Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan.crypt and worm.agent infected


  • This topic is locked This topic is locked
16 replies to this topic

#1 compyman

compyman

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 04 October 2009 - 05:33 AM

Hello,
I am currently infected with trojan.crypt and worm.agent. They are detected and removed by Malwarebytes but they keep coming back evreytime I do a scan.
I currently have Avast home and COMODO firewall and MBAM, super anti spyware and microsoft security essentials as scan only sidekicks.
I also did a housecall scan about a month ago and it found nothing.
I also see the BSOD every once in a while, though it is said it happens due to the conflict between avast and comodo and not due to malware.


I hve attached a HJT log in addition to rootrepeal and dds.





DDS (Ver_09-09-29.01) - NTFSx86
Run by Shivang at 15:59:25.12 on Sun 10/04/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.462 [GMT 5.5:30]

AV: avast! antivirus 4.8.1356 [VPS 091003-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mobile\Aide.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\Microsoft Works\WkCalRem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Shivang\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\new folder\rpbrowserrecordplugin.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [SmartRAM] "c:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe" /m
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Aide] c:\program files\mobile\Aide.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\shivang\startm~1\programs\startup\wkcalrem.lnk - c:\program files\microsoft works\WkCalRem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\update
Trusted Zone: millsberry.com\www
Trusted Zone: windowsupdate.com
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://supportapj.dell.com/systemprofiler/SysPro.CAB
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://games.bigfishgames.com/en_burger-shop/online/GoBitGamesPlayer_v4.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shivang\applic~1\mozilla\firefox\profiles\d6ud85wp.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\new folder\netscape6\nppl3260.dll
FF - plugin: c:\new folder\netscape6\nprjplug.dll
FF - plugin: c:\new folder\netscape6\nprpjplug.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npigl.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-8-24 379560]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-5-7 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-6-23 132040]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-6-23 25160]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-7 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-5-7 138680]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-6-23 707152]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-9-30 48472]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-9-30 43480]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 96a3;96a3;c:\windows\system32\96a3.sys [2009-6-22 54624]
S3 99d6C;99d6C;c:\windows\system32\99d6C.sys [2009-5-22 54624]
S3 9f833;9f833;c:\windows\system32\9f833.sys [2009-6-11 54624]
S3 a7c10;a7c10;c:\windows\system32\a7c10.sys [2009-5-22 54624]
S3 acfva;acfva;c:\windows\system32\drivers\ACFVA32.sys [2008-9-30 86656]
S3 aswArKrn;aswArKrn;\??\c:\docume~1\shivang\locals~1\temp\aswarkrn.sys --> c:\docume~1\shivang\locals~1\temp\aswArKrn.sys [?]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-5-7 352920]
S3 c1a8;c1a8;c:\windows\system32\c1a8.sys [2009-5-22 54624]
S3 dgcfltr;DGC Filter Driver;c:\windows\system32\drivers\ACFDCP32.sys [2008-9-30 28928]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]

=============== Created Last 30 ================

2009-10-03 01:04 578,560 a------- c:\windows\system32\dllcache\user32.dll
2009-10-03 01:03 <DIR> --d----- c:\windows\ERUNT
2009-10-03 00:38 <DIR> --d----- c:\program files\common files\ParetoLogic
2009-10-02 20:49 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-10-02 20:20 <DIR> --d----- c:\program files\Microsoft Security Essentials
2009-10-02 11:11 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-09-25 22:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IObit
2009-09-20 01:21 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-09-20 01:21 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-20 01:19 <DIR> --d----- c:\program files\iPod
2009-09-20 01:19 <DIR> --d----- c:\program files\iTunes
2009-09-20 01:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-20 01:19 <DIR> --d----- c:\program files\Bonjour
2009-09-18 01:29 <DIR> --d----- c:\program files\ThreatFire
2009-09-11 15:18 <DIR> --d----- c:\docume~1\shivang\applic~1\Office Genuine Advantage
2009-09-10 17:25 <DIR> --d----- c:\docume~1\shivang\applic~1\AVG8
2009-09-10 16:36 <DIR> --d----- c:\program files\NortonInstaller
2009-09-10 16:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-09-09 20:56 153,088 -------- c:\windows\system32\dllcache\triedit.dll
2009-09-09 16:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-09-09 16:12 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-09-09 16:12 <DIR> --d----- c:\docume~1\shivang\applic~1\SUPERAntiSpyware.com
2009-09-09 16:12 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-09-08 22:39 <DIR> --d----- c:\docume~1\shivang\applic~1\Foxit
2009-09-08 22:39 <DIR> --d----- c:\program files\Foxit Software
2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-03 16:44 153,104 a------- c:\windows\system32\drivers\tmcomm.sys
2009-08-24 14:01 379,560 a------- c:\windows\system32\drivers\mfehidk.sys
2009-08-24 14:01 92,184 a------- c:\windows\system32\drivers\mfeapfk.sys
2009-08-23 00:53 290 a------- c:\docume~1\shivang\applic~1\wklnhst.dat
2009-08-05 14:31 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 14:31 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-19 18:48 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 14:36 179,792 a------- c:\windows\system32\guard32.dll
2009-07-18 00:31 58,880 a------- c:\windows\system32\atl.dll
2009-07-18 00:31 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-17 16:11 44,544 a------- c:\windows\system32\dllcache\alg.exe
2009-07-17 16:11 44,544 a------- c:\windows\system32\alg.exe
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 18:57 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-07-08 04:05 73,728 a------- c:\windows\system32\RtNicProp32.dll
2008-11-01 07:05 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110120081102\index.dat

============= FINISH: 16:00:21.84 ===============





Thank You.

Attached Files



BC AdBot (Login to Remove)

 


#2 compyman

compyman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 14 October 2009 - 06:12 AM

Hello guys
It's been a week since I posted on his forum. :( Any help would be greatly appreciated.

sincerely,
compyman.

#3 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:14 AM

Posted 22 October 2009 - 11:27 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#4 compyman

compyman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 24 October 2009 - 05:04 AM

Hello
No worries about the delay. :( And no my problem hasn't been solved.

But I am having trouble with dds. I've tried 4-5 times but it just vanishes after 2 minutes without leaving a logfile. I am not a computer novice and I am absolutely sure that no AV/Firewall interfered with the program. I have even tried running it in safe mode, but again the same thing happens.

Regards,
Compyman.

#5 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:14 AM

Posted 25 October 2009 - 01:18 PM

Let's try running some alternate utilities to get a log of what's going on in there.

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them both in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
~Blade

Edited by Blade Zephon, 25 October 2009 - 01:19 PM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#6 compyman

compyman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 26 October 2009 - 06:13 AM

Here they are

OTL.txt

OTL logfile created on: 10/26/2009 4:31:25 PM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Shivang\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.36 Mb Total Physical Memory | 538.95 Mb Available Physical Memory | 53.13% Memory free
2.38 Gb Paging File | 1.69 Gb Available in Paging File | 70.89% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.67 Gb Total Space | 117.22 Gb Free Space | 80.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DBTYD2BS
Current User Name: Shivang
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/10/26 16:30:34 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shivang\My Documents\Downloads\OTL.exe
PRC - [2009/09/15 16:26:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/09/15 16:26:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/09/15 16:24:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/09/15 16:19:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/09/13 18:52:50 | 01,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/09/10 16:21:06 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/08 21:09:42 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/08 21:09:30 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/03/06 07:58:08 | 00,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2009/03/06 07:57:54 | 01,434,920 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2009/02/19 14:23:24 | 00,202,064 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
PRC - [2009/02/16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe
PRC - [2009/02/16 00:10:22 | 00,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/02/06 15:40:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/02/02 10:50:54 | 00,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/08/14 00:04:44 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/08/14 00:04:42 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/07/29 10:11:00 | 00,071,512 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2008/06/29 19:42:42 | 00,024,064 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
PRC - [2008/06/29 19:42:40 | 02,220,032 | ---- | M] (Dell Inc.) -- C:\WINDOWS\System32\WLTRAY.exe
PRC - [2008/06/29 19:42:14 | 01,961,984 | ---- | M] (Dell Inc.) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2008/05/23 14:06:08 | 00,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/04/14 05:42:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/02/28 15:00:16 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe
PRC - [2008/02/28 15:00:14 | 00,137,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2008/02/28 15:00:04 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2008/02/22 12:43:38 | 01,245,184 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\Quickset.exe
PRC - [2008/02/14 18:15:12 | 00,036,864 | ---- | M] () -- C:\Program Files\Mobile\Aide.exe
PRC - [2007/11/27 19:33:30 | 00,046,432 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\WkCalRem.exe
PRC - [2007/11/06 10:50:08 | 16,855,552 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2007/08/30 10:50:42 | 00,205,480 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2007/01/11 20:43:46 | 02,150,400 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2006/12/18 15:22:14 | 00,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006/10/27 20:13:48 | 00,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
PRC - [2006/01/23 23:14:10 | 00,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

========== Win32 Services (SafeList) ==========

SRV - [2009/09/15 16:26:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/09/15 16:24:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2009/09/15 16:19:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/09/08 21:09:30 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/08/14 00:04:44 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/29 10:11:00 | 00,071,512 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/06/29 19:42:42 | 00,024,064 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
SRV - [2008/04/14 05:42:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009/09/15 16:26:14 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/09/15 16:25:30 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/09/15 16:25:19 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/09/15 16:24:30 | 00,052,368 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2009/09/15 16:24:21 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/09/15 16:23:24 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2009/09/09 16:31:51 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2009/08/24 14:01:36 | 00,379,560 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [Boot | Running])
DRV - [2009/08/24 14:01:36 | 00,092,184 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys -- (mfeapfk [On_Demand | Stopped])
DRV - [2009/07/28 08:55:00 | 00,143,360 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running])
DRV - [2009/06/22 22:18:51 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\96a3.sys -- (96a3 [On_Demand | Stopped])
DRV - [2009/06/18 18:48:04 | 00,142,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\MpFilter.sys -- (MpFilter [System | Running])
DRV - [2009/06/11 23:47:56 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\9f833.sys -- (9f833 [On_Demand | Stopped])
DRV - [2009/05/26 10:05:56 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/05/26 10:05:54 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/05/22 19:58:47 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\c1a8.sys -- (c1a8 [On_Demand | Stopped])
DRV - [2009/05/22 01:20:01 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\99d6C.sys -- (99d6C [On_Demand | Stopped])
DRV - [2009/05/22 01:09:40 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\a7c10.sys -- (a7c10 [On_Demand | Stopped])
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2009/03/06 07:58:44 | 00,208,304 | ---- | M] (Synaptics Incorporated) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2009/02/16 00:10:26 | 00,353,672 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [System | Running])
DRV - [2008/11/17 02:24:00 | 00,051,688 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
DRV - [2008/07/04 11:22:36 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/06/29 19:42:26 | 01,287,552 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Stopped])
DRV - [2008/04/14 00:26:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023.sys -- (USB_RNDIS [On_Demand | Running])
DRV - [2008/04/14 00:15:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2008/04/14 00:06:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2008/04/14 00:06:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2008/04/13 22:06:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008/03/17 14:54:30 | 00,305,176 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2008/03/17 11:03:46 | 00,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys -- (hwdatacard [On_Demand | Stopped])
DRV - [2008/02/21 14:38:30 | 00,043,480 | ---- | M] (O2Micro ) -- C:\WINDOWS\System32\DRIVERS\o2sd.sys -- (O2SDRDR [On_Demand | Running])
DRV - [2008/02/21 14:38:24 | 00,048,472 | ---- | M] (O2Micro ) -- C:\WINDOWS\System32\DRIVERS\o2media.sys -- (O2MDRDR [On_Demand | Running])
DRV - [2008/02/15 21:12:06 | 05,854,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])
DRV - [2007/12/14 11:42:04 | 00,155,136 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Stopped])
DRV - [2007/11/14 17:14:02 | 04,625,408 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2007/11/13 15:55:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2007/11/12 19:07:58 | 00,086,656 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\System32\DRIVERS\ACFVA32.sys -- (acfva [On_Demand | Stopped])
DRV - [2007/11/12 19:07:58 | 00,028,928 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\ACFDCP32.sys -- (dgcfltr [On_Demand | Stopped])
DRV - [2007/11/12 19:07:58 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\ACFSDK32.sys -- (mdmxsdk [Auto | Running])
DRV - [2007/04/26 14:29:30 | 00,041,856 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\System32\DRIVERS\tosrfusb.sys -- (Tosrfusb [On_Demand | Stopped])
DRV - [2007/04/26 14:29:28 | 00,073,600 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys -- (Tosrfhid [On_Demand | Stopped])
DRV - [2007/04/26 14:29:28 | 00,064,896 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\Drivers\tosrfcom.sys -- (Tosrfcom [System | Running])
DRV - [2007/04/26 14:29:28 | 00,018,612 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\System32\DRIVERS\tosrfnds.sys -- (tosrfnds [On_Demand | Stopped])
DRV - [2007/04/26 14:29:26 | 00,113,920 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\System32\DRIVERS\tosrfbd.sys -- (tosrfbd [On_Demand | Stopped])
DRV - [2007/04/26 14:29:26 | 00,036,480 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\Drivers\tosrfbnp.sys -- (tosrfbnp [On_Demand | Stopped])
DRV - [2007/04/26 14:29:24 | 00,041,600 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\tosporte.sys -- (tosporte [On_Demand | Running])
DRV - [2005/08/12 16:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV [System | Running])
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])

========== Modules (SafeList) ==========

MOD - [2009/10/26 16:30:34 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shivang\My Documents\Downloads\OTL.exe
MOD - [2008/04/14 05:42:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/14 05:42:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mslbui.dll

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-983273617-2878044512-759671727-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-983273617-2878044512-759671727-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-983273617-2878044512-759671727-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-983273617-2878044512-759671727-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-983273617-2878044512-759671727-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-983273617-2878044512-759671727-1007\S-1-5-21-983273617-2878044512-759671727-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}:1.0
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.29
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.6
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.17
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.14
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.11
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.3.1
FF - prefs.js..extensions.enabledItems: optout@dubfire.net:2.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20090630
FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.51


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/26 21:50:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/24 22:12:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/14 16:48:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/15 15:15:16 | 00,000,000 | ---D | M]

[2009/04/23 23:33:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shivang\Application Data\mozilla\Extensions
[2009/04/23 23:33:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shivang\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/26 10:30:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shivang\Application Data\mozilla\Firefox\Profiles\d6ud85wp.default\extensions
[2009/08/22 11:48:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shivang\Application Data\mozilla\Firefox\Profiles\d6ud85wp.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2009/10/08 23:00:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shivang\Application Data\mozilla\Firefox\Profiles\d6ud85wp.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009/06/27 12:00:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shivang\Application Data\mozilla\Firefox\Profiles\d6ud85wp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/13 22:55:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shivang\Application Data\mozilla\Firefox\Profiles\d6ud85wp.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
[2009/10/15 10:20:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shivang\Application Data\mozilla\Firefox\Profiles\d6ud85wp.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/08/13 23:02:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shivang\Application Data\mozilla\Firefox\Profiles\d6ud85wp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/06/12 13:17:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shivang\Application Data\mozilla\Firefox\Profiles\d6ud85wp.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/09/18 09:51:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shivang\Application Data\mozilla\Firefox\Profiles\d6ud85wp.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/08/12 00:28:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shivang\Application Data\mozilla\Firefox\Profiles\d6ud85wp.default\extensions\firefox@ghostery.com
[2009/08/22 11:48:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shivang\Application Data\mozilla\Firefox\Profiles\d6ud85wp.default\extensions\foxyproxy@eric.h.jung
[2009/07/01 22:32:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shivang\Application Data\mozilla\Firefox\Profiles\d6ud85wp.default\extensions\nasanightlaunch@example.com
[2009/07/28 21:39:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shivang\Application Data\mozilla\Firefox\Profiles\d6ud85wp.default\extensions\optout@dubfire.net
[2009/05/13 22:03:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shivang\Application Data\mozilla\Firefox\Profiles\d6ud85wp.default\extensions\personas@christopher(2).beard
[2009/10/24 21:09:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shivang\Application Data\mozilla\Firefox\Profiles\d6ud85wp.default\extensions\personas@christopher.beard
[2009/06/12 12:12:56 | 00,000,705 | ---- | M] () -- C:\Documents and Settings\Shivang\Application Data\Mozilla\FireFox\Profiles\d6ud85wp.default\searchplugins\webster.xml
[2009/05/17 13:17:39 | 00,001,980 | ---- | M] () -- C:\Documents and Settings\Shivang\Application Data\Mozilla\FireFox\Profiles\d6ud85wp.default\searchplugins\wolframalpha.xml
[2009/10/26 10:30:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/10 16:21:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/24 22:12:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/11 14:31:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/22 14:17:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/09/10 16:21:05 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/10 16:21:05 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/02 02:32:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/13 00:16:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2007/02/13 01:00:16 | 00,164,352 | ---- | M] (Indiepath Ltd) -- C:\Program Files\mozilla firefox\plugins\npigl.dll
[2009/09/10 16:21:11 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/08/03 15:07:42 | 00,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/09/20 01:18:44 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/09/20 01:18:44 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/20 01:18:44 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/20 01:18:44 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/20 01:18:44 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/09/20 01:18:44 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/09/20 01:18:45 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/05/02 02:32:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/06/24 16:57:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/24 16:57:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/24 16:57:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/24 16:57:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/24 16:57:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 16:57:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\New Folder\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Aide] C:\Program Files\Mobile\Aide.exe ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-983273617-2878044512-759671727-1007..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-983273617-2878044512-759671727-1007..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-983273617-2878044512-759671727-1007..\Run: [SmartRAM] C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe (IObit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\Shivang\Start Menu\Programs\Startup\WkCalRem.LNK = C:\Program Files\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-983273617-2878044512-759671727-1007\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-983273617-2878044512-759671727-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-983273617-2878044512-759671727-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-983273617-2878044512-759671727-1007_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-983273617-2878044512-759671727-1007\..Trusted Domains: internet ([]about in Internet)
O15 - HKU\S-1-5-21-983273617-2878044512-759671727-1007\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
O15 - HKU\S-1-5-21-983273617-2878044512-759671727-1007\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKU\S-1-5-21-983273617-2878044512-759671727-1007\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKU\S-1-5-21-983273617-2878044512-759671727-1007\..Trusted Domains: millsberry.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-983273617-2878044512-759671727-1007\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-983273617-2878044512-759671727-1007\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://supportapj.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://games.bigfishgames.com/en_burger-sh...esPlayer_v4.cab (GoBit Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Shivang/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1b7dcbb9-0d7a-11de-9a6c-002170c4099c}\Shell - "" = AutoRun
O33 - MountPoints2\{1b7dcbb9-0d7a-11de-9a6c-002170c4099c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1b7dcbb9-0d7a-11de-9a6c-002170c4099c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{4f6887d6-117b-11de-9a86-002170c4099c}\Shell - "" = AutoRun
O33 - MountPoints2\{4f6887d6-117b-11de-9a86-002170c4099c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4f6887d6-117b-11de-9a86-002170c4099c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{53b34386-4ec9-11de-9b8d-002170c4099c}\Shell - "" = AutoRun
O33 - MountPoints2\{53b34386-4ec9-11de-9b8d-002170c4099c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{53b34386-4ec9-11de-9b8d-002170c4099c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{53b34387-4ec9-11de-9b8d-002170c4099c}\Shell - "" = AutoRun
O33 - MountPoints2\{53b34387-4ec9-11de-9b8d-002170c4099c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{53b34387-4ec9-11de-9b8d-002170c4099c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{554e0a9a-d440-11dd-9d82-002170b7360e}\Shell\AutoRun\command - "" = wscript.exe .vbs
O33 - MountPoints2\{554e0a9a-d440-11dd-9d82-002170b7360e}\Shell\open\command - "" = wscript.exe .vbs
O33 - MountPoints2\{821075da-85bc-11de-9cae-002170c4099c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{821075da-85bc-11de-9cae-002170c4099c}\Shell\default\command - "" = strongkey.exe
O33 - MountPoints2\{91142fbc-2604-11de-9ae7-002170c4099c}\Shell - "" = AutoRun
O33 - MountPoints2\{91142fbc-2604-11de-9ae7-002170c4099c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{91142fbc-2604-11de-9ae7-002170c4099c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/07 19:24:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shivang\Application Data\TrojanHunter
[2009/10/03 01:16:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shivang\Application Data\WinRAR
[2009/10/03 00:38:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shivang\Local Settings\Application Data\Downloaded Installations
[2009/10/03 00:38:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2009/10/23 01:41:10 | 00,000,000 | ---D | C] -- C:\Program Files\AC3Filter
[2009/10/17 02:23:32 | 00,000,000 | ---D | C] -- C:\Program Files\Cheat Engine
[2009/10/10 21:11:53 | 00,000,000 | ---D | C] -- C:\Program Files\Doremisoft
[2009/10/10 21:03:56 | 00,000,000 | ---D | C] -- C:\Program Files\Emicsoft Studio
[2009/10/17 17:53:20 | 00,000,000 | ---D | C] -- C:\Program Files\Free Audio Pack
[2009/10/02 20:20:11 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2009/10/18 01:29:48 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2009/10/18 01:30:07 | 00,058,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2009/10/18 01:30:01 | 00,103,816 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2009/10/18 01:30:01 | 00,069,000 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2009/10/18 01:29:52 | 00,035,208 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2009/10/18 01:29:49 | 01,221,512 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2009/10/18 01:29:49 | 00,109,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2009/10/18 01:29:48 | 00,309,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2009/10/18 01:29:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2009/10/18 01:29:47 | 00,107,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2009/10/18 01:29:46 | 00,353,672 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2009/10/18 01:29:11 | 00,482,184 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2009/10/18 01:29:11 | 00,229,256 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2009/10/18 01:29:11 | 00,110,472 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2009/10/17 17:53:37 | 00,164,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMCT232.OCX
[2009/10/17 17:53:35 | 00,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\WMAFile.dll
[2009/10/17 17:53:34 | 01,212,416 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioInfos.dll
[2009/10/17 17:53:34 | 00,479,232 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioVisu.dll
[2009/10/17 17:53:34 | 00,458,752 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudPlayer.dll
[2009/10/17 17:53:34 | 00,454,656 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioRecord.dll
[2009/10/17 17:53:33 | 02,084,864 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDesign.dll
[2009/10/17 17:53:33 | 01,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudFile.dll
[2009/10/17 17:53:33 | 00,417,792 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDisplay.dll
[2009/10/17 17:53:33 | 00,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL
[2009/10/17 17:53:33 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
[2009/10/17 17:53:33 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetfr.DLL
[2009/10/17 17:53:32 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTFR.DLL
[2009/10/17 17:53:31 | 00,662,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX
[2009/10/17 17:53:31 | 00,152,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX
[2009/10/17 17:53:31 | 00,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL
[2009/10/17 17:53:31 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mscc2fr.dll
[2009/10/17 17:53:31 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL
[2009/10/17 17:53:30 | 00,307,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2009/10/17 03:28:50 | 00,000,000 | -HSD | C] -- C:\found.000
[2009/10/15 23:42:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shivang\My Documents\Google Talk Received Files
[2009/10/15 20:48:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shivang\Desktop\qwerty
[2009/10/15 20:46:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shivang\Desktop\kaminey
[2009/10/15 20:45:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shivang\Desktop\dil bole hadippa
[2009/10/09 17:26:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shivang\My Documents\FDM His
[2009/10/08 19:28:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shivang\Desktop\junk
[2009/10/03 19:37:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shivang\My Documents\history.do_files
[2009/10/03 19:30:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shivang\My Documents\bookticket.do_files
[2009/10/03 01:04:41 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/10/03 01:03:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/10/02 20:49:49 | 00,195,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

========== Files - Modified Within 30 Days ==========

[2009/10/26 16:23:28 | 00,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B3616B1C-3B90-4FBF-ACE0-2B4078B2C991}.job
[2009/10/26 16:11:22 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/26 16:07:14 | 00,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/10/26 16:06:43 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/26 16:06:20 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2009/10/26 16:06:11 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/10/26 16:06:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/26 16:06:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/26 16:05:58 | 10,637,02528 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/26 12:49:57 | 04,860,894 | -H-- | M] () -- C:\Documents and Settings\Shivang\Local Settings\Application Data\IconCache.db
[2009/10/26 12:45:25 | 00,200,704 | ---- | M] () -- C:\Documents and Settings\Shivang\Desktop\quadratic forms.doc
[2009/10/26 12:43:55 | 00,275,456 | ---- | M] () -- C:\Documents and Settings\Shivang\Desktop\project.doc
[2009/10/25 08:06:49 | 22,718,466 | -H-- | M] () -- C:\Documents and Settings\Shivang\Desktop\20031022penroseVN300K.rm.mp3
[2009/10/25 08:06:49 | 20,112,361 | -H-- | M] () -- C:\Documents and Settings\Shivang\Desktop\20031017penroseVN300K.rm.mp3
[2009/10/25 08:06:49 | 18,330,973 | -H-- | M] () -- C:\Documents and Settings\Shivang\Desktop\20031020penroseVN300K.rm.mp3
[2009/10/24 20:13:06 | 00,002,550 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/10/23 23:03:15 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2009/10/22 23:01:55 | 00,231,424 | ---- | M] () -- C:\Documents and Settings\Shivang\Desktop\In mathematics.doc
[2009/10/22 22:48:46 | 00,292,352 | ---- | M] () -- C:\Documents and Settings\Shivang\Desktop\rangoli.ppt
[2009/10/20 10:42:56 | 00,078,848 | ---- | M] () -- C:\Documents and Settings\Shivang\Desktop\rangoli.doc
[2009/10/19 14:16:32 | 00,000,234 | ---- | M] () -- C:\WINDOWS\TCW.INI
[2009/10/18 01:30:15 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/10/17 19:53:16 | 00,013,312 | ---- | M] () -- C:\Documents and Settings\Shivang\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/17 09:55:48 | 00,508,416 | ---- | M] () -- C:\Documents and Settings\Shivang\My Documents\dmissionsAlice.doc
[2009/10/16 01:07:35 | 00,000,703 | ---- | M] () -- C:\Documents and Settings\Shivang\Start Menu\Programs\Startup\WkCalRem.LNK
[2009/10/15 23:42:55 | 00,000,522 | ---- | M] () -- C:\Documents and Settings\Shivang\Desktop\Google Talk Received Files.lnk
[2009/10/15 15:15:17 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/14 15:21:27 | 00,507,768 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/14 15:21:27 | 00,445,608 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/14 15:21:27 | 00,072,774 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/13 09:26:21 | 00,000,894 | ---- | M] () -- C:\Documents and Settings\Shivang\Desktop\Google Talk.lnk
[2009/10/12 15:46:57 | 00,027,590 | ---- | M] () -- C:\Documents and Settings\Shivang\My Documents\Hall Ticket.pdf
[2009/10/11 23:21:14 | 00,611,604 | ---- | M] () -- C:\Documents and Settings\Shivang\Desktop\fea-grothendieck-part2.pdf
[2009/10/11 23:21:07 | 01,323,403 | ---- | M] () -- C:\Documents and Settings\Shivang\Desktop\fea-grothendieck-part1.pdf
[2009/10/09 17:04:53 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\Shivang\My Documents\MIT Questions.doc
[2009/10/08 20:49:44 | 00,126,464 | ---- | M] () -- C:\Documents and Settings\Shivang\Desktop\INDEX.doc
[2009/10/08 20:25:50 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Shivang\My Documents\Albert Einstein.doc
[2009/10/07 16:20:21 | 00,059,392 | R--- | M] () -- C:\WINDOWS\System32\streamhlp.dll
[2009/10/06 17:41:11 | 00,046,592 | ---- | M] () -- C:\Documents and Settings\Shivang\Desktop\WAP to print.doc
[2009/10/03 21:42:20 | 00,274,312 | ---- | M] () -- C:\Documents and Settings\Shivang\My Documents\coupons.pdf
[2009/10/03 19:37:23 | 00,090,483 | ---- | M] () -- C:\Documents and Settings\Shivang\My Documents\history.do.htm
[2009/10/03 19:34:21 | 00,221,097 | ---- | M] () -- C:\Documents and Settings\Shivang\My Documents\bookticket.do.htm
[2009/10/03 01:05:45 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/10/03 01:04:41 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/10/02 23:31:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/01 10:29:14 | 00,195,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2009/09/28 21:40:49 | 00,360,960 | ---- | M] () -- C:\Documents and Settings\Shivang\Desktop\IPO2007.doc
[2009/09/28 21:40:44 | 00,151,552 | ---- | M] () -- C:\Documents and Settings\Shivang\My Documents\2007PRINT.doc
[2009/09/28 16:40:23 | 00,367,580 | ---- | M] () -- C:\Documents and Settings\Shivang\My Documents\P_IPO_06.pdf

========== Files - No Company Name ==========
[2009/10/26 12:45:25 | 00,200,704 | ---- | C] () -- C:\Documents and Settings\Shivang\Desktop\quadratic forms.doc
[2009/10/26 11:01:53 | 00,275,456 | ---- | C] () -- C:\Documents and Settings\Shivang\Desktop\project.doc
[2009/10/24 22:52:09 | 20,112,361 | -H-- | C] () -- C:\Documents and Settings\Shivang\Desktop\20031017penroseVN300K.rm.mp3
[2009/10/24 20:53:23 | 18,330,973 | -H-- | C] () -- C:\Documents and Settings\Shivang\Desktop\20031020penroseVN300K.rm.mp3
[2009/10/24 20:52:56 | 22,718,466 | -H-- | C] () -- C:\Documents and Settings\Shivang\Desktop\20031022penroseVN300K.rm.mp3
[2009/10/24 15:25:55 | 10,637,02528 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/22 23:01:55 | 00,231,424 | ---- | C] () -- C:\Documents and Settings\Shivang\Desktop\In mathematics.doc
[2009/10/22 22:48:46 | 00,292,352 | ---- | C] () -- C:\Documents and Settings\Shivang\Desktop\rangoli.ppt
[2009/10/18 01:29:46 | 00,350,192 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/10/17 17:53:35 | 00,116,296 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx
[2009/10/17 17:53:30 | 00,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/10/17 09:55:48 | 00,508,416 | ---- | C] () -- C:\Documents and Settings\Shivang\My Documents\dmissionsAlice.doc
[2009/10/16 01:07:35 | 00,000,703 | ---- | C] () -- C:\Documents and Settings\Shivang\Start Menu\Programs\Startup\WkCalRem.LNK
[2009/10/15 23:42:55 | 00,000,522 | ---- | C] () -- C:\Documents and Settings\Shivang\Desktop\Google Talk Received Files.lnk
[2009/10/15 22:52:13 | 00,078,848 | ---- | C] () -- C:\Documents and Settings\Shivang\Desktop\rangoli.doc
[2009/10/15 15:15:17 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/13 09:26:21 | 00,000,894 | ---- | C] () -- C:\Documents and Settings\Shivang\Desktop\Google Talk.lnk
[2009/10/12 15:51:46 | 00,027,590 | ---- | C] () -- C:\Documents and Settings\Shivang\My Documents\Hall Ticket.pdf
[2009/10/11 23:21:13 | 00,611,604 | ---- | C] () -- C:\Documents and Settings\Shivang\Desktop\fea-grothendieck-part2.pdf
[2009/10/11 23:21:07 | 01,323,403 | ---- | C] () -- C:\Documents and Settings\Shivang\Desktop\fea-grothendieck-part1.pdf
[2009/10/07 16:19:59 | 00,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2009/10/06 17:55:45 | 00,151,552 | ---- | C] () -- C:\Documents and Settings\Shivang\My Documents\2007PRINT.doc
[2009/10/06 00:38:16 | 00,046,592 | ---- | C] () -- C:\Documents and Settings\Shivang\Desktop\WAP to print.doc
[2009/10/03 21:42:20 | 00,274,312 | ---- | C] () -- C:\Documents and Settings\Shivang\My Documents\coupons.pdf
[2009/10/03 19:37:23 | 00,090,483 | ---- | C] () -- C:\Documents and Settings\Shivang\My Documents\history.do.htm
[2009/10/03 19:30:38 | 00,221,097 | ---- | C] () -- C:\Documents and Settings\Shivang\My Documents\bookticket.do.htm
[2009/10/02 20:27:08 | 00,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/09/28 16:54:12 | 00,360,960 | ---- | C] () -- C:\Documents and Settings\Shivang\Desktop\IPO2007.doc
[2009/09/28 16:40:23 | 00,367,580 | ---- | C] () -- C:\Documents and Settings\Shivang\My Documents\P_IPO_06.pdf
[2009/09/03 21:34:40 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Shivang\Local Settings\Application Data\housecall.guid.cache
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/23 18:16:01 | 00,000,046 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/07/16 16:25:31 | 00,001,305 | ---- | C] () -- C:\WINDOWS\openhelp.ini
[2009/07/16 16:25:31 | 00,000,331 | ---- | C] () -- C:\WINDOWS\WINHELP.INI
[2009/07/16 16:25:31 | 00,000,234 | ---- | C] () -- C:\WINDOWS\TCW.INI
[2009/07/16 16:24:29 | 00,000,200 | ---- | C] () -- C:\WINDOWS\OWL.INI
[2009/07/16 16:24:13 | 00,000,215 | ---- | C] () -- C:\WINDOWS\workshop.ini
[2009/06/22 22:18:51 | 00,054,624 | ---- | C] () -- C:\WINDOWS\System32\96a3.sys
[2009/06/11 23:47:56 | 00,054,624 | ---- | C] () -- C:\WINDOWS\System32\9f833.sys
[2009/06/07 20:22:23 | 00,000,253 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009/05/22 19:58:47 | 00,054,624 | ---- | C] () -- C:\WINDOWS\System32\c1a8.sys
[2009/05/22 01:20:01 | 00,054,624 | ---- | C] () -- C:\WINDOWS\System32\99d6C.sys
[2009/05/22 01:09:40 | 00,054,624 | ---- | C] () -- C:\WINDOWS\System32\a7c10.sys
[2009/05/21 15:12:12 | 01,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
[2009/05/21 15:12:11 | 01,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
[2009/05/21 15:12:09 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/03/03 12:18:04 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/02/02 12:01:26 | 04,860,894 | -H-- | C] () -- C:\Documents and Settings\Shivang\Local Settings\Application Data\IconCache.db
[2009/01/22 18:46:43 | 00,000,290 | ---- | C] () -- C:\Documents and Settings\Shivang\Application Data\wklnhst.dat
[2009/01/11 11:53:05 | 00,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2008/10/20 20:38:19 | 00,013,312 | ---- | C] () -- C:\Documents and Settings\Shivang\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/20 20:18:30 | 00,092,344 | ---- | C] () -- C:\Documents and Settings\Shivang\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/20 19:12:48 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Shivang\Application Data\desktop.ini
[2008/10/10 18:26:58 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/30 17:31:05 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/09/30 17:28:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008/09/30 17:26:15 | 00,000,298 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/30 17:21:43 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/09/30 17:21:42 | 00,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/09/30 16:54:37 | 01,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/09/30 16:54:37 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2008/09/30 16:54:37 | 00,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008/09/30 16:52:10 | 00,001,163 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/09/02 14:44:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/08/11 17:24:19 | 00,000,879 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:11 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/11 17:00:37 | 00,000,715 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 17:00:35 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/07/20 17:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\alg.exe:SummaryInformation
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7CB87BE
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8173A019
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\Shivang\Desktop\TCW.EXE:SummaryInformation
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
< End of report >




Extras.txt

OTL Extras logfile created on: 10/26/2009 4:31:25 PM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Shivang\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.36 Mb Total Physical Memory | 538.95 Mb Available Physical Memory | 53.13% Memory free
2.38 Gb Paging File | 1.69 Gb Available in Paging File | 70.89% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.67 Gb Total Space | 117.22 Gb Free Space | 80.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DBTYD2BS
Current User Name: Shivang
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-983273617-2878044512-759671727-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [AAW2007] -- Reg Error: Value error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Disabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Disabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Disabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\Free Download Manager\fdm.exe" = C:\Program Files\Free Download Manager\fdm.exe:*:Enabled:Free Download Manager -- (FreeDownloadManager.ORG)
"C:\Program Files\Electronic Arts\Need For Speed III\nfs3.exe" = C:\Program Files\Electronic Arts\Need For Speed III\nfs3.exe:*:Disabled:Need For Speed III for Win32 -- (Electronic Arts, Inc.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1882D3BE-8B8F-4EA3-9414-EB06CD5B9CD8}" = Modem Diagnostics Tool
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 15
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39C4C6DE-641B-483F-B875-2AEDF0FB85CA}_is1" = Rampant Logic Postscript Viewer 1.1
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2D4B343-3207-45DB-8443-1CA7B3F6A117}" = Test Room
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CED64D9F-80A9-4D4D-A48F-7D90FBDE3D5C}" = Test Room
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{E2867240-F889-4D76-9AAF-252D9A1A623E}" = O2Micro Flash Memory Card Reader Driver (x86)
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"avast!" = avast! Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_USB_ACF" = Conexant USB D400 V.92 Modem
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Doremi FLV to MP3 Converter" = Doremi FLV to MP3 Converter 1.0
"Free Download Manager_is1" = Free Download Manager 3.0
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.81
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"igLoader" = igLoader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Need For Speed III" = Need For Speed III
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 6.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WinDjView" = WinDjView 1.0.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 10/9/2009 3:27:18 PM | Computer Name = DBTYD2BS | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\All Users\Application Data\avg8ls\update\download\x8xplsb2_77l4.bin
failed, 00000005.

Error - 10/9/2009 3:27:18 PM | Computer Name = DBTYD2BS | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\All Users\Application Data\avg8ls\update\download\x8xplsb2_79pp.bin
failed, 00000005.

Error - 10/9/2009 3:27:18 PM | Computer Name = DBTYD2BS | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\All Users\Application Data\avg8ls\update\download\x8xplsb2_80qm.bin
failed, 00000005.

Error - 10/9/2009 3:27:18 PM | Computer Name = DBTYD2BS | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\All Users\Application Data\avg8ls\update\download\x8xplsb2_81po.bin
failed, 00000005.

Error - 10/9/2009 3:27:18 PM | Computer Name = DBTYD2BS | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\All Users\Application Data\avg8ls\update\download\x8xplsb_61d60l3.bin
failed, 00000005.

Error - 10/9/2009 3:27:19 PM | Computer Name = DBTYD2BS | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\All Users\Application Data\avg8ls\update\download\x8xplsb_62d61qm.bin
failed, 00000005.

Error - 10/9/2009 3:27:19 PM | Computer Name = DBTYD2BS | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\All Users\Application Data\avg8ls\update\download\x8xplsb_63d62po.bin
failed, 00000005.

Error - 10/9/2009 3:27:19 PM | Computer Name = DBTYD2BS | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\All Users\Application Data\avg8ls\update\download\x8xplsc_89d88po.bin
failed, 00000005.

Error - 10/9/2009 3:36:36 PM | Computer Name = DBTYD2BS | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Downloads\Software\Chicken_Invaders3_regular-setup.exe failed, 00000005.

Error - 10/9/2009 3:36:50 PM | Computer Name = DBTYD2BS | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Downloads\Software\GraboidVideoSetup.exe failed, 00000005.

[ Application Events ]
Error - 10/6/2009 6:26:07 AM | Computer Name = DBTYD2BS | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 10/6/2009 6:45:09 AM | Computer Name = DBTYD2BS | Source = Application Error | ID = 1000
Description = Faulting application quickset.exe, version 8.3.17.0, faulting module
quickset.exe, version 8.3.17.0, fault address 0x0001a0c6.

Error - 10/6/2009 12:45:56 PM | Computer Name = DBTYD2BS | Source = Application Error | ID = 1000
Description = Faulting application vcd_play.exe, version 1.1.1.4, faulting module
vcd_play.exe, version 1.1.1.4, fault address 0x00001c3e.

Error - 10/10/2009 4:22:57 PM | Computer Name = DBTYD2BS | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.0.6212.0,
P5 mpsigdwn.dll, P6 2.0.6212.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 10/14/2009 8:44:02 AM | Computer Name = DBTYD2BS | Source = Application Error | ID = 1000
Description = Faulting application quickset.exe, version 8.3.17.0, faulting module
quickset.exe, version 8.3.17.0, fault address 0x0001a0c6.

Error - 10/15/2009 11:19:05 AM | Computer Name = DBTYD2BS | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 10/16/2009 1:33:59 PM | Computer Name = DBTYD2BS | Source = ESENT | ID = 490
Description = svchost (1468) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edbtmp.log"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 10/16/2009 1:38:00 PM | Computer Name = DBTYD2BS | Source = ESENT | ID = 490
Description = svchost (1468) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edbtmp.log"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 10/16/2009 6:18:23 PM | Computer Name = DBTYD2BS | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0, P2 system file cache, P3 cacheflush,
P4 2.0.6212.0, P5 microsoft antimalware, P6 1, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

Error - 10/20/2009 12:20:51 AM | Computer Name = DBTYD2BS | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.0.6212.0,
P5 mpsigdwn.dll, P6 2.0.6212.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 10/26/2009 6:36:19 AM | Computer Name = DBTYD2BS | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.

Error - 10/26/2009 6:36:37 AM | Computer Name = DBTYD2BS | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time-a.timefreq.bldrdoc.gov,0x1'. NtpClient will try the
DNS lookup again in 15 minutes. The error was: A socket operation was attempted to
an unreachable host. (0x80072751)

Error - 10/26/2009 6:36:37 AM | Computer Name = DBTYD2BS | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 10/26/2009 6:36:38 AM | Computer Name = DBTYD2BS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 10/26/2009 6:36:40 AM | Computer Name = DBTYD2BS | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time-a.timefreq.bldrdoc.gov,0x1'. NtpClient will try the
DNS lookup again in 15 minutes. The error was: A socket operation was attempted to
an unreachable host. (0x80072751)

Error - 10/26/2009 6:36:40 AM | Computer Name = DBTYD2BS | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 10/26/2009 6:37:29 AM | Computer Name = DBTYD2BS | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time-a.timefreq.bldrdoc.gov,0x1'. NtpClient will try the
DNS lookup again in 15 minutes. The error was: A socket operation was attempted to
an unreachable host. (0x80072751)

Error - 10/26/2009 6:37:29 AM | Computer Name = DBTYD2BS | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 10/26/2009 6:37:44 AM | Computer Name = DBTYD2BS | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time-a.timefreq.bldrdoc.gov,0x1'. NtpClient will try the
DNS lookup again in 15 minutes. The error was: A socket operation was attempted to
an unreachable host. (0x80072751)

Error - 10/26/2009 6:37:44 AM | Computer Name = DBTYD2BS | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.


< End of report >

#7 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 AM

Posted 29 October 2009 - 02:11 PM

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,

I am Posted Image and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

==========

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please copy/paste the contents of that document in your next reply.

==========

Download and run Win32kDiag:Next......


Download and run a batch file (peek.bat):
  • Download peek.bat from the download link below and save it to your Desktop.
  • Double-click peek.bat to run it.A black Command Prompt window will appear shortly: the program is running. If you are using Vista please right click and run as Admin!
  • Once it is finished, copy and paste the entire contents of the Log.txt file it creates as a reply to this post.
==========

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

With your next post please provide:

* SecurityCheck log
* Win32kDiag.txt
* Log.txt

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#8 compyman

compyman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 30 October 2009 - 01:18 PM

Hello thebytes,

Thank you once again for your support.

Clarification-
Do I need to disable my AV/Firewall before running the scans?


Sincerely
compyman

#9 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 AM

Posted 30 October 2009 - 03:23 PM

Not yet.
Just follow the directions word for word.
There is nothing in my instructions about disabling your AV/FW.
Thanks,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#10 compyman

compyman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 31 October 2009 - 10:22 AM

Hello. :(

checkup.txt


Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
avast! Antivirus
ZoneAlarm
Antivirus up to date! (On Access scanning disabled!)
``````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware Free Edition
HijackThis 2.0.2
CCleaner
Java™ 6 Update 15
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.2
Korean Fonts Support For Adobe Reader 9
``````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
``````````````````````````````
DNS Vulnerability Check:

Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

`````````End of Log```````````




log.txt


Volume in drive C has no label.
Volume Serial Number is C41D-EE24

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 05:00 AM 180,224 scecli.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 05:00 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 05:00 AM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

04/14/2008 05:42 AM 181,248 scecli.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/14/2008 05:42 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/14/2008 05:41 AM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32

04/14/2008 05:42 AM 181,248 scecli.dll

Directory of C:\WINDOWS\system32

04/14/2008 05:42 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32

04/14/2008 05:41 AM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Total Files Listed:
9 File(s) 1,932,288 bytes
0 Dir(s) 125,147,553,792 bytes free




Win32kDiag.txt


Running from: C:\Documents and Settings\Shivang\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Shivang\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!




Compyman.

#11 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 AM

Posted 31 October 2009 - 11:55 AM

Happy Halloween :( ,

Please do this......

RKill by Grinler

Link #1
Link #2
Link #3
Link #4

  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen with briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.
==========

Download and Run ComboFix (by sUBs)

You must rename it before saving it.

Posted Image

Posted Image

Please download ComboFix from one of these locations:

Link 1
Link 2

Save thcbytes.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click on thcbytes.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==========

With your next post please provide:

* Combofix.txt

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#12 compyman

compyman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 01 November 2009 - 11:34 AM

Hello.

Rkill doesn't work. The screen simply vanishes after a minute without leaving any scan completion message. I have tried all the four download links.


Combofix log

ComboFix 09-10-30.01 - Shivang 11/01/2009 15:43.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.530 [GMT 5.5:30]
Running from: c:\documents and settings\Shivang\Desktop\thcbytes.exe
AV: avast! antivirus 4.8.1356 [VPS 091031-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2009-10-01 to 2009-11-01 )))))))))))))))))))))))))))))))
.

2009-10-31 15:18 . 2009-10-31 15:19 -------- d-----w- C:\1bf86138dbad6e182ddf7d11
2009-10-30 15:53 . 2009-10-30 15:54 -------- d-----w- C:\d628abfea0bb034859ff420002e987
2009-10-22 20:11 . 2009-10-22 20:11 -------- d-----w- c:\program files\AC3Filter
2009-10-17 20:00 . 2009-02-15 18:40 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-10-17 20:00 . 2009-02-15 18:40 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-10-17 19:59 . 2009-02-15 18:40 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-10-17 19:59 . 2009-10-17 20:00 -------- d-----w- c:\windows\system32\ZoneLabs
2009-10-17 19:59 . 2009-10-17 19:59 -------- d-----w- c:\program files\Zone Labs
2009-10-16 21:58 . 2009-10-16 21:58 -------- d-----w- C:\found.000
2009-10-16 20:53 . 2009-10-16 21:24 -------- d-----w- c:\program files\Cheat Engine
2009-10-10 15:41 . 2009-10-10 15:41 -------- d-----w- c:\program files\Doremisoft
2009-10-10 15:33 . 2009-10-10 15:33 -------- d-----w- c:\program files\Emicsoft Studio
2009-10-07 13:54 . 2009-10-07 13:54 -------- d-----w- c:\documents and settings\Shivang\Application Data\TrojanHunter
2009-10-02 19:34 . 2009-10-02 19:34 578560 ----a-w- c:\windows\system32\dllcache\user32.dll
2009-10-02 19:33 . 2009-10-02 19:33 -------- d-----w- c:\windows\ERUNT
2009-10-02 19:08 . 2009-10-02 19:29 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-10-02 19:08 . 2009-10-02 19:08 -------- d-----w- c:\documents and settings\Shivang\Local Settings\Application Data\Downloaded Installations
2009-10-02 15:19 . 2009-10-01 04:59 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 14:50 . 2009-10-02 14:50 -------- d-----w- c:\program files\Microsoft Security Essentials

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-29 05:52 . 2009-08-03 16:07 -------- d-----w- c:\program files\Google
2009-10-24 14:25 . 2009-09-09 10:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-18 16:33 . 2009-01-25 11:02 -------- d-----w- c:\program files\COMODO
2009-10-17 20:00 . 2009-06-22 16:33 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-10-17 12:23 . 2009-10-17 12:23 -------- d-----w- c:\program files\Free Audio Pack
2009-10-15 09:45 . 2008-10-20 14:38 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-07 10:05 . 2009-09-19 19:49 -------- d-----w- c:\program files\Bonjour
2009-09-25 16:50 . 2009-09-25 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-09-25 16:50 . 2009-05-16 11:49 -------- d-----w- c:\program files\IObit
2009-09-25 12:03 . 2009-06-05 15:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-19 19:53 . 2009-02-03 13:30 -------- d-----w- c:\documents and settings\Shivang\Application Data\Apple Computer
2009-09-19 19:50 . 2009-09-19 19:49 -------- d-----w- c:\program files\iTunes
2009-09-19 19:50 . 2009-09-19 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-19 19:49 . 2009-09-19 19:49 -------- d-----w- c:\program files\iPod
2009-09-19 19:49 . 2009-09-19 19:44 -------- d-----w- c:\program files\Common Files\Apple
2009-09-19 19:49 . 2009-02-03 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-19 19:48 . 2009-02-03 13:29 -------- d-----w- c:\program files\QuickTime
2009-09-19 19:45 . 2009-09-19 19:45 -------- d-----w- c:\program files\Apple Software Update
2009-09-19 19:44 . 2009-09-19 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-15 10:59 . 2009-05-07 10:35 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 10:56 . 2009-05-07 10:35 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 10:56 . 2009-05-07 10:35 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 10:55 . 2009-05-07 10:35 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2009-05-07 10:35 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 10:54 . 2009-05-07 10:35 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 10:54 . 2009-05-07 10:35 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 10:53 . 2009-05-07 10:35 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 10:53 . 2009-05-07 10:35 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-12 02:29 . 2009-05-05 10:07 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-11 14:18 . 2004-08-11 11:30 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 11:30 . 2009-05-13 16:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-11 09:48 . 2009-09-11 09:48 -------- d-----w- c:\documents and settings\Shivang\Application Data\Office Genuine Advantage
2009-09-10 11:55 . 2009-09-10 11:55 -------- d-----w- c:\documents and settings\Shivang\Application Data\AVG8
2009-09-10 11:32 . 2009-09-10 11:32 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-10 11:26 . 2009-09-10 11:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-09-10 11:25 . 2008-12-30 08:46 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 11:06 . 2009-09-10 11:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-09-10 09:24 . 2009-04-23 17:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 09:23 . 2009-04-23 17:06 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 15:52 . 2009-09-08 17:09 -------- d-----w- c:\program files\Foxit Software
2009-09-09 10:42 . 2009-09-09 10:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-09 10:42 . 2009-09-09 10:42 -------- d-----w- c:\documents and settings\Shivang\Application Data\SUPERAntiSpyware.com
2009-09-09 10:42 . 2009-09-09 10:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-08 17:20 . 2009-09-08 17:20 -------- d-----w- c:\documents and settings\Shivang\Application Data\Toshiba
2009-09-08 17:14 . 2009-06-24 20:18 -------- d-----w- c:\program files\Macromedia
2009-09-08 17:09 . 2009-09-08 17:09 -------- d-----w- c:\documents and settings\Shivang\Application Data\Foxit
2009-09-08 16:53 . 2009-02-24 05:31 -------- d-----w- c:\program files\Windows Live
2009-09-08 16:53 . 2009-07-05 09:10 -------- d-----w- c:\program files\VideoLAN
2009-09-08 16:46 . 2009-06-24 20:18 -------- d-----w- c:\program files\Common Files\Macromedia
2009-09-07 19:18 . 2009-09-07 19:18 -------- d-----w- c:\documents and settings\Admin\Application Data\Free Download Manager
2009-09-06 09:35 . 2009-04-24 17:07 -------- d-----w- c:\program files\Trend Micro
2009-09-04 21:03 . 2004-08-11 11:30 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 11:14 . 2009-09-03 11:15 153104 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-09-03 11:12 . 2008-09-30 11:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-29 08:08 . 2004-08-11 11:30 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-11 11:30 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-24 08:31 . 2009-08-24 08:31 92184 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2009-08-24 08:31 . 2009-08-24 08:31 379560 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-08-22 19:23 . 2009-01-22 13:16 290 ----a-w- c:\documents and settings\Shivang\Application Data\wklnhst.dat
2009-08-06 13:54 . 2004-08-11 11:42 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 13:54 . 2004-08-11 11:42 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 13:54 . 2007-07-30 13:49 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 13:54 . 2004-08-11 11:42 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 13:54 . 2004-08-11 11:42 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 13:54 . 2004-08-11 11:30 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 13:53 . 2004-08-11 11:42 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 13:53 . 2008-12-31 04:19 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 13:53 . 2008-12-31 04:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 13:53 . 2004-08-11 11:42 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-11 11:30 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2004-08-11 11:30 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:22 . 2009-08-04 14:22 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 14:20 . 2004-08-03 17:29 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2004-08-03 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-03 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys

[-] 2004-08-03 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-03 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-03 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2004-08-03 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-03 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2004-08-03 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rpcss.dll

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-03 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-03 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-03 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-03 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2004-08-03 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-03 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2009-08-29 . 0E49677EE57A928765FC47FFBACD5326 . 5940224 . . [8.00.6001.18828] . . c:\windows\system32\mshtml.dll
[-] 2009-08-29 . 0E49677EE57A928765FC47FFBACD5326 . 5940224 . . [8.00.6001.18828] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2009-08-29 . B68F6E6C66D17D9EDABF3D5DA71046DA . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
[-] 2009-07-19 . 5A32B43A48D6DCA339BF24105D9A028F . 5937152 . . [8.00.6001.18812] . . c:\windows\ie8updates\KB974455-IE8\mshtml.dll
[-] 2009-07-19 . F25D866DD486AD30E05E5596CB363C3E . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[-] 2009-05-13 . EEAADAA744B20E68CF5EB4FBB4F8AFA9 . 5936128 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\mshtml.dll
[-] 2009-05-13 . 1290E417BF806185CC7B2845E78A104E . 5936128 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[-] 2009-03-07 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\mshtml.dll
[-] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2009-01-16 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie8\mshtml.dll
[-] 2008-12-13 . 121EC39A64D64205A88C2C45B034B455 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[-] 2008-10-16 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[-] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[-] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-08-20 . B83EB71C2052E05D13D690A224357441 . 3060224 . . [6.00.2900.3429] . . c:\windows\ie7\mshtml.dll
[-] 2008-08-20 . 20D44D1A5A406CD8E129D3D4F0B5717C . 3067392 . . [6.00.2900.3429] . . c:\windows\$hf_mig$\KB956390\SP2QFE\mshtml.dll
[-] 2008-08-20 . 507BDA42F7DB8209C0F0B3556A043491 . 3067904 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3GDR\mshtml.dll
[-] 2008-08-20 . BD45470B132A0F98596277323D9F2E5A . 3067904 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3QFE\mshtml.dll
[-] 2008-04-21 . 083B967E6B0B2BB539CE6B08D45D631F . 3066880 . . [6.00.2900.3354] . . c:\windows\$hf_mig$\KB950759\SP2QFE\mshtml.dll
[-] 2008-04-21 . FE406DE0651C9E8201DCB0460609D739 . 3066880 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3GDR\mshtml.dll
[-] 2008-04-21 . 46A61BA430110F00DD990D058AA3D054 . 3067392 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3QFE\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2006-02-01 . 51C91AC189321A320FC4BC90B56255A3 . 3073024 . . [6.00.2900.2838] . . c:\windows\$hf_mig$\KB912945\SP2QFE\mshtml.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-03 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-03 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2009-08-04 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-08-04 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2009-08-04 . 78FCC97CD878D4CF5B5D2158A5A7CF92 . 2145280 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . 60794EA12961B7341AD54C731B50AE15 . 2142720 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2006-10-30 . 29664B5A66F187790006014F87ADCCDF . 2182016 . . [5.1.2600.3023] . . c:\windows\$hf_mig$\KB896256\SP2QFE\ntoskrnl.exe

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-03 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-03 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-03 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-03 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2004-08-03 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll

[-] 2009-10-02 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-03 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2009-08-29 . CF0A5FE05BF614C24950D8FAEC1BC309 . 916480 . . [8.00.6001.18828] . . c:\windows\system32\wininet.dll
[-] 2009-08-29 . CF0A5FE05BF614C24950D8FAEC1BC309 . 916480 . . [8.00.6001.18828] . . c:\windows\system32\dllcache\wininet.dll
[-] 2009-08-29 . 972B226BDAD71C55F3CC9A72BBF8F1C1 . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[-] 2009-07-03 . 7E8A47A2E6561274B83E257CE74803FD . 915456 . . [8.00.6001.18806] . . c:\windows\ie8updates\KB974455-IE8\wininet.dll
[-] 2009-07-03 . 38114DAB42FB2EB84D1726C42B8D80C5 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[-] 2009-05-13 . 366C72AF6970DB7BB39AB0142BF09DB5 . 915456 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\wininet.dll
[-] 2009-05-13 . C0EB6850C8A02A154281749DC61FAF22 . 915456 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[-] 2009-03-07 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\wininet.dll
[-] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:\windows\ie8\wininet.dll
[-] 2008-10-16 . 6741EAF7B7F110E803A6E38F6E5FA6B0 . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-10-16 . 0D5B75171FF51775B630A431B6C667E8 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . 77C192FE56A70D7FA0247BA0A6201C32 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . EF8EBA98145BFA44E80D17A3B3453300 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-08-20 . 87E694D09893978F22024FEEEDF35342 . 659456 . . [6.00.2900.3429] . . c:\windows\ie7\wininet.dll
[-] 2008-08-20 . C91E3A6EF094202F6B5CA8960DFCF243 . 667648 . . [6.00.2900.3429] . . c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll
[-] 2008-08-20 . 9AF5F25124FBDC36E2B510729CBA2674 . 666112 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll
[-] 2008-08-20 . 94418F53D2612C26DBADC04DAFBC197C . 666624 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
[-] 2008-04-21 . 2E7DE1BF9418B071799EB53DE8CC22F5 . 666624 . . [6.00.2900.3354] . . c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll
[-] 2008-04-21 . 2B0C24AA747A93A28987B6D65A4A74BC . 666112 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
[-] 2008-04-21 . 26F240C250E5B4B395CB4B178BA75437 . 666624 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2006-01-09 . DDE9597A3311748C1519444E2BC147BD . 662016 . . [6.00.2900.2823] . . c:\windows\$hf_mig$\KB912945\SP2QFE\wininet.dll

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-03 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-03 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-03 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-03 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-03 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-03 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-03 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-03 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-03 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-03 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-03 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-03 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll

[-] 2004-08-03 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-03 17:09 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
[-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-03 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2008-04-14 00:12 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2006-10-18 16:17 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 16:17 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-03 23:30 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\$NtServicePackUninstall$\mspmsnsv.dll

[-] 2009-08-04 . 32B1A971183EC22DD91EEDA61C499E7C . 2023936 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 501FDE895F35DF1DAE49FD54BBF9D396 . 2020864 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-02-27 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2006-10-29 . 972DF9BC435B2F077B02C5E8A09ACF83 . 2059264 . . [5.1.2600.3023] . . c:\windows\$hf_mig$\KB896256\SP2QFE\ntkrnlpa.exe

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-03 23:30 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2009-02-19 202064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-12-14 159744]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-29 2220032]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2008-02-22 1245184]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-02 185872]
"Aide"="c:\program files\Mobile\Aide.exe" [2008-02-14 36864]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-10-26 1242384]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-11-06 16855552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

c:\documents and settings\Shivang\Start Menu\Programs\Startup\
WkCalRem.LNK - c:\program files\Microsoft Works\WkCalRem.exe [2007-11-27 46432]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-11 2150400]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-9-30 50688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-09 11:01 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Electronic Arts\\Need For Speed III\\nfs3.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/7/2009 4:05 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/7/2009 4:05 PM 20560]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [10/30/2009 10:04 PM 312592]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [9/30/2008 4:54 PM 48472]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [9/30/2008 4:54 PM 43480]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 96a3;96a3;c:\windows\system32\96a3.sys [6/22/2009 10:18 PM 54624]
S3 99d6C;99d6C;c:\windows\system32\99d6C.sys [5/22/2009 1:20 AM 54624]
S3 9f833;9f833;c:\windows\system32\9f833.sys [6/11/2009 11:47 PM 54624]
S3 a7c10;a7c10;c:\windows\system32\a7c10.sys [5/22/2009 1:09 AM 54624]
S3 acfva;acfva;c:\windows\system32\drivers\ACFVA32.sys [9/30/2008 4:53 PM 86656]
S3 aswArKrn;aswArKrn;\??\c:\docume~1\Shivang\LOCALS~1\Temp\aswArKrn.sys --> c:\docume~1\Shivang\LOCALS~1\Temp\aswArKrn.sys [?]
S3 c1a8;c1a8;c:\windows\system32\c1a8.sys [5/22/2009 7:58 PM 54624]
S3 dgcfltr;DGC Filter Driver;c:\windows\system32\drivers\ACFDCP32.sys [9/30/2008 4:53 PM 28928]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-31 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 12:06]

2009-10-31 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 09:37]

2009-11-01 c:\windows\Tasks\User_Feed_Synchronization-{B3616B1C-3B90-4FBF-ACE0-2B4078B2C991}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 23:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\update
Trusted Zone: millsberry.com\www
Trusted Zone: windowsupdate.com
FF - ProfilePath - c:\documents and settings\Shivang\Application Data\Mozilla\Firefox\Profiles\d6ud85wp.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\new folder\Netscape6\nppl3260.dll
FF - plugin: c:\new folder\Netscape6\nprjplug.dll
FF - plugin: c:\new folder\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npigl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-01 15:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Aide = c:\program files\Mobile\Aide.exe??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-983273617-2878044512-759671727-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{16F56A5A-500D-E51D-ABD4-4C1F79BD5AA7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abfmfmoebhdpjbmelnhbbmdepfkabgdadb"=hex:61,61,00,00
"bbfmfmoebhdpjbmelnoagapanlcoliancfhl"=hex:61,61,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(936)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\System32\BCMLogon.dll
c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
.
Completion time: 2009-11-01 15:55
ComboFix-quarantined-files.txt 2009-11-01 10:25

Pre-Run: 125,052,235,776 bytes free
Post-Run: 125,038,718,976 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - FF3CCF2E0E729E7C967315724A5A062D


compyman.

#13 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 AM

Posted 01 November 2009 - 01:24 PM

Hi,

Rkill doesn't work. The screen simply vanishes after a minute without leaving any scan completion message. I have tried all the four download links.

It is working fine. As per the directions I posted.....

A black screen with briefly flash indicating a successful run.

Please take your time and read the instructions thoroughly. If you have question please STOP and ask me about it. :(

==========

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Avast or Microsoft Security Essentials.

Please tell me which program you uninstalled.

==========

The following is referring to AdvancedSystemCare.
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

I would recommend removing AdvancedSystemCare.

==========

:( Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!! :)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\1bf86138dbad6e182ddf7d11
C:\d628abfea0bb034859ff420002e987
c:\windows\system32\96a3.sys
c:\windows\system32\99d6C.sys
c:\windows\system32\9f833.sys
c:\windows\system32\a7c10.sys
c:\windows\system32\c1a8.sys
c:\windows\system32\DRIVERS\TMPassthru.sys

RegNull::
[HKEY_USERS\S-1-5-21-983273617-2878044512-759671727-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{16F56A5A-500D-E51D-ABD4-4C1F79BD5AA7}*]

Driver::
96a3
99d6C
9f833
a7c10
c1a8
TMPassthruMP


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==========

Please rerun MBAM.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
    • Update Malwarebytes' Anti-Malware <--- Important!!
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

==========

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

==========

With your next post please provide:

* Which antivirus program did you uninstall?
* Did you uninstall the registry cleaner?
* Combofix.txt
* MBAM log
* How is your computer running?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#14 compyman

compyman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 02 November 2009 - 12:19 AM

Hello.

I need a few clarifications.

1. I am aware that two AVs can interfere if there real time protections are on. That is why, I always make sure that MSE 's reaL time protection is turned off. I keep MSE for scans only.
Do I still need to uninstall one of the two?

2. Regarding pasting message into combofix.
You asked me to rename combofix as thcbytes. Do I need to rename the file to combofix?





Sincerely
Compyman.


#15 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 AM

Posted 02 November 2009 - 10:58 AM

Hello,

1. I am aware that two AVs can interfere if there real time protections are on. That is why, I always make sure that MSE 's reaL time protection is turned off. I keep MSE for scans only.
Do I still need to uninstall one of the two?

No need to uninstall if its only used as an on-demand scanner. :(

==========

2. Regarding pasting message into combofix.
You asked me to rename combofix as thcbytes. Do I need to rename the file to combofix?

Do not rename it again. The purpose of renaming it in the 1st place was to fool the malware from blocking it. So from this point forward you can equate "combofix.exe" = "thcbytes.exe".

Thanks,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users