My Windows Security Center is OFF and if I click on TURN ON NOW I get a message "the Security Center service can't be started.
The problem is malware which is causing a few other not-too-major problems with Internet Explorer. I also notice i can't tick the SAFE BOOT icon in msconfig. And the malware is preventing me from installing and running MalwareBytes and Spybot.
My PC Tools antivirus is running clean. Also PC Tools Spyware Doctor is showing no problems. Both seem to be updating without any problem. Likewise Ad-Aware and Panda Software online scan is showing no problem with my computer. But there obviously is a problem I even get Adware popping up about once a day and google searches are often hijacked to some bozo search engine website.
Below are logs of OTListIt.Txt, Extras.Txt and checkup.txt ...
OTListIt logfile created on: 23/05/2009 12:45:25 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Users\Shyam\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
1.96 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 41.65% Memory free
4.00 Gb Paging File | 2.72 Gb Available in Paging File | 68.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40.00 Gb Total Space | 12.11 Gb Free Space | 30.27% Space Free | Partition Type: NTFS
Drive D: | 250.28 Gb Total Space | 205.27 Gb Free Space | 82.02% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 9.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
Drive H: | 3.77 Gb Total Space | 3.74 Gb Free Space | 99.20% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Computer Name: SHYAM-PC
Current User Name: Shyam
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - [2008/08/04 09:58:00 | 00,049,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvvsvc.exe
PRC - [2008/10/29 16:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2009/04/21 22:54:00 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/02/06 17:02:14 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/03/18 14:27:12 | 00,013,312 | ---- | M] (Agere Systems) -- C:\Windows\system32\agrsmsvc.exe
PRC - [2009/01/10 06:13:28 | 01,951,376 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
PRC - [2008/02/19 09:12:18 | 00,537,256 | ---- | M] ( ) -- C:\Windows\system32\lxbkcoms.exe
PRC - [2008/12/03 15:27:50 | 00,999,640 | ---- | M] (PC Tools Research Pty Ltd) -- C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
PRC - [2008/09/11 12:37:36 | 00,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2007/05/14 13:54:35 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2009/01/08 03:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/01/22 04:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2008/12/09 04:33:48 | 01,173,384 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2008/03/26 07:32:18 | 00,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
PRC - [2008/01/21 12:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFHost.exe
PRC - [2008/01/21 12:23:52 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\unsecapp.exe
PRC - [2009/03/03 12:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\wmiprvse.exe
PRC - [2009/04/29 16:38:26 | 00,188,728 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2008/06/11 07:57:36 | 00,352,256 | ---- | M] (BenQ Corp.) -- C:\Program Files\BenQ\BenQ Surround\BenQSurround.exe
PRC - [2009/04/21 23:03:41 | 00,070,944 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
PRC - [2009/01/10 06:13:26 | 00,669,840 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2008/01/16 10:20:50 | 00,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2002/02/14 19:37:30 | 00,663,552 | ---- | M] () -- C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
PRC - [2007/03/07 03:21:31 | 00,116,224 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\J2GDllCmd.exe
PRC - [2008/07/07 13:35:56 | 00,170,520 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/12/04 08:54:10 | 01,370,000 | ---- | M] (PC Tools Research Pty Ltd) -- C:\Program Files\PC Tools AntiVirus\PCTAV.exe
PRC - [2008/07/07 13:36:02 | 00,145,944 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/06/03 10:13:18 | 00,552,960 | ---- | M] (BenQ Corp.) -- C:\Program Files\BenQ\Q-HotkeyMgr\HotkeySensor.exe
PRC - [2008/05/31 06:34:52 | 00,057,344 | ---- | M] (BenQ Corp) -- C:\Program Files\BenQ\QAudioSwitch\QAudioSwitch.exe
PRC - [2008/01/21 12:23:52 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\unsecapp.exe
PRC - [2008/04/26 06:42:14 | 00,909,312 | ---- | M] (BenQ Corp) -- C:\Program Files\BenQ\QShot\QShot.exe
PRC - [2007/03/15 14:01:30 | 00,071,216 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2008/06/09 19:53:10 | 06,176,768 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2009/03/09 19:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/03/20 21:18:44 | 01,045,800 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2009/04/15 04:27:48 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/01/21 12:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2009/01/07 17:44:08 | 01,052,048 | ---- | M] (Robin Hood Software Ltd.) -- C:\Program Files\Evidence Eliminator\Ee.exe
PRC - [2007/10/02 14:16:06 | 00,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/04/30 19:42:18 | 00,081,920 | ---- | M] () -- C:\Program Files\U.S. Robotics\U.S. Robotics USB Phone\U.S.RoboticsUSBPhone.exe
PRC - [2009/04/21 22:54:04 | 00,516,440 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2008/02/28 11:57:36 | 00,058,024 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
PRC - [2008/01/21 12:25:11 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008/07/07 13:36:06 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igfxsrvc.exe
PRC - [2008/03/20 21:18:50 | 00,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2009/03/03 15:41:14 | 00,812,432 | ---- | M] (Alibaba software (Shanghai) Corporation.) -- C:\Program Files\trademanager\AliUpdate.exe
PRC - [2009/02/06 15:52:47 | 00,086,016 | ---- | M] () -- C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe
PRC - [2008/01/21 12:23:27 | 01,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sdclt.exe
PRC - [2009/03/09 07:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe
PRC - [2009/03/09 07:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe
PRC - [2009/05/23 00:42:17 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Users\Shyam\Desktop\OTListIt2.exe
PRC - [2009/03/09 07:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/09 07:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/09 07:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
========== Win32 Services (SafeList) ==========
SRV - [2009/02/06 17:02:14 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon [Auto | Running])
SRV - [2008/03/18 14:27:12 | 00,013,312 | ---- | M] (Agere Systems) -- C:\Windows\system32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running])
SRV - [2009/01/10 06:13:28 | 01,951,376 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService [Auto | Running])
SRV - [2008/07/28 04:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/01/21 12:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 22:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 22:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/06/20 11:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/06/20 11:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/21 22:54:00 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2008/02/19 09:12:18 | 00,537,256 | ---- | M] ( ) -- C:\Windows\system32\lxbkcoms.exe -- (lxbk_device [Auto | Running])
SRV - [2008/06/20 11:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/08/04 09:58:00 | 00,049,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvvsvc.exe -- (nvsvc [Auto | Running])
SRV - [2008/12/03 15:27:50 | 00,999,640 | ---- | M] (PC Tools Research Pty Ltd) -- C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe -- (PCTAVSvc [Auto | Running])
SRV - [2008/09/11 12:37:36 | 00,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Auto | Running])
SRV - [2008/08/09 11:10:46 | 00,061,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [On_Demand | Stopped])
SRV - [2007/05/14 13:54:35 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2009/01/08 03:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
SRV - [2009/01/22 04:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
SRV - [2009/03/23 18:41:58 | 00,079,360 | ---- | M] (SolidWorks) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service [On_Demand | Stopped])
SRV - [2009/04/21 23:03:41 | 00,070,944 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire [On_Demand | Running])
SRV - [2008/03/26 07:32:18 | 00,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe -- (uCamMonitor [Auto | Running])
SRV - [2008/01/21 12:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Stopped])
SRV - [2008/01/21 12:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
========== Driver Services (SafeList) ==========
DRV - [2008/01/21 12:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2008/01/21 12:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2008/01/21 12:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2008/01/21 12:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2008/03/21 14:13:00 | 01,203,776 | ---- | M] (Agere Systems) -- C:\Windows\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2006/11/02 19:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2008/01/21 12:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2008/01/21 12:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2008/01/21 12:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2008/04/04 11:09:52 | 00,017,920 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter [On_Demand | Running])
DRV - [2008/02/12 11:44:10 | 00,021,904 | ---- | M] (PC Tools Research Pty Ltd) -- C:\Windows\system32\drivers\AVFilter.sys -- (AVFilter [Auto | Running])
DRV - [2007/12/06 16:51:44 | 00,028,568 | ---- | M] (PC Tools Research Pty Ltd.) -- C:\Windows\system32\drivers\AVHook.sys -- (AVHook [On_Demand | Running])
DRV - [2007/12/06 16:51:44 | 00,021,912 | ---- | M] (PC Tools Research Pty Ltd ) -- C:\Windows\system32\drivers\AVRec.sys -- (AVRec [On_Demand | Running])
DRV - [2006/11/02 18:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 18:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 18:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 18:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 18:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 18:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2007/09/05 13:54:08 | 00,080,424 | ---- | M] (Broadcom Corporation.) -- C:\Windows\system32\drivers\btwaudio.sys -- (btwaudio [On_Demand | Stopped])
DRV - [2007/07/16 10:20:24 | 00,080,936 | ---- | M] (Broadcom Corporation.) -- C:\Windows\system32\drivers\btwavdt.sys -- (btwavdt [On_Demand | Stopped])
DRV - [2007/07/16 10:20:26 | 00,016,168 | ---- | M] (Broadcom Corporation.) -- C:\Windows\system32\DRIVERS\btwrchid.sys -- (btwrchid [On_Demand | Stopped])
DRV - [2008/01/21 12:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2008/01/21 12:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2007/03/22 19:59:10 | 00,020,560 | ---- | M] (EldoS Corporation) -- C:\Windows\system32\drivers\elrawdsk.sys -- (ElRawDisk [System | Running])
DRV - [2008/01/21 12:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2008/01/21 12:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2007/08/24 19:44:54 | 00,101,504 | R--- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\system32\DRIVERS\ewusbmdm.sys -- (hwdatacard [On_Demand | Running])
DRV - [2008/01/21 12:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2006/11/02 19:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2008/06/10 18:51:52 | 02,149,848 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2006/11/02 19:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 19:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2008/01/21 12:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2008/01/21 12:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2008/01/21 12:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2008/01/21 12:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2008/01/21 12:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Disabled | Stopped])
DRV - [2006/11/02 19:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2008/04/28 08:29:26 | 03,658,752 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\NETw5v32.sys -- (NETw5v32 [On_Demand | Running])
DRV - [2006/11/02 19:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 17:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2008/08/04 09:58:00 | 07,611,744 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
DRV - [2008/01/21 12:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2008/01/21 12:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2003/10/09 14:24:04 | 00,016,772 | ---- | M] (Palm, Inc.) -- C:\Windows\system32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
DRV - [2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
DRV - [2009/04/21 23:02:11 | 00,130,936 | ---- | M] (PC Tools) -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore [Boot | Running])
DRV - [2008/12/11 22:38:22 | 00,159,600 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi [System | Running])
DRV - [2008/12/11 02:36:04 | 00,064,392 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg [On_Demand | Running])
DRV - [2008/04/18 09:21:46 | 00,013,824 | ---- | M] () -- C:\Windows\system32\QBIOSIo.dll -- (QBIOSIO [Auto | Running])
DRV - [2008/04/18 09:21:46 | 00,013,824 | ---- | M] () -- C:\Windows\system32\QBIOSIO.dll -- (QBIOSIO.dll [On_Demand | Stopped])
DRV - [2008/01/21 12:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 19:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2008/02/16 10:42:42 | 00,046,592 | ---- | M] (REDC) -- C:\Windows\system32\DRIVERS\rimmptsk.sys -- (rimmptsk [Auto | Running])
DRV - [2007/07/31 03:42:58 | 00,043,008 | ---- | M] (REDC) -- C:\Windows\system32\DRIVERS\rimsptsk.sys -- (rimsptsk [Auto | Running])
DRV - [2007/07/31 04:54:02 | 00,038,400 | ---- | M] (REDC) -- C:\Windows\system32\DRIVERS\rixdptsk.sys -- (rismxdp [Auto | Stopped])
DRV - [2006/11/02 16:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2008/01/21 12:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2006/11/02 19:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 19:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 19:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2008/03/20 21:18:46 | 00,199,472 | ---- | M] (Synaptics, Inc.) -- C:\Windows\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2009/04/21 23:03:24 | 00,051,488 | ---- | M] (PC Tools) -- C:\Windows\system32\drivers\TfFsMon.sys -- (TfFsMon [Boot | Running])
DRV - [2009/04/21 23:03:35 | 00,033,056 | ---- | M] (PC Tools) -- C:\Windows\system32\drivers\TfNetMon.sys -- (TfNetMon [On_Demand | Running])
DRV - [2009/04/21 23:03:42 | 00,039,200 | ---- | M] (PC Tools) -- C:\Windows\system32\drivers\TfSysMon.sys -- (TfSysMon [Boot | Running])
DRV - [2005/08/02 06:45:08 | 00,064,896 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom [On_Demand | Stopped])
DRV - [2008/01/21 12:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 19:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2008/01/21 12:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2008/01/21 12:23:21 | 00,073,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2008/01/21 12:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2008/01/21 12:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2008/01/18 19:53:00 | 00,298,496 | ---- | M] (Marvell) -- C:\Windows\system32\DRIVERS\yk60x86.sys -- (yukonwlh [On_Demand | Running])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.benq.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2435428791-174997200-2398312853-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.benq.com
IE - HKU\S-1-5-21-2435428791-174997200-2398312853-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2435428791-174997200-2398312853-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-2435428791-174997200-2398312853-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-2435428791-174997200-2398312853-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2435428791-174997200-2398312853-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2435428791-174997200-2398312853-1000\S-1-5-21-2435428791-174997200-2398312853-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/02/06 18:09:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [2009/04/15 04:28:05 | 00,000,000 | ---D | M]
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (jZip Webmail plugin) - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll (Discordia Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BenQSurround] C:\Program Files\BenQ\BenQ Surround\BenQSurround.exe (BenQ Corp.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" (CyberLink)
O4 - HKLM..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp ()
O4 - HKLM..\Run: [eFax 4.3] "C:\Program Files\J2GDllCmd.exe" /R (j2 Global Communications, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" (PC Tools)
O4 - HKLM..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" ()
O4 - HKLM..\Run: [lxbkbmgr.exe] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" (Lexmark International, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" (CyberLink Corp.)
O4 - HKLM..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe (inKline Software Labs)
O4 - HKLM..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN (PC Tools Research Pty Ltd)
O4 - HKLM..\Run: [Persistence] C:\Windows\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QAudioSwitch] C:\Program Files\BenQ\QAudioSwitch\QAudioSwitch.exe (BenQ Corp)
O4 - HKLM..\Run: [Q-HotkeyMgr] "C:\Program Files\BenQ\Q-HotkeyMgr\HotkeySensor.exe" (BenQ Corp.)
O4 - HKLM..\Run: [QShot] C:\Program Files\BenQ\QShot\QShot.exe (BenQ Corp)
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter File not found
O4 - HKU\S-1-5-21-2435428791-174997200-2398312853-1000..\Run: [aliim] C:\Program Files\trademanager\aliim.exe (Alibaba software (Shanghai) Corporation.)
O4 - HKU\S-1-5-21-2435428791-174997200-2398312853-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2435428791-174997200-2398312853-1000..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m (Robin Hood Software Ltd.)
O4 - Startup: C:\Users\Shyam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE (Palm, Inc.)
O4 - Startup: C:\Users\Shyam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\U.S. Robotics USB Phone.lnk = C:\Program Files\U.S. Robotics\U.S. Robotics USB Phone\U.S.RoboticsUSBPhone.exe ()
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-2435428791-174997200-2398312853-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [Bluetooth Namespace] - C:\Windows\system32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2435428791-174997200-2398312853-1000\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2435428791-174997200-2398312853-1000\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2435428791-174997200-2398312853-1000\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2435428791-174997200-2398312853-1000\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2435428791-174997200-2398312853-1000\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2435428791-174997200-2398312853-1000\..Trusted Domains: taobao.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2435428791-174997200-2398312853-1000\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install-ie/alttiff.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} http://heva.solidworks.com/htdocs/pdownloa...elsStandard.cab (EModelNonVersionSpecificViewControl Class)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} https://online.westpac.com.au/wtoa/wtOtherA...iomanagerwt.cab (Reg Error: Key error.)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\system32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/02/17 12:10:10 | 00,000,049 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/12/07 14:14:50 | 00,000,044 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2007/07/04 14:04:10 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O33 - MountPoints2\{48da2c93-f40e-11dd-a51d-001e68e14bc2}\Shell\AutoRun\command - "" = G:\TOOL\QDCD.exe -- File not found
O33 - MountPoints2\{48da2c95-f40e-11dd-a51d-001e68e14bc2}\Shell - "" = AutoRun
O33 - MountPoints2\{48da2c95-f40e-11dd-a51d-001e68e14bc2}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/07/04 14:04:10 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{48da2ca8-f40e-11dd-a51d-001e68e14bc2}\Shell - "" = AutoRun
O33 - MountPoints2\{48da2ca8-f40e-11dd-a51d-001e68e14bc2}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/07/04 14:04:10 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{7f06ad09-06fa-11de-ac02-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7f06ad09-06fa-11de-ac02-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/07/04 14:04:10 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{7f06ad25-06fa-11de-ac02-001e68e14bc2}\Shell - "" = AutoRun
O33 - MountPoints2\{7f06ad25-06fa-11de-ac02-001e68e14bc2}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/07/04 14:04:10 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{e1237f20-f411-11dd-baaa-001e68e14bc2}\Shell - "" = AutoRun
O33 - MountPoints2\{e1237f20-f411-11dd-baaa-001e68e14bc2}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/07/04 14:04:10 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{e1237f41-f411-11dd-baaa-001e68e14bc2}\Shell - "" = AutoRun
O33 - MountPoints2\{e1237f41-f411-11dd-baaa-001e68e14bc2}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/07/04 14:04:10 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/23 00:42:17 | 00,000,000 | R--D | M]
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
========== Files/Folders - Created Within 30 Days ==========
[2009/05/23 00:42:06 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Users\Shyam\Desktop\OTListIt2.exe
[2009/05/23 00:13:04 | 36,890,6060 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/05/23 00:03:09 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/22 23:59:00 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Shyam\Desktop\HJTInstall.exe
[2009/05/22 23:51:36 | 00,081,959 | ---- | C] () -- C:\Users\Shyam\Desktop\Distinguishing Srila Prabhupadas.pdf
[2009/05/22 23:48:39 | 00,101,960 | ---- | C] () -- C:\Users\Shyam\Desktop\Distinguishing Srila Prabhupadas original books 2.html
[2009/05/22 09:28:37 | 00,000,000 | ---D | C] -- C:\Users\Shyam\Desktop\BBC India
[2009/05/22 09:27:29 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WING32.DLL
[2009/05/22 09:27:28 | 00,092,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WING.DLL
[2009/05/22 04:04:34 | 00,020,071 | ---- | C] () -- D:\Documents\[istaghosti] Email address chance for Vyapaka dasa.eml
[2009/05/20 19:36:58 | 21,061,75488 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/20 19:24:13 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/05/20 16:15:53 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner
[2009/05/20 16:02:34 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/05/20 15:37:57 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/05/20 15:37:57 | 00,000,826 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/20 15:37:55 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/05/20 15:37:54 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/05/20 15:37:54 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/20 06:26:28 | 00,061,831 | ---- | C] () -- C:\Users\Shyam\Desktop\QF.htm
[2009/05/19 09:23:56 | 00,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/05/18 20:07:32 | 00,002,299 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2009/05/18 20:07:32 | 00,001,667 | ---- | C] () -- C:\Users\Shyam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk
[2009/05/18 20:07:32 | 00,000,919 | ---- | C] () -- C:\Users\Shyam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\U.S. Robotics USB Phone.lnk
[2009/05/18 20:07:32 | 00,000,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2009/05/18 18:26:06 | 17,115,860 | ---- | C] () -- D:\Documents\CD01 01-Sri Sri Sad-gosvami-astaka.mp3
[2009/05/18 15:17:38 | 00,026,695 | ---- | C] () -- C:\Users\Shyam\Desktop\Deity Offering.htm
[2009/05/18 11:40:12 | 00,000,236 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/05/18 11:34:54 | 00,000,000 | ---D | C] -- C:\Users\Shyam\Desktop\Prabhupada Bhajans
[2009/05/17 14:26:35 | 00,000,000 | ---D | C] -- D:\Documents\CyberLink
[2009/05/16 02:28:35 | 00,000,000 | ---D | C] -- C:\Users\Shyam\Desktop\Prabhupad Photos
[2009/05/14 20:10:29 | 00,039,597 | ---- | C] () -- C:\Users\Shyam\Desktop\Natural Farming.mht
[2009/05/13 15:04:33 | 00,000,000 | ---D | C] -- C:\Users\Shyam\Desktop\Prabhupada
[2009/05/12 13:42:39 | 00,004,016 | ---- | C] () -- C:\Users\Shyam\Desktop\Monsanto.eml
[2009/05/12 12:44:36 | 00,496,419 | ---- | C] () -- C:\Users\Shyam\Desktop\Cleaning Silver.mht
[2009/05/09 13:24:35 | 00,001,809 | ---- | C] () -- C:\Users\Shyam\Desktop\Heresy.htm
[2009/05/08 15:14:30 | 00,000,000 | ---D | C] -- C:\Users\Shyam\Desktop\Sun
[2009/05/08 15:12:24 | 00,177,971 | ---- | C] () -- C:\Users\Shyam\Desktop\Yellow Saris.jpg
[2009/05/08 13:40:08 | 00,017,806 | ---- | C] () -- C:\Users\Shyam\Desktop\Sri Narasimha Stuti.htm
[2009/05/07 19:09:56 | 00,000,000 | ---D | C] -- C:\Users\Shyam\Desktop\Brush
[2009/05/07 09:50:20 | 00,075,830 | ---- | C] () -- C:\Users\Shyam\Desktop\Any tune is OK.eml
[2009/05/07 09:49:53 | 00,003,937 | ---- | C] () -- C:\Users\Shyam\Desktop\W'pay.eml
[2009/05/07 09:10:28 | 00,000,000 | ---D | C] -- D:\Documents\WebCam Albums
[2009/05/06 13:24:56 | 00,022,279 | ---- | C] () -- C:\Users\Shyam\Desktop\Hilton MIA.htm
[2009/05/06 06:34:19 | 00,686,541 | ---- | C] () -- C:\Users\Shyam\Desktop\Mohini Ekadasi.mht
[2009/05/05 06:40:16 | 00,000,000 | ---D | C] -- C:\Users\Shyam\AppData\Roaming\EDrawings
[2009/05/04 14:10:04 | 00,000,000 | ---D | C] -- D:\Documents\eFax Messenger 4.3
[2009/05/04 11:00:01 | 00,000,000 | ---D | C] -- C:\Users\Shyam\Desktop\Travel
[2009/04/28 05:33:18 | 00,104,775 | ---- | C] () -- C:\Users\Shyam\Desktop\Sproutman Order.pdf
[2009/04/24 21:52:06 | 11,099,566 | ---- | C] () -- C:\Users\Shyam\Desktop\Sproutman.flv
[2009/04/17 06:09:56 | 00,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/04/10 13:24:50 | 00,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/03/23 18:42:00 | 00,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2009/03/09 15:28:02 | 00,000,456 | ---- | C] () -- C:\Windows\System32\Px.ini
[2009/02/18 18:29:31 | 00,000,045 | ---- | C] () -- C:\Windows\typeinst.ini
[2009/02/09 17:34:19 | 00,040,960 | ---- | C] () -- C:\Windows\System32\RDAccess.dll
[2009/02/09 17:18:15 | 00,002,573 | ---- | C] () -- C:\Windows\WAVEMIX.INI
[2009/02/09 17:18:15 | 00,000,325 | ---- | C] () -- C:\Windows\QNETP9.INI
[2009/02/09 15:52:31 | 01,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkserv.dll
[2009/02/09 15:52:31 | 00,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxbkusb1.dll
[2009/02/09 15:52:31 | 00,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbkhbn3.dll
[2009/02/09 15:52:31 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomc.dll
[2009/02/09 15:52:31 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbkpmui.dll
[2009/02/09 15:52:31 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbklmpm.dll
[2009/02/09 15:52:31 | 00,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomm.dll
[2009/02/09 15:52:31 | 00,413,696 | ---- | C] () -- C:\Windows\System32\lxbkutil.dll
[2009/02/09 15:52:31 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbkinpa.dll
[2009/02/09 15:52:31 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbkiesc.dll
[2009/02/09 15:52:31 | 00,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBKhcp.dll
[2009/02/09 15:52:31 | 00,274,432 | ---- | C] () -- C:\Windows\System32\LXBKinst.dll
[2009/02/09 15:52:31 | 00,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbkprox.dll
[2009/02/09 15:52:31 | 00,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbkpplc.dll
[2009/02/09 14:50:43 | 00,000,275 | ---- | C] () -- C:\Windows\lexstat.ini
[2009/02/09 12:49:01 | 00,019,456 | ---- | C] () -- C:\Windows\System32\ventmon.dll
[2009/02/07 14:37:53 | 00,000,094 | ---- | C] () -- C:\Windows\usrwiz.ini
[2008/08/26 09:41:59 | 00,013,824 | ---- | C] () -- C:\Windows\System32\QBIOSIo.dll
[2008/08/26 09:41:59 | 00,011,883 | ---- | C] () -- C:\Windows\System32\Modelversion.ini
[2008/08/25 17:51:31 | 00,000,912 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/08/25 02:28:11 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/02/11 09:39:26 | 00,253,952 | ---- | C] () -- C:\Windows\System32\OnlineScannerDLLA.dll
[2008/02/11 09:39:18 | 00,237,568 | ---- | C] () -- C:\Windows\System32\OnlineScannerDLLW.dll
[2008/02/08 13:53:46 | 00,110,592 | ---- | C] () -- C:\Windows\System32\OnlineScannerLang.dll
[2007/10/02 13:58:12 | 00,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007/07/27 14:49:02 | 00,225,355 | ---- | C] () -- C:\Windows\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 00,196,683 | ---- | C] () -- C:\Windows\System32\lnod32apiA.dll
[2007/02/07 17:57:50 | 00,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2007/01/22 08:49:34 | 00,344,064 | ---- | C] () -- C:\Windows\System32\lxbkcoin.dll
[2006/11/02 22:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 20:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 20:23:31 | 00,000,153 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 17:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/12/05 19:25:22 | 00,139,264 | ---- | C] () -- C:\Windows\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 00,106,496 | ---- | C] () -- C:\Windows\System32\lnod32upd.dll
[2005/10/05 12:19:32 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxbkvs.dll
[2005/09/13 16:27:10 | 00,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv5.dll
[2005/09/13 16:27:10 | 00,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv4.dll
[2004/07/28 23:54:42 | 00,015,360 | ---- | C] () -- C:\Windows\System32\WIN2PDFM.DLL
[2004/02/28 17:05:40 | 00,038,912 | ---- | C] () -- C:\Windows\System32\WIN2PDFS.DLL
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
========== Files - Modified Within 30 Days ==========
[2009/05/23 00:42:17 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Users\Shyam\Desktop\OTListIt2.exe
[2009/05/23 00:20:56 | 00,110,523 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/05/23 00:19:39 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/05/23 00:19:39 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/05/23 00:19:39 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/05/23 00:14:11 | 36,890,6060 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/05/23 00:13:51 | 00,110,523 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/05/23 00:13:17 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/05/23 00:13:16 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/05/23 00:13:15 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/05/23 00:13:04 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/05/23 00:13:01 | 21,061,75488 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/22 23:59:09 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Shyam\Desktop\HJTInstall.exe
[2009/05/22 23:51:39 | 00,081,959 | ---- | M] () -- C:\Users\Shyam\Desktop\Distinguishing Srila Prabhupadas.pdf
[2009/05/22 23:48:40 | 00,101,960 | ---- | M] () -- C:\Users\Shyam\Desktop\Distinguishing Srila Prabhupadas original books 2.html
[2009/05/22 19:01:59 | 00,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2009/05/22 19:01:57 | 00,002,295 | ---- | M] () -- C:\Users\Shyam\Desktop\Identities.lnk
[2009/05/22 04:04:37 | 00,020,071 | ---- | M] () -- D:\Documents\[istaghosti] Email address chance for Vyapaka dasa.eml
[2009/05/20 19:41:55 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/05/20 19:37:36 | 00,419,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/05/20 15:37:57 | 00,000,826 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/20 15:31:04 | 00,000,275 | ---- | M] () -- C:\Windows\lexstat.ini
[2009/05/20 11:25:40 | 00,000,026 | ---- | M] () -- C:\Windows\Zone.Identifier
[2009/05/20 06:26:28 | 00,061,831 | ---- | M] () -- C:\Users\Shyam\Desktop\QF.htm
[2009/05/19 21:06:18 | 00,000,129 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2009/05/18 19:53:38 | 00,000,035 | -HS- | M] () -- C:\MSDOS.SYS
[2009/05/18 15:17:38 | 00,026,695 | ---- | M] () -- C:\Users\Shyam\Desktop\Deity Offering.htm
[2009/05/18 13:28:21 | 00,000,236 | ---- | M] () -- C:\Windows\cdplayer.ini
[2009/05/14 20:10:32 | 00,039,597 | ---- | M] () -- C:\Users\Shyam\Desktop\Natural Farming.mht
[2009/05/12 13:42:41 | 00,004,016 | ---- | M] () -- C:\Users\Shyam\Desktop\Monsanto.eml
[2009/05/12 12:44:41 | 00,496,419 | ---- | M] () -- C:\Users\Shyam\Desktop\Cleaning Silver.mht
[2009/05/09 13:24:35 | 00,001,809 | ---- | M] () -- C:\Users\Shyam\Desktop\Heresy.htm
[2009/05/08 15:12:25 | 00,177,971 | ---- | M] () -- C:\Users\Shyam\Desktop\Yellow Saris.jpg
[2009/05/08 13:40:09 | 00,017,806 | ---- | M] () -- C:\Users\Shyam\Desktop\Sri Narasimha Stuti.htm
[2009/05/07 09:50:21 | 00,075,830 | ---- | M] () -- C:\Users\Shyam\Desktop\Any tune is OK.eml
[2009/05/07 09:49:54 | 00,003,937 | ---- | M] () -- C:\Users\Shyam\Desktop\W'pay.eml
[2009/05/07 05:21:53 | 00,000,564 | -HS- | M] () -- C:\Users\Shyam\Desktop\desktop.ini
[2009/05/07 05:21:53 | 00,000,174 | -HS- | M] () -- C:\Users\Shyam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2009/05/06 13:24:56 | 00,022,279 | ---- | M] () -- C:\Users\Shyam\Desktop\Hilton MIA.htm
[2009/05/06 06:34:19 | 00,686,541 | ---- | M] () -- C:\Users\Shyam\Desktop\Mohini Ekadasi.mht
[2009/05/05 06:31:19 | 00,045,041 | ---- | M] () -- C:\Users\Shyam\Desktop\Ameyatma.eml
[2009/04/28 05:33:19 | 00,104,775 | ---- | M] () -- C:\Users\Shyam\Desktop\Sproutman Order.pdf
[2009/04/24 21:52:06 | 11,099,566 | ---- | M] () -- C:\Users\Shyam\Desktop\Sproutman.flv
========== LOP Check ==========
[2006/11/02 22:37:34 | 00,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming
[2006/11/02 22:37:34 | 00,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Media Center Programs
[2006/11/02 21:18:34 | 00,000,000 | --SD | M] -- C:\Users\Default\AppData\Roaming\Microsoft
[2006/11/02 22:37:34 | 00,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming
[2006/11/02 22:37:34 | 00,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Media Center Programs
[2006/11/02 21:18:34 | 00,000,000 | --SD | M] -- C:\Users\Default User\AppData\Roaming\Microsoft
[2009/02/18 14:37:58 | 00,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming
[2009/02/18 14:38:20 | 00,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ArcSoft
[2009/02/18 14:37:47 | 00,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Identities
[2006/11/02 22:37:34 | 00,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Media Center Programs
[2009/02/18 14:38:30 | 00,000,000 | --SD | M] -- C:\Users\Guest\AppData\Roaming\Microsoft
[2009/02/18 14:37:58 | 00,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\PC Tools
[2009/02/18 14:33:45 | 00,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming
[2009/02/18 14:33:52 | 00,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\ArcSoft
[2009/02/18 14:32:53 | 00,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Identities
[2006/11/02 22:37:34 | 00,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Media Center Programs
[2009/02/18 14:34:33 | 00,000,000 | --SD | M] -- C:\Users\S\AppData\Roaming\Microsoft
[2009/02/18 14:33:45 | 00,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\PC Tools
[2009/05/18 19:57:33 | 00,000,000 | ---D | M] -- C:\Users\Shyam\AppData\Roaming
[2009/03/24 22:43:39 | 00,000,000 | ---D | M] -- C:\Users\Shyam\AppData\Roaming\Adobe
[2009/04/08 04:07:17 | 00,000,000 | ---D | M] -- C:\Users\Shyam\AppData\Roaming\ArcSoft
[2009/03/14 19:09:23 | 00,000,000 | ---D | M] -- C:\Users\Shyam\AppData\Roaming\CyberLink
[2009/04/10 11:51:00 | 00,000,000 | ---D | M] -- C:\Users\Shyam\AppData\Roaming\Download Manager
[2009/05/05 06:40:16 | 00,000,000 | ---D | M] -- C:\Users\Shyam\AppData\Roaming\EDrawings
[2009/02/12 21:22:15 | 00,000,000 | ---D | M] -- C:\Users\Shyam\AppData\Roaming\eFax Messenger
[2009/02/18 16:59:04 | 00,000,000 | ---D | M] -- C:\Users\Shyam\AppData\Roaming\FastStone
[2009/03/30 18:52:33 | 00,000,000 | ---D | M] -- C:\Users\Shyam\AppData\Roaming\Help
[2009/02/06 15:13:57 | 00,000,000 | ---D | M] -- C:\Users\Shyam\AppData\Roaming\Identities
[2009/05/17 13:31:52 | 00,000,000 | ---D | M] -- C:\Users\Shyam\AppData\Roaming\IrfanView
[2009/02/06 16:06:18 | 00,000,000 | ---D | M] -- C:\Users\Shyam\AppData\Roaming\Macromedia
[2006/11/02 22:37:34 | 00,000,000 | ---D | M] -- C:\Users\Shyam\AppData\Roaming\Media Center Programs
[2009/04/10 13:31:05 | 00,000,000 | --SD | M] -- C:\Users\Shyam\AppData\Roaming\Microsoft
[2009/02/07 19:12:44 | 00,000,000 | ---D | M] -- C:\Users\Shyam\AppData\Roaming\Mozilla
[2009/02/07 15:14:02 | 00,000,000 | ---D | M] -- C:\Users\Shyam\AppData\Roaming\OpenOffice.org
[2009/02/07 13:29:26 | 00,000,000 | ---D | M] -- C:\Users\Shyam\AppData\Roaming\Opera
[2009/04/09 03:56:03 | 00,000,000 | ---D | M] -- C:\Users\Shyam\AppData\Roaming\Pamela
[2009/04/09 04:03:06 | 00,000,000 | ---D | M] -- C:\Users\Shyam\AppData\Roaming\Pamela Call Recorder
[2009/03/28 23:21:06 | 00,000,000 | ---D | M] -- C:\Users\Shyam\AppData\Roaming\PC Tools
[2009/04/15 04:28:51 | 00,000,000 | ---D | M] -- C:\Users\Shyam\AppData\Roaming\Real
[2009/02/14 18:59:30 | 00,000,000 | ---D | M] -- C:\Users\Shyam\AppData\Roaming\Safer Networking
[2009/05/23 00:02:03 | 00,000,000 | ---D | M] -- C:\Users\Shyam\AppData\Roaming\Skype
[2009/05/23 00:02:17 | 00,000,000 | ---D | M] -- C:\Users\Shyam\AppData\Roaming\skypePM
[2009/02/10 10:25:59 | 00,000,000 | ---D | M] -- C:\Users\Shyam\AppData\Roaming\SoundSpectrum
[2009/02/06 15:14:31 | 00,000,000 | ---D | M] -- C:\Users\Shyam\AppData\Roaming\Symantec
[2009/02/08 03:37:05 | 00,000,000 | ---D | M] -- C:\Users\Shyam\AppData\Roaming\Thunderbird
[2009/02/10 22:25:43 | 00,000,000 | ---D | M] -- C:\Users\Shyam\AppData\Roaming\U.S. Robotics USB Phone
[2009/02/09 12:40:47 | 00,000,000 | ---D | M] -- C:\Users\Shyam\AppData\Roaming\vlc
[2009/04/05 03:56:44 | 00,000,000 | ---D | M] -- C:\Users\Shyam\AppData\Roaming\WinBatch
[2009/03/23 18:22:46 | 00,000,000 | ---D | M] -- C:\Users\Shyam\AppData\Roaming\Yahoo!
[2009/02/18 17:23:41 | 00,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009/05/23 00:13:15 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/05/20 19:41:55 | 00,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 879 bytes -> C:\Users\Shyam\Desktop\Nityananda.eml:OECustomProperty
@Alternate Data Stream - 8725 bytes -> C:\Users\Shyam\Desktop\Ameyatma.eml:OECustomProperty
@Alternate Data Stream - 8419 bytes -> C:\Users\Shyam\Desktop\Jai.eml:OECustomProperty
@Alternate Data Stream - 5691 bytes -> C:\Users\Shyam\Desktop\Any tune is OK.eml:OECustomProperty
@Alternate Data Stream - 2211 bytes -> C:\Users\Shyam\Desktop\Monsanto.eml:OECustomProperty
@Alternate Data Stream - 1515 bytes -> C:\Users\Shyam\Desktop\W'pay.eml:OECustomProperty
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1CA73D29
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:7E95B6FD
@Alternate Data Stream - 1139 bytes -> D:\Documents\[istaghosti] Email address chance for Vyapaka dasa.eml:OECustomProperty
< End of report >
OTListIt Extras logfile created on: 23/05/2009 12:45:25 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Users\Shyam\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
1.96 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 41.65% Memory free
4.00 Gb Paging File | 2.72 Gb Available in Paging File | 68.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40.00 Gb Total Space | 12.11 Gb Free Space | 30.27% Space Free | Partition Type: NTFS
Drive D: | 250.28 Gb Total Space | 205.27 Gb Free Space | 82.02% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 9.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
Drive H: | 3.77 Gb Total Space | 3.74 Gb Free Space | 99.20% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Computer Name: SHYAM-PC
Current User Name: Shyam
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusDisableNotify" = 1
"UpdatesDisableNotify" = 1
"FirewallDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
File not found -- Reg Error: Unknown registry data type
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2435428791-174997200-2398312853-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"EnableFirewall" = 1
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
"EnableFirewall" = 1
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts\List
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
{11905FD2-9106-4CF1-B14B-4BB711003111} = LPORT=RPC-EPMAP | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28539 | SVC=RPCSS |
{17329DC1-E4AE-4918-8DA2-F4BFD8FEEE6B} = LPORT=139 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28503 | APP=SYSTEM |
{27C27243-E8B5-4B7E-9810-E9D0AED8BF56} = RPORT=137 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28523 | APP=SYSTEM |
{2DC963C3-3B77-4265-8C2F-1AF08B235AE4} = LPORT=1900 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-32753 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{2DE36A2B-F732-4472-BE15-8B93A7604B67} = RPORT=5355 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-32805 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=DNSCACHE |
{3289951E-55D6-434F-85F0-16F4F7601B93} = LPORT=3702 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-32785 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=FDPHOST |
{33A3EE7B-F91D-4BB3-A701-3493318FB801} = LPORT=137 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28519 | APP=SYSTEM |
{6A4ED4B9-4C2A-4F9F-9B6E-D7B8820C3855} = RPORT=445 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28515 | APP=SYSTEM |
{7452663A-EADF-420E-BE46-52377B031C88} = LPORT=138 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28527 | APP=SYSTEM |
{76422633-ADA3-418B-AC62-40D94AEF9603} = RPORT=139 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28507 | APP=SYSTEM |
{9F2AA1F0-EE67-4DC6-A168-17896E652FFE} = RPORT=3702 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-32811 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=FDRESPUB |
{A2709FA1-FAB3-4025-967F-F3861C06C8EF} = LPORT=5355 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-32801 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=DNSCACHE |
{B1CFA2F4-16B5-44F7-BD13-AD8A8335A3E8} = LPORT=445 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28511 | APP=SYSTEM |
{B33C761F-DF07-47BE-B25F-7FB77EDB95C4} = RPORT=138 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28531 | APP=SYSTEM |
{B8D8BAE5-093A-422B-98CE-C4FDD02265C8} = RPORT=1900 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-32757 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{D1560A67-7A67-4CB3-A881-A23A8CF7AC88} = LPORT=RPC | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28535 | APP=%SYSTEMROOT%\SYSTEM32\SPOOLSV.EXE | SVC=SPOOLER |
{DD7E124B-906D-45AB-8303-14A04D2B2087} = LPORT=3702 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-32809 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=FDRESPUB |
{E972DD3A-D6B0-470C-B91E-5C7661A0F267} = RPORT=3702 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-32789 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=FDPHOST |
========== Vista Active Application Exception List ==========
{07446278-F294-4271-AA6A-9ECA29174504} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=PRINTER STATUS WINDOW | APP=C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\LXBKPSWX.EXE |
{11170682-39ED-4872-9FD4-C7FA6BFEBD4F} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE |
{1600AFC1-30AC-4C44-A3B4-9CF9A0BE7F4A} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE |
{1AA82A47-23AD-4114-8669-FC92133E95F2} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE |
{23EB2649-AEE2-4DFA-90E6-72456A5A3236} = DIR=IN | ACTION=ALLOW | NAME=CYBERLINK POWERDVD | APP=C:\PROGRAM FILES\CYBERLINK\POWERDVD\POWERDVD.EXE |
{24E10B79-8F2D-4908-A08C-7A351F16F6FA} = PROFILE=PUBLIC | PROTOCOL=58 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28546 |
{352A846C-9520-4DB5-A193-B058E9485A96} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE |
{3FDD6E43-0962-461A-BCFB-F705FB7101F7} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE |
{42288924-9D02-4C24-8066-DFCD849AB08D} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=LEXMARK COMMUNICATIONS SYSTEM | APP=C:\WINDOWS\SYSTEM32\LXBKCOMS.EXE |
{4486CA2C-BF31-421C-95B7-BDB182733977} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE |
{499BA30B-CE9A-4C07-BFE7-6D7A3D329DD9} = PROFILE=PUBLIC | PROTOCOL=1 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28544 |
{579BA882-439F-4BC6-8416-B8E3D1565872} = PROFILE=PUBLIC | PROTOCOL=1 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28543 |
{5DBBB6A3-9941-4009-8D12-98EC85E33561} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE |
{64F1E03D-F145-45FE-9254-25BB18D5F2FB} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=LEXMARK COMMUNICATIONS SYSTEM | APP=C:\WINDOWS\SYSTEM32\LXBKCOMS.EXE |
{866240EA-FEF7-4024-9243-C9C23813C71D} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE |
{950040F2-595E-4420-A41D-7544CFCB1B58} = PROFILE=PUBLIC | PROTOCOL=58 | DIR=IN | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-28545 |
{96C2553D-6FEE-45A8-B17B-439E1675B36F} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE |
{9F091374-047A-4138-BE6F-50350F723C85} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=@FIREWALLAPI.DLL,-32821 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=UPNPHOST |
{BE54AF7A-27E6-4603-A53B-48F48ECD5E61} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE |
{D46C1DE2-54D8-45DC-8725-78CAC9883134} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE |
{EA3E98EC-2934-4688-96E4-F5C3EA666D14} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE |
{F0E712CA-B3A1-478B-9E5A-04DB89870F46} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=PRINTER STATUS WINDOW | APP=C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\LXBKPSWX.EXE |
TCP Query User{7C70854E-FD49-41D5-8FE5-1B5A77041A8E}C:\program files\real\realplayer\realplay.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=REALPLAYER | APP=C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE |
TCP Query User{8B7B35FC-BC0C-4409-B8A1-417E9AB17C5A}C:\program files\trademanager\aliim.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=ALIWANGWANG | APP=C:\PROGRAM FILES\TRADEMANAGER\ALIIM.EXE |
UDP Query User{2392E73B-0D0D-4FE2-AF9B-715866666F5D}C:\program files\trademanager\aliim.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=ALIWANGWANG | APP=C:\PROGRAM FILES\TRADEMANAGER\ALIIM.EXE |
UDP Query User{64E2CADA-679D-4413-9616-941A98E29B72}C:\program files\real\realplayer\realplay.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=REALPLAYER | APP=C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5600
"{13EDFFFE-DCF2-448A-A653-3C4CD60D99B4}" = Palm Desktop and Synchronization Software
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{2C0CD17D-0B06-4700-83FA-7344B868B0A2}" = Opera 9.63
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41F8F89F-4638-4201-8072-D610F61506C9}" = SolidWorks eDrawings 2009
"{487A2763-CCCE-4F9E-9214-767F4FFF9F5C}" = Q-HotkeyMgr
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.091
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{6797B6BE-A730-4038-8B53-BE823E1D3F9A}" = BenQ QDataTrove
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7DDF8195-2020-4582-A348-376F87F7C676}" = WMIDs
"{89E13B5A-A616-4AEE-8D72-521B37D9A258}" = BenQ Surround
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AD07B2A1-6A83-41D4-B209-7DF3F27AF164}" = QAudioSwitch
"{B0F99098-AD28-4B38-9FFA-8BA2998E8379}" = ArcSoft Magic-i Visual Effects
"{B3076A28-345A-4d89-90A3-B68866C0DFB8}" = eFax Messenger 4.3
"{B507047A-83EA-4F7F-BEFE-0E5D78D1B5BE}" = ArcSoft WebCam Companion 2
"{BA0601E1-B65C-11D5-80A9-0000B494D9A6}" = PC Booster
"{C37EF3AE-ED9E-403C-989B-44BFC46F2CBB}" = QShot
"{C4A6405B-F37D-42F7-B317-D277BBD47D15}" = Drag'n Drop CD
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"AbiWord2" = AbiWord 2.6.6
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Argente - Registry Cleaner_is1" = Argente - Registry Cleaner 1.5.0.2
"BenQ S42 Screensaver" = BenQ S42 Screensaver
"Carbonite Backup" = Carbonite
"CCleaner" = CCleaner (remove only)
"Defraggler" = Defraggler (remove only)
"EsetOnlineScanner" = ESET Online Scanner
"Evidence Eliminator" = Evidence Eliminator
"G-Force" = G-Force
"HijackThis" = HijackThis 2.0.2
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"IrfanView" = IrfanView (remove only)
"jZip" = jZip
"Learn Typing Quick & Easy" = Learn Typing Quick & Easy
"Lexmark X1100 Series" = Lexmark X1100 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"ONEWORLD" = oneworld Timetables
"Optus Wireless Broadband" = Optus Wireless Broadband
"PamelaCR" = Pamela PCR Pro 4.5
"PC Tools AntiVirus_is1" = PC Tools AntiVirus 5.0
"RealPlayer 6.0" = RealPlayer
"Spyware Doctor" = Spyware Doctor 6.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TradeManager 2008" = TradeManager 2008
"U.S. Robotics USB Phone" = U.S. Robotics USB Phone
"VedaBaseBBT" = Pre 1978 BBT Books 4 g
"VLC media player" = VLC media player 0.9.8a
"Win2PDF_is1" = Win2PDF 2.50
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2435428791-174997200-2398312853-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 18/05/2009 4:45:20 AM | Computer Name = Shyam-PC | Source = Application Error | ID = 1000
Description = Faulting application ssvagent.exe, version 6.0.130.3, time stamp 0x49b4f3b6,
faulting module msvcrt.dll!strcat_s, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc0000139, fault offset 0x00009cac, process id 0x3a0, application
start time 0x01c9d794f8559620.
Error - 18/05/2009 4:45:43 AM | Computer Name = Shyam-PC | Source = Application Error | ID = 1000
Description = Faulting application ssvagent.exe, version 6.0.130.3, time stamp 0x49b4f3b6,
faulting module msvcrt.dll!strcat_s, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc0000139, fault offset 0x00009cac, process id 0x10a4, application
start time 0x01c9d7950662b180.
Error - 18/05/2009 4:55:34 AM | Computer Name = Shyam-PC | Source = Application Error | ID = 1000
Description = Faulting application ssvagent.exe, version 6.0.130.3, time stamp 0x49b4f3b6,
faulting module msvcrt.dll!strcat_s, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc0000139, fault offset 0x00009cac, process id 0x134c, application
start time 0x01c9d795b817db80.
Error - 18/05/2009 5:00:44 AM | Computer Name = Shyam-PC | Source = Application Error | ID = 1000
Description = Faulting application ssvagent.exe, version 6.0.130.3, time stamp 0x49b4f3b6,
faulting module msvcrt.dll!strcat_s, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc0000139, fault offset 0x00009cac, process id 0x17d4, application
start time 0x01c9d7971db87070.
Error - 18/05/2009 5:38:44 AM | Computer Name = Shyam-PC | Source = WinMgmt | ID = 10
Description =
Error - 18/05/2009 5:49:44 AM | Computer Name = Shyam-PC | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.31.0.0, time stamp 0x493735a1,
faulting module mbam.exe, version 1.31.0.0, time stamp 0x493735a1, exception code
0x80000003, fault offset 0x00002e2c, process id 0x14b0, application start time 0x01c9d79df86b0af7.
Error - 18/05/2009 4:17:20 PM | Computer Name = Shyam-PC | Source = WinMgmt | ID = 10
Description =
Error - 18/05/2009 4:31:19 PM | Computer Name = Shyam-PC | Source = Windows Backup | ID = 4103
Description =
Error - 18/05/2009 5:27:12 PM | Computer Name = Shyam-PC | Source = Application Error | ID = 1000
Description = Faulting application Iexplore.exe, version 8.0.6001.18702, time stamp
0x49b3ad2e, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc0000005, fault offset 0x00058a92, process id 0x17ec, application
start time 0x01c9d7ff67f6777e.
Error - 18/05/2009 5:47:11 PM | Computer Name = Shyam-PC | Source = Application Error | ID = 1000
Description = Faulting application Iexplore.exe, version 8.0.6001.18702, time stamp
0x49b3ad2e, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc00000fd, fault offset 0x000455e7, process id 0xeb4, application
start time 0x01c9d8023315c17e.
[ System Events ]
Error - 8/05/2009 1:20:41 AM | Computer Name = Shyam-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 8/05/2009 1:20:44 AM | Computer Name = Shyam-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 8/05/2009 1:20:49 AM | Computer Name = Shyam-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 8/05/2009 1:20:55 AM | Computer Name = Shyam-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 8/05/2009 1:21:00 AM | Computer Name = Shyam-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 8/05/2009 1:21:17 AM | Computer Name = Shyam-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 8/05/2009 1:21:22 AM | Computer Name = Shyam-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 8/05/2009 1:21:28 AM | Computer Name = Shyam-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 8/05/2009 1:34:33 AM | Computer Name = Shyam-PC | Source = HTTP | ID = 15016
Description =
Error - 8/05/2009 1:34:37 AM | Computer Name = Shyam-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Results of screen317's Security Check version 0.98.3
Windows Vista Service Pack 1
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````
Windows Firewall Enabled!
ESETOnlineScanner
PCToolsAntiVirus5.0
ECHO is off.
Error obtaining update status for antivirus!
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````
Ad-Aware
Spyware Doctor 6.0
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Argente - Registry Cleaner 1.5.0.2
CCleaner (remove only)
Java™ 6 Update 13
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
PC Tools AntiVirus PCTAVSvc.exe
PC Tools AntiVirus PCTAV.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````
GREAT! (Very random)
Scan took 25 seconds.
`````````End of Log```````````[/size][/size]
Full Version: Locked Out of Windows Security Center
A quick glance at your logs does not show any malware. I'll check in depth later today, but wanted to get back to you.
Check the information at this link: http://www.vistax64.com/tutorials/67737-se...nter.html?ltr=S and let me know if that solves your problem.
Check the information at this link: http://www.vistax64.com/tutorials/67737-se...nter.html?ltr=S and let me know if that solves your problem.
Thanks.
Gee - I wish it WAS malware and then the problem might be quite easy to deal with! Here's a progress report ...
I was able to get Windows Security Center operational again by following the instructions in the link you provided. But after rebooting it was again turned off, with no say in the matter from me. Pressing the button TURN ON NOW again resulted in the message THE SECURITY CENTER CAN'T BE STARTED.
Upon completing the above (temporary) re-activation of Windows Security Centre, specifically immediately after the reboot, I received a message supposedly from Microsoft Windows Malicious Software Removal Tool advising that a virus had been partially removed and advising me to run a scan with an anti-virus program. According to Microsoft Windows Malicious Software Removal Tool (?) the name of this real or "imagined" virus is a trojan Win32/Alureon.BF. However scanning with up-to-date PC Tools antivirus and Panda online ActiveScan shows all clean.
I've got a hunch that somehow some malware is present because since the time of the infection(?), a number of things happened simultaneously, the Windows Security Centre issue being just one of them.
Here's a chunk of what I've noticed since that moment in time...
1/ Auto backup now always fails and cannot be activated because of "invalid settings" which are factually valid. This problem began the same day of the infection(?). Whereas auto backup had always run flawlessly every day for months.
2/ Spybot and Malwarebytes wont run. In fact any atempt to run Spybot crashes the computer and it automatically restarts.
4/ Every few days an adware screen pops up. Next time it happens I'll photograph it with SCREEN CAPTURE and send that to you as an attachment.
5/ Every 15 minutes I get a message normally associated with IE but I get the message regardless of whether or not IE is running. It is a windows message box titled "Internet Explorer Has Stopped Working" with smaller print saying "A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available". If IE is actually running and I click OK on that message, IE doesn't actually close, but continues to function more or less normally (often a bogus search engine page is what I get instead of the actual URL I want).
So! What to do?
Gee - I wish it WAS malware and then the problem might be quite easy to deal with! Here's a progress report ...
I was able to get Windows Security Center operational again by following the instructions in the link you provided. But after rebooting it was again turned off, with no say in the matter from me. Pressing the button TURN ON NOW again resulted in the message THE SECURITY CENTER CAN'T BE STARTED.
Upon completing the above (temporary) re-activation of Windows Security Centre, specifically immediately after the reboot, I received a message supposedly from Microsoft Windows Malicious Software Removal Tool advising that a virus had been partially removed and advising me to run a scan with an anti-virus program. According to Microsoft Windows Malicious Software Removal Tool (?) the name of this real or "imagined" virus is a trojan Win32/Alureon.BF. However scanning with up-to-date PC Tools antivirus and Panda online ActiveScan shows all clean.
I've got a hunch that somehow some malware is present because since the time of the infection(?), a number of things happened simultaneously, the Windows Security Centre issue being just one of them.
Here's a chunk of what I've noticed since that moment in time...
1/ Auto backup now always fails and cannot be activated because of "invalid settings" which are factually valid. This problem began the same day of the infection(?). Whereas auto backup had always run flawlessly every day for months.
2/ Spybot and Malwarebytes wont run. In fact any atempt to run Spybot crashes the computer and it automatically restarts.
4/ Every few days an adware screen pops up. Next time it happens I'll photograph it with SCREEN CAPTURE and send that to you as an attachment.
5/ Every 15 minutes I get a message normally associated with IE but I get the message regardless of whether or not IE is running. It is a windows message box titled "Internet Explorer Has Stopped Working" with smaller print saying "A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available". If IE is actually running and I click OK on that message, IE doesn't actually close, but continues to function more or less normally (often a bogus search engine page is what I get instead of the actual URL I want).
So! What to do?
Windows Malicious Software Removal tool is genuine and updated monthly. If it is detecting, then something is there. I have not heard of false positives from MSRT.
Neither PC Tools nor Panda are what I would classify as front line Anti Virus tools. Adequate maybe, but not top. Try using the Kaspersky online scan.
Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online Scanner
Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component
Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files. Click OK and, under select a target to scan, select My Computer When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.
Neither PC Tools nor Panda are what I would classify as front line Anti Virus tools. Adequate maybe, but not top. Try using the Kaspersky online scan.
Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online Scanner
Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component
Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
- Once the files are downloaded click on Next
- Click on Scan Settings and configure as follows:
- Scan using the following Anti-Virus database:
- Extended
- Scan using the following Anti-Virus database:
- Scan Options:
- Scan Archives
- Scan Mail Bases
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.
OK - I did as you said. Here's what happened :
Kaspersky very quickly found a nasty. But after reaching 65%, the scan stalled. I waited for a few hours to see if would un-stall, but no joy. So then I ran the scan again with the same result. And because the scans are incomplete, it is not possible to view the log. But I do get to see certain info. which is :
globalroot\systemroot\system32\UA...
Threat Name: PackedWin32.Tdss.f
Is that any help?
Kaspersky very quickly found a nasty. But after reaching 65%, the scan stalled. I waited for a few hours to see if would un-stall, but no joy. So then I ran the scan again with the same result. And because the scans are incomplete, it is not possible to view the log. But I do get to see certain info. which is :
globalroot\systemroot\system32\UA...
Threat Name: PackedWin32.Tdss.f
Is that any help?
Try this scan instead...
Go here http://www.eset.eu/online-scanner to run an online scannner from ESET.
* Note: You will need to use Internet explorer for this scan
* Tick the box next to YES, I accept the Terms of Use.
* Click Start
* When asked, allow the activex control to install
* Click Start
* Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
* Click Scan
* Wait for the scan to finish
* Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
* Copy and paste that log as a reply to this topic
Go here http://www.eset.eu/online-scanner to run an online scannner from ESET.
* Note: You will need to use Internet explorer for this scan
* Tick the box next to YES, I accept the Terms of Use.
* Click Start
* When asked, allow the activex control to install
* Click Start
* Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
* Click Scan
* Wait for the scan to finish
* Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
* Copy and paste that log as a reply to this topic
Done! And here's the result of the scan...
Operating memory Win32/Olmarik.HC trojan
Operating memory Win32/Olmarik.HC trojan
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.