Hi,
A BIG thanks for the help. After fixing through FRST and rebooting in normal mode, the white screen problem has disappeared. I have run the procedure as mentioned by you. Please find below the logs as requested :-
Fixlog.txt
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013
Ran by SYSTEM at 2013-10-07 21:06:41 Run:1
Running from F:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
HKU\Administrator\...\Winlogon: [Shell] explorer.exe,C:\Users\Administrator\AppData\Roaming\skype.dat [ 2011-11-18] (Software ) <==== ATTENTION
C:\Users\Administrator\AppData\Roaming\skype.dat
C:\Users\Administrator\AppData\Roaming\skype.ini
*****************
HKU\Administrator\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Administrator\AppData\Roaming\skype.dat => Moved successfully.
C:\Users\Administrator\AppData\Roaming\skype.ini => Moved successfully.
==== End of Fixlog ====
OTL.txt
OTL logfile created on: 10/7/2013 9:23:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = G:\
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.95 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 36.10% Memory free
4.13 Gb Paging File | 2.79 Gb Available in Paging File | 67.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.09 Gb Total Space | 25.82 Gb Free Space | 17.55% Space Free | Partition Type: NTFS
Drive D: | 1.95 Gb Total Space | 1.73 Gb Free Space | 88.52% Space Free | Partition Type: NTFS
Drive G: | 3.73 Gb Total Space | 2.71 Gb Free Space | 72.68% Space Free | Partition Type: FAT32
Computer Name: 30DIT2297 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2013/10/07 21:10:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2013/03/22 04:20:35 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2010/07/18 23:39:55 | 000,774,144 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Imation\IFM\Imation Flash Detect.exe
PRC - [2009/04/11 11:58:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 11:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/24 17:23:34 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/02/24 17:23:34 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/02/24 17:23:32 | 001,795,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/02/24 17:23:32 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/02/24 17:23:30 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/10/04 02:03:12 | 001,185,016 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/07/19 16:10:58 | 002,054,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2008/07/19 16:10:54 | 000,773,144 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
PRC - [2008/07/19 16:10:52 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2008/05/20 12:35:16 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/11/28 06:12:14 | 000,185,896 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/11/28 06:12:12 | 000,093,736 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/11/28 06:10:42 | 000,298,536 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2007/11/02 14:52:40 | 000,036,864 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\hppusg.exe
PRC - [2007/06/29 15:29:06 | 000,114,688 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
PRC - [2007/06/29 15:28:38 | 000,277,504 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files\Portrait Displays\HP Display Assistant\dthtml.exe
PRC - [2007/06/29 15:26:48 | 000,073,728 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2007/06/29 15:26:06 | 000,110,592 | ---- | M] (Portrait Displays Inc.) -- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
PRC - [2006/08/19 11:37:06 | 000,049,152 | ---- | M] (ZSMCSNAP) -- C:\Windows\ZSSnp211.exe
PRC - [2006/08/18 16:58:14 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe
PRC - [2004/08/24 15:01:12 | 000,065,536 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\HPLiteSaver.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2013/03/23 18:01:48 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\144416ed8c3871a6de69bbe4e55f683c\System.Windows.Forms.ni.dll
MOD - [2013/03/22 04:20:33 | 000,390,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppgooglenaclpluginchrome.dll
MOD - [2013/03/22 04:20:31 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll
MOD - [2013/03/22 04:19:38 | 001,606,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll
MOD - [2013/01/29 19:38:08 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a2e286078c685f989cd10b035386a553\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2013/01/29 19:37:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\839ff0054a7ab6c371325f122cec0d40\System.Configuration.ni.dll
MOD - [2013/01/29 19:37:21 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ad47238ee215a5002bf9f48b02bc9bdf\System.Xml.ni.dll
MOD - [2013/01/29 19:36:51 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\b8f3bbfe1da60b9c75346378e7faeafd\System.Drawing.ni.dll
MOD - [2013/01/29 19:35:38 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3eddfe61bb0d8cbd0d8c186eb9e69156\System.ni.dll
MOD - [2013/01/29 19:35:21 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\854ec00bdcd23f1d36fb8405aa248b8d\mscorlib.ni.dll
MOD - [2010/07/18 23:39:55 | 000,774,144 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Imation\IFM\Imation Flash Detect.exe
MOD - [2009/10/15 18:56:24 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\Interop.hpqusg.dll
MOD - [2008/02/07 10:05:18 | 000,163,840 | ---- | M] () -- C:\Windows\System32\hppatusg01.dll
MOD - [2007/11/28 06:11:06 | 000,114,688 | ---- | M] () -- C:\Windows\System32\aicext.dll
MOD - [2007/11/02 14:52:40 | 000,057,344 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\HPUsageTracking.dll
MOD - [2007/11/02 14:52:40 | 000,036,864 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\hppusg.exe
MOD - [2007/11/02 14:52:38 | 000,114,688 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\HPToolkit.dll
MOD - [2007/11/02 14:52:38 | 000,036,864 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\Enumeration.dll
MOD - [2007/11/02 14:52:22 | 000,065,536 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\HPTools.dll
MOD - [2007/11/02 14:52:16 | 000,016,384 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\HPStreamsInterface.dll
MOD - [2007/06/29 15:26:54 | 000,167,936 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DThook.dll
MOD - [2007/06/29 15:26:50 | 000,077,824 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\CC\gui.dll
MOD - [2007/06/29 15:26:02 | 000,102,400 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\PresetsCOM.dll
MOD - [2007/06/12 11:25:48 | 000,065,536 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Drivers\vista.dll
MOD - [2006/08/18 16:58:14 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV - [2012/07/04 12:40:46 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/02/24 17:23:34 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/02/24 17:23:34 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/02/24 17:23:32 | 001,795,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/02/24 17:23:32 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/02/24 17:23:30 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/10/04 02:03:12 | 001,185,016 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/07/19 16:10:58 | 002,054,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
SRV - [2008/07/19 16:10:52 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2008/05/20 12:35:16 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2008/04/07 19:40:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Disabled | Stopped] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008/01/21 07:53:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/28 06:12:14 | 000,185,896 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2007/08/11 20:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2007/06/29 15:29:06 | 000,114,688 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe -- (Asset Management Daemon)
SRV - [2007/06/29 15:26:48 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a94ng9o6)
DRV - [2013/03/14 12:41:26 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130407.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/03/14 12:41:26 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/03/14 12:41:26 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/03/14 12:41:26 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130407.007\NAVENG.SYS -- (NAVENG)
DRV - [2012/09/30 18:03:24 | 000,174,056 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2012/07/07 00:36:53 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/07/09 11:35:26 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/02/24 17:23:38 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/02/24 17:23:34 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/02/24 17:23:34 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/02/24 17:23:34 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/02/24 17:23:34 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2009/02/24 17:23:34 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/02/24 17:23:28 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2009/02/24 17:23:28 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2009/02/24 17:23:26 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/02/24 17:23:24 | 000,023,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/11/10 05:08:08 | 000,013,824 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HP1319FAX.sys -- (HP1319FAX)
DRV - [2008/11/10 05:08:08 | 000,012,800 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HP1319EWS.sys -- (HP1319EWS)
DRV - [2008/10/27 14:58:20 | 000,171,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6032.sys -- (e1kexpress)
DRV - [2008/07/19 16:10:46 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2008/01/21 07:53:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006/11/16 17:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2006/08/08 11:29:10 | 000,391,836 | ---- | M] (ZSMC Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZS211.sys -- (ZSMC211)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=4.0007002"
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=93&bd=all&pf=cmdt
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=93&bd=all&pf=cmdt
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=93&bd=all&pf=cmdt
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=93&bd=all&pf=cmdt
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp
IE - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=93&bd=all&pf=cmdt
IE - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406
IE - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\..\SearchScopes\{C961CD77-748C-4AF5-8D8B-0170738AB41C}: "URL" = http://in.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028
IE - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=4.0007002"
IE - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=mkg030&p="
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.732
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=390&systemid=406&sr=0&q="
FF - prefs.js..network.proxy.backup.ftp: "172.16.44.12"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "172.16.44.12"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "172.16.44.12"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "172.16.44.12"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "172.16.44.12"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "172.16.44.12"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "172.16.44.12"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "172.16.44.12"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 4
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Administrator\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2012/04/03 14:32:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins
[2012/09/30 14:42:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2013/03/09 23:09:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ai34znko.default\extensions
[2010/09/21 21:18:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ai34znko.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/03/08 23:08:08 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ai34znko.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(178)
[2012/07/30 22:52:40 | 000,002,519 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ai34znko.default\searchplugins\Search_Results.xml
[2012/05/02 19:32:59 | 000,003,930 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ai34znko.default\searchplugins\sweetim.xml
[color=#E56717]========== Chrome ==========[/color]
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=390&systemid=406&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.searchnu.com/406
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
O1 HOSTS File: ([2006/09/19 03:11:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Domino] C:\Windows\Domino.exe ()
O4 - HKLM..\Run: [DT HWP] C:\Program Files\Portrait Displays\HP Display Assistant\DTHtml.exe (Portrait Displays, Inc)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\HP\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Yahoo Messenger] File not found
O4 - HKLM..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe (ZSMCSNAP)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -update plugin File not found
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -update plugin File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1030598212-3810331530-2025082804-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E8027D8-C0A2-44D9-A3B9-A13A10A270DD}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (avgrsstx.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 03:13:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0413ec60-c79e-11e1-ad1b-93c49e1d851a}\Shell - "" = AutoRun
O33 - MountPoints2\{0413ec60-c79e-11e1-ad1b-93c49e1d851a}\Shell\AutoRun\command - "" = F:\FarCryAutoCD.exe
O33 - MountPoints2\{14f4f4db-3cd8-11df-b4ed-f2866c35922c}\Shell\AutoRun\command - "" = 3o.exe
O33 - MountPoints2\{14f4f4db-3cd8-11df-b4ed-f2866c35922c}\Shell\explore\Command - "" = 3o.exe
O33 - MountPoints2\{14f4f4db-3cd8-11df-b4ed-f2866c35922c}\Shell\open\Command - "" = 3o.exe
O33 - MountPoints2\{4b125467-a89d-11df-80c2-d08ab721be28}\Shell - "" = AutoRun
O33 - MountPoints2\{4b125467-a89d-11df-80c2-d08ab721be28}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{5491dcfb-4a45-11df-87fa-d4e33dc3c1fc}\Shell - "" = AutoRun
O33 - MountPoints2\{5491dcfb-4a45-11df-87fa-d4e33dc3c1fc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ac72d6f9-1d67-11df-a86d-b9305fb4e997}\Shell - "" = AutoRun
O33 - MountPoints2\{ac72d6f9-1d67-11df-a86d-b9305fb4e997}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ac72d714-1d67-11df-a86d-b9305fb4e997}\Shell - "" = AutoRun
O33 - MountPoints2\{ac72d714-1d67-11df-a86d-b9305fb4e997}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b78789ab-40bf-11df-8d73-c3bb13ad500f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\XEAyAL.EXe
O33 - MountPoints2\{c8e06849-30ba-11df-85ea-876d6794d17c}\Shell - "" = AutoRun
O33 - MountPoints2\{c8e06849-30ba-11df-85ea-876d6794d17c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d29cf187-312a-11df-a8d3-9ccb54ca022f}\Shell - "" = AutoRun
O33 - MountPoints2\{d29cf187-312a-11df-a8d3-9ccb54ca022f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e38a0223-fa19-11de-8678-002481ea39ce}\Shell\AutoRun\command - "" = folder.tmp/tmp.exe
O33 - MountPoints2\{e38a0223-fa19-11de-8678-002481ea39ce}\Shell\explore\command - "" = folder.tmp/tmp.exe
O33 - MountPoints2\{e38a0223-fa19-11de-8678-002481ea39ce}\Shell\open\command - "" = folder.tmp/tmp.exe
O33 - MountPoints2\{e9a8b279-3454-11df-9080-befaaaa6b916}\Shell - "" = AutoRun
O33 - MountPoints2\{e9a8b279-3454-11df-9080-befaaaa6b916}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2013/10/07 08:50:24 | 000,000,000 | ---D | C] -- C:\FRST
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2013/10/07 21:27:40 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce1ccf2becf2c0.job
[2013/10/07 21:27:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/07 21:23:48 | 000,612,086 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/07 21:23:48 | 000,109,534 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/07 21:19:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/07 21:19:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/07 21:18:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/07 21:18:39 | 2090,070,016 | -HS- | M] () -- C:\hiberfil.sys
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2013/10/07 21:16:56 | 000,001,558 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Display LiteSaver Startup.lnk
[2013/10/07 21:16:56 | 000,001,167 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Imation Flash Detect.lnk
[2013/10/07 21:08:20 | 2090,070,016 | -HS- | C] () -- C:\hiberfil.sys
[2013/01/29 19:47:52 | 000,266,266 | ---- | C] () -- C:\Users\Administrator\anjuku.jpg
[2011/12/11 20:56:06 | 000,000,471 | ---- | C] () -- C:\ProgramData\ReclaiMe.config
[2011/12/11 20:56:06 | 000,000,438 | ---- | C] () -- C:\Users\Administrator\AppData\Local\ReclaiMe.config
[2010/10/11 01:05:20 | 000,022,328 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\PnkBstrK.sys
[2009/08/15 12:33:29 | 000,025,088 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/09 12:04:07 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/02/26 18:36:12 | 001,064,672 | ---- | C] () -- C:\Users\Administrator\download.jpg
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2006/11/02 18:24:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:17:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 11:58:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 11:58:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[color=#E56717]========== LOP Check ==========[/color]
[2010/08/29 18:47:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\com.bigfatsimulations.airportmadness3.3A85083A650345D1ADAB4572C5816AD2DC9802A3.1
[2012/07/07 00:42:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2010/08/15 23:33:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Net
[2010/08/16 00:19:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Pro
[2009/08/15 12:14:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DisplayTune
[2012/05/02 19:32:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Easy MP3 Recorder
[2013/10/06 19:10:19 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Juniper Networks
[2010/09/06 21:54:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nokia
[2011/03/16 23:11:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC Suite
[2011/09/02 23:54:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Research In Motion
[2010/12/16 00:34:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Uniblue
[2012/09/30 14:37:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Custom Scans ==========[/color]
[color=#E56717]========== Base Services ==========[/color]
SRV - [2006/11/02 15:16:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/21 07:54:43 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/21 07:54:42 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 11:58:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 11:58:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 19:42:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 11:58:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/21 07:54:58 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/06/02 05:32:32 | 000,133,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 11:58:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 11:58:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 21:14:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/21 07:55:28 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 11:58:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/21 07:54:35 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 11:58:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/04/11 11:58:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/21 07:55:20 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/21 07:54:39 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/21 07:54:49 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/21 07:54:11 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/21 07:55:11 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 11:58:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 19:41:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 19:42:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 11:58:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/21 07:54:45 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 11:58:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 11:58:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/21 07:54:57 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 19:42:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 11:58:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 21:50:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 17:17:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 11:57:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/05 00:25:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 11:58:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 17:17:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 11:58:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 11:58:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 11:58:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 11:58:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/21 07:53:52 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/21 07:53:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 11:58:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 11:58:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 11:58:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 11:57:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 11:58:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/03 03:49:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 11:58:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/12 00:31:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 17:12:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[color=#A23BEC]< c:\program files (x86)\Google\Desktop >[/color]
[2006/11/02 18:31:23 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 18:31:23 | 000,032,602 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/03 18:46:48 | 000,000,900 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/07/04 12:40:47 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/03/09 19:35:36 | 000,000,882 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce1ccf2becf2c0.job
[color=#A23BEC]< c:\program files\Google\Desktop >[/color]
[color=#A23BEC]< dir "%systemdrive%\*" /S /A:L /C >[/color]
Volume in drive C has no label.
Volume Serial Number is 46B4-D1F4
Directory of C:\
11/02/2006 06:32 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
11/02/2006 06:32 PM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 06:32 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 06:32 PM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 06:32 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 06:32 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 06:32 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
11/02/2006 06:32 PM <SYMLINKD> All Users [C:\ProgramData]
11/02/2006 06:32 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\Administrator
07/09/2009 11:19 AM <JUNCTION> Application Data [C:\Users\Administrator\AppData\Roaming]
07/09/2009 11:19 AM <JUNCTION> Cookies [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies]
07/09/2009 11:19 AM <JUNCTION> Local Settings [C:\Users\Administrator\AppData\Local]
07/09/2009 11:19 AM <JUNCTION> My Documents [C:\Users\Administrator\Documents]
07/09/2009 11:19 AM <JUNCTION> NetHood [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/09/2009 11:19 AM <JUNCTION> PrintHood [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/09/2009 11:19 AM <JUNCTION> Recent [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent]
07/09/2009 11:19 AM <JUNCTION> SendTo [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo]
07/09/2009 11:19 AM <JUNCTION> Start Menu [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu]
07/09/2009 11:19 AM <JUNCTION> Templates [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Administrator\AppData\Local
07/09/2009 11:19 AM <JUNCTION> Application Data [C:\Users\Administrator\AppData\Local]
07/09/2009 11:19 AM <JUNCTION> History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
07/09/2009 11:19 AM <JUNCTION> Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Administrator\Documents
07/09/2009 11:19 AM <JUNCTION> My Music [C:\Users\Administrator\Music]
07/09/2009 11:19 AM <JUNCTION> My Pictures [C:\Users\Administrator\Pictures]
07/09/2009 11:19 AM <JUNCTION> My Videos [C:\Users\Administrator\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users
11/02/2006 06:32 PM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 06:32 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 06:32 PM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 06:32 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 06:32 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 06:32 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
11/02/2006 06:32 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
11/02/2006 06:32 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
11/02/2006 06:32 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
11/02/2006 06:32 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
11/02/2006 06:32 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/02/2006 06:32 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/02/2006 06:32 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
11/02/2006 06:32 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
11/02/2006 06:32 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
11/02/2006 06:32 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
11/02/2006 06:32 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
11/02/2006 06:32 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
11/02/2006 06:32 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
11/02/2006 06:32 PM <JUNCTION> My Music [C:\Users\Default\Music]
11/02/2006 06:32 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
11/02/2006 06:32 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
11/02/2006 06:32 PM <JUNCTION> My Music [C:\Users\Public\Music]
11/02/2006 06:32 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
11/02/2006 06:32 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
50 Dir(s) 27,555,205,120 bytes free
< End of report >
Extras.txt
OTL Extras logfile created on: 10/7/2013 9:23:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = G:\
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.95 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 36.10% Memory free
4.13 Gb Paging File | 2.79 Gb Available in Paging File | 67.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.09 Gb Total Space | 25.82 Gb Free Space | 17.55% Space Free | Partition Type: NTFS
Drive D: | 1.95 Gb Total Space | 1.73 Gb Free Space | 88.52% Space Free | Partition Type: NTFS
Drive G: | 3.73 Gb Total Space | 2.71 Gb Free Space | 72.68% Space Free | Partition Type: FAT32
Computer Name: 30DIT2297 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1030598212-3810331530-2025082804-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1030598212-3810331530-2025082804-500]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[color=#E56717]========== Authorized Applications List ==========[/color]
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B3ED497-308A-4A29-8E5E-B7C32C0FFE4E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{11F4FBD2-3363-47A6-A2D4-985DB121CAF7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1810768E-20DE-4946-81AF-163D26FFA61C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4058F48E-6792-49A0-83FB-77976021D61A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{428AAF7D-6239-4AD3-8354-C2512909A221}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4AF2EF1F-F250-41BF-86BF-98EAA5F20FC6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4C760B2B-084E-4A3D-8924-D3B4BACEA708}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{51A47B6C-7324-4085-BE75-7D8822CA3F94}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{5311925B-48D3-4650-8BB9-DF68F50F515F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{543F081E-9409-46C2-8664-DCE42D27BE3C}" = rport=137 | protocol=17 | dir=out | app=system |
"{5B7BB312-2FDC-4700-8F3D-3825B67F6DE2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{635290E0-5E6F-4C5B-B0A4-54D0897542D7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{688A79F2-2EE8-4CC0-96A4-8625BE60FFF0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{68FB676A-2E74-429B-BD5F-90668E930310}" = rport=139 | protocol=6 | dir=out | app=system |
"{6F2E3032-3BC3-4298-9756-EC025F0CF204}" = rport=445 | protocol=6 | dir=out | app=system |
"{79346584-5DBE-4B7C-9552-FE905706D12D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{815072B4-E489-4614-B2E6-D97527B8B41F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8E5C7C64-3F84-41D8-9D6D-B68E234C2416}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{912DBC04-A784-4E30-B69A-8BCC94BDA802}" = rport=138 | protocol=17 | dir=out | app=system |
"{AC6B8CF4-0844-48FD-93F4-0E4B38333ECA}" = lport=138 | protocol=17 | dir=in | app=system |
"{C0E3DE07-0D46-48D8-8C20-6838290B1B8E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E4182BF4-E0F4-4573-9732-6CDE5EBE90B7}" = lport=445 | protocol=6 | dir=in | app=system |
"{EB191695-FD0F-4EB1-8298-BAFACA9ECB1E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1E942DE-6E57-499B-B0A3-534F252E158C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F76D6EAC-F6C4-4C86-8986-9099A5DA8B6C}" = lport=139 | protocol=6 | dir=in | app=system |
"{FAB1866F-1323-4A4B-80E7-0A3D8F6401F9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FCC4A2B1-77FD-4F7B-971E-BC8F81A016D8}" = lport=137 | protocol=17 | dir=in | app=system |
"{FFE88DD3-0C46-4A76-A647-E60838EF28C9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00698493-266F-4F0B-BB40-CAF5B1B24A6F}" = protocol=17 | dir=in | app=c:\program files\ubisoft\prince of persia\prince of persia.exe |
"{010EFD6E-DC1F-45F7-8BD4-BFD73334D40E}" = protocol=17 | dir=in | app=c:\program files\id software\doom 3 resurrection evil\doom3.exe |
"{05C77F90-84D4-4779-974D-880AEDE7BD2E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{07108098-849A-4B29-8041-54F36AAB0609}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{07DB6F27-25A2-4A18-94F7-0798C238FBAC}" = protocol=6 | dir=in | app=c:\program files\ubisoft\prince of persia\princeofpersia_launcher.exe |
"{0A4E6E40-CF49-4F07-81CD-EAA98F674AA8}" = protocol=17 | dir=in | app=c:\program files\id software\doom 3 resurrection evil\doom3ded.exe |
"{11887CD3-96D1-41F3-B1CD-01A4BA081CF1}" = protocol=6 | dir=out | app=system |
"{1ED421E8-6E7D-4D21-AA16-A8027C655635}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{209A7726-AE23-44F3-9EE3-AE480AD25E17}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{25A65E08-D664-4A0C-8E0E-B8B9520AD500}" = protocol=1 | dir=out | [email protected],-28544 |
"{2A5424AA-10E5-4B47-B620-647BF142797E}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{2C975FD9-B4BB-4BCC-BF6D-1C29174B8C77}" = protocol=6 | dir=in | app=c:\program files\id software\doom 3 resurrection evil\doom3ded.exe |
"{304EAEF0-5827-4654-A824-54A844F17D2E}" = protocol=17 | dir=in | app=c:\program files\ubisoft\prince of persia\princeofpersia_launcher.exe |
"{32B07C36-DA84-4634-8A19-2A046991419F}" = protocol=58 | dir=in | [email protected],-28545 |
"{39098469-1FDE-4355-A924-222C967EFE08}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3ABCDECA-9729-45BF-9444-EAF293FC1EA3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3C549133-7EA8-4201-B0AC-D935A0134151}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3C8259AB-879B-442D-9DD5-A3031375FA55}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3D7603F1-C344-4F3D-8F86-9BD9E219C6ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3EC5D009-6194-4D07-9674-52CC1662709F}" = protocol=6 | dir=in | app=c:\program files\id software\doom 3 resurrection evil\doom3.exe |
"{40B9ADAE-0B61-494F-AEC9-E1A204B58D95}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{46DAECAD-B0A1-4C8F-A671-B4B8CDCDDC1A}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{4941A03A-B32A-4E43-A1DB-5C5C31BEE6F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4DE19683-CF39-4919-AA28-C8A74761207C}" = protocol=6 | dir=in | app=c:\valve\steam\steam.exe |
"{4F687DA1-2066-4383-A3E0-ADAD148972F1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{551235E6-066A-4865-B9C6-2DC1B69D0A3E}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{56235F56-02D6-424E-A123-60C36BB6855D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5B4550A3-2EAE-4A55-A99A-2F5FFB697A2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5E15C963-A6EA-41E0-A50E-407BB9981E14}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{629AC594-256B-4D92-8350-059D44BDDEAB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{697246ED-6883-4F67-87F1-1001908709EB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6E2FD2E4-FCA1-4D7E-B467-F33A2B14390E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7BAE11C3-9634-4F56-9AD6-B66709B2C9EE}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{825E2698-024B-4900-9AE0-9DA15A93BF5E}" = protocol=17 | dir=in | app=c:\program files\id software\doom 3 resurrection evil\d3roe3_c.exe |
"{8843A36E-5CCB-484D-920B-DD1571123FFD}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{8A8397D9-9EEC-42B8-892F-CA46E2FCFF7A}" = protocol=6 | dir=in | app=c:\program files\id software\doom 3 resurrection evil\d3roe3_c.exe |
"{9159FF3E-3A91-48EC-82AA-7E4E3EE1D4B3}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{9531E661-DE68-4E44-BF37-9239269675CC}" = protocol=6 | dir=in | app=c:\program files\ubisoft\prince of persia\prince of persia.exe |
"{98D283A5-7459-4A2C-A9AA-635ED2A610E3}" = protocol=58 | dir=out | [email protected],-28546 |
"{AC759FFE-B4F7-4EC5-9198-FC13F20F5AF3}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{B937A6D2-4E18-4438-B902-9A3AED7ED23F}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{B9B6833D-5DE0-40E8-8200-851E37E41282}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{C2BA2A6A-1A38-4332-8DF7-7BF9A68D6F0B}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{C848A8D0-A0A6-4C6A-9ADB-27B14B25E8F2}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{D1D69314-0F33-4DCB-8601-C588E2D7DAB8}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{D364F195-8B97-41FD-A638-1A5682182E0C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D787E388-7DDA-4F36-86BB-DC08E68BABEA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7CEFEBD-C227-4BB6-AA2A-18F8C44F51A9}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{DF1E9BD6-2DE7-4968-AF1E-AA874D86E9BD}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{DF997450-9C3C-460A-9B84-9BEB8A0BB5EF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{E46FB6CE-7209-4734-A702-C617B9B1655E}" = protocol=1 | dir=in | [email protected],-28543 |
"{EB35D635-4EBE-4AC6-9B6E-C6076D756BB8}" = protocol=17 | dir=in | app=c:\valve\steam\steam.exe |
"{ECBF9A55-3F64-41F0-BBCD-0668C9208DB7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EEC36BA2-FD0D-4F6F-9F34-8A68EB1FD0A3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F4D34D74-1568-4323-9D6A-63E4EC324510}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{F9DAF5FA-93A5-47D2-AB47-5E1E61DC67C7}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{FCAECA0C-D937-4F7F-B9B1-4865CADB7CE5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD9E0693-F7C0-4CC5-B66D-B8C5DA64D267}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"TCP Query User{067822F8-6220-49CD-8B54-651E9340F193}C:\study material\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\study material\eclipse\eclipse.exe |
"TCP Query User{80D30B35-DC2F-4D26-8988-7BB551DD810C}C:\program files\atari\terminator 3 - war of the machines\t3.exe" = protocol=6 | dir=in | app=c:\program files\atari\terminator 3 - war of the machines\t3.exe |
"TCP Query User{9068F27D-8370-4D30-8B9C-0147E2541FFC}C:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
"TCP Query User{9776C018-50AE-4BF8-9DD5-98B4AB1CF08D}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{B45CB068-1489-47AA-ADF5-9DAAAD7E259B}C:\program files\mozilla firefox 3.6 beta 4\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox 3.6 beta 4\firefox.exe |
"TCP Query User{D2146E7E-D638-4ED4-A1FF-BD50CD37E2AE}C:\valve\condition zero\czero.exe" = protocol=6 | dir=in | app=c:\valve\condition zero\czero.exe |
"TCP Query User{E440A8B6-3F77-430D-82E5-58FC7BC88441}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe |
"TCP Query User{EA031C3E-C9EC-4EBA-8B92-BF8A17EF8306}C:\program files\return to castle wolfenstein\wolfmp.exe" = protocol=6 | dir=in | app=c:\program files\return to castle wolfenstein\wolfmp.exe |
"UDP Query User{25026A01-B0BA-4934-B568-DFC8344E77D6}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe |
"UDP Query User{3C9BA516-594B-40B7-B7BB-66DDB6D09D06}C:\program files\mozilla firefox 3.6 beta 4\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox 3.6 beta 4\firefox.exe |
"UDP Query User{723030EE-4927-4BC0-8930-5EDA2F1BE135}C:\program files\return to castle wolfenstein\wolfmp.exe" = protocol=17 | dir=in | app=c:\program files\return to castle wolfenstein\wolfmp.exe |
"UDP Query User{892B76DD-D2E4-4B3E-B0CE-64A2A973258B}C:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
"UDP Query User{89D31DFB-2FB8-4651-A414-BCA94E76A310}C:\valve\condition zero\czero.exe" = protocol=17 | dir=in | app=c:\valve\condition zero\czero.exe |
"UDP Query User{BF7D33BA-E46A-447F-A403-115F9764EC4D}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{D1ED31C6-3E25-4E72-AFF3-CC474746EA9A}C:\program files\atari\terminator 3 - war of the machines\t3.exe" = protocol=17 | dir=in | app=c:\program files\atari\terminator 3 - war of the machines\t3.exe |
"UDP Query User{DB40C5BD-E8F1-44BD-A57F-58D0C0C4CBBC}C:\study material\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\study material\eclipse\eclipse.exe |
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{17B371B7-740F-4C83-BDFE-0C3A2C585103}" = HP Display Assistant
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1F2E313E-CBAA-4337-A46B-794E8E4FE6C2}" = FaxSetupInstaller
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 26
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}" = Symantec Endpoint Protection
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43BEE5D4-E522-450A-817D-02BCC18C1517}" = hppusgM1310
"{44D02D8B-FFB3-4245-8D26-68D10B4C4023}" = USB PC Camera (ZS211)
"{485D80AA-AFD9-4FF1-91D4-A44978B99F3D}" = AuthenTec Fingerprint System
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{509E7E30-8EC3-449B-8C59-B952E7489B0F}" = D-Link DSLs
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76643356-611A-4A07-8BEC-79E85546916F}" = HP Display LiteSaver
"{76B86AE2-6558-46FB-BB39-E6F02898FBE7}" = HP LaserJet Toolbox
"{8487219F-6929-4FC9-B5F7-7D990DD6EECB}" = HP Advisor
"{8FD8E8C4-D53E-4C52-81B1-0017A9546D1E}" = Hindi Indic IME 1 V 5.0
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{96BFE9CE-5A9D-4F6E-A406-7E0206BE5A6A}" = HP LaserJet M1319 MFP Series Toolbox
"{9BC9B87B-66D9-BF1C-4714-9FDD85FC6BED}" = AirportMadness3
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C6909E04-B7C6-4426-BE4F-098275147ADA}" = Scan To
"{C876CEE1-32CC-4E96-832F-1D321E35A451}" = FaxSendInstaller
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CCleaner" = CCleaner
"com.bigfatsimulations.airportmadness3.3A85083A650345D1ADAB4572C5816AD2DC9802A3.1" = AirportMadness3
"DAEMON Tools Lite" = DAEMON Tools Lite
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP LaserJet M1319 MFP" = HP LaserJet M1319 MFP Series
"InstallShield_{362C6A81-4C88-4B26-8C79-B2EE0076F65F}" = Wolfenstein(TM) 1.11 Patch
"InstallShield_{76643356-611A-4A07-8BEC-79E85546916F}" = HP Display LiteSaver
"InstallShield_{8FD8E8C4-D53E-4C52-81B1-0017A9546D1E}" = Hindi Indic IME 1 V 5.0
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"PDF Complete" = PDF Complete
"STANDARD" = Microsoft Office Standard 2007
"VLC media player" = VLC media player 1.1.1
"Yahoo! Messenger" = Yahoo! Messenger
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ]
Error - 10/7/2013 11:53:45 AM | Computer Name = 30dit2297 | Source = Windows Search Service | ID = 3013
Description =
Error - 10/7/2013 11:53:45 AM | Computer Name = 30dit2297 | Source = Windows Search Service | ID = 3013
Description =
Error - 10/7/2013 11:53:45 AM | Computer Name = 30dit2297 | Source = Windows Search Service | ID = 3013
Description =
Error - 10/7/2013 11:53:46 AM | Computer Name = 30dit2297 | Source = Windows Search Service | ID = 3013
Description =
Error - 10/7/2013 11:54:31 AM | Computer Name = 30dit2297 | Source = Windows Search Service | ID = 3013
Description =
Error - 10/7/2013 11:54:31 AM | Computer Name = 30dit2297 | Source = Windows Search Service | ID = 3013
Description =
Error - 10/7/2013 11:54:48 AM | Computer Name = 30dit2297 | Source = Windows Search Service | ID = 3013
Description =
Error - 10/7/2013 11:54:48 AM | Computer Name = 30dit2297 | Source = Windows Search Service | ID = 3013
Description =
Error - 10/7/2013 11:56:31 AM | Computer Name = 30dit2297 | Source = Windows Search Service | ID = 3013
Description =
Error - 10/7/2013 11:56:31 AM | Computer Name = 30dit2297 | Source = Windows Search Service | ID = 3013
Description =
[ OSession Events ]
Error - 8/18/2010 1:23:26 PM | Computer Name = 30dit2297 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 911
seconds with 300 seconds of active time. This session ended with a crash.
Error - 8/19/2010 3:19:54 PM | Computer Name = 30dit2297 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.
Error - 8/19/2010 3:23:10 PM | Computer Name = 30dit2297 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 187
seconds with 180 seconds of active time. This session ended with a crash.
Error - 1/12/2011 3:58:10 AM | Computer Name = 30dit2297 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 56
seconds with 0 seconds of active time. This session ended with a crash.
Error - 1/12/2011 4:01:28 AM | Computer Name = 30dit2297 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 93
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 10/6/2013 5:13:35 AM | Computer Name = 30dit2297 | Source = Service Control Manager | ID = 7001
Description =
Error - 10/6/2013 5:13:35 AM | Computer Name = 30dit2297 | Source = Service Control Manager | ID = 7001
Description =
Error - 10/6/2013 5:13:35 AM | Computer Name = 30dit2297 | Source = Service Control Manager | ID = 7001
Description =
Error - 10/6/2013 5:13:35 AM | Computer Name = 30dit2297 | Source = Service Control Manager | ID = 7001
Description =
Error - 10/6/2013 5:13:35 AM | Computer Name = 30dit2297 | Source = Service Control Manager | ID = 7001
Description =
Error - 10/6/2013 5:13:35 AM | Computer Name = 30dit2297 | Source = Service Control Manager | ID = 7001
Description =
Error - 10/6/2013 5:13:35 AM | Computer Name = 30dit2297 | Source = Service Control Manager | ID = 7001
Description =
Error - 10/6/2013 5:13:35 AM | Computer Name = 30dit2297 | Source = Service Control Manager | ID = 7026
Description =
Error - 10/7/2013 11:50:01 AM | Computer Name = 30dit2297 | Source = WMPNetworkSvc | ID = 866312
Description =
Error - 10/7/2013 11:50:02 AM | Computer Name = 30dit2297 | Source = WMPNetworkSvc | ID = 866312
Description =
< End of report >