-23 12:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-09-23 12:13 . 2012-09-07 11:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-23 12:09 . 2012-09-23 12:09 -------- d-----w- c:\program files\Common Files\Java
    2012-09-23 12:08 . 2012-09-23 12:08 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-09-23 12:08 . 2012-09-23 12:08 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-09-23 12:08 . 2012-09-23 12:08 -------- d-----w- c:\program files\Java
    2012-09-23 10:21 . 2012-09-23 10:21 -------- d-----w- c:\users\Sai SGK\AppData\Roaming\Foxit Software
    2012-09-21 12:03 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-09-21 12:03 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-09-21 12:03 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-09-21 12:03 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-09-21 12:03 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
    2012-09-20 12:05 . 2012-09-20 12:05 -------- d-----w- c:\windows\system32\SPReview
    2012-09-20 12:04 . 2012-09-20 12:04 -------- d-----w- c:\windows\system32\EventProviders
    2012-09-19 12:50 . 2012-09-24 09:34 -------- d-----w- c:\users\UpdatusUser
    2012-09-19 12:49 . 2012-09-19 12:49 -------- d-----w- c:\programdata\NVIDIA Corporation
    2012-09-19 09:38 . 2012-09-19 09:38 -------- d-----w- c:\program files\ERUNT
    2012-09-17 10:25 . 2012-09-17 10:25 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
    2012-09-13 13:35 . 2012-09-13 13:35 -------- d-----w- c:\program files\Common Files\Skype
    2012-09-13 13:35 . 2012-09-13 13:35 -------- d-----r- c:\program files\Skype
    2012-09-12 10:29 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-09-05 11:59 . 2012-09-05 11:59 -------- d-----w- c:\program files\Centricity
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-23 12:08 . 2011-04-04 04:46 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-09-21 12:03 . 2012-05-28 12:36 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-09-21 12:03 . 2011-07-21 13:16 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-09-20 12:11 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
    2012-09-16 13:21 . 2011-04-26 13:40 850152 ----a-w- c:\windows\system32\SpoonUninstall.exe
    2012-07-18 17:47 . 2012-08-15 11:06 2345984 ----a-w- c:\windows\system32\win32k.sys
    2012-07-04 21:14 . 2012-08-15 11:05 41984 ----a-w- c:\windows\system32\browcli.dll
    2012-07-04 21:14 . 2012-08-15 11:05 102912 ----a-w- c:\windows\system32\browser.dll
    2012-09-17 10:25 . 2011-11-20 12:29 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cdloader"="c:\users\Sai SGK\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-08-23 50592]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "BATINDICATOR"="c:\program files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
    "LaunchHPOSIAPP"="c:\program files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-03 385024]
    "HP Remote Solution"="c:\program files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
    "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
    "PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 78832]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-03-07 296056]
    "CorelGadget"="c:\program files\Common Files\Ulead Systems\Gadget\GadgetEB.dll" [2009-08-20 154256]
    "Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2009-08-20 105616]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQwAtAEUAOQBWAFUAVwAtAEUAVwAwAFYAQQAtAFUAVQAzAFgATAAtAEYARQBXADkANwA&inst=NwA3AC0AMwA4ADIAMAA1ADQAMQA3ADUALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEA&prod=90&ver=9.0.872" [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVer HID Receiver.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk
    backup=c:\windows\pss\AVer HID Receiver.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk
    backup=c:\windows\pss\AVerQuick.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Sai SGK^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=c:\users\Sai SGK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=c:\windows\pss\Adobe Gamma.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Sai SGK^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
    path=c:\users\Sai SGK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
    2010-03-13 09:24 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
    2011-08-23 20:03 50592 ----a-w- c:\users\Sai SGK\AppData\Roaming\mjusbsp\cdloader2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-11-14 05:56 136176 ----atw- c:\users\Sai SGK\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
    2009-09-29 09:56 1685048 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
    2009-06-29 08:31 600936 ----a-w- c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Quick-Drop]
    2008-06-02 20:34 389264 ----a-w- c:\program files\Corel\Corel DVD MovieFactory 7\Corel DVD MovieFactory 7\Quick-Drop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 12:08 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2012-07-13 08:03 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartMenu]
    2009-09-14 10:46 567864 ----a-w- c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2012-03-07 16:39 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 JakNDisMP;JakNDisMP;c:\windows\system32\DRIVERS\JakNDis.sys [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
    R3 PCDSRVC{4F253FFC-7957E8FC-06000000}_0;PCDSRVC{4F253FFC-7957E8FC-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc.pkms [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    S2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [x]
    S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [x]
    S2 AVerUpdateServer;AVerUpdateServer;c:\program files\AVerMedia\AVerUpdate\AVerUpdateServer.exe [x]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
    S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
    S3 AVER_H193;AVerMedia H193 Video Capture;c:\windows\system32\drivers\AVer888RC.sys [x]
    S3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\DRIVERS\AVerPola.sys [x]
    S3 AVPolCIR;AVerMedia USB Polaris Series Custom IR Service;c:\windows\system32\DRIVERS\AVPolCIR.sys [x]
    S3 CXCIR;AVerMedia Consumer Infrared Receiver;c:\windows\system32\DRIVERS\AVer888RCIR.sys [x]
    S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
    S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 12:03]
    .
    2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-10 07:31]
    .
    2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-10 07:31]
    .
    2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4072363782-845024879-551118666-1000Core.job
    - c:\users\Sai SGK\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-14 05:56]
    .
    2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4072363782-845024879-551118666-1000UA.job
    - c:\users\Sai SGK\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-14 05:56]
    .
    2012-09-19 c:\windows\Tasks\HPCeeScheduleForSai SGK.job
    - c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 16:45]
    .
    2012-01-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
    - c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 06:58]
    .
    2012-09-25 c:\windows\Tasks\ReclaimerResumeInstall_Sai SGK.job
    - c:\users\Sai SGK\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-24 12:52]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902}
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Sai SGK\AppData\Roaming\Mozilla\Firefox\Profiles\frtv5g5k.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{4F253FFC-7957E8FC-06000000}_0]
    "ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-4072363782-845024879-551118666-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-4072363782-845024879-551118666-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-4072363782-845024879-551118666-1000_Classes\CLSID\{015be26c-da13-4307-84fe-e5ad2f40f5f0}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000105
    "Therad"=dword:0000001e
    "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
    38,95,44,75,07,18,dd,fb,11,42,94,27,b7,99,0d,2a,ba,05,1a,a2,02,c9,3e,9b,f9,\
    .
    [HKEY_USERS\S-1-5-21-4072363782-845024879-551118666-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "scansk"=hex(0):2e,d2,1b,f1,21,30,b2,2a,62,e8,c5,5c,9c,18,c3,63,ce,be,0a,66,b6,
    9b,af,6d,8c,33,62,d0,08,18,90,2d,6f,85,82,5d,f2,1e,e5,22,00,00,00,00,00,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-09-25 15:04:29
    ComboFix-quarantined-files.txt 2012-09-25 09:34
    ComboFix2.txt 2012-09-22 11:03
    ComboFix3.txt 2012-09-21 12:23
    .
    Pre-Run: 15,741,779,968 bytes free
    Post-Run: 17,008,177,152 bytes free
    .
    - - End Of File - - 0331ECFEFAB4ABBEF0C1B087C5C2A869


    -----------------------------------------------------------------


    Well, earlier it will slow down and hangs or the mouse pointer works, OS gets hang. But after a restart it worked fine.
    Now it doesn't hang but sometimes it slows for few seconds and it works for 3 to 5 hours without a problem.

    Need to see for 2 more days whether it runs without any complicatios.

  4. #14
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Need to see for 2 more days whether it runs without any complicatios.
    Ok....not a problem. I can keep the topic open.

  5. #15
    Senior Member
    Join Date
    Nov 2008
    Posts
    113

    Default

    Well, computer still hangs. please help.

  6. #16
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    When is the system hanging? Let me know exactly what is happening so we can try to narrow this down.

    OTL
    • Download OTL to your desktop.
    • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Select All Users
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under the Custom Scan box paste this in

      netsvcs
      /md5start
      consrv.dll
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      /md5stop
      CREATERESTOREPOINT
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

    ----------

  7. #17
    Senior Member
    Join Date
    Nov 2008
    Posts
    113

    Default

    It hangs within few minutes after system fully boots up, but its not happening daily.

  8. #18
    Senior Member
    Join Date
    Nov 2008
    Posts
    113

    Default

    here is the OTL log

    OTL logfile created on: 28/09/2012 9:55:27 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sai SGK\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000c09 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

    3.18 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 73.35% Memory free
    6.36 Gb Paging File | 5.45 Gb Available in Paging File | 85.71% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 388.84 Gb Total Space | 26.17 Gb Free Space | 6.73% Space Free | Partition Type: NTFS
    Drive D: | 9.65 Gb Total Space | 1.44 Gb Free Space | 14.90% Space Free | Partition Type: NTFS
    Drive E: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive F: | 931.51 Gb Total Space | 25.71 Gb Free Space | 2.76% Space Free | Partition Type: NTFS
    Drive V: | 300.05 Gb Total Space | 7.94 Gb Free Space | 2.65% Space Free | Partition Type: NTFS

    Computer Name: HOMEPC | User Name: Sai SGK | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Sai SGK\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
    PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
    PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
    PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
    PRC - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
    PRC - C:\Program Files\AVerMedia\AVerUpdate\AVerUpdateServer.exe (AVerMedia TECHNOLOGIES, Inc.)
    PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
    PRC - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
    PRC - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
    PRC - c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
    PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    PRC - C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
    PRC - C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
    PRC - C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe (Hewlett-Packard)
    PRC - C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe ()
    PRC - C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\12dc22db56f7933e84654ecc590beba5\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\828e99a57411166ccc26d24be089ba44\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\502adc65e43b9d025cba1fd0bfa964a8\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb0e4de1afd3f2efbbf39a5e39f646a\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2a5cbab122112cd4291b684e67460c16\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\5b10c18a074132f1ae4a86d860cf9615\WindowsBase.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9447bd5b21a91081d4275b4c4401b1f9\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2ab531f4915cccb998c4e852fb7efd00\mscorlib.ni.dll ()
    MOD - c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
    MOD - C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe ()
    MOD - C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll ()


    ========== Services (SafeList) ==========

    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
    SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
    SRV - (HPDrvMntSvc.exe) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
    SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
    SRV - (GameConsoleService) -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
    SRV - (AVerUpdateServer) -- C:\Program Files\AVerMedia\AVerUpdate\AVerUpdateServer.exe (AVerMedia TECHNOLOGIES, Inc.)
    SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
    SRV - (AVerScheduleService) -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
    SRV - (AVerRemote) -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
    SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


    ========== Driver Services (SafeList) ==========

    DRV - (JakNDisMP) -- system32\DRIVERS\JakNDis.sys File not found
    DRV - (catchme) -- C:\Users\SAISGK~1\AppData\Local\Temp\catchme.sys File not found
    DRV - (appliandMP) -- system32\DRIVERS\appliand.sys File not found
    DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
    DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
    DRV - (AVPolCIR) -- C:\Windows\System32\drivers\AVPolCIR.sys (AVerMedia TECHNOLOGIES, Inc.)
    DRV - (AVerPola) -- C:\Windows\System32\drivers\AVerPola.sys (AVerMedia TECHNOLOGIES, Inc.)
    DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
    DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
    DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
    DRV - (AVER_H193) -- C:\Windows\System32\drivers\AVer888RC.sys (AVerMedia TECHNOLOGIES, Inc.)
    DRV - (CXCIR) -- C:\Windows\System32\drivers\AVer888RCIR.sys (AVerMedia TECHNOLOGIES, Inc.)
    DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
    DRV - (PCDSRVC{4F253FFC-7957E8FC-06000000}_0) -- c:\Program Files\PC-Doctor for Windows\pcdsrvc.pkms (PC-Doctor, Inc.)
    DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
    DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
    DRV - (s125mgmt) -- C:\Windows\System32\drivers\s125mgmt.sys (MCCI Corporation)
    DRV - (s125obex) -- C:\Windows\System32\drivers\s125obex.sys (MCCI Corporation)
    DRV - (s125mdm) -- C:\Windows\System32\drivers\s125mdm.sys (MCCI Corporation)
    DRV - (s125mdfl) -- C:\Windows\System32\drivers\s125mdfl.sys (MCCI Corporation)
    DRV - (s125bus) -- C:\Windows\System32\drivers\s125bus.sys (MCCI Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/26
    IE - HKLM\..\SearchScopes,DefaultScope = {B9CE2C42-B451-4630-9F92-67736B5ACA32}
    IE - HKLM\..\SearchScopes\{B9CE2C42-B451-4630-9F92-67736B5ACA32}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-4072363782-845024879-551118666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-IN
    IE - HKU\S-1-5-21-4072363782-845024879-551118666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 4E 31 E7 86 99 CD 01 [binary data]
    IE - HKU\S-1-5-21-4072363782-845024879-551118666-1000\..\SearchScopes,DefaultScope = {B9CE2C42-B451-4630-9F92-67736B5ACA32}
    IE - HKU\S-1-5-21-4072363782-845024879-551118666-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=F32C516772DDEE269756825002B85F4F&q={searchTerms}
    IE - HKU\S-1-5-21-4072363782-845024879-551118666-1000\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://home.speedbit.com/search.aspx?aff=206&q={searchTerms}
    IE - HKU\S-1-5-21-4072363782-845024879-551118666-1000\..\SearchScopes\{B9CE2C42-B451-4630-9F92-67736B5ACA32}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-4072363782-845024879-551118666-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-4072363782-845024879-551118666-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

    IE - HKU\S-1-5-21-4072363782-845024879-551118666-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/26
    IE - HKU\S-1-5-21-4072363782-845024879-551118666-1001\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.jp.msn.com/HPALL/26
    IE - HKU\S-1-5-21-4072363782-845024879-551118666-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/26

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Blekko"
    FF - prefs.js..browser.search.order.1: "Blekko"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.6
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410
    FF - prefs.js..keyword.URL: "http://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q="
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sai SGK\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Sai SGK\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sai SGK\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sai SGK\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/07 22:10:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/17 15:55:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/23 17:38:28 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/17 15:55:48 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/23 17:38:28 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Sai SGK\AppData\Roaming\IDM\idmmzcc5

    [2010/08/07 14:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sai SGK\AppData\Roaming\Mozilla\Extensions
    [2012/09/17 15:30:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sai SGK\AppData\Roaming\Mozilla\Firefox\Profiles\frtv5g5k.default\extensions
    [2012/09/17 15:30:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Sai SGK\AppData\Roaming\Mozilla\Firefox\Profiles\frtv5g5k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/08/20 15:53:24 | 000,002,516 | ---- | M] () -- C:\Users\Sai SGK\AppData\Roaming\Mozilla\Firefox\Profiles\frtv5g5k.default\searchplugins\speedbit.xml
    [2011/11/20 17:59:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/09/17 15:55:48 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/05/15 18:44:42 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/09/17 15:55:48 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/05/15 18:44:42 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/05/15 18:44:42 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/09/17 15:55:48 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
    [2012/05/15 18:44:42 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.co.in/
    CHR - default_search_provider: Blekko (Enabled)
    CHR - default_search_provider: search_url = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=F32C516772DDEE269756825002B85F4F&q={searchTerms}
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://www.google.co.in/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sai SGK\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Sai SGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Sai SGK\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Sai SGK\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
    CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Sai SGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Sai SGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Sai SGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: Gmail = C:\Users\Sai SGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/09/25 15:03:45 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [hpsysdrv] c:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
    O4 - HKU\S-1-5-21-4072363782-845024879-551118666-1000..\Run: [cdloader] C:\Users\Sai SGK\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-4072363782-845024879-551118666-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4072363782-845024879-551118666-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4072363782-845024879-551118666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-4072363782-845024879-551118666-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} file:///E:/CDVIEWER/CdViewer.cab (AMI DicomDir TreeView Control 2.1)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9862F47-311C-439F-8B46-076FE32750AB}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0403626-04E7-4B74-9C7A-640CDEA3CBDD}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/28 09:49:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sai SGK\Desktop\OTL.exe
    [2012/09/25 15:04:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/09/25 15:04:31 | 000,000,000 | ---D | C] -- C:\Users\Sai SGK\AppData\Local\temp
    [2012/09/25 09:45:29 | 000,000,000 | ---D | C] -- C:\Users\Sai SGK\Desktop\New folder (3)
    [2012/09/24 15:37:15 | 000,000,000 | ---D | C] -- C:\Program Files\ConvertHelper
    [2012/09/23 18:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/09/23 17:44:01 | 000,000,000 | ---D | C] -- C:\Users\Sai SGK\AppData\Roaming\Malwarebytes
    [2012/09/23 17:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/09/23 17:43:21 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/09/23 17:43:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/09/23 17:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012/09/23 17:38:18 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2012/09/23 15:51:58 | 000,000,000 | ---D | C] -- C:\Users\Sai SGK\AppData\Roaming\Foxit Software
    [2012/09/21 17:51:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/09/21 17:45:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/09/21 17:45:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/09/21 17:45:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/09/21 17:45:03 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/09/21 17:40:39 | 004,757,278 | R--- | C] (Swearware) -- C:\Users\Sai SGK\Desktop\ComboFix.exe
    [2012/09/20 17:35:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
    [2012/09/20 17:34:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
    [2012/09/19 18:19:45 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
    [2012/09/19 15:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2012/09/19 15:08:31 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2012/09/13 19:05:30 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
    [2012/09/13 19:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2012/09/13 19:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2012/09/09 16:13:10 | 000,000,000 | ---D | C] -- C:\Users\Sai SGK\Desktop\New folder (2)
    [2012/09/05 17:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Centricity
    [2010/09/21 15:17:15 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Sai SGK\AppData\Roaming\pcouffin.sys
    [2010/08/09 18:41:45 | 093,393,016 | ---- | C] (AVG Technologies) -- C:\Users\Sai SGK\avg_free_stf_en_90_851a3009.exe
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/09/28 09:50:25 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/09/28 09:50:24 | 000,002,322 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/09/28 09:50:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sai SGK\Desktop\OTL.exe
    [2012/09/28 09:39:50 | 000,015,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/28 09:39:50 | 000,015,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/28 09:36:49 | 000,632,188 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/09/28 09:36:49 | 000,114,180 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/09/28 09:32:40 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/09/28 09:32:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/28 09:32:26 | 2559,897,600 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/27 18:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/09/27 18:24:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4072363782-845024879-551118666-1000UA.job
    [2012/09/27 17:18:52 | 070,901,200 | ---- | M] () -- C:\Users\Sai SGK\Desktop\fuf.rar
    [2012/09/27 15:24:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4072363782-845024879-551118666-1000Core.job
    [2012/09/27 11:38:56 | 000,202,522 | ---- | M] () -- C:\Users\Sai SGK\Desktop\Scan0002.jpg
    [2012/09/26 17:13:59 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSai SGK.job
    [2012/09/25 18:17:04 | 031,981,568 | ---- | M] () -- C:\Users\Sai SGK\Desktop\0924182801CompositeNew Schedule.mpg
    [2012/09/25 15:03:45 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/09/25 14:56:07 | 004,757,278 | R--- | M] (Swearware) -- C:\Users\Sai SGK\Desktop\ComboFix.exe
    [2012/09/25 09:32:06 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\ReclaimerResumeInstall_Sai SGK.job
    [2012/09/24 18:07:59 | 000,000,000 | ---- | M] () -- C:\Users\Sai SGK\AppData\Roaming\AVSMediaPlayer.m3u
    [2012/09/23 17:43:22 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/21 17:44:18 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/09/21 17:28:05 | 062,031,872 | ---- | M] () -- C:\Users\Sai SGK\Desktop\0917182800CompositeNew Schedule.mpg
    [2012/09/21 17:10:52 | 000,376,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/09/18 18:13:16 | 000,001,506 | ---- | M] () -- C:\Users\Sai SGK\Desktop\msseces.exe.lnk
    [2012/09/17 15:55:50 | 000,001,992 | ---- | M] () -- C:\Users\Sai SGK\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/09/16 18:52:16 | 000,003,226 | ---- | M] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
    [2012/09/16 18:52:02 | 000,033,846 | ---- | M] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Codec.bmp
    [2012/09/16 18:51:53 | 000,850,152 | ---- | M] () -- C:\Windows\System32\SpoonUninstall.exe
    [2012/09/13 19:05:30 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2012/09/10 17:20:58 | 000,067,749 | ---- | M] () -- C:\Users\Sai SGK\Desktop\LACM-4976.jpg
    [2012/09/08 18:51:33 | 047,524,240 | ---- | M] () -- C:\Users\Sai SGK\Desktop\001 [SubDesu] Bakuman - 08 (1280x720)[891f0d93]_track2_jpn.aac
    [2012/09/08 18:50:36 | 282,239,020 | ---- | M] () -- C:\Users\Sai SGK\Desktop\001 [SubDesu] Bakuman - 08 (1280x720)[891f0d93]_track2_jpn.wav
    [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/09/05 15:07:20 | 000,000,949 | ---- | M] () -- C:\Windows\Active Setup Log.BAK
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/09/27 16:59:02 | 070,901,200 | ---- | C] () -- C:\Users\Sai SGK\Desktop\fuf.rar
    [2012/09/27 11:38:56 | 000,202,522 | ---- | C] () -- C:\Users\Sai SGK\Desktop\Scan0002.jpg
    [2012/09/25 18:17:03 | 031,981,568 | ---- | C] () -- C:\Users\Sai SGK\Desktop\0924182801CompositeNew Schedule.mpg
    [2012/09/24 18:22:29 | 000,000,382 | ---- | C] () -- C:\Windows\tasks\ReclaimerResumeInstall_Sai SGK.job
    [2012/09/23 17:43:22 | 000,001,029 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/23 16:56:33 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    [2012/09/21 17:45:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/09/21 17:45:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/09/21 17:45:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/09/21 17:45:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/09/21 17:45:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/09/21 17:27:58 | 062,031,872 | ---- | C] () -- C:\Users\Sai SGK\Desktop\0917182800CompositeNew Schedule.mpg
    [2012/09/18 18:13:16 | 000,001,506 | ---- | C] () -- C:\Users\Sai SGK\Desktop\msseces.exe.lnk
    [2012/09/18 17:22:41 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/09/16 18:52:16 | 000,033,846 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Codec.bmp
    [2012/09/16 18:52:16 | 000,003,226 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
    [2012/09/10 17:20:58 | 000,067,749 | ---- | C] () -- C:\Users\Sai SGK\Desktop\LACM-4976.jpg
    [2012/09/08 18:50:58 | 047,524,240 | ---- | C] () -- C:\Users\Sai SGK\Desktop\001 [SubDesu] Bakuman - 08 (1280x720)[891f0d93]_track2_jpn.aac
    [2012/09/08 18:50:29 | 282,239,020 | ---- | C] () -- C:\Users\Sai SGK\Desktop\001 [SubDesu] Bakuman - 08 (1280x720)[891f0d93]_track2_jpn.wav
    [2012/09/05 15:06:58 | 000,000,949 | ---- | C] () -- C:\Windows\Active Setup Log.BAK
    [2012/03/31 17:11:42 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2012/02/14 19:27:58 | 000,209,040 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
    [2012/02/14 19:27:58 | 000,204,944 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
    [2012/02/14 19:27:58 | 000,196,752 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
    [2012/02/14 19:27:58 | 000,196,752 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
    [2012/02/14 19:27:58 | 000,192,656 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
    [2012/02/14 19:27:58 | 000,024,720 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
    [2012/01/30 18:38:13 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2012/01/09 17:17:49 | 000,002,738 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp DirectShow Decoder.dat
    [2011/08/21 11:22:44 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
    [2011/08/20 15:49:42 | 000,109,216 | ---- | C] () -- C:\Windows\System32\EasyHook64.dll
    [2011/08/20 15:49:42 | 000,090,784 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll
    [2011/07/13 17:37:07 | 000,001,849 | ---- | C] () -- C:\Users\Sai SGK\AppData\Roaming\GhostObjGAFix.xml
    [2011/06/05 19:50:24 | 000,002,993 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat
    [2011/05/13 20:11:16 | 000,057,061 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpowerAMP.dat
    [2011/05/01 19:30:52 | 000,003,012 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp WavPack Codec.dat
    [2011/05/01 19:29:11 | 000,001,224 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Wave64 Codec.dat
    [2011/05/01 19:25:59 | 000,003,153 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
    [2011/05/01 19:25:46 | 000,003,018 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp FLAC Codec.dat
    [2011/05/01 19:25:40 | 000,002,843 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
    [2011/04/27 20:43:55 | 000,003,328 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp AAC Encoder.dat
    [2011/04/27 19:52:33 | 000,012,496 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
    [2011/04/27 19:52:30 | 000,015,607 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
    [2011/04/26 19:10:04 | 000,850,152 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
    [2011/04/14 17:47:17 | 000,695,642 | ---- | C] () -- C:\Windows\unins000.exe
    [2011/04/14 17:47:17 | 000,001,257 | ---- | C] () -- C:\Windows\unins000.dat
    [2010/10/17 09:24:07 | 001,627,136 | ---- | C] () -- C:\Windows\System32\fftw3.dll
    [2010/10/05 17:30:56 | 000,000,000 | ---- | C] () -- C:\Users\Sai SGK\AppData\Roaming\AVSMediaPlayer.m3u
    [2010/09/30 19:01:09 | 001,866,670 | ---- | C] () -- C:\Windows\System32\libfftw3f-3.dll
    [2010/09/21 15:17:15 | 000,007,887 | ---- | C] () -- C:\Users\Sai SGK\AppData\Roaming\pcouffin.cat
    [2010/09/21 15:17:15 | 000,001,144 | ---- | C] () -- C:\Users\Sai SGK\AppData\Roaming\pcouffin.inf
    [2010/09/05 14:09:10 | 000,007,609 | ---- | C] () -- C:\Users\Sai SGK\AppData\Local\Resmon.ResmonCfg
    [2010/08/29 23:14:55 | 002,829,321 | ---- | C] () -- C:\Users\Sai SGK\AppData\Local\tmpMRIN1.JPG
    [2010/08/29 23:14:17 | 000,007,053 | ---- | C] () -- C:\Users\Sai SGK\AppData\Local\tmpMRIN1_navi.JPG
    [2010/08/18 10:05:43 | 000,012,800 | ---- | C] () -- C:\Users\Sai SGK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/08 20:31:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/08/07 18:17:24 | 000,011,148 | ---- | C] () -- C:\Users\Sai SGK\AppData\Roaming\wklnhst.dat

    ========== ZeroAccess Check ==========

    [2009/07/14 10:12:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 10:11:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 10:11:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:49:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 06:46:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2010/09/10 18:51:50 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\.BitTornado
    [2012/02/25 16:19:55 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\AVG
    [2012/01/09 17:17:49 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\dBpoweramp
    [2011/09/19 09:05:17 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\DMCache
    [2011/12/09 19:09:23 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\DVDforger
    [2011/07/05 17:30:16 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\EAC
    [2011/12/31 17:42:18 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\EasiestSoft
    [2010/10/31 18:52:16 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\FLV Extract
    [2012/09/23 15:51:58 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\Foxit Software
    [2011/10/24 17:53:17 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\GetRightToGo
    [2010/09/12 18:30:02 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\GrabPro
    [2011/09/12 20:09:27 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\IDM
    [2010/08/18 09:37:15 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\Leadertech
    [2010/09/10 16:49:08 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\Live Downloader
    [2012/04/13 16:06:52 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\mjusbsp
    [2010/08/18 10:20:56 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\muvee Technologies
    [2012/01/28 19:25:38 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\NeatImage SL
    [2012/02/25 16:08:37 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\No Company Name
    [2011/03/11 16:50:35 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\Opera
    [2010/09/12 18:42:35 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\Orbit
    [2010/09/12 18:30:05 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\ProgSense
    [2010/09/14 20:44:26 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\RMCBackup
    [2011/02/17 19:18:40 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\Smith Micro
    [2012/02/25 08:52:53 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\Sony
    [2012/02/15 20:46:12 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\Sony Creative Software Inc
    [2010/08/16 22:08:21 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\Template
    [2012/04/01 17:15:03 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\Ulead Systems
    [2012/09/14 15:26:57 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\uTorrent
    [2012/09/25 18:19:40 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\VideoReDo-TVSuite4
    [2012/01/29 10:30:16 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\Vso
    [2010/08/07 14:39:08 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\WildTangent
    [2010/09/06 14:47:41 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\WinBatch
    [2011/06/22 20:50:49 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\Windows Live Writer
    [2010/09/12 18:38:42 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\Youtube Downloader HD
    [2012/06/22 13:40:24 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\Zcom4017903
    [2012/06/22 13:40:42 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\Zcom4028423
    [2012/06/22 13:44:11 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\Zcom4343639

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < MD5 for: EXPLORER.EXE >
    [2009/10/06 11:36:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
    [2011/02/26 10:49:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
    [2009/07/14 06:44:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
    [2011/02/26 11:21:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
    [2009/10/31 11:15:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
    [2011/02/26 11:03:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
    [2010/11/20 17:47:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
    [2011/02/25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
    [2011/02/25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
    [2011/02/25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
    [2009/08/03 11:19:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
    [2009/08/03 11:05:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
    [2009/10/31 11:30:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
    [2009/10/06 11:23:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe

    < MD5 for: SVCHOST.EXE >
    [2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
    [2009/07/14 06:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
    [2009/07/14 06:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
    [2009/07/14 06:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2010/11/20 17:47:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
    [2010/11/20 17:47:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
    [2010/11/20 17:47:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009/07/14 06:44:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2009/10/28 11:47:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
    [2009/10/28 11:22:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
    [2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2010/11/20 17:47:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
    [2010/11/20 17:47:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
    [2010/11/20 17:47:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
    [2009/07/14 06:44:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:C8B8CEBD
    @Alternate Data Stream - 204 bytes -> C:\ProgramData\Temp:66633281
    @Alternate Data Stream - 195 bytes -> C:\ProgramData\Temp:3440EB47
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:0888F409
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:553CA6CA

    < End of report >

  9. #19
    Senior Member
    Join Date
    Nov 2008
    Posts
    113

    Default

    here is the Extras log

    OTL Extras logfile created on: 28/09/2012 9:55:27 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sai SGK\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000c09 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

    3.18 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 73.35% Memory free
    6.36 Gb Paging File | 5.45 Gb Available in Paging File | 85.71% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 388.84 Gb Total Space | 26.17 Gb Free Space | 6.73% Space Free | Partition Type: NTFS
    Drive D: | 9.65 Gb Total Space | 1.44 Gb Free Space | 14.90% Space Free | Partition Type: NTFS
    Drive E: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive F: | 931.51 Gb Total Space | 25.71 Gb Free Space | 2.76% Space Free | Partition Type: NTFS
    Drive V: | 300.05 Gb Total Space | 7.94 Gb Free Space | 2.65% Space Free | Partition Type: NTFS

    Computer Name: HOMEPC | User Name: Sai SGK | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-4072363782-845024879-551118666-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{171BCF0C-E959-469E-8193-A7C38E54DA65}" = lport=137 | protocol=17 | dir=in | app=system |
    "{1C7B6416-37E6-423B-96CE-1A860233F424}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{1CD7A4BE-85DF-47DC-BA2D-768AD8F38011}" = lport=139 | protocol=6 | dir=in | app=system |
    "{26FBBFA5-86A1-4055-8DE0-E0483ECAE1BF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{3D6049F3-2BCA-41DA-A042-46064DF1D9D6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{4B3A949E-54B7-4608-95B1-F2FA5538CA16}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{5C930805-65C6-4614-98E8-7A1BA8E845E4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{5D4E8439-9356-421C-9625-FC7B66186EB6}" = rport=139 | protocol=6 | dir=out | app=system |
    "{65970A13-7B65-493A-A263-FC4855CFC6ED}" = rport=138 | protocol=17 | dir=out | app=system |
    "{78E96069-4ECA-4572-A439-5E6285F986AC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7A81D716-E9E6-42DA-8448-0FD832B94CD9}" = rport=445 | protocol=6 | dir=out | app=system |
    "{8E644666-68E0-47EF-B633-9280E22DDF8D}" = lport=138 | protocol=17 | dir=in | app=system |
    "{9D2FE975-5FD6-4775-BA4E-FC03ACF7D7E0}" = rport=137 | protocol=17 | dir=out | app=system |
    "{A088E3D7-C351-4FA7-9E92-1CF7DC00699A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C8A4818C-7B35-455A-99A9-771B985FE24D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{C99CC4F2-F8E5-4A20-9D51-1FE9B0637444}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{CEBD1D13-8D8C-4F80-B237-D2ABB5088410}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D5903B1C-FE20-4FD4-860F-F15DDA43F365}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{DE90D11E-8E91-4991-B913-8CE281C1602D}" = lport=445 | protocol=6 | dir=in | app=system |
    "{E013D00B-5E65-4081-8C4D-6A00259691BA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{EE139979-FE01-495B-894F-DA92E72DAB27}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{EE2D69B6-2AD0-46EC-A888-6DA698CF780A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{035E7E98-A9A8-460B-9D0D-7D1AF2A5F23E}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
    "{12487E92-60E2-4DF6-9395-B6218442F730}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{1297B63E-C453-47D3-9F3B-485D633D3086}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{1584104A-129F-4BF8-94A0-75CCE9E8D1AA}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
    "{1DCF97A1-82D1-4CB7-867E-1A2035379F16}" = dir=in | app=c:\program files\cyberlink\powerdirector10\pdr10.exe |
    "{21E6ED59-E050-4D46-BA57-D7BD644D47E4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{274ABE77-D0CC-47B8-989E-51183218CF29}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{2B7BC674-0EE9-4E13-B462-0C3F398D6025}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe |
    "{351F65B6-05EC-42BC-B750-F5446B1674F6}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
    "{3560034A-BEED-4F14-9DA4-50BF63E3A8E6}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{40E66550-A01E-4E8D-BB8D-F6245DC697A8}" = protocol=17 | dir=in | app=c:\users\sai sgk\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{46AC8515-3AB0-407D-9FF7-B8DA8531699F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{470A2E04-7775-4FAC-8036-27CD77C148E3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4A967BA1-986F-40EB-B9A4-FB1F24D50218}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{50C57904-8F14-45A0-A093-95E3B54375C8}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
    "{656385C3-F9E1-45D6-9FB3-11C270F3EDAB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{6B4D4161-A16A-426D-AA62-2EF9D2DD834A}" = protocol=6 | dir=in | app=c:\users\sai sgk\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{7108D1E6-D1E9-458A-99B0-1499E3E239B1}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
    "{72563B70-5498-4A4B-BCC8-6797A17483DC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{72C4FAC4-014C-4A87-96AF-C1BD39DAE33F}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe |
    "{873C485D-F836-44AC-809F-84304815C1F1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{8A0F29B4-D204-496C-ADD4-2CD9516767E6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{95765EA5-B6FE-44A1-8B14-00D45E9E9BE5}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{993BB5B6-850B-4918-9305-72FAA9E29FBC}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
    "{9F54CB5F-07E2-4783-815A-9DC6138A3EA9}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{A83C5001-579D-44A6-89A9-C7E41E9E491E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{C401DEB7-1B5D-4212-B14E-2136DB6E6631}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{C9EC39EB-2BC5-4AEE-AFD2-043ADBFA8016}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{D7D98A16-9E64-4456-8E48-F650B64D4025}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
    "{EB3EC2FD-5DE2-44F3-BB0B-24229DE4D2E1}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
    "{F61B2809-9677-48E5-905D-71A829685031}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
    "{FBD7E015-D45C-4A04-877F-B00F2CFF87F9}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
    "TCP Query User{1B4DD715-B8E0-41D4-9BF3-B6B13C75B8A0}C:\program files\bywifi\bywifi.exe" = protocol=6 | dir=in | app=c:\program files\bywifi\bywifi.exe |
    "TCP Query User{87B58453-AFD9-49D6-8676-9BCC2453E272}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
    "TCP Query User{8E55CF98-F69E-423E-8291-D2E168A98F70}C:\program files\easymule\emule.exe" = protocol=6 | dir=in | app=c:\program files\easymule\emule.exe |
    "TCP Query User{A67B4ADE-43D9-41BB-9CB4-F607F58AA4F0}C:\program files\bittornado\btdownloadgui.exe" = protocol=6 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
    "TCP Query User{AB667976-D945-4AAC-9D93-3698DAD1E3EE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{AFC028E3-ABC3-40C1-9B06-977D10F62BCF}C:\program files\hp\hp deskjet 3050 j610 series\bin\scantopcactivationapp.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\scantopcactivationapp.exe |
    "TCP Query User{DAF58581-E513-4293-A1A3-98D6FDAEFFFB}C:\users\sai sgk\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\sai sgk\appdata\roaming\mjusbsp\magicjack.exe |
    "UDP Query User{8DD0ABCC-4934-44A4-86F9-392FBA141016}C:\program files\bywifi\bywifi.exe" = protocol=17 | dir=in | app=c:\program files\bywifi\bywifi.exe |
    "UDP Query User{9E9025BF-9C3E-4D0F-998C-C3218BC749E7}C:\users\sai sgk\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\sai sgk\appdata\roaming\mjusbsp\magicjack.exe |
    "UDP Query User{A3C9A705-A229-4598-AD4A-60420E83595F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{A5F01C33-E6C0-4BB4-9C4D-DB2268C5E056}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
    "UDP Query User{AFA08B27-92A3-407C-A190-A93C2ACEF44F}C:\program files\easymule\emule.exe" = protocol=17 | dir=in | app=c:\program files\easymule\emule.exe |
    "UDP Query User{E15A4635-C98B-4BE3-8E34-390E4AD458FC}C:\program files\bittornado\btdownloadgui.exe" = protocol=17 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
    "UDP Query User{F203C333-AFE3-482D-B1C5-DF9674CD113A}C:\program files\hp\hp deskjet 3050 j610 series\bin\scantopcactivationapp.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\scantopcactivationapp.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "_{0B995C72-758B-4A21-BF9B-44E6FE268313}" = Corel Digital Studio 2010
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{09207699-D431-4B81-A766-99A0E3DAF6D7}_is1" = VirtualDub 1.8.8
    "{0A64AA64-B438-49F0-9C14-5E465C617372}" = Setup
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0B995C72-758B-4A21-BF9B-44E6FE268313}" = ICA
    "{0E16C1BC-72A7-4DB7-BBB8-560EDCCA74B5}" = SmartSound Premiere Elements 10 Plugin
    "{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
    "{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
    "{19023B3C-00D0-4BBD-A753-C0B068B10798}" = Gadget
    "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20DFB114-5520-4BEE-B276-4A4204E1FBB4}" = PureHD
    "{218D2E7E-37A9-4B5D-B4A1-13FD6B8B9D17}" = Corel DVD MovieFactory 7
    "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
    "{228638B5-D251-4E4E-B39F-08FD5312B9A2}_is1" = DGMPGDec 1.5.8
    "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
    "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema 1.6.0.4014
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
    "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
    "{2DD9C2F1-CC6E-449D-935B-4111396EF19F}" = MLE
    "{2F025FAC-3692-4415-B985-CD598D1163B2}_is1" = AVS Plugin Pack 1.1
    "{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
    "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
    "{414212D5-6E70-4CF1-97E7-B2AB77D131EA}" = DVDF10
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
    "{47707000-B496-11E0-A1CF-005056C00008}" = MSVCRT Redists
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5C3E7880-7F8B-4A06-A3C3-95509F092161}" = HP MediaSmart SmartMenu
    "{624885E1-2458-4F12-A975-EA368C3523FA}" = DeviceIO
    "{652BCEE6-463A-4A8E-A6E3-FCFED88345E0}" = VDS10
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6BCD1560-6292-4A70-A808-C0FE414A7DB4}" = Contents
    "{6DA93E66-5FA8-44ED-9CCA-40773444C10D}" = HP Deskjet 3050 J610 series Basic Device Software
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
    "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
    "{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
    "{7D5F8291-24FE-11E1-BCE5-F04DA23A5C58}" = MSVCRT Redists
    "{80C3019B-3BA4-4674-AC90-A0B402593BA5}_is1" = WMP Tag Plus 1.2
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
    "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A292252-816C-469D-BADD-A52AF0F85E8D}_is1" = Lame ACM
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.ONENOTER_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.ONENOTER_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.ONENOTER_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.ONENOTER_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.ONENOTER_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.ONENOTER_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.ONENOTER_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91140000-00A1-0000-0000-0000000FF1CE}" = Microsoft Office OneNote 2010
    "{91140000-00A1-0000-0000-0000000FF1CE}_Office14.ONENOTER_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{92C41B26-EBC5-41C5-8B6F-E3EF7E57FF16}" = AVerMedia Applications
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AACA8099-4687-4D03-8DCD-6F56D6FFF8F0}" = SnugTV Station
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B047C9CE-1B9B-45A9-89A0-7E6F81C16FEF}" = Camtasia Studio 6
    "{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
    "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.19
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.19
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP MAINSTREAM KEYBOARD
    "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
    "{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
    "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
    "{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
    "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
    "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E0B7F981-EA26-491A-A975-E3AB4748E9FA}" = Share
    "{E0EF9C75-60EA-4DFB-A537-2A9E0C2E2056}" = PSPH10
    "{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
    "{E1497C00-2605-433E-822E-3E82649CE056}" = HP Deskjet 3050 J610 series Product Improvement Study
    "{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E52F8D95-AEB5-3B67-879C-C59DF8AF88EE}" = Google Talk Plugin
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
    "{EE19A4C4-AA74-4AA7-9264-B322B877BFA7}" = IPM_SU
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F3FA8952-2C42-452A-BA22-2F7BDEC8D310}" = VIO
    "{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
    "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "AC3Filter_is1" = AC3Filter 1.63b
    "Adobe AIR" = Adobe AIR
    "Adobe Audition 3.0" = Adobe Audition 3.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "Anime Studio Pro_is1" = Anime Studio Pro 6.0
    "AVerMedia H830 USB Hybrid TV" = AVerMedia H830 USB Hybrid TV 10.2.0.37
    "AVerMedia Media Center Plug-ins" = AVerMedia Media Center Plug-ins 2.0.8.0
    "AviSynth" = AviSynth 2.5
    "AVS Media Player_is1" = AVS Media Player 3.1
    "CDisplay_is1" = CDisplay 1.8
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "dBpowerAMP" = dBpowerAMP
    "dBpoweramp [Calculate Audio CRC] Codec" = dBpoweramp [Calculate Audio CRC] Codec
    "dBpoweramp [Channel Split] Codec" = dBpoweramp [Channel Split] Codec
    "dBpoweramp AAC Encoder" = dBpoweramp AAC Encoder
    "dBpoweramp DirectShow Decoder" = dBpoweramp DirectShow Decoder
    "dBpoweramp DSP Effects" = dBpoweramp DSP Effects
    "dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
    "dBpoweramp m4a Codec" = dBpoweramp m4a Codec
    "dBpoweramp mp3 (Fraunhofer IIS) Codec" = dBpoweramp mp3 (Fraunhofer IIS) Codec
    "dBpoweramp Music Converter" = dBpoweramp Music Converter
    "dBpoweramp Wave64 Codec" = dBpoweramp Wave64 Codec
    "dBpoweramp WavPack Codec" = dBpoweramp WavPack Codec
    "DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.6.0
    "ERUNT_is1" = ERUNT 1.1j
    "ESET Online Scanner" = ESET Online Scanner v3
    "foobar2000" = foobar2000
    "Foxit Reader_is1" = Foxit Reader 5.1
    "Google Chrome" = Google Chrome
    "HP Photo Creations" = HP Photo Creations
    "HP Remote Solution" = HP Remote Solution
    "InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "InstallShield_{218D2E7E-37A9-4B5D-B4A1-13FD6B8B9D17}" = Corel DVD MovieFactory 7
    "InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
    "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{92C41B26-EBC5-41C5-8B6F-E3EF7E57FF16}" = AVerMedia Applications
    "InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
    "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "KLiteCodecPack_is1" = K-Lite Codec Pack 8.3.0 (Basic)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "MediaInfo" = MediaInfo 0.7.52
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "MKVtoolnix" = MKVtoolnix 2.9.8
    "Mozilla Firefox 15.0.1 (x86 en-GB)" = Mozilla Firefox 15.0.1 (x86 en-GB)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Neat Image_is1" = Neat Image v6 Demo (with plug-in)
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "Office14.ONENOTER" = Microsoft OneNote 2010
    "PC-Doctor for Windows" = Hardware Diagnostic Tools
    "PowerISO" = PowerISO
    "uTorrent" = µTorrent
    "VideoReDo TVSuite V4 w/H.264_is1" = VideoReDo TVSuite Version 4.20.5.600
    "VLC media player" = VLC media player 1.1.2
    "WildTangent hp Master Uninstall" = HP Games
    "WinDjView" = WinDjView 1.0.3
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "WinLiveSuite" = Windows Live Essentials
    "WinPcapInst" = WinPcap 4.1.1
    "WinRAR archiver" = WinRAR 4.20 (32-bit)

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-4072363782-845024879-551118666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "magicJack" = magicJack

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 12/09/2012 7:20:19 AM | Computer Name = HOMEPC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\program files\cyberlink\powerdirector10\muitransfer\MUIStartMenuX64.exe".
    Dependent
    Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 15/09/2012 8:25:06 AM | Computer Name = HOMEPC | Source = Microsoft-Windows-CAPI2 | ID = 513
    Description = Cryptographic Services failed while processing the OnIdentity() call
    in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
    of binary Panda Boot Driver. System Error: The system cannot find the file specified.
    .

    Error - 16/09/2012 9:19:12 AM | Computer Name = HOMEPC | Source = Application Error | ID = 1000
    Description = Faulting application name: GetPopupInfo.exe, version: 13.5.0.2, time
    stamp: 0x4bf3d9e1 Faulting module name: avmmp4dmx.ax, version: 1.0.3.1, time stamp:
    0x4923beac Exception code: 0xc0000005 Fault offset: 0x0000ec00 Faulting process id:
    0x318 Faulting application start time: 0x01cd940ddc62a614 Faulting application path:
    C:\Program Files\Illustrate\dBpoweramp\GetPopupInfo.exe Faulting module path: C:\Program
    Files\Common Files\AVerMedia\filters\avmmp4dmx.ax Report Id: 1ac9b9b8-0001-11e2-8de8-6c626d4939de

    Error - 19/09/2012 4:56:47 AM | Computer Name = HOMEPC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\program files\cyberlink\powerdirector10\muitransfer\MUIStartMenuX64.exe".
    Dependent
    Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 20/09/2012 8:32:56 AM | Computer Name = HOMEPC | Source = ESENT | ID = 215
    Description = WinMail (3824) WindowsMail0: The backup has been stopped because it
    was halted by the client or the connection with the client failed.

    Error - 22/09/2012 7:44:11 AM | Computer Name = HOMEPC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\program files\cyberlink\powerdirector10\muitransfer\MUIStartMenuX64.exe".
    Dependent
    Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 23/09/2012 5:56:42 AM | Computer Name = HOMEPC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\program files\cyberlink\powerdirector10\muitransfer\MUIStartMenuX64.exe".
    Dependent
    Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 24/09/2012 6:23:31 AM | Computer Name = HOMEPC | Source = Application Error | ID = 1000
    Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
    time stamp: 0x4d6727a7 Faulting module name: nvd3dum.dll_unloaded, version: 0.0.0.0,
    time stamp: 0x4f56743d Exception code: 0xc0000005 Fault offset: 0x62d9bb89 Faulting
    process id: 0x76c Faulting application start time: 0x01cd9a37781fc978 Faulting application
    path: C:\Windows\Explorer.EXE Faulting module path: nvd3dum.dll Report Id: e2c42801-0631-11e2-b618-6c626d4939de

    Error - 24/09/2012 6:34:50 AM | Computer Name = HOMEPC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\program files\cyberlink\powerdirector10\muitransfer\MUIStartMenuX64.exe".
    Dependent
    Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 25/09/2012 6:57:37 AM | Computer Name = HOMEPC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\program files\cyberlink\powerdirector10\muitransfer\MUIStartMenuX64.exe".
    Dependent
    Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    [ AVer AutoUpdate Events ]
    Error - 22/12/2011 6:00:06 AM | Computer Name = HOMEPC | Source = AVerUpdate Server | ID = 0
    Description =

    Error - 22/12/2011 6:00:28 AM | Computer Name = HOMEPC | Source = AVerUpdate Server | ID = 0
    Description =

    Error - 26/12/2011 7:34:03 AM | Computer Name = HOMEPC | Source = AVerUpdate Server | ID = 0
    Description =

    Error - 27/12/2011 5:37:17 AM | Computer Name = HOMEPC | Source = AVerUpdate Server | ID = 0
    Description =

    Error - 27/12/2011 5:37:39 AM | Computer Name = HOMEPC | Source = AVerUpdate Server | ID = 0
    Description =

    Error - 29/12/2011 5:36:33 AM | Computer Name = HOMEPC | Source = AVerUpdate Server | ID = 0
    Description =

    Error - 29/12/2011 5:36:55 AM | Computer Name = HOMEPC | Source = AVerUpdate Server | ID = 0
    Description =

    Error - 29/12/2011 5:37:17 AM | Computer Name = HOMEPC | Source = AVerUpdate Server | ID = 0
    Description =

    Error - 29/12/2011 5:37:40 AM | Computer Name = HOMEPC | Source = AVerUpdate Server | ID = 0
    Description =

    Error - 29/12/2011 5:38:02 AM | Computer Name = HOMEPC | Source = AVerUpdate Server | ID = 0
    Description =

    [ AVer MediaAnywhere Events ]
    Error - 1/01/2012 8:02:44 AM | Computer Name = HOMEPC | Source = AMA Server | ID = 16389
    Description =

    Error - 1/01/2012 8:02:58 AM | Computer Name = HOMEPC | Source = AMA Server | ID = 16389
    Description =

    Error - 1/01/2012 8:03:11 AM | Computer Name = HOMEPC | Source = AMA Server | ID = 16389
    Description =

    Error - 1/01/2012 8:03:35 AM | Computer Name = HOMEPC | Source = AMA Server | ID = 16389
    Description =

    Error - 1/01/2012 8:03:59 AM | Computer Name = HOMEPC | Source = AMA Server | ID = 16389
    Description =

    Error - 1/01/2012 8:09:13 AM | Computer Name = HOMEPC | Source = AMA Server | ID = 16389
    Description =

    Error - 1/01/2012 8:09:26 AM | Computer Name = HOMEPC | Source = AMA Server | ID = 16389
    Description =

    Error - 1/01/2012 8:09:40 AM | Computer Name = HOMEPC | Source = AMA Server | ID = 16389
    Description =

    Error - 1/01/2012 8:09:56 AM | Computer Name = HOMEPC | Source = AMA Server | ID = 16389
    Description =

    Error - 1/01/2012 8:10:20 AM | Computer Name = HOMEPC | Source = AMA Server | ID = 16389
    Description =

    [ Hewlett-Packard Events ]
    Error - 7/09/2011 10:42:10 PM | Computer Name = HOMEPC | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091108081207.xml
    File not created by asset agent

    Error - 14/09/2011 8:22:41 AM | Computer Name = HOMEPC | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091114055238.xml
    File not created by asset agent

    Error - 21/09/2011 8:35:29 AM | Computer Name = HOMEPC | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091121060526.xml
    File not created by asset agent

    Error - 9/03/2012 1:09:14 PM | Computer Name = HOMEPC | Source = HPSF.exe | ID = 4000
    Description =

    Error - 4/04/2012 7:37:15 AM | Computer Name = HOMEPC | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
    category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
    category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
    Object '/4d5ae19f_ea94_408e_8771_dfb026d895ce/q3dk9bdu4rvs9mfcwebbsgbv_5.rem' has
    been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
    06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 3255 Ram Utilization: 30 TargetSite: Void UpdateDetail(System.String)

    Error - 9/05/2012 8:48:26 AM | Computer Name = HOMEPC | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
    of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
    Format:
    en-US RAM: 3255 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
    Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

    Error - 16/05/2012 8:52:22 AM | Computer Name = HOMEPC | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
    of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
    Format:
    en-US RAM: 3255 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
    Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

    Error - 23/05/2012 8:54:09 AM | Computer Name = HOMEPC | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
    of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
    Format:
    en-US RAM: 3255 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
    Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

    Error - 30/05/2012 8:52:02 AM | Computer Name = HOMEPC | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
    of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
    Format:
    en-US RAM: 3255 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
    Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

    Error - 6/06/2012 6:46:00 AM | Computer Name = HOMEPC | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
    of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
    Format:
    en-US RAM: 3255 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
    Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

    [ Media Center Events ]
    Error - 12/06/2011 12:27:32 AM | Computer Name = HOMEPC | Source = MCUpdate | ID = 0
    Description = 09:57:31 - Error connecting to the internet. 09:57:31 - Unable
    to contact server..

    Error - 12/06/2011 12:27:59 AM | Computer Name = HOMEPC | Source = MCUpdate | ID = 0
    Description = 09:57:54 - Error connecting to the internet. 09:57:54 - Unable
    to contact server..

    Error - 13/06/2011 9:19:53 AM | Computer Name = HOMEPC | Source = MCUpdate | ID = 0
    Description = 18:49:53 - Error connecting to the internet. 18:49:53 - Unable
    to contact server..

    Error - 13/06/2011 9:20:31 AM | Computer Name = HOMEPC | Source = MCUpdate | ID = 0
    Description = 18:50:23 - Error connecting to the internet. 18:50:23 - Unable
    to contact server..

    Error - 13/06/2011 10:21:03 AM | Computer Name = HOMEPC | Source = MCUpdate | ID = 0
    Description = 19:51:03 - Error connecting to the internet. 19:51:03 - Unable
    to contact server..

    Error - 13/06/2011 10:21:37 AM | Computer Name = HOMEPC | Source = MCUpdate | ID = 0
    Description = 19:51:32 - Error connecting to the internet. 19:51:32 - Unable
    to contact server..

    Error - 19/06/2011 9:01:11 AM | Computer Name = HOMEPC | Source = MCUpdate | ID = 0
    Description = 18:31:11 - Error connecting to the internet. 18:31:11 - Unable
    to contact server..

    Error - 19/06/2011 9:01:43 AM | Computer Name = HOMEPC | Source = MCUpdate | ID = 0
    Description = 18:31:40 - Error connecting to the internet. 18:31:40 - Unable
    to contact server..

    Error - 19/06/2011 10:54:26 PM | Computer Name = HOMEPC | Source = MCUpdate | ID = 0
    Description = 08:24:19 - Error connecting to the internet. 08:24:19 - Unable
    to contact server..

    Error - 21/06/2011 9:03:56 AM | Computer Name = HOMEPC | Source = MCUpdate | ID = 0
    Description = 18:33:55 - Error connecting to the internet. 18:33:55 - Unable
    to contact server..

    [ System Events ]
    Error - 27/09/2012 2:00:00 AM | Computer Name = HOMEPC | Source = DCOM | ID = 10016
    Description =

    Error - 27/09/2012 2:26:59 AM | Computer Name = HOMEPC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk5\DR5.

    Error - 27/09/2012 5:49:49 AM | Computer Name = HOMEPC | Source = DCOM | ID = 10016
    Description =

    Error - 27/09/2012 6:22:54 AM | Computer Name = HOMEPC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 15:23:35 on ?27-?09-?2012 was unexpected.

    Error - 27/09/2012 6:23:59 AM | Computer Name = HOMEPC | Source = DCOM | ID = 10016
    Description =

    Error - 27/09/2012 7:05:25 AM | Computer Name = HOMEPC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk5\DR5.

    Error - 27/09/2012 7:27:09 AM | Computer Name = HOMEPC | Source = DCOM | ID = 10016
    Description =

    Error - 27/09/2012 8:23:11 AM | Computer Name = HOMEPC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk5\DR5.

    Error - 28/09/2012 12:03:39 AM | Computer Name = HOMEPC | Source = DCOM | ID = 10016
    Description =

    Error - 28/09/2012 12:24:24 AM | Computer Name = HOMEPC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk5\DR5.


    < End of report >

  10. #20
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    Please download and run ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
    ----------

    Run OTL.exe
    • Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL


      :Services

      :OTL
      IE - HKU\S-1-5-21-4072363782-845024879-551118666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 4E 31 E7 86 99 CD 01 [binary data]
      IE - HKU\S-1-5-21-4072363782-845024879-551118666-1000\..\SearchScopes,DefaultScope = {B9CE2C42-B451-4630-9F92-67736B5ACA32}
      IE - HKU\S-1-5-21-4072363782-845024879-551118666-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=F32C516772DDEE269756825002B85F4F&q={searchTerms}
      FF - prefs.js..browser.search.defaultenginename: "Blekko"
      FF - prefs.js..browser.search.order.1: "Blekko"
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
      [2010/08/18 10:05:43 | 000,012,800 | ---- | C] () -- C:\Users\Sai SGK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2011/10/24 17:53:17 | 000,000,000 | ---D | M] -- C:\Users\Sai SGK\AppData\Roaming\GetRightToGo

      :Files
      ipconfig /flushdns /c

      :Commands
      [emptytemp]
      [resethosts]
      [start explorer]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done
    • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

    ----------

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •