Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

TrojanDownloader:Win32/Karagany.A


  • Please log in to reply

#1
z3255859

z3255859

    Member

  • Member
  • PipPip
  • 51 posts
hello folks

Problem :
My hotmail recently started sending spam and junk mails to all my contacts. I noticed this because my sent folder was full of this spam messages. It has been doing this for past 2 days.

Steps I have taken to try and solve this
I tried changing my Hotmail password, alternative email and secret question ... without any results

Warning my Google Chrome gave me this morning

This is probably not the site you are looking for!
You attempted to reach by151w.bay151.mail.live.com, but instead you actually reached a server identifying itself as a248.e.akamai.net. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of by151w.bay151.mail.live.com.
You should not proceed, especially if you have never seen this warning before for this site.



After seeing that warning i suspected that my DNS had been changed by some virus and my sites were being redirected to some shady server. However the result of my ipconfig/all showed that I still have the right DNS on my NIC.

Also some of these spam emails are sent when my PC is turned off sometimes.

Your Help in solving this will be HIGHLY appreciated


I am attaching my OTL log to this post also the Sysinfo :

OTL:

OTL logfile created on: 29/04/2012 10:30:58 AM - Run 1
OTL by OldTimer - Version 3.2.42.1     Folder = C:\Users\Sukhvir\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
 
4.00 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 62.53% Memory free
8.00 Gb Paging File | 6.20 Gb Available in Paging File | 77.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.08 Gb Total Space | 225.49 Gb Free Space | 75.65% Space Free | Partition Type: NTFS
Drive D: | 298.08 Gb Total Space | 297.49 Gb Free Space | 99.80% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 318.01 Gb Free Space | 17.07% Space Free | Partition Type: NTFS
 
Computer Name: SUKHVIR-PC | User Name: Sukhvir | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/04/29 10:28:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sukhvir\Desktop\OTL.exe
PRC - [2012/03/14 16:38:14 | 000,913,752 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2012/03/06 17:39:50 | 000,574,296 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2012/01/12 17:36:06 | 004,453,208 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
PRC - [2012/01/09 19:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2012/01/03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/15 18:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/09/16 13:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2008/08/08 13:24:42 | 000,080,392 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/04/28 16:16:52 | 008,743,584 | ---- | M] () -- C:\Users\Sukhvir\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll
MOD - [2012/04/12 17:37:34 | 000,444,400 | ---- | M] () -- C:\Users\Sukhvir\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppgooglenaclpluginchrome.dll
MOD - [2012/04/12 17:37:33 | 003,915,248 | ---- | M] () -- C:\Users\Sukhvir\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
MOD - [2012/04/12 17:36:08 | 000,122,880 | ---- | M] () -- C:\Users\Sukhvir\AppData\Local\Google\Chrome\Application\18.0.1025.162\avutil-51.dll
MOD - [2012/04/12 17:36:06 | 000,220,672 | ---- | M] () -- C:\Users\Sukhvir\AppData\Local\Google\Chrome\Application\18.0.1025.162\avformat-53.dll
MOD - [2012/04/12 17:36:05 | 001,747,456 | ---- | M] () -- C:\Users\Sukhvir\AppData\Local\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/04/27 11:24:56 | 000,075,384 | ---- | M] (Bitdefender) [Disabled | Stopped] -- C:\Program Files\BitDefender\Bitdefender Safebox\safeboxservice.exe -- (SafeBox)
SRV:64bit: - [2012/04/27 11:24:14 | 001,956,616 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (vsserv)
SRV:64bit: - [2012/04/04 23:08:13 | 000,066,096 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2011/10/14 21:57:26 | 000,466,736 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV:64bit: - [2010/11/20 23:25:18 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2010/03/03 14:12:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/28 23:38:28 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/14 16:38:14 | 000,913,752 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2012/01/09 19:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2012/01/03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/27 17:30:03 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/15 18:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/11/20 22:17:42 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/09/16 13:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/06/26 03:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/22 09:17:24 | 000,276,584 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/06 13:24:54 | 000,282,728 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/11 02:01:49 | 000,116,104 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/08/08 13:24:42 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/04/04 23:09:06 | 000,691,896 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2012/03/02 09:36:50 | 000,545,064 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2012/03/01 16:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/25 13:00:36 | 000,258,736 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2011/11/17 15:38:34 | 000,079,952 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (bdsandbox)
DRV:64bit: - [2011/11/14 18:16:42 | 000,090,192 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV:64bit: - [2011/11/14 18:16:38 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2011/10/27 13:07:05 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2011/08/16 12:59:12 | 000,442,088 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2011/07/08 09:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/23 15:50:12 | 000,018,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 23:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/06/26 03:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/06/25 15:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/03/03 14:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/03/03 14:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/03 13:07:32 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/01/29 00:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/19 17:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (BDVEDISK)
DRV:64bit: - [2009/11/01 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/09/15 14:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 10:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2005/11/07 06:33:12 | 000,021,120 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DB3G.sys -- (Razerlow)
DRV - [2012/04/29 10:20:07 | 000,024,072 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012/01/05 17:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2011/09/20 13:27:44 | 000,021,872 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2011/09/20 13:27:38 | 000,033,184 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2010/04/03 06:12:54 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.6\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "www.google.com.au"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..keyword.URL: "http://au.search.yah...type=685749&p="
 
FF - user.js..browser.search.defaultenginename: "Yahoo"
FF - user.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - user.js..browser.search.selectedEngine: "Yahoo"
FF - user.js..browser.startup.homepage: "www.google.com.au"
FF - user.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - user.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - user.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - user.js..extensions.enabledItems: [email protected]:2.0
FF - user.js..keyword.URL: "http://au.search.yah...type=685749&p="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sukhvir\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sukhvir\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2012\BDTBEXT\ [2012/02/25 09:19:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/24 15:37:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/21 19:33:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/28 12:32:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2012/02/25 09:19:56 | 000,000,000 | ---D | M]
 
[2010/04/02 21:33:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sukhvir\AppData\Roaming\Mozilla\Extensions
[2012/04/27 16:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sukhvir\AppData\Roaming\Mozilla\Firefox\Profiles\o5z23swg.default\extensions
[2012/03/31 09:35:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Sukhvir\AppData\Roaming\Mozilla\Firefox\Profiles\o5z23swg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/04/28 12:32:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/13 16:30:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/04/28 12:32:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\SUKHVIR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O5Z23SWG.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/04/21 19:33:21 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/28 12:32:29 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/09 12:38:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/09 12:38:51 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sukhvir\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sukhvir\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sukhvir\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sukhvir\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Sukhvir\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sukhvir\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Entanglement = C:\Users\Sukhvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: YouTube = C:\Users\Sukhvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Sukhvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Sukhvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.32_0\
CHR - Extension: Star Gazing = C:\Users\Sukhvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\mblmlcbknbnfebdfjnolmcapmdofhmme\1.1_0\
CHR - Extension: Poppit = C:\Users\Sukhvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Sukhvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Sukhvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/11 07:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - \bin\jp2ssv.dll File not found
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.6\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.6\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76B76419-40C8-40F5-9489-C8970659D12B}: NameServer = 211.29.152.116,198.142.0.51
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/28 13:03:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7b2449d6-b09f-11df-bc2d-001fd0d11590}\Shell - "" = AutoRun
O33 - MountPoints2\{7b2449d6-b09f-11df-bc2d-001fd0d11590}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/04/29 10:28:56 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Sukhvir\Desktop\OTL.exe
[2012/04/28 23:38:28 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/28 12:32:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/04/28 12:32:37 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/04/28 12:32:37 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/04/28 12:32:37 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/04/25 12:56:23 | 000,000,000 | ---D | C] -- C:\Users\Sukhvir\AppData\Local\DDMSettings
[2012/04/24 15:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012/04/24 15:36:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012/04/24 15:36:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2012/04/11 16:15:56 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/11 16:15:56 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/11 16:15:55 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/11 16:15:55 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/11 16:15:55 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/11 16:15:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/11 16:15:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/11 16:15:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/11 16:15:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/11 16:15:54 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/11 16:15:54 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/11 16:15:32 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/11 16:15:32 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/11 16:15:32 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/11 16:14:02 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/11 16:14:02 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/11 16:14:02 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/03 12:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/04/29 10:28:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sukhvir\Desktop\OTL.exe
[2012/04/29 10:27:24 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/29 10:27:24 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/29 10:24:55 | 000,739,728 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/29 10:24:55 | 000,637,182 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/29 10:24:55 | 000,114,624 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/29 10:20:07 | 000,024,072 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2012/04/29 10:19:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/29 10:19:17 | 3220,033,536 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/29 00:47:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3254688471-3102204659-1452169376-1001UA.job
[2012/04/28 23:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/28 23:38:28 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/28 23:38:28 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/28 16:03:48 | 000,000,502 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Sukhvir.job
[2012/04/28 14:47:01 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3254688471-3102204659-1452169376-1001Core.job
[2012/04/28 12:32:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/04/28 12:32:29 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/04/28 12:32:29 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/04/28 12:32:29 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/04/26 21:40:11 | 000,011,639 | ---- | M] () -- C:\Users\Sukhvir\Desktop\WLMContacts.csv
[2012/04/24 15:37:10 | 000,001,617 | ---- | M] () -- C:\Users\Sukhvir\Desktop\DivX Movies.lnk
[2012/04/06 16:57:16 | 000,000,323 | ---- | M] () -- C:\Windows\SysNative\checkdnsid.xml
[2012/04/04 23:09:06 | 000,691,896 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/04/28 23:38:29 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/26 21:40:11 | 000,011,639 | ---- | C] () -- C:\Users\Sukhvir\Desktop\WLMContacts.csv
[2012/04/24 15:37:10 | 000,001,617 | ---- | C] () -- C:\Users\Sukhvir\Desktop\DivX Movies.lnk
[2012/02/25 09:21:15 | 000,383,554 | ---- | C] () -- C:\ProgramData\1330124688.bdinstall.bin
[2012/02/25 09:01:26 | 000,021,594 | ---- | C] () -- C:\ProgramData\1330124482.bdinstall.bin
[2012/02/25 08:58:22 | 000,218,474 | ---- | C] () -- C:\ProgramData\1330124155.bdinstall.bin
[2011/10/14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2010/12/26 11:03:17 | 001,069,507 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2010/08/18 18:31:06 | 000,000,362 | ---- | C] () -- C:\Users\Sukhvir\AppData\Roaming\VPPM3.ini
[2010/08/16 18:09:30 | 000,000,138 | ---- | C] () -- C:\Users\Sukhvir\AppData\Roaming\wpstate.ini
[2010/08/08 13:12:14 | 000,003,584 | ---- | C] () -- C:\Users\Sukhvir\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/26 03:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/05/13 21:47:10 | 000,007,681 | ---- | C] () -- C:\Users\Sukhvir\AppData\Local\Resmon.ResmonCfg
[2010/05/09 11:58:04 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
========== Files - Unicode (All) ==========
[2012/02/25 08:54:05 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
[2011/03/24 15:29:55 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 60 bytes -> C:\Users\Sukhvir\.DS_Store:AFP_AfpInfo
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:EC889888




< End of report >


OTL EXTRAS
OTL Extras logfile created on: 29/04/2012 10:30:58 AM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Sukhvir\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 62.53% Memory free
8.00 Gb Paging File | 6.20 Gb Available in Paging File | 77.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.08 Gb Total Space | 225.49 Gb Free Space | 75.65% Space Free | Partition Type: NTFS
Drive D: | 298.08 Gb Total Space | 297.49 Gb Free Space | 99.80% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 318.01 Gb Free Space | 17.07% Space Free | Partition Type: NTFS

Computer Name: SUKHVIR-PC | User Name: Sukhvir | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08491E2A-A70B-4191-B1CA-823B1AC5D6CB}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{08C968CA-F1BF-4288-99FD-30FB48CB2FC7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{0C5EDBAB-427A-444C-B050-B63D58F593DF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{10AD4293-730C-4243-BF92-87B492D5AC48}" = lport=3390 | protocol=6 | dir=in | app=system |
"{1126FDE4-959B-41E3-ACA7-4C5EB6379963}" = lport=2869 | protocol=6 | dir=in | app=system |
"{134D81B5-1AE4-4A6B-A2A5-F63B2114AF48}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{19634240-61EF-4F86-B025-59733160ADD5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2996989F-1F6C-413D-9EB3-975B2EA49E27}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{3C1D9E97-6A12-4BD9-A2CC-869EA61ED968}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{3D285811-71C7-4927-89F9-A7227EFBED49}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{3F0AD671-4602-41EC-81EE-B93ED3307849}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{3FB9A81A-FCAE-472D-8724-DCF959630673}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{427BB0F1-3CC0-4D79-866C-3CC12652A1A4}" = lport=10244 | protocol=6 | dir=in | app=system |
"{52523C28-A5A3-4395-B41F-6F6CF706025D}" = rport=137 | protocol=17 | dir=out | app=system |
"{5645450C-2801-4041-A57F-8C04A4D8CAC7}" = lport=138 | protocol=17 | dir=in | app=system |
"{589823BC-7108-44A1-B65F-4C61EF66125D}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{5F52E7CD-0118-47DC-92EB-4D645492E2D6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{6069B389-62D9-4E36-A73C-422CF64BE22F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6A8F2671-53A6-431E-8225-DCE6682C8773}" = lport=10244 | protocol=6 | dir=in | app=system |
"{6B76B2CD-0BD9-4525-94CE-973DA061A28A}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{6C656244-6AC8-42D8-BD3A-DA7BA170E40C}" = rport=138 | protocol=17 | dir=out | app=system |
"{754A5034-9543-4B95-B7AA-0A6064A7DB10}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{76F43258-45A1-4D20-97E9-0E91475B38C1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{77E09F14-6CBE-47C3-A5EF-A7E7B7F91093}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{81E0BFE1-2A8D-432D-984E-030583063A74}" = rport=139 | protocol=6 | dir=out | app=system |
"{92C1477B-1660-4652-BB0F-B5E306B48B7D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{9CCA581E-0F6F-4079-A39F-092BF1B74896}" = lport=3390 | protocol=6 | dir=in | app=system |
"{9D04D8A9-E780-418D-9470-C7AA377C72F1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AA296FD9-47A5-4A5D-A72C-5A373CA84A55}" = lport=35937 | protocol=6 | dir=in | name=block random |
"{AD2EDA6E-31B1-4AE8-B417-F532E63D4C0A}" = lport=445 | protocol=6 | dir=in | app=system |
"{AD575A90-8FB5-4398-BCAF-E2F69625BD88}" = rport=445 | protocol=6 | dir=out | app=system |
"{ADEBBEE3-DF5C-4D60-8DAB-CABA2BA8A7F4}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{B2270428-97E2-4A3E-AF58-A009E793351F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BE4296EF-26CF-4E78-98C5-999AF5141778}" = lport=139 | protocol=6 | dir=in | app=system |
"{BFB67F8A-B974-4023-BF94-D80EFCCC89D9}" = lport=137 | protocol=17 | dir=in | app=system |
"{C6B6A273-D5A1-4D2F-AB48-9DADDF45DA83}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{D5BED942-EC2F-4FBB-AF6D-C3A424112A8B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E0FCB27A-00F4-45C2-812D-55650A927120}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{EEE77C34-B7D1-4529-9456-88D61BB27376}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{084DB0A6-6249-4C85-995C-DE1F0D3BCE5A}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{08A8AFBF-80B6-4F4A-AAC3-76FD8A326C65}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1072B3B1-A6EF-4F23-9DBF-AE3CE7B8B413}" = protocol=6 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{1D4407F8-2C0B-4ED6-82E0-674D9744D183}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{1D936C4F-ACE1-4441-B760-79ADFFCEF3FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{216F1F41-B4D3-41B5-973F-914117742B21}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{30C8F406-19FF-454F-8074-722A208E290C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{33EF2D1A-E3AC-4133-8B3D-6645816159FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{3A429CC9-A99A-421E-B0D9-14DCD130C941}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{3FAE53F2-F9F8-42D9-93AE-7F6F3E53E055}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{401C57E3-A941-45D0-8F16-5203CE2FAB94}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{4617B99C-EB6E-4E8E-A921-741A11E4940B}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{4A875CCE-3E89-45F0-A92A-C27967848A94}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{527693EE-49B4-416D-859C-459F68268B43}" = protocol=6 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{58304032-DEDB-4546-8AA1-5DF30B65E67F}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{63DCA855-0541-4FB4-8272-11C684E3E3B4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6CB773C0-C029-452D-81BC-0E0DFA94CD13}" = protocol=58 | dir=in | [email protected],-28545 |
"{6D576761-820B-4E2E-8F93-2815D7D4E0B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{7B77F535-4771-4683-9299-A910A98130E9}" = protocol=1 | dir=in | [email protected],-28543 |
"{7CF11ACA-BEB4-440D-87B1-575D19540E7C}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{7D433864-7344-435E-B214-45E4557946E0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7E340ACE-39FF-4F3A-A2A5-1A68268CB472}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{8E502AC4-402B-4D67-8AB6-116A40F9926D}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{950B7E25-B1C6-4E7C-9FA1-C5381DE77F94}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A5767AD6-968E-4D44-A06A-755B1DCE3DA8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{A97F4E22-C70B-4153-9107-887A92804A02}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AE01BB52-03EF-442D-866D-86D613D27B64}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{C005F00F-8D34-4A0A-BED3-36A13E9FE4C9}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{C09E8004-AC8C-448D-940E-BFF7EAB51C14}" = protocol=6 | dir=out | app=c:\windows\ehome\mcrmgr.exe |
"{C174692B-4B22-45AA-8CDA-DAFE58AEDDA7}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{CB7FDF35-8C40-46C1-AC2B-EEEDFB2891E9}" = protocol=58 | dir=out | [email protected],-28546 |
"{CF0914AD-86E4-4989-B56F-F21E27CD6124}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{CF3DFFDD-4D88-4B5E-A34B-DB0DD57EBDB3}" = protocol=6 | dir=out | app=c:\windows\ehome\mcrmgr.exe |
"{D00938A6-EC9F-41AF-8128-320F61C1DD70}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D228D035-163B-4379-A48F-E24A93B7119F}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{DB7A60B0-315F-4AE1-BF1D-55EC7CEF8C2E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E3C1DC94-BC63-43E4-9813-21E923A6C303}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E6E96C23-508F-4D47-B6D0-15A20F1EF399}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{E9635C40-F05E-42E3-99CE-E2139C6FCCBE}" = protocol=1 | dir=out | [email protected],-28544 |
"{EB4A4B72-0168-4F25-AF9C-0A01DC7A3AFF}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{EC6B51B1-80B5-4E37-9EBC-390B81480A71}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{EE5BBEDC-0E2A-4245-9AF8-8E070E27C44C}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"TCP Query User{7B134BF4-F802-420D-BBB6-189B17DF189B}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"TCP Query User{7E9E4310-6010-4F16-9241-1E60EE941BE9}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{8AF769BC-4734-4082-84BB-FCC1CC59B4C0}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"TCP Query User{995796C8-A1E5-44C5-87B6-38192E97C14A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{0F7A7140-76F2-4ECD-95D1-89BF36F5B5FC}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"UDP Query User{19583DBC-AFF8-4818-A0A8-9F9837664CCC}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{AD0D4320-250F-475C-9782-EC709AF16AD2}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"UDP Query User{CAF403D6-9631-4ABF-ACA9-7B9D4F89143D}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}" = Bitdefender Total Security 2012
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Bitdefender" = Bitdefender Total Security 2012
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0626C86E-5A8F-4A6D-8C0A-5FF38BD2DA3A}" = hppFaxUtilityCM1312
"{07B85EEC-05BD-4E6A-AAEB-502FB2473DFA}" = hppCLJCM1312
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{29D4D03C-F70B-43d9-82E4-6E5696FB0D1D}" = IObit Toolbar v4.6
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{325D1D94-4F34-46A7-A489-737C801B931D}" = hppusgCM1312
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{484A13AB-A4C1-41FD-87E0-EBE2DA01250E}" = hppSendFaxCM1312
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{583EDB12-4CEA-48B5-A7BA-88069DD47BA2}" = hppQFolderCM1312
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"{66B6D13A-9CC1-417D-B6F2-58AA539D1033}" = Nero 7 Essentials
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74656168-CF28-40BD-9D87-700B07BAF9B6}" = HTC Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7985C7FA-B151-4BA7-B19E-1577A7B527F1}" = hppFaxDrvCM1312
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}" = Razer Diamondback 3G
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0905.1
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.20
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B59ACF5E-0FF7-44D2-B57D-E516F334AC2E}" = hppScanToCM1312
"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
"{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{DC3F66CA-9DFD-41EA-9D9E-FD86F1446A3D}" = Catalyst Control Center Core Implementation
"{E25BEA72-89F8-121D-5481-0347B9446673}" = ccc-core-static
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E76FCE6B-9999-4250-8C75-B2DA4AD41268}" = Face_Wizard B08.0820.01
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{ED498DD7-FBC1-4C67-8D9B-C9218FBC818D}" = hppManualsCM1312
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F308B531-AB20-4A79-8F5E-83071FE5BE60}" = Q-Share Ver.1.00
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.3.1
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"Alarm Clock_is1" = Alarm Clock v1.0
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"Cisco Packet Tracer 5.3.3_is1" = Cisco Packet Tracer 5.3.3
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Setup" = DivX Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"HandBrake" = HandBrake 0.9.5
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"IObit Malware Fighter_is1" = IObit Malware Fighter
"LAME_is1" = LAME v3.99.3 (for Windows)
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"PCHand Screen Recorder_is1" = PCHand Screen Recorder 1.8.5.4
"Smart Defrag 2_is1" = Smart Defrag 2
"SpeedFan" = SpeedFan (remove only)
"STDU Viewer_is1" = STDU Viewer version 1.5.382.0
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Supersonic Sled" = NVIDIA Supersonic Sled demo
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.4.4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = WebEx
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/04/2012 8:53:07 PM | Computer Name = Sukhvir-PC | Source = Application Error | ID = 1000
Description = Faulting application name: nvvsvc.exe, version: 8.17.12.8562, time
stamp: 0x4e9933c3 Faulting module name: nvvsvc.exe, version: 8.17.12.8562, time
stamp: 0x4e9933c3 Exception code: 0x40000015 Fault offset: 0x000000000009ef31 Faulting
process id: 0x6fc Faulting application start time: 0x01cd241019423f2d Faulting application
path: C:\Windows\system32\nvvsvc.exe Faulting module path: C:\Windows\system32\nvvsvc.exe
Report
Id: 59d16080-9003-11e1-8b82-001fd0d11590

Error - 27/04/2012 8:28:47 PM | Computer Name = Sukhvir-PC | Source = Application Error | ID = 1000
Description = Faulting application name: nvvsvc.exe, version: 8.17.12.8562, time
stamp: 0x4e9933c3 Faulting module name: nvvsvc.exe, version: 8.17.12.8562, time
stamp: 0x4e9933c3 Exception code: 0x40000015 Fault offset: 0x000000000009ef31 Faulting
process id: 0x7c8 Faulting application start time: 0x01cd24d5dcb3eb73 Faulting application
path: C:\Windows\system32\nvvsvc.exe Faulting module path: C:\Windows\system32\nvvsvc.exe
Report
Id: 1df12720-90c9-11e1-9b54-001fd0d11590

Error - 27/04/2012 10:54:48 PM | Computer Name = Sukhvir-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 27/04/2012 10:54:48 PM | Computer Name = Sukhvir-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 27/04/2012 10:55:51 PM | Computer Name = Sukhvir-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 27/04/2012 10:55:54 PM | Computer Name = Sukhvir-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 28/04/2012 6:19:29 AM | Computer Name = Sukhvir-PC | Source = Application Error | ID = 1000
Description = Faulting application name: nvvsvc.exe, version: 8.17.12.8562, time
stamp: 0x4e9933c3 Faulting module name: nvvsvc.exe, version: 8.17.12.8562, time
stamp: 0x4e9933c3 Exception code: 0x40000015 Fault offset: 0x000000000009ef31 Faulting
process id: 0xc0c Faulting application start time: 0x01cd252863b47811 Faulting application
path: C:\Windows\system32\nvvsvc.exe Faulting module path: C:\Windows\system32\nvvsvc.exe
Report
Id: a2fcd101-911b-11e1-91ee-001fd0d11590

Error - 28/04/2012 8:24:39 AM | Computer Name = Sukhvir-PC | Source = Application Error | ID = 1000
Description = Faulting application name: nvvsvc.exe, version: 8.17.12.8562, time
stamp: 0x4e9933c3 Faulting module name: nvvsvc.exe, version: 8.17.12.8562, time
stamp: 0x4e9933c3 Exception code: 0x40000015 Fault offset: 0x000000000009ef31 Faulting
process id: 0x4bc Faulting application start time: 0x01cd2539ded4f067 Faulting application
path: C:\Windows\system32\nvvsvc.exe Faulting module path: C:\Windows\system32\nvvsvc.exe
Report
Id: 1f4cf79a-912d-11e1-bfef-001fd0d11590

Error - 28/04/2012 9:37:06 AM | Computer Name = Sukhvir-PC | Source = Application Error | ID = 1000
Description = Faulting application name: nvvsvc.exe, version: 8.17.12.8562, time
stamp: 0x4e9933c3 Faulting module name: nvvsvc.exe, version: 8.17.12.8562, time
stamp: 0x4e9933c3 Exception code: 0x40000015 Fault offset: 0x000000000009ef31 Faulting
process id: 0x7c4 Faulting application start time: 0x01cd2543fd339515 Faulting application
path: C:\Windows\system32\nvvsvc.exe Faulting module path: C:\Windows\system32\nvvsvc.exe
Report
Id: 3ebc1268-9137-11e1-be5f-001fd0d11590

Error - 28/04/2012 8:20:01 PM | Computer Name = Sukhvir-PC | Source = Application Error | ID = 1000
Description = Faulting application name: nvvsvc.exe, version: 8.17.12.8562, time
stamp: 0x4e9933c3 Faulting module name: nvvsvc.exe, version: 8.17.12.8562, time
stamp: 0x4e9933c3 Exception code: 0x40000015 Fault offset: 0x000000000009ef31 Faulting
process id: 0x758 Faulting application start time: 0x01cd259dcd676d47 Faulting application
path: C:\Windows\system32\nvvsvc.exe Faulting module path: C:\Windows\system32\nvvsvc.exe
Report
Id: 0eef850c-9191-11e1-9b66-001fd0d11590

[ Media Center Events ]
Error - 19/05/2010 6:39:31 PM | Computer Name = Sukhvir-PC | Source = MCUpdate | ID = 0
Description = 8:39:30 AM - Error connecting to the internet. 8:39:30 AM - Unable
to contact server..

Error - 19/05/2010 6:40:03 PM | Computer Name = Sukhvir-PC | Source = MCUpdate | ID = 0
Description = 8:40:00 AM - Error connecting to the internet. 8:40:00 AM - Unable
to contact server..

Error - 20/05/2010 4:37:18 PM | Computer Name = Sukhvir-PC | Source = MCUpdate | ID = 0
Description = 6:37:18 AM - Error connecting to the internet. 6:37:18 AM - Unable
to contact server..

Error - 20/05/2010 4:37:52 PM | Computer Name = Sukhvir-PC | Source = MCUpdate | ID = 0
Description = 6:37:47 AM - Error connecting to the internet. 6:37:47 AM - Unable
to contact server..

Error - 21/05/2010 9:03:39 PM | Computer Name = Sukhvir-PC | Source = MCUpdate | ID = 0
Description = 11:03:39 AM - Error connecting to the internet. 11:03:39 AM - Unable
to contact server..

Error - 21/05/2010 9:04:13 PM | Computer Name = Sukhvir-PC | Source = MCUpdate | ID = 0
Description = 11:04:08 AM - Error connecting to the internet. 11:04:08 AM - Unable
to contact server..

Error - 22/05/2010 11:09:34 PM | Computer Name = Sukhvir-PC | Source = MCUpdate | ID = 0
Description = 1:09:34 PM - Error connecting to the internet. 1:09:34 PM - Unable
to contact server..

Error - 22/05/2010 11:10:07 PM | Computer Name = Sukhvir-PC | Source = MCUpdate | ID = 0
Description = 1:10:03 PM - Error connecting to the internet. 1:10:03 PM - Unable
to contact server..

Error - 23/05/2010 6:35:17 PM | Computer Name = Sukhvir-PC | Source = MCUpdate | ID = 0
Description = 8:35:17 AM - Error connecting to the internet. 8:35:17 AM - Unable
to contact server..

Error - 23/05/2010 6:35:59 PM | Computer Name = Sukhvir-PC | Source = MCUpdate | ID = 0
Description = 8:35:46 AM - Error connecting to the internet. 8:35:46 AM - Unable
to contact server..

[ OSession Events ]
Error - 14/10/2010 5:39:09 AM | Computer Name = Sukhvir-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 22 seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 28/04/2012 9:39:24 AM | Computer Name = Sukhvir-PC | Source = Service Control Manager | ID = 7001
Description = The PnP-X IP Bus Enumerator service depends on the Function Discovery
Provider Host service which failed to start because of the following error: %%1058

Error - 28/04/2012 10:49:03 AM | Computer Name = Sukhvir-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2536276).

Error - 28/04/2012 8:18:58 PM | Computer Name = Sukhvir-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 28/04/2012 8:19:17 PM | Computer Name = Sukhvir-PC | Source = volsnap | ID = 393241
Description = The shadow copies of volume C: were deleted because the shadow copy
storage could not grow in time. Consider reducing the IO load on the system or
choose a shadow copy storage volume that is not being shadow copied.

Error - 28/04/2012 8:19:23 PM | Computer Name = Sukhvir-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 28/04/2012 8:20:07 PM | Computer Name = Sukhvir-PC | Source = Service Control Manager | ID = 7001
Description = The PnP-X IP Bus Enumerator service depends on the Function Discovery
Provider Host service which failed to start because of the following error: %%1058

Error - 28/04/2012 8:20:07 PM | Computer Name = Sukhvir-PC | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the Function
Discovery Provider Host service which failed to start because of the following error:
%%1058

Error - 28/04/2012 8:20:18 PM | Computer Name = Sukhvir-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
trufos

Error - 28/04/2012 8:20:35 PM | Computer Name = Sukhvir-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058

Error - 28/04/2012 8:22:20 PM | Computer Name = Sukhvir-PC | Source = Service Control Manager | ID = 7001
Description = The PnP-X IP Bus Enumerator service depends on the Function Discovery
Provider Host service which failed to start because of the following error: %%1058


< End of report >

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

SysInfo:

OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel® Core™2 Duo CPU E8400 @ 3.00GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 4094 Mb
Graphics Card: NVIDIA GeForce GTX 465, 1024 Mb
Hard Drives: C: Total - 305234 MB, Free - 229803 MB; D: Total - 305234 MB, Free - 304625 MB; H: Total - 1907726 MB, Free - 328334 MB;
Motherboard: Gigabyte Technology Co., Ltd., EP45-UD3R
Antivirus: Bitdefender Antivirus, Updated and Enabled

Edited by z3255859, 28 April 2012 - 06:48 PM.

  • 0

Advertisements


#2
z3255859

z3255859

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Hi Folks

My Antivirus detected TrojanDownloader:Win32/Karagany.A a couple of days ago ... it couldn't delete it so I moved it into quarantine. Also lately my PC has been running slow and I have noticed excessive use of my RAM ( physical memory use is sometimes 80% ) which shouldn't be happening coz I have 4GB ddr2 memory.

Also I am Unable to download windows update KB2536276 .... everytime my pc tries to install it I get the following error :

code 8024200D windows update encountered an unknown error

I have tried downloading this in safe mode without any luck
I have tried doing it manually from Microsoft download center Still without luck

My OTL log:

OTL logfile created on: 29/04/2012 10:30:58 AM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Sukhvir\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 62.53% Memory free
8.00 Gb Paging File | 6.20 Gb Available in Paging File | 77.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.08 Gb Total Space | 225.49 Gb Free Space | 75.65% Space Free | Partition Type: NTFS
Drive D: | 298.08 Gb Total Space | 297.49 Gb Free Space | 99.80% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 318.01 Gb Free Space | 17.07% Space Free | Partition Type: NTFS

Computer Name: SUKHVIR-PC | User Name: Sukhvir | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/29 10:28:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sukhvir\Desktop\OTL.exe
PRC - [2012/03/14 16:38:14 | 000,913,752 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2012/03/06 17:39:50 | 000,574,296 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2012/01/12 17:36:06 | 004,453,208 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
PRC - [2012/01/09 19:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2012/01/03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/15 18:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/09/16 13:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2008/08/08 13:24:42 | 000,080,392 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/28 16:16:52 | 008,743,584 | ---- | M] () -- C:\Users\Sukhvir\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll
MOD - [2012/04/12 17:37:34 | 000,444,400 | ---- | M] () -- C:\Users\Sukhvir\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppgooglenaclpluginchrome.dll
MOD - [2012/04/12 17:37:33 | 003,915,248 | ---- | M] () -- C:\Users\Sukhvir\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
MOD - [2012/04/12 17:36:08 | 000,122,880 | ---- | M] () -- C:\Users\Sukhvir\AppData\Local\Google\Chrome\Application\18.0.1025.162\avutil-51.dll
MOD - [2012/04/12 17:36:06 | 000,220,672 | ---- | M] () -- C:\Users\Sukhvir\AppData\Local\Google\Chrome\Application\18.0.1025.162\avformat-53.dll
MOD - [2012/04/12 17:36:05 | 001,747,456 | ---- | M] () -- C:\Users\Sukhvir\AppData\Local\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/27 11:24:56 | 000,075,384 | ---- | M] (Bitdefender) [Disabled | Stopped] -- C:\Program Files\BitDefender\Bitdefender Safebox\safeboxservice.exe -- (SafeBox)
SRV:64bit: - [2012/04/27 11:24:14 | 001,956,616 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (vsserv)
SRV:64bit: - [2012/04/04 23:08:13 | 000,066,096 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2011/10/14 21:57:26 | 000,466,736 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV:64bit: - [2010/11/20 23:25:18 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2010/03/03 14:12:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/28 23:38:28 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/14 16:38:14 | 000,913,752 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2012/01/09 19:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2012/01/03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/27 17:30:03 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/15 18:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/11/20 22:17:42 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/09/16 13:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/06/26 03:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/22 09:17:24 | 000,276,584 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/06 13:24:54 | 000,282,728 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/11 02:01:49 | 000,116,104 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/08/08 13:24:42 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 23:09:06 | 000,691,896 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2012/03/02 09:36:50 | 000,545,064 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2012/03/01 16:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/25 13:00:36 | 000,258,736 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2011/11/17 15:38:34 | 000,079,952 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (bdsandbox)
DRV:64bit: - [2011/11/14 18:16:42 | 000,090,192 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV:64bit: - [2011/11/14 18:16:38 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2011/10/27 13:07:05 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2011/08/16 12:59:12 | 000,442,088 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2011/07/08 09:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/23 15:50:12 | 000,018,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 23:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/06/26 03:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/06/25 15:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/03/03 14:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/03/03 14:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/03 13:07:32 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/01/29 00:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/19 17:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (BDVEDISK)
DRV:64bit: - [2009/11/01 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/09/15 14:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 10:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2005/11/07 06:33:12 | 000,021,120 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DB3G.sys -- (Razerlow)
DRV - [2012/04/29 10:20:07 | 000,024,072 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012/01/05 17:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2011/09/20 13:27:44 | 000,021,872 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2011/09/20 13:27:38 | 000,033,184 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2010/04/03 06:12:54 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.6\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "www.google.com.au"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..keyword.URL: "http://au.search.yah...type=685749&p="

FF - user.js..browser.search.defaultenginename: "Yahoo"
FF - user.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - user.js..browser.search.selectedEngine: "Yahoo"
FF - user.js..browser.startup.homepage: "www.google.com.au"
FF - user.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - user.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - user.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - user.js..extensions.enabledItems: [email protected]:2.0
FF - user.js..keyword.URL: "http://au.search.yah...type=685749&p="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sukhvir\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sukhvir\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2012\BDTBEXT\ [2012/02/25 09:19:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/24 15:37:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/21 19:33:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/28 12:32:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2012/02/25 09:19:56 | 000,000,000 | ---D | M]

[2010/04/02 21:33:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sukhvir\AppData\Roaming\Mozilla\Extensions
[2012/04/27 16:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sukhvir\AppData\Roaming\Mozilla\Firefox\Profiles\o5z23swg.default\extensions
[2012/03/31 09:35:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Sukhvir\AppData\Roaming\Mozilla\Firefox\Profiles\o5z23swg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/04/28 12:32:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/13 16:30:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/04/28 12:32:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\SUKHVIR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O5Z23SWG.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/04/21 19:33:21 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/28 12:32:29 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/09 12:38:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/09 12:38:51 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sukhvir\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sukhvir\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sukhvir\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sukhvir\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Sukhvir\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sukhvir\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Entanglement = C:\Users\Sukhvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: YouTube = C:\Users\Sukhvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Sukhvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Sukhvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.32_0\
CHR - Extension: Star Gazing = C:\Users\Sukhvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\mblmlcbknbnfebdfjnolmcapmdofhmme\1.1_0\
CHR - Extension: Poppit = C:\Users\Sukhvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Sukhvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Sukhvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/11 07:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - \bin\jp2ssv.dll File not found
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.6\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.6\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76B76419-40C8-40F5-9489-C8970659D12B}: NameServer = 211.29.152.116,198.142.0.51
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/28 13:03:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7b2449d6-b09f-11df-bc2d-001fd0d11590}\Shell - "" = AutoRun
O33 - MountPoints2\{7b2449d6-b09f-11df-bc2d-001fd0d11590}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/29 10:28:56 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Sukhvir\Desktop\OTL.exe
[2012/04/28 23:38:28 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/28 12:32:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/04/28 12:32:37 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/04/28 12:32:37 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/04/28 12:32:37 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/04/25 12:56:23 | 000,000,000 | ---D | C] -- C:\Users\Sukhvir\AppData\Local\DDMSettings
[2012/04/24 15:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012/04/24 15:36:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012/04/24 15:36:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2012/04/11 16:15:56 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/11 16:15:56 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/11 16:15:55 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/11 16:15:55 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/11 16:15:55 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/11 16:15:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/11 16:15:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/11 16:15:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/11 16:15:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/11 16:15:54 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/11 16:15:54 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/11 16:15:32 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/11 16:15:32 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/11 16:15:32 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/11 16:14:02 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/11 16:14:02 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/11 16:14:02 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/03 12:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/29 10:28:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sukhvir\Desktop\OTL.exe
[2012/04/29 10:27:24 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/29 10:27:24 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/29 10:24:55 | 000,739,728 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/29 10:24:55 | 000,637,182 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/29 10:24:55 | 000,114,624 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/29 10:20:07 | 000,024,072 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2012/04/29 10:19:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/29 10:19:17 | 3220,033,536 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/29 00:47:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3254688471-3102204659-1452169376-1001UA.job
[2012/04/28 23:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/28 23:38:28 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/28 23:38:28 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/28 16:03:48 | 000,000,502 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Sukhvir.job
[2012/04/28 14:47:01 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3254688471-3102204659-1452169376-1001Core.job
[2012/04/28 12:32:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/04/28 12:32:29 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/04/28 12:32:29 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/04/28 12:32:29 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/04/26 21:40:11 | 000,011,639 | ---- | M] () -- C:\Users\Sukhvir\Desktop\WLMContacts.csv
[2012/04/24 15:37:10 | 000,001,617 | ---- | M] () -- C:\Users\Sukhvir\Desktop\DivX Movies.lnk
[2012/04/06 16:57:16 | 000,000,323 | ---- | M] () -- C:\Windows\SysNative\checkdnsid.xml
[2012/04/04 23:09:06 | 000,691,896 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/28 23:38:29 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/26 21:40:11 | 000,011,639 | ---- | C] () -- C:\Users\Sukhvir\Desktop\WLMContacts.csv
[2012/04/24 15:37:10 | 000,001,617 | ---- | C] () -- C:\Users\Sukhvir\Desktop\DivX Movies.lnk
[2012/02/25 09:21:15 | 000,383,554 | ---- | C] () -- C:\ProgramData\1330124688.bdinstall.bin
[2012/02/25 09:01:26 | 000,021,594 | ---- | C] () -- C:\ProgramData\1330124482.bdinstall.bin
[2012/02/25 08:58:22 | 000,218,474 | ---- | C] () -- C:\ProgramData\1330124155.bdinstall.bin
[2011/10/14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2010/12/26 11:03:17 | 001,069,507 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2010/08/18 18:31:06 | 000,000,362 | ---- | C] () -- C:\Users\Sukhvir\AppData\Roaming\VPPM3.ini
[2010/08/16 18:09:30 | 000,000,138 | ---- | C] () -- C:\Users\Sukhvir\AppData\Roaming\wpstate.ini
[2010/08/08 13:12:14 | 000,003,584 | ---- | C] () -- C:\Users\Sukhvir\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/26 03:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/05/13 21:47:10 | 000,007,681 | ---- | C] () -- C:\Users\Sukhvir\AppData\Local\Resmon.ResmonCfg
[2010/05/09 11:58:04 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== Files - Unicode (All) ==========
[2012/02/25 08:54:05 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
[2011/03/24 15:29:55 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污

========== Alternate Data Streams ==========

@Alternate Data Stream - 60 bytes -> C:\Users\Sukhvir\.DS_Store:AFP_AfpInfo
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:EC889888

< End of report >

OTL EXTRAS

OTL Extras logfile created on: 29/04/2012 10:30:58 AM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Sukhvir\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 62.53% Memory free
8.00 Gb Paging File | 6.20 Gb Available in Paging File | 77.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.08 Gb Total Space | 225.49 Gb Free Space | 75.65% Space Free | Partition Type: NTFS
Drive D: | 298.08 Gb Total Space | 297.49 Gb Free Space | 99.80% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 318.01 Gb Free Space | 17.07% Space Free | Partition Type: NTFS

Computer Name: SUKHVIR-PC | User Name: Sukhvir | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08491E2A-A70B-4191-B1CA-823B1AC5D6CB}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{08C968CA-F1BF-4288-99FD-30FB48CB2FC7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{0C5EDBAB-427A-444C-B050-B63D58F593DF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{10AD4293-730C-4243-BF92-87B492D5AC48}" = lport=3390 | protocol=6 | dir=in | app=system |
"{1126FDE4-959B-41E3-ACA7-4C5EB6379963}" = lport=2869 | protocol=6 | dir=in | app=system |
"{134D81B5-1AE4-4A6B-A2A5-F63B2114AF48}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{19634240-61EF-4F86-B025-59733160ADD5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2996989F-1F6C-413D-9EB3-975B2EA49E27}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{3C1D9E97-6A12-4BD9-A2CC-869EA61ED968}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{3D285811-71C7-4927-89F9-A7227EFBED49}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{3F0AD671-4602-41EC-81EE-B93ED3307849}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{3FB9A81A-FCAE-472D-8724-DCF959630673}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{427BB0F1-3CC0-4D79-866C-3CC12652A1A4}" = lport=10244 | protocol=6 | dir=in | app=system |
"{52523C28-A5A3-4395-B41F-6F6CF706025D}" = rport=137 | protocol=17 | dir=out | app=system |
"{5645450C-2801-4041-A57F-8C04A4D8CAC7}" = lport=138 | protocol=17 | dir=in | app=system |
"{589823BC-7108-44A1-B65F-4C61EF66125D}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{5F52E7CD-0118-47DC-92EB-4D645492E2D6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{6069B389-62D9-4E36-A73C-422CF64BE22F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6A8F2671-53A6-431E-8225-DCE6682C8773}" = lport=10244 | protocol=6 | dir=in | app=system |
"{6B76B2CD-0BD9-4525-94CE-973DA061A28A}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{6C656244-6AC8-42D8-BD3A-DA7BA170E40C}" = rport=138 | protocol=17 | dir=out | app=system |
"{754A5034-9543-4B95-B7AA-0A6064A7DB10}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{76F43258-45A1-4D20-97E9-0E91475B38C1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{77E09F14-6CBE-47C3-A5EF-A7E7B7F91093}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{81E0BFE1-2A8D-432D-984E-030583063A74}" = rport=139 | protocol=6 | dir=out | app=system |
"{92C1477B-1660-4652-BB0F-B5E306B48B7D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{9CCA581E-0F6F-4079-A39F-092BF1B74896}" = lport=3390 | protocol=6 | dir=in | app=system |
"{9D04D8A9-E780-418D-9470-C7AA377C72F1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AA296FD9-47A5-4A5D-A72C-5A373CA84A55}" = lport=35937 | protocol=6 | dir=in | name=block random |
"{AD2EDA6E-31B1-4AE8-B417-F532E63D4C0A}" = lport=445 | protocol=6 | dir=in | app=system |
"{AD575A90-8FB5-4398-BCAF-E2F69625BD88}" = rport=445 | protocol=6 | dir=out | app=system |
"{ADEBBEE3-DF5C-4D60-8DAB-CABA2BA8A7F4}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{B2270428-97E2-4A3E-AF58-A009E793351F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BE4296EF-26CF-4E78-98C5-999AF5141778}" = lport=139 | protocol=6 | dir=in | app=system |
"{BFB67F8A-B974-4023-BF94-D80EFCCC89D9}" = lport=137 | protocol=17 | dir=in | app=system |
"{C6B6A273-D5A1-4D2F-AB48-9DADDF45DA83}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{D5BED942-EC2F-4FBB-AF6D-C3A424112A8B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E0FCB27A-00F4-45C2-812D-55650A927120}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{EEE77C34-B7D1-4529-9456-88D61BB27376}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{084DB0A6-6249-4C85-995C-DE1F0D3BCE5A}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{08A8AFBF-80B6-4F4A-AAC3-76FD8A326C65}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1072B3B1-A6EF-4F23-9DBF-AE3CE7B8B413}" = protocol=6 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{1D4407F8-2C0B-4ED6-82E0-674D9744D183}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{1D936C4F-ACE1-4441-B760-79ADFFCEF3FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{216F1F41-B4D3-41B5-973F-914117742B21}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{30C8F406-19FF-454F-8074-722A208E290C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{33EF2D1A-E3AC-4133-8B3D-6645816159FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{3A429CC9-A99A-421E-B0D9-14DCD130C941}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{3FAE53F2-F9F8-42D9-93AE-7F6F3E53E055}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{401C57E3-A941-45D0-8F16-5203CE2FAB94}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{4617B99C-EB6E-4E8E-A921-741A11E4940B}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{4A875CCE-3E89-45F0-A92A-C27967848A94}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{527693EE-49B4-416D-859C-459F68268B43}" = protocol=6 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{58304032-DEDB-4546-8AA1-5DF30B65E67F}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{63DCA855-0541-4FB4-8272-11C684E3E3B4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6CB773C0-C029-452D-81BC-0E0DFA94CD13}" = protocol=58 | dir=in | [email protected],-28545 |
"{6D576761-820B-4E2E-8F93-2815D7D4E0B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{7B77F535-4771-4683-9299-A910A98130E9}" = protocol=1 | dir=in | [email protected],-28543 |
"{7CF11ACA-BEB4-440D-87B1-575D19540E7C}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{7D433864-7344-435E-B214-45E4557946E0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7E340ACE-39FF-4F3A-A2A5-1A68268CB472}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{8E502AC4-402B-4D67-8AB6-116A40F9926D}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{950B7E25-B1C6-4E7C-9FA1-C5381DE77F94}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A5767AD6-968E-4D44-A06A-755B1DCE3DA8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{A97F4E22-C70B-4153-9107-887A92804A02}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AE01BB52-03EF-442D-866D-86D613D27B64}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{C005F00F-8D34-4A0A-BED3-36A13E9FE4C9}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{C09E8004-AC8C-448D-940E-BFF7EAB51C14}" = protocol=6 | dir=out | app=c:\windows\ehome\mcrmgr.exe |
"{C174692B-4B22-45AA-8CDA-DAFE58AEDDA7}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{CB7FDF35-8C40-46C1-AC2B-EEEDFB2891E9}" = protocol=58 | dir=out | [email protected],-28546 |
"{CF0914AD-86E4-4989-B56F-F21E27CD6124}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{CF3DFFDD-4D88-4B5E-A34B-DB0DD57EBDB3}" = protocol=6 | dir=out | app=c:\windows\ehome\mcrmgr.exe |
"{D00938A6-EC9F-41AF-8128-320F61C1DD70}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D228D035-163B-4379-A48F-E24A93B7119F}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{DB7A60B0-315F-4AE1-BF1D-55EC7CEF8C2E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E3C1DC94-BC63-43E4-9813-21E923A6C303}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E6E96C23-508F-4D47-B6D0-15A20F1EF399}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{E9635C40-F05E-42E3-99CE-E2139C6FCCBE}" = protocol=1 | dir=out | [email protected],-28544 |
"{EB4A4B72-0168-4F25-AF9C-0A01DC7A3AFF}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{EC6B51B1-80B5-4E37-9EBC-390B81480A71}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{EE5BBEDC-0E2A-4245-9AF8-8E070E27C44C}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"TCP Query User{7B134BF4-F802-420D-BBB6-189B17DF189B}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"TCP Query User{7E9E4310-6010-4F16-9241-1E60EE941BE9}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{8AF769BC-4734-4082-84BB-FCC1CC59B4C0}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"TCP Query User{995796C8-A1E5-44C5-87B6-38192E97C14A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{0F7A7140-76F2-4ECD-95D1-89BF36F5B5FC}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"UDP Query User{19583DBC-AFF8-4818-A0A8-9F9837664CCC}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{AD0D4320-250F-475C-9782-EC709AF16AD2}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"UDP Query User{CAF403D6-9631-4ABF-ACA9-7B9D4F89143D}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}" = Bitdefender Total Security 2012
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Bitdefender" = Bitdefender Total Security 2012
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0626C86E-5A8F-4A6D-8C0A-5FF38BD2DA3A}" = hppFaxUtilityCM1312
"{07B85EEC-05BD-4E6A-AAEB-502FB2473DFA}" = hppCLJCM1312
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{29D4D03C-F70B-43d9-82E4-6E5696FB0D1D}" = IObit Toolbar v4.6
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{325D1D94-4F34-46A7-A489-737C801B931D}" = hppusgCM1312
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{484A13AB-A4C1-41FD-87E0-EBE2DA01250E}" = hppSendFaxCM1312
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{583EDB12-4CEA-48B5-A7BA-88069DD47BA2}" = hppQFolderCM1312
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"{66B6D13A-9CC1-417D-B6F2-58AA539D1033}" = Nero 7 Essentials
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74656168-CF28-40BD-9D87-700B07BAF9B6}" = HTC Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7985C7FA-B151-4BA7-B19E-1577A7B527F1}" = hppFaxDrvCM1312
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}" = Razer Diamondback 3G
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0905.1
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.20
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B59ACF5E-0FF7-44D2-B57D-E516F334AC2E}" = hppScanToCM1312
"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
"{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{DC3F66CA-9DFD-41EA-9D9E-FD86F1446A3D}" = Catalyst Control Center Core Implementation
"{E25BEA72-89F8-121D-5481-0347B9446673}" = ccc-core-static
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E76FCE6B-9999-4250-8C75-B2DA4AD41268}" = Face_Wizard B08.0820.01
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{ED498DD7-FBC1-4C67-8D9B-C9218FBC818D}" = hppManualsCM1312
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F308B531-AB20-4A79-8F5E-83071FE5BE60}" = Q-Share Ver.1.00
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.3.1
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"Alarm Clock_is1" = Alarm Clock v1.0
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"Cisco Packet Tracer 5.3.3_is1" = Cisco Packet Tracer 5.3.3
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Setup" = DivX Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"HandBrake" = HandBrake 0.9.5
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"IObit Malware Fighter_is1" = IObit Malware Fighter
"LAME_is1" = LAME v3.99.3 (for Windows)
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"PCHand Screen Recorder_is1" = PCHand Screen Recorder 1.8.5.4
"Smart Defrag 2_is1" = Smart Defrag 2
"SpeedFan" = SpeedFan (remove only)
"STDU Viewer_is1" = STDU Viewer version 1.5.382.0
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Supersonic Sled" = NVIDIA Supersonic Sled demo
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.4.4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = WebEx
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/04/2012 8:53:07 PM | Computer Name = Sukhvir-PC | Source = Application Error | ID = 1000
Description = Faulting application name: nvvsvc.exe, version: 8.17.12.8562, time
stamp: 0x4e9933c3 Faulting module name: nvvsvc.exe, version: 8.17.12.8562, time
stamp: 0x4e9933c3 Exception code: 0x40000015 Fault offset: 0x000000000009ef31 Faulting
process id: 0x6fc Faulting application start time: 0x01cd241019423f2d Faulting application
path: C:\Windows\system32\nvvsvc.exe Faulting module path: C:\Windows\system32\nvvsvc.exe
Report
Id: 59d16080-9003-11e1-8b82-001fd0d11590

Error - 27/04/2012 8:28:47 PM | Computer Name = Sukhvir-PC | Source = Application Error | ID = 1000
Description = Faulting application name: nvvsvc.exe, version: 8.17.12.8562, time
stamp: 0x4e9933c3 Faulting module name: nvvsvc.exe, version: 8.17.12.8562, time
stamp: 0x4e9933c3 Exception code: 0x40000015 Fault offset: 0x000000000009ef31 Faulting
process id: 0x7c8 Faulting application start time: 0x01cd24d5dcb3eb73 Faulting application
path: C:\Windows\system32\nvvsvc.exe Faulting module path: C:\Windows\system32\nvvsvc.exe
Report
Id: 1df12720-90c9-11e1-9b54-001fd0d11590

Error - 27/04/2012 10:54:48 PM | Computer Name = Sukhvir-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 27/04/2012 10:54:48 PM | Computer Name = Sukhvir-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 27/04/2012 10:55:51 PM | Computer Name = Sukhvir-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 27/04/2012 10:55:54 PM | Computer Name = Sukhvir-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 28/04/2012 6:19:29 AM | Computer Name = Sukhvir-PC | Source = Application Error | ID = 1000
Description = Faulting application name: nvvsvc.exe, version: 8.17.12.8562, time
stamp: 0x4e9933c3 Faulting module name: nvvsvc.exe, version: 8.17.12.8562, time
stamp: 0x4e9933c3 Exception code: 0x40000015 Fault offset: 0x000000000009ef31 Faulting
process id: 0xc0c Faulting application start time: 0x01cd252863b47811 Faulting application
path: C:\Windows\system32\nvvsvc.exe Faulting module path: C:\Windows\system32\nvvsvc.exe
Report
Id: a2fcd101-911b-11e1-91ee-001fd0d11590

Error - 28/04/2012 8:24:39 AM | Computer Name = Sukhvir-PC | Source = Application Error | ID = 1000
Description = Faulting application name: nvvsvc.exe, version: 8.17.12.8562, time
stamp: 0x4e9933c3 Faulting module name: nvvsvc.exe, version: 8.17.12.8562, time
stamp: 0x4e9933c3 Exception code: 0x40000015 Fault offset: 0x000000000009ef31 Faulting
process id: 0x4bc Faulting application start time: 0x01cd2539ded4f067 Faulting application
path: C:\Windows\system32\nvvsvc.exe Faulting module path: C:\Windows\system32\nvvsvc.exe
Report
Id: 1f4cf79a-912d-11e1-bfef-001fd0d11590

Error - 28/04/2012 9:37:06 AM | Computer Name = Sukhvir-PC | Source = Application Error | ID = 1000
Description = Faulting application name: nvvsvc.exe, version: 8.17.12.8562, time
stamp: 0x4e9933c3 Faulting module name: nvvsvc.exe, version: 8.17.12.8562, time
stamp: 0x4e9933c3 Exception code: 0x40000015 Fault offset: 0x000000000009ef31 Faulting
process id: 0x7c4 Faulting application start time: 0x01cd2543fd339515 Faulting application
path: C:\Windows\system32\nvvsvc.exe Faulting module path: C:\Windows\system32\nvvsvc.exe
Report
Id: 3ebc1268-9137-11e1-be5f-001fd0d11590

Error - 28/04/2012 8:20:01 PM | Computer Name = Sukhvir-PC | Source = Application Error | ID = 1000
Description = Faulting application name: nvvsvc.exe, version: 8.17.12.8562, time
stamp: 0x4e9933c3 Faulting module name: nvvsvc.exe, version: 8.17.12.8562, time
stamp: 0x4e9933c3 Exception code: 0x40000015 Fault offset: 0x000000000009ef31 Faulting
process id: 0x758 Faulting application start time: 0x01cd259dcd676d47 Faulting application
path: C:\Windows\system32\nvvsvc.exe Faulting module path: C:\Windows\system32\nvvsvc.exe
Report
Id: 0eef850c-9191-11e1-9b66-001fd0d11590

[ Media Center Events ]
Error - 19/05/2010 6:39:31 PM | Computer Name = Sukhvir-PC | Source = MCUpdate | ID = 0
Description = 8:39:30 AM - Error connecting to the internet. 8:39:30 AM - Unable
to contact server..

Error - 19/05/2010 6:40:03 PM | Computer Name = Sukhvir-PC | Source = MCUpdate | ID = 0
Description = 8:40:00 AM - Error connecting to the internet. 8:40:00 AM - Unable
to contact server..

Error - 20/05/2010 4:37:18 PM | Computer Name = Sukhvir-PC | Source = MCUpdate | ID = 0
Description = 6:37:18 AM - Error connecting to the internet. 6:37:18 AM - Unable
to contact server..

Error - 20/05/2010 4:37:52 PM | Computer Name = Sukhvir-PC | Source = MCUpdate | ID = 0
Description = 6:37:47 AM - Error connecting to the internet. 6:37:47 AM - Unable
to contact server..

Error - 21/05/2010 9:03:39 PM | Computer Name = Sukhvir-PC | Source = MCUpdate | ID = 0
Description = 11:03:39 AM - Error connecting to the internet. 11:03:39 AM - Unable
to contact server..

Error - 21/05/2010 9:04:13 PM | Computer Name = Sukhvir-PC | Source = MCUpdate | ID = 0
Description = 11:04:08 AM - Error connecting to the internet. 11:04:08 AM - Unable
to contact server..

Error - 22/05/2010 11:09:34 PM | Computer Name = Sukhvir-PC | Source = MCUpdate | ID = 0
Description = 1:09:34 PM - Error connecting to the internet. 1:09:34 PM - Unable
to contact server..

Error - 22/05/2010 11:10:07 PM | Computer Name = Sukhvir-PC | Source = MCUpdate | ID = 0
Description = 1:10:03 PM - Error connecting to the internet. 1:10:03 PM - Unable
to contact server..

Error - 23/05/2010 6:35:17 PM | Computer Name = Sukhvir-PC | Source = MCUpdate | ID = 0
Description = 8:35:17 AM - Error connecting to the internet. 8:35:17 AM - Unable
to contact server..

Error - 23/05/2010 6:35:59 PM | Computer Name = Sukhvir-PC | Source = MCUpdate | ID = 0
Description = 8:35:46 AM - Error connecting to the internet. 8:35:46 AM - Unable
to contact server..

[ OSession Events ]
Error - 14/10/2010 5:39:09 AM | Computer Name = Sukhvir-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 22 seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 28/04/2012 9:39:24 AM | Computer Name = Sukhvir-PC | Source = Service Control Manager | ID = 7001
Description = The PnP-X IP Bus Enumerator service depends on the Function Discovery
Provider Host service which failed to start because of the following error: %%1058

Error - 28/04/2012 10:49:03 AM | Computer Name = Sukhvir-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2536276).

Error - 28/04/2012 8:18:58 PM | Computer Name = Sukhvir-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 28/04/2012 8:19:17 PM | Computer Name = Sukhvir-PC | Source = volsnap | ID = 393241
Description = The shadow copies of volume C: were deleted because the shadow copy
storage could not grow in time. Consider reducing the IO load on the system or
choose a shadow copy storage volume that is not being shadow copied.

Error - 28/04/2012 8:19:23 PM | Computer Name = Sukhvir-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 28/04/2012 8:20:07 PM | Computer Name = Sukhvir-PC | Source = Service Control Manager | ID = 7001
Description = The PnP-X IP Bus Enumerator service depends on the Function Discovery
Provider Host service which failed to start because of the following error: %%1058

Error - 28/04/2012 8:20:07 PM | Computer Name = Sukhvir-PC | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the Function
Discovery Provider Host service which failed to start because of the following error:
%%1058

Error - 28/04/2012 8:20:18 PM | Computer Name = Sukhvir-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
trufos

Error - 28/04/2012 8:20:35 PM | Computer Name = Sukhvir-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058

Error - 28/04/2012 8:22:20 PM | Computer Name = Sukhvir-PC | Source = Service Control Manager | ID = 7001
Description = The PnP-X IP Bus Enumerator service depends on the Function Discovery
Provider Host service which failed to start because of the following error: %%1058


< End of report >
  • 0

#3
phillpower2

phillpower2

    Mechanised Mod

  • Global Moderator
  • 24,716 posts
OS thread regarding the failed update http://www.geekstogo...date-kb2536276/
  • 0

#4
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#5
z3255859

z3255859

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Thanks for replying Gammo .

Just so you know ... my hotmail has stopped sending spam. ( steps I took were ... change my password , change my alternative email , change security question, change the security code phone number )

I still have the problem with the windows update.



I did the quick scan as u asked ... however I didn't get the extras.txt file ...only OTL.txt was generated.

I did an original OTL scan when i posted this topic and the extras.txt file was generated. Contents of which have been posted above.

OTL LOG generated today (04/05/2012)



OTL logfile created on: 4/05/2012 6:49:14 PM - Run 2
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Sukhvir\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.71 Gb Available Physical Memory | 67.75% Memory free
8.00 Gb Paging File | 6.46 Gb Available in Paging File | 80.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.08 Gb Total Space | 224.34 Gb Free Space | 75.26% Space Free | Partition Type: NTFS
Drive D: | 298.08 Gb Total Space | 297.49 Gb Free Space | 99.80% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 313.45 Gb Free Space | 16.82% Space Free | Partition Type: NTFS

Computer Name: SUKHVIR-PC | User Name: Sukhvir | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/29 10:28:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sukhvir\Desktop\OTL.exe
PRC - [2012/03/14 16:38:14 | 000,913,752 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2012/01/12 17:36:06 | 004,453,208 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
PRC - [2012/01/09 19:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2012/01/03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/15 18:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/09/16 13:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2008/08/08 13:24:42 | 000,080,392 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/27 11:24:56 | 000,075,384 | ---- | M] (Bitdefender) [Disabled | Stopped] -- C:\Program Files\BitDefender\Bitdefender Safebox\safeboxservice.exe -- (SafeBox)
SRV:64bit: - [2012/04/27 11:24:14 | 001,956,616 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (vsserv)
SRV:64bit: - [2012/04/04 23:08:13 | 000,066,096 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2011/10/14 21:57:26 | 000,466,736 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV:64bit: - [2010/11/20 23:25:18 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2010/03/03 14:12:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/28 23:38:28 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/14 16:38:14 | 000,913,752 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2012/01/09 19:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2012/01/03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/27 17:30:03 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/15 18:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/11/20 22:17:42 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/09/16 13:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/06/26 03:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/22 09:17:24 | 000,276,584 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/06 13:24:54 | 000,282,728 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/11 02:01:49 | 000,116,104 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/08/08 13:24:42 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 23:09:06 | 000,691,896 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2012/03/02 09:36:50 | 000,545,064 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2012/03/01 16:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/25 13:00:36 | 000,258,736 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2011/11/17 15:38:34 | 000,079,952 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (bdsandbox)
DRV:64bit: - [2011/11/14 18:16:42 | 000,090,192 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV:64bit: - [2011/11/14 18:16:38 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2011/10/27 13:07:05 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2011/08/16 12:59:12 | 000,442,088 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2011/07/08 09:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/23 15:50:12 | 000,018,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 23:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/06/26 03:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/06/25 15:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/03/03 14:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/03/03 14:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/03 13:07:32 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/01/29 00:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/19 17:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (BDVEDISK)
DRV:64bit: - [2009/11/01 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/09/15 14:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 10:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2005/11/07 06:33:12 | 000,021,120 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DB3G.sys -- (Razerlow)
DRV - [2012/05/04 11:27:12 | 000,024,072 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012/01/05 17:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2011/09/20 13:27:44 | 000,021,872 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2011/09/20 13:27:38 | 000,033,184 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2010/04/03 06:12:54 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3254688471-3102204659-1452169376-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3254688471-3102204659-1452169376-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3254688471-3102204659-1452169376-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S-1-5-21-3254688471-3102204659-1452169376-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-3254688471-3102204659-1452169376-1001\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.6\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-3254688471-3102204659-1452169376-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3254688471-3102204659-1452169376-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3254688471-3102204659-1452169376-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3254688471-3102204659-1452169376-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...A-72373200F9AA}
IE - HKU\S-1-5-21-3254688471-3102204659-1452169376-1006\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - No CLSID value found

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "www.google.com.au"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..keyword.URL: "http://au.search.yah...type=685749&p="

FF - user.js..browser.search.defaultenginename: "Yahoo"
FF - user.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - user.js..browser.search.selectedEngine: "Yahoo"
FF - user.js..browser.startup.homepage: "www.google.com.au"
FF - user.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - user.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - user.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - user.js..extensions.enabledItems: [email protected]:2.0
FF - user.js..keyword.URL: "http://au.search.yah...type=685749&p="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sukhvir\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sukhvir\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2012\BDTBEXT\ [2012/02/25 09:19:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/24 15:37:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/21 19:33:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/28 12:32:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2012/02/25 09:19:56 | 000,000,000 | ---D | M]

[2010/04/02 21:33:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sukhvir\AppData\Roaming\Mozilla\Extensions
[2012/05/02 11:42:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sukhvir\AppData\Roaming\Mozilla\Firefox\Profiles\o5z23swg.default\extensions
[2012/03/31 09:35:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Sukhvir\AppData\Roaming\Mozilla\Firefox\Profiles\o5z23swg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/04/28 12:32:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/13 16:30:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/04/28 12:32:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\SUKHVIR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O5Z23SWG.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/04/21 19:33:21 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/28 12:32:29 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/09 12:38:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/09 12:38:51 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sukhvir\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sukhvir\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sukhvir\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sukhvir\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Sukhvir\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sukhvir\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Entanglement = C:\Users\Sukhvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: YouTube = C:\Users\Sukhvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Sukhvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Sukhvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.32_0\
CHR - Extension: Star Gazing = C:\Users\Sukhvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\mblmlcbknbnfebdfjnolmcapmdofhmme\1.1_0\
CHR - Extension: Poppit = C:\Users\Sukhvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Sukhvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Sukhvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/11 07:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - \bin\jp2ssv.dll File not found
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.6\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.6\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-3254688471-3102204659-1452169376-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3254688471-3102204659-1452169376-1006..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3254688471-3102204659-1452169376-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3254688471-3102204659-1452169376-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76B76419-40C8-40F5-9489-C8970659D12B}: NameServer = 211.29.152.116,198.142.0.51
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/28 13:03:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7b2449d6-b09f-11df-bc2d-001fd0d11590}\Shell - "" = AutoRun
O33 - MountPoints2\{7b2449d6-b09f-11df-bc2d-001fd0d11590}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/29 10:28:56 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Sukhvir\Desktop\OTL.exe
[2012/04/28 12:32:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/04/25 12:56:23 | 000,000,000 | ---D | C] -- C:\Users\Sukhvir\AppData\Local\DDMSettings
[2012/04/24 15:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012/04/24 15:36:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012/04/24 15:36:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/04 18:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/04 18:47:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3254688471-3102204659-1452169376-1001UA.job
[2012/05/04 16:30:18 | 000,000,502 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Sukhvir.job
[2012/05/04 14:47:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3254688471-3102204659-1452169376-1001Core.job
[2012/05/04 11:34:29 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/04 11:34:29 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/04 11:31:55 | 000,739,728 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/04 11:31:55 | 000,637,182 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/04 11:31:55 | 000,114,624 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/04 11:26:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/04 11:26:22 | 3220,033,536 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/29 10:28:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sukhvir\Desktop\OTL.exe
[2012/04/26 21:40:11 | 000,011,639 | ---- | M] () -- C:\Users\Sukhvir\Desktop\WLMContacts.csv
[2012/04/24 15:37:10 | 000,001,617 | ---- | M] () -- C:\Users\Sukhvir\Desktop\DivX Movies.lnk
[2012/04/06 16:57:16 | 000,000,323 | ---- | M] () -- C:\Windows\SysNative\checkdnsid.xml
[2012/04/04 23:09:06 | 000,691,896 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/28 23:38:29 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/26 21:40:11 | 000,011,639 | ---- | C] () -- C:\Users\Sukhvir\Desktop\WLMContacts.csv
[2012/04/24 15:37:10 | 000,001,617 | ---- | C] () -- C:\Users\Sukhvir\Desktop\DivX Movies.lnk
[2012/02/25 09:21:15 | 000,383,554 | ---- | C] () -- C:\ProgramData\1330124688.bdinstall.bin
[2012/02/25 09:01:26 | 000,021,594 | ---- | C] () -- C:\ProgramData\1330124482.bdinstall.bin
[2012/02/25 08:58:22 | 000,218,474 | ---- | C] () -- C:\ProgramData\1330124155.bdinstall.bin
[2011/10/14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2010/12/26 11:03:17 | 001,069,507 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2010/08/18 18:31:06 | 000,000,362 | ---- | C] () -- C:\Users\Sukhvir\AppData\Roaming\VPPM3.ini
[2010/08/16 18:09:30 | 000,000,138 | ---- | C] () -- C:\Users\Sukhvir\AppData\Roaming\wpstate.ini
[2010/08/08 13:12:14 | 000,003,584 | ---- | C] () -- C:\Users\Sukhvir\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/26 03:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/05/13 21:47:10 | 000,007,681 | ---- | C] () -- C:\Users\Sukhvir\AppData\Local\Resmon.ResmonCfg
[2010/05/09 11:58:04 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== LOP Check ==========

[2010/05/09 12:03:00 | 000,000,000 | ---D | M] -- C:\Users\Mcx1-SUKHVIR-PC\AppData\Roaming\BitDefender
[2010/10/18 01:27:14 | 000,000,000 | ---D | M] -- C:\Users\Sukhvir\AppData\Roaming\AltiumDesignerSummer09
[2012/03/05 15:17:37 | 000,000,000 | ---D | M] -- C:\Users\Sukhvir\AppData\Roaming\Audacity
[2012/02/25 09:24:02 | 000,000,000 | ---D | M] -- C:\Users\Sukhvir\AppData\Roaming\Bitdefender
[2010/07/29 21:54:48 | 000,000,000 | ---D | M] -- C:\Users\Sukhvir\AppData\Roaming\Canon
[2012/03/07 08:49:27 | 000,000,000 | ---D | M] -- C:\Users\Sukhvir\AppData\Roaming\Dev-Cpp
[2011/02/02 11:23:39 | 000,000,000 | ---D | M] -- C:\Users\Sukhvir\AppData\Roaming\GetRightToGo
[2011/12/04 10:22:37 | 000,000,000 | ---D | M] -- C:\Users\Sukhvir\AppData\Roaming\HandBrake
[2011/02/01 16:40:05 | 000,000,000 | ---D | M] -- C:\Users\Sukhvir\AppData\Roaming\HTC
[2011/02/01 16:40:10 | 000,000,000 | ---D | M] -- C:\Users\Sukhvir\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011/11/26 08:44:54 | 000,000,000 | ---D | M] -- C:\Users\Sukhvir\AppData\Roaming\IObit
[2011/03/26 09:15:46 | 000,000,000 | ---D | M] -- C:\Users\Sukhvir\AppData\Roaming\Microchip
[2010/12/26 11:03:31 | 000,000,000 | ---D | M] -- C:\Users\Sukhvir\AppData\Roaming\QuickScan
[2011/06/08 13:23:51 | 000,000,000 | ---D | M] -- C:\Users\Sukhvir\AppData\Roaming\TeamViewer
[2010/06/17 18:40:19 | 000,000,000 | ---D | M] -- C:\Users\Sukhvir\AppData\Roaming\Thinstall
[2012/05/04 11:50:49 | 000,000,000 | ---D | M] -- C:\Users\Sukhvir\AppData\Roaming\uTorrent
[2011/07/22 16:19:39 | 000,000,000 | ---D | M] -- C:\Users\Sukhvir\AppData\Roaming\webex
[2011/04/12 12:49:42 | 000,000,000 | ---D | M] -- C:\Users\Sukhvir\AppData\Roaming\Wireshark
[2010/08/08 13:18:37 | 000,000,000 | ---D | M] -- C:\Users\Sukhvir\AppData\Roaming\Xilisoft
[2010/08/08 13:15:11 | 000,000,000 | ---D | M] -- C:\Users\Sukhvir\AppData\Roaming\Xilisoft Corporation
[2012/03/05 07:51:48 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/02/25 08:54:05 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
[2011/03/24 15:29:55 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污

========== Alternate Data Streams ==========

@Alternate Data Stream - 60 bytes -> C:\Users\Sukhvir\.DS_Store:AFP_AfpInfo
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:EC889888

< End of report >

Edited by z3255859, 04 May 2012 - 03:06 AM.

  • 0

#6
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-21-3254688471-3102204659-1452169376-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...A-72373200F9AA}
    IE - HKU\S-1-5-21-3254688471-3102204659-1452169376-1006\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - No CLSID value found
    [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Exactly what problems are you still experiencing? I don't think the Windows Update problem is caused by malware, so if that's your only problem at the moment, I'm probably gonna redirect you to a more appropriate part of our forum.
  • 0

#7
z3255859

z3255859

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Thanks Gammo

ATM I am only experiencing problems with windows update ... i keep getting the same error:

code 8024200D windows update encountered an unknown error

also here is the results from OTL fixes :


All processes killed
========== OTL ==========
HKU\S-1-5-21-3254688471-3102204659-1452169376-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3254688471-3102204659-1452169376-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{CA3EB689-8F09-4026-AA10-B9534C691CE0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ not found.
C:\Windows\SysNative\SET15E4.tmp deleted successfully.
C:\Windows\SysNative\SET486C.tmp deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Sukhvir\Desktop\cmd.bat deleted successfully.
C:\Users\Sukhvir\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1-SUKHVIR-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 94917 bytes
->Flash cache emptied: 41620 bytes

User: Public

User: Sukhvir
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2221681 bytes
->Java cache emptied: 2199299 bytes
->FireFox cache emptied: 53702620 bytes
->Google Chrome cache emptied: 339114026 bytes
->Flash cache emptied: 6453 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 75976 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 350525 bytes
RecycleBin emptied: 117272401 bytes

Total Files Cleaned = 491.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mcx1-SUKHVIR-PC
->Flash cache emptied: 0 bytes

User: Public

User: Sukhvir
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.42.1 log created on 05052012_123613

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\~bd332F.tmp not found!

Registry entries deleted on Reboot...

Edited by z3255859, 04 May 2012 - 08:42 PM.

  • 0

#8
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Can't you install just one update or can't you install any update?

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

  • 0

#9
z3255859

z3255859

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
i was able to download and install all updates recommended by my windows updater until this particular update (KB2536276).

I haven't had any other updates since this one except a few optional updates for my Graphic card, bing desktop search engine , messenger update etc. I have chosen to update a few of those and they have been successful

Farbar Service Scanner Version: 30-04-2012 01
Ran by Sukhvir (administrator) on 05-05-2012 at 21:19:05
Running from "C:\Users\Sukhvir\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Yahoo IP returned error: Yahoo IP is offline


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#10
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
I'm quite sure the Windows Update problem is not malware related, so therefore I'm gonna close this topic.

This should delete most of the tools we used:

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

You can start a new topic here if you want. :thumbsup:
  • 0

#11
z3255859

z3255859

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
thanks very much Gammo for all your help ... appreciate it buddy
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP