Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirects, mrt.exe & others won't run, virus or malware


  • This topic is locked This topic is locked
45 replies to this topic

#1 1earthquake

1earthquake

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 16 March 2011 - 12:42 PM

I am at my wits end with this problem, I hope to get help.... I have a HJT log if needed. Google began redirecting my searches a few days ago. Then I tried to remove malware, but haven't had any luck. Seems I have a deep level infection in the pc (dell inspiron 1000) If anyone can help I'd be very appreciative...

Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum, at the request of forum staff. ~ Animal

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:49 PM

Posted 16 March 2011 - 12:44 PM

What tools have you run (if any) to try and remove the malware?

If any of those tools provided logs to you, could you please post them in your next reply for me?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 1earthquake

1earthquake
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 16 March 2011 - 12:55 PM

thanx 4 the prompt reply.... I am a noob so please lemme know exactly what you need, I'll be happy to get it to you!


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:18:35 AM, on 3/16/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device

Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.rawstory.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no

file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -

(no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -

(no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no

file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program

Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - ?p=GR
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program

Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program

Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program

Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program

Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program

Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Free YouTube Download - C:\Documents and

Settings\Kamesh\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and

Settings\Kamesh\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program

Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} -

C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} -

C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 -

{CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth

Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} -

C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -

http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) -

http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base

Module) -

http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_

site.cab?1182396656281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_

site.cab?1182392856718
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -

http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8E175C33-D337-4092-99C6-CDEFA8271C9F} (Disk Doctors Live Health Check)

- http://www.diskdoctors.net/DiskDoctors.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) -

http://pcpitstop.com/mhLbl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) -

http://driveragent.com/files/driveragent.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) -

http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O22 - SharedTaskScheduler: Browseui preloader -

{438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon -

{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common

Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common

Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil

Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program

Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86

(clr_optimization_v2.0.50727_32) - Unknown owner -

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A

Division of Avid Technology, Inc. - C:\Program

Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. -

C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems,

Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Palm Novacom (NovacomD) - Palm - C:\Program Files\Palm,

Inc\novacom\x86\novacomd.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown

owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog

Devices\SoundMAX\spkrmon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program

Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SupportSoft RemoteAssist - Unknown owner - C:\Program Files\Common

Files\supportsoft\bin\ssrc.exe (file missing)
O23 - Service: SureThing Labelflash service - MicroVision Development, Inc. -

C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SupportSoft Repair Service (providercomcast)

(tgsrvc_providercomcast) - Unknown owner - C:\Program

Files\providerComcast\bin\tgsrvc.exe (file missing)
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9949 bytes

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:49 PM

Posted 16 March 2011 - 01:00 PM

A moderator will be by shortly to move this thread to the Malware forum.

I need to have you first do this:

  • You have word wrap turned on, this is making your logs difficult to read
  • Run notepad
  • Goto Format and untick Word Wrap


NEXT:




Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 1earthquake

1earthquake
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 16 March 2011 - 01:32 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:18:35 AM, on 3/16/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rawstory.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - ?p=GR
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Kamesh\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Kamesh\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182396656281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182392856718
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8E175C33-D337-4092-99C6-CDEFA8271C9F} (Disk Doctors Live Health Check) - http://www.diskdoctors.net/DiskDoctors.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Palm Novacom (NovacomD) - Palm - C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SupportSoft RemoteAssist - Unknown owner - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (file missing)
O23 - Service: SureThing Labelflash service - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SupportSoft Repair Service (providercomcast) (tgsrvc_providercomcast) - Unknown owner - C:\Program Files\providerComcast\bin\tgsrvc.exe (file missing)
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9949 bytes

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF2922000 C:\WINDOWS\system32\drivers\cmudaxu.sys 1392640 bytes (C-Media Inc, C-Media USB Audio WDM Driver)
0xF8B82000 btkrnl.sys 1245184 bytes (WIDCOMM, Inc., Bluetooth Protocol Driver for Windows 2000)
0xF7FFB000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1208320 bytes (Agere Systems, SoftModem Device Driver)
0xBF012000 C:\WINDOWS\System32\SiSGRV.dll 1138688 bytes (Silicon Integrated Systems Corporation, SiS Compatible Super VGA Driver)
0xF7F65000 C:\WINDOWS\system32\drivers\smwdm.sys 614400 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF8CF9000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF2C52000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF2A9E000 C:\WINDOWS\System32\Drivers\aswSnx.SYS 385024 bytes (AVAST Software, avast! Virtualization Driver)
0xF7E06000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF2D52000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF1F20000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xF2B24000 C:\WINDOWS\System32\Drivers\aswSP.SYS 294912 bytes (AVAST Software, avast! self protection module)
0xBF128000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF2090000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF8136000 C:\WINDOWS\system32\DRIVERS\sisgrp.sys 217088 bytes (Silicon Integrated Systems Corporation, SiS Compatible Super VGA Driver)
0xF20D1000 C:\WINDOWS\system32\drivers\btslbcsp.sys 204800 bytes (WIDCOMM, Inc., Bluetooth Serial Driver for Windows 2000)
0xF7E8C000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF8E89000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF22C3000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF8CCC000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF2CC2000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF2D2A000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF8E15000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF2C2C000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF7F41000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF7EFA000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF7F1E000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF2D08000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EF000 ACPI_HAL 131840 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF8DC5000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF8E3B000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF8E5A000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF2CED000 C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys 110592 bytes (Sun Microsystems, Inc., VirtualBox Support Driver)
0xF8CB2000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF2793000 C:\WINDOWS\system32\dla\tfsnudf.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xF277A000 C:\WINDOWS\system32\dla\tfsnudfa.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xF8DFD000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF8DE5000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF2533000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xF8D86000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF7EE3000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF8DAF000 drvmcdb.sys 90112 bytes (Sonic Solutions, Device Driver)
0xF27AC000 C:\WINDOWS\system32\dla\tfsnifs.sys 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7EBC000 C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys 90112 bytes (Sun Microsystems, Inc., VirtualBox Host-Only Network Adapter Driver)
0xF233E000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF8122000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF2DAB000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF8D9D000 TPkd.sys 73728 bytes (PACE Anti-Piracy, Inc., InterLok system file)
0xF8E78000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF7ED2000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF8FE8000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF9108000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF8F58000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF9118000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF8FF8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF26B2000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF817B000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF8F68000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF8F18000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF9128000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF9138000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8EF8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF81FB000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF8FB8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF90F8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8EE8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF9148000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8F48000 sbp2port.sys 45056 bytes (Microsoft Corporation, SBP-2 Protocol Driver)
0xF9008000 C:\WINDOWS\system32\DRIVERS\ser2pl.sys 45056 bytes (Prolific Technology Inc., USB-to-Serial Cable Driver)
0xF816B000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xF2BAC000 C:\WINDOWS\system32\drivers\drvnddm.sys 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF8ED8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF81BB000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF8F28000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF8F38000 SISAGPX.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS AGPv3.5 Filter)
0xF81CB000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF8F08000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF9018000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF90E8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF81EB000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF8F88000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF28CA000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF2B9C000 C:\WINDOWS\system32\dla\tfsncofs.sys 36864 bytes (Sonic Solutions, Drive Letter Access Component)
0xF8F98000 C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys 36864 bytes (Sun Microsystems, Inc., VirtualBox USB Monitor Driver)
0xF8FC8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF9208000 C:\WINDOWS\system32\drivers\Afc.sys 32768 bytes (Arcsoft, Inc., Arcsoft® ASPI Shell)
0xF9168000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver)
0xF9218000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF92A8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF9230000 C:\WINDOWS\system32\DRIVERS\sisnic.sys 32768 bytes (SiS Corporation, SiS PCI Fast Ethernet Adapter Driver)
0xF92D8000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF9228000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF9290000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF9158000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF9170000 pssnap.sys 28672 bytes (Macrium Software, Backup image protection)
0xF91B0000 C:\WINDOWS\system32\dla\tfsnboio.sys 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF92E0000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF92C8000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF92C0000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF91F0000 C:\WINDOWS\system32\drivers\btserial.sys 24576 bytes
0xF9210000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF9238000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF9240000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF9288000 C:\WINDOWS\system32\drivers\ssrtln.sys 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF9298000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF92B0000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xF92A0000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF9268000 C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS 20480 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF9160000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF9258000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF9260000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF9248000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF9220000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF9188000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF92F0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF93A4000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF24FB000 C:\WINDOWS\system32\drivers\cpuz134_x32.sys 16384 bytes (Windows ® Win 7 DDK provider, CPUID Driver)
0xF9390000 C:\WINDOWS\system32\drivers\fanio.sys 16384 bytes (Christian Diefer, I8k Fan I/O)
0xF7DFA000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF2826000 C:\WINDOWS\system32\DRIVERS\mdc8021x.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF8B5A000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF281E000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7E68000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF836E000 C:\WINDOWS\system32\dla\tfsnopio.sys 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xF92F4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF28FE000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xF92E8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF92EC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF8B56000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7E64000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF7DF6000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF93B4000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF93A8000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus® ASPI Shell)
0xF835E000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF8356000 C:\WINDOWS\system32\DRIVERS\srvkp.sys 12288 bytes (Silicon Integrated Systems Corporation, SiS VGA Driver Manager)
0xF93FA000 C:\WINDOWS\system32\drivers\aeaudio.sys 8192 bytes (Andrea Electronics Corporation, Andrea Audio Stub Driver)
0xF940C000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF93DC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF940A000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF93D8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF940E000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF9410000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF9408000 C:\WINDOWS\system32\drivers\sscdbhk5.sys 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF9400000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF9484000 C:\WINDOWS\system32\dla\tfsnpool.sys 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF9402000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF93DA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF95E5000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF958F000 C:\WINDOWS\System32\Drivers\BANTExt.sys 4096 bytes
0xF94DC000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF958E000 C:\WINDOWS\system32\mbmiodrvr.sys 4096 bytes (cansoft@livewiredev.com, MBMIO Driver)
0xF9582000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF94A1000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF94A0000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF95DA000 C:\WINDOWS\system32\dla\tfsndrct.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xF9595000 C:\WINDOWS\system32\dla\tfsndres.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [aksusb.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [wpdusb.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [nvraid.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [NvAtaBus.sys]

OTL logfile created on: 3/16/2011 11:11:17 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Kamesh\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

701.00 Mb Total Physical Memory | 191.00 Mb Available Physical Memory | 27.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 15.72 Gb Free Space | 42.20% Space Free | Partition Type: NTFS
Drive G: | 232.88 Gb Total Space | 48.60 Gb Free Space | 20.87% Space Free | Partition Type: NTFS

Computer Name: MESHERS | User Name: Kamesh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/16 11:04:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kamesh\Desktop\OTL.exe
PRC - [2011/03/06 09:45:01 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/23 07:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 07:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/07/29 20:27:42 | 000,220,128 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
PRC - [2010/03/25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
PRC - [2010/01/12 10:07:44 | 000,033,792 | ---- | M] (Palm) -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
PRC - [2009/11/02 15:51:24 | 001,134,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe
PRC - [2009/11/02 15:51:22 | 000,026,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe


========== Modules (SafeList) ==========

MOD - [2011/03/16 11:04:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kamesh\Desktop\OTL.exe
MOD - [2011/02/23 07:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (tgsrvc_providercomcast) SupportSoft Repair Service (providercomcast)
SRV - File not found [On_Demand | Stopped] -- -- (SupportSoft RemoteAssist)
SRV - File not found [On_Demand | Stopped] -- -- (clr_optimization_v2.0.50727_32)
SRV - [2011/02/23 07:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/07/29 20:27:42 | 000,220,128 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV - [2010/01/12 10:07:44 | 000,033,792 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe -- (NovacomD)
SRV - [2009/11/02 15:51:24 | 001,134,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe -- (winss)
SRV - [2009/11/02 15:51:22 | 000,026,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe -- (OcHealthMon)
SRV - [2005/10/25 23:21:50 | 000,061,440 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2005/04/04 18:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)
SRV - [2004/03/16 13:33:24 | 000,421,888 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device)
SRV - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)
SRV - [2003/04/18 16:30:46 | 000,065,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe -- (SPTISRV)
SRV - [2002/12/17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 18:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 06:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 06:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 06:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 06:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 06:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 06:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 06:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/07/29 20:28:02 | 000,015,328 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pssnap.sys -- (pssnap)
DRV - [2010/07/09 13:18:56 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2009/10/29 15:48:42 | 000,103,888 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2009/10/29 15:48:42 | 000,095,376 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2009/10/29 15:48:42 | 000,041,424 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2009/10/29 15:48:40 | 000,116,368 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2009/04/04 19:40:17 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/12/11 10:52:12 | 000,026,784 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2007/12/06 15:45:44 | 000,003,768 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MovRVDrv32.sys -- (MovRVDrv32)
DRV - [2007/12/06 15:45:42 | 000,513,152 | ---- | M] (Windows ® 2000/XP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SndTDriverV32.sys -- (SndTDriverV32)
DRV - [2007/08/15 08:27:18 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\n558.sys -- (n558)
DRV - [2007/06/21 11:32:17 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/02/16 02:05:48 | 000,014,464 | ---- | M] (Christian Diefer) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fanio.sys -- (fanio)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/09/27 21:30:38 | 000,080,481 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rdwm1003.sys -- (RDID1003)
DRV - [2005/09/27 09:00:02 | 000,069,920 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2005/07/20 15:26:02 | 001,390,656 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmudaxu.sys -- (cmudau)
DRV - [2005/05/27 10:45:40 | 000,017,920 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ax88772.sys -- (AX88772)
DRV - [2004/07/03 19:52:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/06/28 13:08:56 | 000,042,752 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2004/06/25 16:15:50 | 000,315,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/06/10 17:56:24 | 000,012,160 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/06/10 17:56:16 | 000,216,320 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/04/10 09:42:36 | 000,002,944 | ---- | M] (cansoft@livewiredev.com) [Kernel | System | Running] -- C:\WINDOWS\system32\mbmiodrvr.sys -- (mbmiodrvr)
DRV - [2004/02/14 04:04:48 | 000,469,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2003/11/19 15:41:18 | 001,205,292 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/08/14 13:37:14 | 000,022,183 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2003/08/14 13:36:48 | 000,222,876 | ---- | M] (WIDCOMM, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - [2003/08/14 13:33:08 | 001,257,418 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2003/07/18 09:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (sisagp)
DRV - [2002/10/15 14:59:24 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2002/07/17 10:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2002/02/11 14:15:50 | 000,014,572 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PFC.SYS -- (pfc)
DRV - [2001/09/24 04:36:28 | 000,075,776 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPUATA.sys -- (HPUATA)
DRV - [2000/06/05 10:28:32 | 000,047,328 | ---- | M] (Warp Nine Engineering) [Kernel | Auto | Stopped] -- C:\Program Files\FlexiSIGN-PRO 6.5\Program\Par1284.sys -- (Par1284)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = http://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-329068152-583907252-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/
IE - HKU\S-1-5-21-329068152-583907252-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rawstory.com/
IE - HKU\S-1-5-21-329068152-583907252-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-329068152-583907252-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://rawstory.com/"
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {eb46c787-131a-4eb7-9b93-7f62ca550917}:0.4.2
FF - prefs.js..network.proxy.type: 0

FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port: 0
FF - user.js..network.proxy.ssl: ""
FF - user.js..network.proxy.ssl_port: 0
FF - user.js..network.proxy.type: 0
FF - user.js..network.proxy.socks: ""
FF - user.js..network.proxy.socks_port: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/08 15:20:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/06 09:45:13 | 000,000,000 | ---D | M]

[2009/05/05 10:21:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kamesh\Application Data\Mozilla\Extensions
[2011/03/16 10:23:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kamesh\Application Data\Mozilla\Firefox\Profiles\9gx5sup2.default\extensions
[2010/04/30 19:20:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kamesh\Application Data\Mozilla\Firefox\Profiles\9gx5sup2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/29 19:40:29 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Kamesh\Application Data\Mozilla\Firefox\Profiles\9gx5sup2.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2008/09/01 10:38:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kamesh\Application Data\Mozilla\Firefox\Profiles\9gx5sup2.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2010/01/28 19:02:07 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Kamesh\Application Data\Mozilla\Firefox\Profiles\9gx5sup2.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2009/12/16 03:48:05 | 000,000,000 | ---D | M] ("GrayModern2") -- C:\Documents and Settings\Kamesh\Application Data\Mozilla\Firefox\Profiles\9gx5sup2.default\extensions\{eb46c787-131a-4eb7-9b93-7f62ca550917}
[2009/05/12 10:31:57 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Kamesh\Application Data\Mozilla\Firefox\Profiles\9gx5sup2.default\searchplugins\weathercom.xml
[2011/03/16 10:23:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/18 13:35:52 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\KAMESH\APPLICATION DATA\MOVE NETWORKS
[2008/01/22 23:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2008/09/03 17:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/11/15 18:40:00 | 000,159,744 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2010/09/22 10:40:20 | 000,419,407 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14474 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - Reg Error: Value error. File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - Reg Error: Value error. File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - Reg Error: Value error. File not found
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKU\S-1-5-21-329068152-583907252-682003330-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [CmUsbSound] File not found
O4 - HKU\S-1-5-21-329068152-583907252-682003330-1003..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-583907252-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-329068152-583907252-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-583907252-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-329068152-583907252-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Kamesh\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Kamesh\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182396656281 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182392856718 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8E175C33-D337-4092-99C6-CDEFA8271C9F} http://www.diskdoctors.net/DiskDoctors.cab (Disk Doctors Live Health Check)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\cryptnet: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\cscdll: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\sclgntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\SensLogn: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\termsrv: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Kamesh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kamesh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/20 16:56:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/16 11:04:39 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kamesh\Desktop\OTL.exe
[2011/03/16 10:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamesh\Start Menu\Programs\HiJackThis
[2011/03/16 10:16:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/03/16 10:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamesh\Start Menu\Programs\Revo Uninstaller
[2011/03/15 11:37:08 | 008,071,175 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\Kamesh\Desktop\stinger10101451.exe
[2011/03/15 09:35:28 | 001,914,496 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Kamesh\Desktop\HousecallLauncher.exe
[2011/03/14 15:25:13 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2011/03/14 12:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamesh\Application Data\Malwarebytes
[2011/03/14 12:04:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/14 12:04:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/14 12:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/14 12:03:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/14 12:03:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/14 11:35:24 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/03/14 10:21:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kamesh\Recent
[2011/03/14 10:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/03/14 10:08:36 | 003,033,192 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Kamesh\Desktop\ccsetup304.exe
[2011/03/13 18:59:22 | 012,502,472 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Kamesh\Desktop\windows-kb890830-v3.17(2).exe
[2011/03/13 18:38:58 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Kamesh\Desktop\TDSSKiller.exe
[2011/03/13 18:00:18 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/03/13 12:03:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/03/13 12:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/03/13 12:00:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamesh\Application Data\GetRightToGo
[2011/03/10 12:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2011/03/10 12:38:00 | 012,502,472 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Kamesh\Desktop\wmsrt.exe
[2011/03/10 10:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/03/04 10:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamesh\Desktop\Pema Yang Chen
[2011/03/04 08:58:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/02/27 19:40:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamesh\Desktop\fonts
[42 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/16 11:22:01 | 000,000,394 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1074BB64-E154-466F-A8C7-D00BCC3F2CE3}.job
[2011/03/16 11:04:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kamesh\Desktop\OTL.exe
[2011/03/16 11:03:56 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Kamesh\Desktop\RKUnhookerLE.EXE
[2011/03/16 10:36:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/16 10:16:32 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\Kamesh\Desktop\HiJackThis.lnk
[2011/03/16 10:15:47 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Kamesh\Desktop\HijackThis.msi
[2011/03/16 10:03:36 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Kamesh\Desktop\Revo Uninstaller.lnk
[2011/03/16 09:50:17 | 000,000,314 | -HS- | M] () -- C:\WINDOWS\tasks\GPYZ.job
[2011/03/16 09:49:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/16 09:26:39 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/16 05:45:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2011/03/15 12:01:31 | 000,000,017 | ---- | M] () -- C:\Documents and Settings\Kamesh\Desktop\stinger10101451.opt
[2011/03/15 11:52:12 | 000,006,404 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/03/15 11:37:23 | 008,071,175 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\Kamesh\Desktop\stinger10101451.exe
[2011/03/14 15:17:20 | 005,154,304 | ---- | M] () -- C:\Documents and Settings\Kamesh\Desktop\WindowsDefender.msi
[2011/03/14 14:36:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/14 12:04:10 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/14 11:40:50 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Kamesh\Local Settings\Application Data\housecall.guid.cache
[2011/03/14 10:31:35 | 000,271,792 | ---- | M] () -- C:\Documents and Settings\Kamesh\My Documents\cc_20110314_103101.reg
[2011/03/14 10:23:21 | 001,914,496 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Kamesh\Desktop\HousecallLauncher.exe
[2011/03/14 10:10:13 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/03/14 10:08:39 | 003,033,192 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Kamesh\Desktop\ccsetup304.exe
[2011/03/13 18:59:52 | 012,502,472 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Kamesh\Desktop\windows-kb890830-v3.17(2).exe
[2011/03/13 18:38:42 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Kamesh\Desktop\tdsskiller.zip
[2011/03/13 18:00:18 | 000,002,674 | ---- | M] () -- C:\WINDOWS\System32\config.nt
[2011/03/13 15:52:10 | 000,460,856 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 15:52:10 | 000,079,228 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/13 11:43:25 | 004,286,145 | ---- | M] () -- C:\Documents and Settings\Kamesh\Desktop\ComboFix.exe
[2011/03/11 08:16:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/10 21:07:44 | 000,020,444 | ---- | M] () -- C:\Documents and Settings\Kamesh\Desktop\virusencyclopedia.htm
[2011/03/10 12:38:23 | 012,502,472 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Kamesh\Desktop\wmsrt.exe
[2011/03/10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Kamesh\Desktop\TDSSKiller.exe
[2011/03/10 12:13:50 | 000,050,981 | ---- | M] () -- C:\Documents and Settings\Kamesh\Desktop\dubFrontBig.jpg
[2011/03/09 13:30:14 | 000,001,035 | ---- | M] () -- C:\WINDOWS\System\CMCNFGU.INI
[2011/03/09 11:20:28 | 002,766,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/08 15:53:45 | 000,111,746 | ---- | M] () -- C:\Documents and Settings\Kamesh\Desktop\cornerstone2.jpg
[2011/03/06 11:49:38 | 000,143,360 | RHS- | M] () -- C:\WINDOWS\System32\normnfcs.dll
[2011/03/05 20:17:31 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\Kamesh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/05 20:16:48 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\Kamesh\Desktop\DVDVideoSoft Free Studio.lnk
[2011/03/05 20:15:42 | 000,001,027 | ---- | M] () -- C:\Documents and Settings\Kamesh\Desktop\Free Video to DVD Converter.lnk
[2011/03/04 08:58:04 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/02/24 10:51:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\mixpadShakeIcon.job
[2011/02/23 07:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/02/23 07:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/02/23 06:56:55 | 000,371,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/02/23 06:56:45 | 000,301,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/02/23 06:55:49 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/02/23 06:55:47 | 000,102,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/02/23 06:55:44 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/02/23 06:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/02/23 06:54:57 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/02/23 06:54:55 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/02/15 10:50:00 | 000,000,592 | ---- | M] () -- C:\WINDOWS\sam7_E.INI
[42 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/16 11:03:53 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Kamesh\Desktop\RKUnhookerLE.EXE
[2011/03/16 10:16:18 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\Kamesh\Desktop\HiJackThis.lnk
[2011/03/16 10:15:47 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Kamesh\Desktop\HijackThis.msi
[2011/03/16 10:03:36 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Kamesh\Desktop\Revo Uninstaller.lnk
[2011/03/15 12:01:31 | 000,000,017 | ---- | C] () -- C:\Documents and Settings\Kamesh\Desktop\stinger10101451.opt
[2011/03/15 09:33:11 | 004,286,145 | ---- | C] () -- C:\Documents and Settings\Kamesh\Desktop\ComboFix.exe
[2011/03/14 15:16:56 | 005,154,304 | ---- | C] () -- C:\Documents and Settings\Kamesh\Desktop\WindowsDefender.msi
[2011/03/14 12:04:10 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/14 11:40:50 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Kamesh\Local Settings\Application Data\housecall.guid.cache
[2011/03/14 10:31:09 | 000,271,792 | ---- | C] () -- C:\Documents and Settings\Kamesh\My Documents\cc_20110314_103101.reg
[2011/03/14 10:10:12 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/03/13 18:38:42 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Kamesh\Desktop\tdsskiller.zip
[2011/03/10 21:07:34 | 000,020,444 | ---- | C] () -- C:\Documents and Settings\Kamesh\Desktop\virusencyclopedia.htm
[2011/03/10 12:13:49 | 000,050,981 | ---- | C] () -- C:\Documents and Settings\Kamesh\Desktop\dubFrontBig.jpg
[2011/03/08 14:49:10 | 000,111,746 | ---- | C] () -- C:\Documents and Settings\Kamesh\Desktop\cornerstone2.jpg
[2011/03/06 11:49:39 | 000,000,314 | -HS- | C] () -- C:\WINDOWS\tasks\GPYZ.job
[2011/03/06 11:49:37 | 000,143,360 | RHS- | C] () -- C:\WINDOWS\System32\normnfcs.dll
[2011/03/05 20:16:48 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\Kamesh\Desktop\DVDVideoSoft Free Studio.lnk
[2011/03/05 20:15:42 | 000,001,027 | ---- | C] () -- C:\Documents and Settings\Kamesh\Desktop\Free Video to DVD Converter.lnk
[2011/03/04 08:58:04 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/02/15 10:51:16 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\mixpadShakeIcon.job
[2010/11/05 19:48:36 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/11/05 08:06:22 | 000,542,656 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/23 11:44:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\MX_SHARE.DAT
[2010/09/20 17:37:38 | 000,745,472 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/09/20 17:37:38 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/08/29 20:17:10 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Easy Video to DVD.INI
[2010/06/29 20:18:35 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\drvlock.sys
[2010/06/29 20:18:35 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\symbios.sys
[2010/06/04 13:42:02 | 000,000,189 | ---- | C] () -- C:\WINDOWS\sc.INI
[2010/03/14 08:41:05 | 000,000,080 | ---- | C] () -- C:\WINDOWS\SuperUtil.ini
[2010/03/10 12:19:36 | 000,173,324 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/07 09:45:31 | 000,009,942 | -HS- | C] () -- C:\Documents and Settings\Kamesh\Local Settings\Application Data\fwSG76dUmwJ
[2010/02/08 07:33:04 | 000,359,320 | ---- | C] () -- C:\WINDOWS\System32\vfprintpthelper.dll
[2009/12/28 01:08:41 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/11/28 14:54:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/16 16:53:14 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Kamesh\Local Settings\Application Data\fusioncache.dat
[2009/08/04 15:35:16 | 000,010,886 | ---- | C] () -- C:\WINDOWS\System32\RdCi1003.dll
[2009/08/04 15:35:16 | 000,004,088 | ---- | C] () -- C:\WINDOWS\System32\Rd3t1003.DAT
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/04/12 13:11:27 | 000,000,159 | ---- | C] () -- C:\WINDOWS\rar_crck.ini
[2009/03/30 20:09:54 | 000,000,185 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/02/26 12:26:19 | 000,000,114 | ---- | C] () -- C:\WINDOWS\LVMMail.INI
[2009/02/25 13:32:10 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2009/02/25 13:31:40 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVUSBSta.sys
[2009/02/25 13:31:40 | 000,005,993 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/02/25 13:31:39 | 000,469,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2009/02/25 13:30:58 | 000,000,264 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/09/04 13:01:23 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2008/07/23 09:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/06/28 16:46:56 | 000,000,592 | ---- | C] () -- C:\WINDOWS\sam7_E.INI
[2008/06/28 16:36:52 | 000,000,091 | ---- | C] () -- C:\WINDOWS\magix.ini
[2008/06/28 16:34:18 | 000,000,730 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008/03/31 17:18:32 | 010,886,008 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2008/03/01 01:25:05 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\CmDrvRmU.exe
[2008/03/01 01:25:05 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\cmdrvrmu.dll
[2008/02/11 09:39:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 09:39:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 13:53:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2008/02/05 08:48:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerUninstaller.exe
[2008/01/03 23:03:27 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\Mgsjc.dll
[2007/12/24 15:27:36 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2007/10/17 16:28:45 | 000,000,480 | ---- | C] () -- C:\WINDOWS\rsagent.ini
[2007/08/23 20:30:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/08/15 08:27:18 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
[2007/08/02 11:06:35 | 000,696,320 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/08/02 11:06:35 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/07/27 14:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007/06/25 21:29:01 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2007/06/25 20:40:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/06/25 20:33:57 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2007/06/21 11:34:12 | 000,056,832 | ---- | C] () -- C:\Documents and Settings\Kamesh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/21 11:32:16 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2007/06/21 11:32:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2007/06/21 10:54:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/21 09:33:21 | 000,002,732 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/06/21 09:21:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/06/21 08:37:06 | 000,000,470 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2007/06/21 08:36:38 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2007/06/21 08:36:38 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2007/06/21 08:35:06 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dlbtih.exe
[2007/06/21 08:35:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2007/06/21 08:35:03 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2007/06/21 08:35:03 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2007/06/21 08:34:56 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2007/06/21 08:34:49 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2007/06/20 18:06:51 | 000,108,295 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2007/06/20 18:06:29 | 000,216,879 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2007/06/20 18:06:23 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
[2007/06/20 18:06:23 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
[2007/06/20 17:00:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/06/20 16:50:53 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/06/20 09:20:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/06/20 09:18:26 | 002,766,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/03/27 10:45:22 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2007/03/27 10:45:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2005/12/05 19:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005/03/21 18:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 18:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,460,856 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,079,228 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\w02tniuw.dll
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/03/26 15:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/08/14 14:17:28 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\btsendto_ie.dll
[2003/08/14 14:16:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\btsendto_wab.dll
[2003/08/14 13:50:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2003/08/14 13:37:14 | 000,022,183 | ---- | C] () -- C:\WINDOWS\System32\drivers\btserial.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/08/06 20:16:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\OTS_UI.EXE
[1999/07/05 03:00:00 | 000,074,540 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1996/04/03 12:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 172 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B682472
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05D195EC
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCD94695

< End of report >
OTL Extras logfile created on: 3/16/2011 11:11:17 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Kamesh\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

701.00 Mb Total Physical Memory | 191.00 Mb Available Physical Memory | 27.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 15.72 Gb Free Space | 42.20% Space Free | Partition Type: NTFS
Drive G: | 232.88 Gb Total Space | 48.60 Gb Free Space | 20.87% Space Free | Partition Type: NTFS

Computer Name: MESHERS | User Name: Kamesh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-329068152-583907252-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1
"DisableConfig" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"24702:TCP" = 24702:TCP:*:Disabled:BitComet 24702 TCP
"24702:UDP" = 24702:UDP:*:Disabled:BitComet 24702 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlexiSIGN-PRO 6.5\Program\App.exe" = C:\Program Files\FlexiSIGN-PRO 6.5\Program\App.exe:*:Disabled:FlexiSIGN-PRO -- (Amiable Technologies Inc.)
"C:\Documents and Settings\Kamesh\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Kamesh\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Disabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" = C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2 -- (Adobe Systems Incorporated)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\FTP Commander\ftpcomm.exe" = C:\Program Files\FTP Commander\ftpcomm.exe:*:Disabled:ftpcomm -- (Internetsoft)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{0965D484-1777-4BA5-8C3A-095A6B0D2696}_is1" = Driver Sweeper 1.5.5
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1099EEAB-C4BC-4F66-980F-2269856A71CD}" = Native Instruments Traktor
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1B343C8C-F170-4829-8481-E163317C5830}" = iTunes
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17
"{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Camera Support Core Library
"{2956585F-DB2F-45C2-9363-F8CB0BB4F2A7}" = Sony ACID Pro 6.0
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2A9CD591-2DB0-415E-AD6E-E0D905CFD057}" = Macrium Reflect - Free Edition
"{2B5A75F0-FD85-4094-AB00-94902398D192}" = Sony Media Manager 2.2
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3137CBA1-567B-411C-9B74-131A6D98E9DC}" = Microsoft Windows OneCare Live v2.5.2901.40
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3851147E-5A91-4469-BA4D-13FFFCC8A920}" = Microsoft Windows OneCare Live v2.5.2901.40 Idcrl Install
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39556553-8C77-4C5E-8F30-4083274948A2}" = Application Verifier
"{3AD83857-257F-4DCB-8451-55012C9E0F55}" = OpenMG Secure Module 3.3
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{466B21EE-2858-4845-B2B3-056FC544DAA3}" = Logitech QuickCam
"{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1" = SureThing CD Labeler Deluxe 5
"{54FCF706-A181-489C-9C34-DBCF764DC214}" = Digidesign ASIO Driver
"{55D1BF8E-EA8F-4969-82B9-B577010CFBCD}" = Microsoft Baseline Security Analyzer 2.1
"{5636E517-8100-4E2A-B69E-2B16AFFA2360}" = Sony Sound Forge 8.0d
"{5660022E-F3F2-4126-8CC5-9726C47150EB}" = Microsoft Windows Live OneCare Resources v2.5.2901.40
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5EAF86CC-D797-41D1-B22E-A8A5FB40C103}" = Sun VirtualBox
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{621FCD24-4498-4324-A81E-07D331376EDF}" = PixiePack Codec Pack
"{6513E869-647F-40FD-A55D-CFC92579B9BA}" = PX Engine
"{67E6A1F1-77CB-4C00-B113-C9CFA6D35BCD}" = Mixman StudioXPro
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = RAW Image Task 1.1
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72AFDA89-371C-4596-B1ED-6F0E2CFFE5AA}" = TARGUS ACP45 V1.0.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{79C8E125-2115-40EB-B89C-C3DFFFDFCBFE}" = MixMeister
"{7D97247A-63D6-4177-9AA5-9421E1C34F5D}" = Screenblast ACID 4.0
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{80C3019B-3BA4-4674-AC90-A0B402593BA5}_is1" = WMP Tag Plus 1.2
"{85F4CBCB-9BBC-4B50-A7D8-E1106771498D}" = Orca
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8FE3E922-C58B-4E18-A923-FC85530C23C5}" = Scratch Live 1.9.2 (19222)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F1D8E17-2AE6-4608-901D-42146D7D9C68}" = Digidesign Audio Drivers 7.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Camera Window
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B90AA717-DD38-4F81-997F-42363D7F59F7}" = radioSHARK
"{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C26ED93F-A16E-4FC9-B158-A1D5CC604949}" = HD-DV decoder
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = RemoteCapture Task 1.0.3
"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = MovieEdit Task
"{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}" =
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E17AF7A0-B0A8-4B55-A4B4-1D8D4E171BA2}" = Free Bomb Factory Plug-Ins 7.0
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in
"{FE90E9E7-A158-4687-8853-DF677A939A61}" = WIDCOMM Bluetooth Software
"{FF0B0792-F6E7-4627-B820-EA50617E223B}" = QuarkXPress 6.5
"1" = FlexiSIGN-PRO 6.5v3
"84713BEB4A2EB4B0E2F1346FDEBFFE94DAB5225D" = Windows Driver Package - Palm (WinUSB) Palm Devices (11/30/2008 1.0.0)
"ABBYY FineReader 5.0 Sprint" =
"Ableton Live_is1" = Ableton Live v7.0.1
"AC3Filter_is1" = AC3Filter 1.63b
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 5" = Acoustica Mixcraft 5
"AddressBook" =
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"AnalogX DLLArchive" = AnalogX DLLArchive
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"Belarc Advisor" = Belarc Advisor 8.1
"BitTorrent" = BitTorrent
"Blaze Audio RipEditBurn PLUS_is1" = Blaze Audio RipEditBurn PLUS
"Branding" =
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Utility
"CANONBJ_Deinstall_CNMCP61.DLL" = Canon PIXMA iP3000
"CCleaner" = CCleaner
"ClubDJ Pro" = ClubDJ Pro
"C-Media USB Sound Driver" = C-Media USB Sound Driver
"Connection Manager" =
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922
"DIKO Free_is1" = DIKO 2.47
"DirectAnimation" =
"DirectDrawEx" =
"DivX Setup.divx.com" = DivX Setup
"DXM_Runtime" =
"Easy MPEG AVI DIVX WMV RM to DVD_is1" = Easy MPEG/AVI/DIVX/WMV/RM to DVD 1.6.10
"Easy Video Joiner_is1" = Easy Video Joiner 5.21
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"ESET Online Scanner" = ESET Online Scanner v3
"EsetOnlineScanner" = ESET Online Scanner
"FL Studio_is1" = FL Studio v7.0
"FLAC" = FLAC 1.2.1b (remove only)
"FLAC To MP3_is1" = FLAC To MP3 V4.0.1
"Fontcore" =
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Audio Dub_is1" = Free Audio Dub version 1.7
"Free DVD Video Burner_is1" = Free DVD Video Burner version 2.4
"Free DVD Video Converter_is1" = Free DVD Video Converter version 1.4
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6.18.305
"Free YouTube Download_is1" = Free YouTube Download 2.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"FTP Commander" = FTP Commander
"HaaliMkx" = Haali Media Splitter
"HDD Health_is1" = HDD Health v3.3 Beta
"I8kfanGUI" = I8kfanGUI V3.1
"ICW" =
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE40" =
"IE4Data" =
"IE5BAKEX" =
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IEData" =
"ImgBurn" = ImgBurn
"InstallShield Uninstall Information" =
"InstallShield_{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Canon Camera Support Core Library
"InstallShield_{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"Izi Wai" = Izi Wai
"Logitech Print Service" = Logitech Print Service
"Lu Qi 2004" = Lu Qi 2004
"Magix Samplitude Professional v7.02" = Magix Samplitude Professional v7.02
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixPad" = MixPad Audio Mixer
"MobileOptionPack" =
"Motherboard Monitor 5_is1" = Motherboard Monitor 5
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI30a-KB884016" =
"MSI30-Beta1" =
"MSI30-Beta2" =
"MSI30-KB884016" =
"MSI30-RC1" =
"MSI30-RC2" =
"MSI31-Beta" =
"MSI31-RC1" =
"Native Instruments Beatport Sync" = Native Instruments Beatport Sync
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"NetMeeting" =
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Open Codecs" = Xiph.Org Open Codecs 0.84.17359
"OutlookExpress" =
"PCHealth" =
"PhotoRecord" =
"PitchPerfect" = PitchPerfect Musical Instrument Tuner
"PokerStars" = PokerStars
"Preamp Emulator" = Preamp Emulator
"Prism" = Prism Video Converter
"QcDrv" = Logitech® Camera Driver
"RarZilla Free Unrar 2.52" = RarZilla Free Unrar 2.52
"Reason4_is1" = Reason 4.0.1
"Recuva" = Recuva
"Revo Uninstaller" = Revo Uninstaller 1.91
"SchedulingAgent" =
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SoftwareClub Audio Converter Extractor Max_is1" = SoftwareClub Audio Converter Extractor Max 2.1.0.0
"SoundCapture" = SoundCapture
"SpeedswitchXP" = SpeedswitchXP V1.5
"TempoPerfect" = TempoPerfect
"Total Capture" = MARGI Systems Total Capture
"TwelveKeys" = TwelveKeys Music Transcription Software
"Uninstall_is1" = Uninstall 1.0.0.1
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinSS" = Windows Live OneCare Restore Tool
"winusb0100" = Microsoft WinUsb 1.0
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"Zulu" = Zulu DJ Software

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-329068152-583907252-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"f031ef6ac137efc5" = Dell Driver Download Manager
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Palm webOS® Doctor™ Build Sprint.170.220, webOS 1.3.5.1" = Palm webOS® Doctor™ Build Sprint.170.220, webOS 1.3.5.1
"Palm webOS® Doctor™ Build Sprint.251.299, webOS 1.4.5" = Palm webOS® Doctor™ Build Sprint.251.299, webOS 1.4.5
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 10/14/2009 8:44:34 PM | Computer Name = MESHERS | Source = avast! | ID = 33554522
Description =

Error - 10/15/2009 2:50:27 AM | Computer Name = MESHERS | Source = avast! | ID = 33554522
Description =

Error - 10/15/2009 2:50:27 AM | Computer Name = MESHERS | Source = avast! | ID = 33554522
Description =

Error - 10/15/2009 2:50:27 AM | Computer Name = MESHERS | Source = avast! | ID = 33554522
Description =

Error - 10/15/2009 8:57:48 PM | Computer Name = MESHERS | Source = avast! | ID = 33554522
Description =

Error - 10/15/2009 8:57:48 PM | Computer Name = MESHERS | Source = avast! | ID = 33554522
Description =

Error - 10/15/2009 8:57:50 PM | Computer Name = MESHERS | Source = avast! | ID = 33554522
Description =

Error - 10/15/2009 8:57:50 PM | Computer Name = MESHERS | Source = avast! | ID = 33554522
Description =

Error - 10/15/2009 8:57:51 PM | Computer Name = MESHERS | Source = avast! | ID = 33554522
Description =

Error - 10/15/2009 8:57:51 PM | Computer Name = MESHERS | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 3/13/2011 3:40:22 PM | Computer Name = MESHERS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 3/14/2011 2:43:26 PM | Computer Name = MESHERS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 3/14/2011 6:13:48 PM | Computer Name = MESHERS | Source = MsiInstaller | ID = 11305
Description =

Error - 3/14/2011 6:14:07 PM | Computer Name = MESHERS | Source = MsiInstaller | ID = 11305
Description =

Error - 3/14/2011 6:14:07 PM | Computer Name = MESHERS | Source = MsiInstaller | ID = 11305
Description =

Error - 3/14/2011 6:14:08 PM | Computer Name = MESHERS | Source = MsiInstaller | ID = 11305
Description =

Error - 3/14/2011 6:19:57 PM | Computer Name = MESHERS | Source = MsiInstaller | ID = 11920
Description =

Error - 3/14/2011 6:20:31 PM | Computer Name = MESHERS | Source = MsiInstaller | ID = 11920
Description =

Error - 3/14/2011 6:21:12 PM | Computer Name = MESHERS | Source = MsiInstaller | ID = 11920
Description =

Error - 3/14/2011 6:31:35 PM | Computer Name = MESHERS | Source = MsiInstaller | ID = 11920
Description =

[ System Events ]
Error - 3/16/2011 1:26:19 AM | Computer Name = MESHERS | Source = ipnathlp | ID = 30005
Description = The DHCP allocator has detected a DHCP server with IP address 192.168.0.1
on
the same network as the interface with IP address 192.168.0.2. The allocator has
disabled itself on the interface in order to avoid confusing DHCP clients.

Error - 3/16/2011 12:27:38 PM | Computer Name = MESHERS | Source = Service Control Manager | ID = 7034
Description = The Windows Installer service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/16/2011 12:39:26 PM | Computer Name = MESHERS | Source = Service Control Manager | ID = 7000
Description = The WebClient service failed to start due to the following error:
%%1290

Error - 3/16/2011 12:39:26 PM | Computer Name = MESHERS | Source = Service Control Manager | ID = 7000
Description = The Par1284 service failed to start due to the following error: %%20

Error - 3/16/2011 12:39:26 PM | Computer Name = MESHERS | Source = Service Control Manager | ID = 7000
Description = The SupportSoft Repair Service (providercomcast) service failed to
start due to the following error: %%2

Error - 3/16/2011 12:39:26 PM | Computer Name = MESHERS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SuperMounter TfFsMon TfSysMon

Error - 3/16/2011 12:53:03 PM | Computer Name = MESHERS | Source = Service Control Manager | ID = 7000
Description = The WebClient service failed to start due to the following error:
%%1290

Error - 3/16/2011 12:53:03 PM | Computer Name = MESHERS | Source = Service Control Manager | ID = 7000
Description = The Par1284 service failed to start due to the following error: %%20

Error - 3/16/2011 12:53:03 PM | Computer Name = MESHERS | Source = Service Control Manager | ID = 7000
Description = The SupportSoft Repair Service (providercomcast) service failed to
start due to the following error: %%2

Error - 3/16/2011 12:53:03 PM | Computer Name = MESHERS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SuperMounter TfFsMon TfSysMon


< End of report >

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:49 PM

Posted 16 March 2011 - 01:38 PM

Hello,

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (tgsrvc_providercomcast) SupportSoft Repair Service (providercomcast)
    SRV - File not found [On_Demand | Stopped] -- -- (SupportSoft RemoteAssist)
    SRV - File not found [On_Demand | Stopped] -- -- (clr_optimization_v2.0.50727_32)
    FF - prefs.js..network.proxy.type: 0
    FF - user.js..network.proxy.http: ""
    FF - user.js..network.proxy.http_port: 0
    FF - user.js..network.proxy.ssl: ""
    FF - user.js..network.proxy.ssl_port: 0
    FF - user.js..network.proxy.type: 0
    FF - user.js..network.proxy.socks: ""
    FF - user.js..network.proxy.socks_port: 0
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - Reg Error: Value error. File not found
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - Reg Error: Value error. File not found
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - Reg Error: Value error. File not found
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - Reg Error: Value error. File not found
    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Reg Error: Value error. File not found
    O3 - HKU\S-1-5-21-329068152-583907252-682003330-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Value error. File not found
    O4 - HKLM..\Run: [CmUsbSound] File not found
    O9 - Extra Button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - Reg Error: Value error. File not found
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Value error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
    [42 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2011/03/16 09:50:17 | 000,000,314 | -HS- | M] () -- C:\WINDOWS\tasks\GPYZ.job
    [2011/03/06 11:49:39 | 000,000,314 | -HS- | C] () -- C:\WINDOWS\tasks\GPYZ.job
    [2011/03/06 11:49:37 | 000,143,360 | RHS- | C] () -- C:\WINDOWS\System32\normnfcs.dll
    [2010/03/07 09:45:31 | 000,009,942 | -HS- | C] () -- C:\Documents and Settings\Kamesh\Local Settings\Application Data\fwSG76dUmwJ
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 1earthquake

1earthquake
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 16 March 2011 - 02:55 PM

not sure if combofix is working correctly... over an hour since it began scan. It did install wrc, & started normally.

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:49 PM

Posted 16 March 2011 - 03:07 PM

What step is it on?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 1earthquake

1earthquake
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 16 March 2011 - 03:12 PM

scanning for infected files...
this typically doesn'ttake more than 10 min however, ...

#10 1earthquake

1earthquake
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 16 March 2011 - 03:14 PM

otl fix then rebooted 1st, then ran combofix

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:49 PM

Posted 16 March 2011 - 03:23 PM

open task-manager - press ctrl alt and del at the same time then select Task Manager

End any processes that say:

pev.exe
nircmd.exe
swreg.exe
cfxxe.exe

See if ComboFix will run then, if not, reboot your computer and run ComboFix in Safe Mode.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 1earthquake

1earthquake
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 16 March 2011 - 03:27 PM

cf31378.cfxxe rmbr.cfxxe are running, should I close them?

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:49 PM

Posted 16 March 2011 - 03:31 PM

Yes

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 1earthquake

1earthquake
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 16 March 2011 - 03:37 PM

rmbr.cfxxe will not close with taskmgr. Have tried multiple times... close, reboot in safe mode? w/ networking or no?

#15 1earthquake

1earthquake
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 16 March 2011 - 03:59 PM

wouldn't close properly, had to turn off manually..




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users