# Folders converted into shortcuts



## anujchopra (Mar 11, 2011)

each time that i insert a removable disk like a pen drive or any other usb stick, all the folders in that become either shortcuts or executable shortcuts.
i then need to enable allow hidden folders in the folder options to be able to access those folders .
can a know a way to get rid of this problem.\
moreover, every folder in everydrive has a hidden file desktop.ini and folders: RECYCLER and SYSTEM VOLUME INFORMATION. what are all these folders for? are the some kind of viruses? 
hoping for a reply soon 
regards


----------



## anujchopra (Mar 11, 2011)

was not able to download hijackthis executable. seems like a broken link


----------



## anujchopra (Mar 11, 2011)

hijack this log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:15:29 PM, on 10/23/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DAWSON\My Documents\Downloads\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: UDisk Monitor - Unknown owner - C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe

--
End of file - 7494 bytes


----------



## anujchopra (Mar 11, 2011)

bump


----------



## anujchopra (Mar 11, 2011)

its been way beyond 24 hrs. could anybody please help me out here.
my previous two queries also fell on deaf ears.


----------



## anujchopra (Mar 11, 2011)

bump


----------



## anujchopra (Mar 11, 2011)

.
DDS (Ver_2011-08-26.01) - FAT32x86 
Internet Explorer: 6.0.2900.5512
Run by DAWSON at 17:19:46 on 2011-10-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1493 [GMT 5.5:30]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [<NO NAME>] 
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9A6A0AE9-B9D4-49A7-A017-764C4084598D} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-9 366152]
R2 UDisk Monitor;UDisk Monitor;c:\program files\mblaze ui\bin\MonServiceUDisk.exe [2011-7-16 512000]
R2 XHASP;XHASP;c:\windows\system32\drivers\XHASP.sys [2011-10-19 259584]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-9 22216]
S3 FtFilter;FtFilter;\??\c:\windows\system32\sffilter.sys --> c:\windows\system32\SfFilter.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-10-5 100736]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [2011-7-16 104704]
.
=============== Created Last 30 ================
.
2011-10-25 08:39:01	174592	----a-w-	c:\windows\system32\framedyn.dll
2011-10-25 08:38:33	5632	----a-w-	c:\windows\system32\drivers\StarOpen.sys
2011-10-25 08:17:17	9256	----a-w-	c:\windows\system32\drivers\sscdwhnt.sys
2011-10-25 08:17:17	9256	----a-w-	c:\windows\system32\drivers\sscdwh.sys
2011-10-25 08:17:17	9256	----a-w-	c:\windows\system32\drivers\sscdcmnt.sys
2011-10-25 08:17:17	9256	----a-w-	c:\windows\system32\drivers\sscdcm.sys
2011-10-25 08:17:17	80552	----a-w-	c:\windows\system32\drivers\sscdbus.sys
2011-10-25 08:17:17	11944	----a-w-	c:\windows\system32\drivers\sscdmdfl.sys
2011-10-25 08:17:17	106792	----a-w-	c:\windows\system32\drivers\sscdmdm.sys
2011-10-25 08:17:12	--------	d-----w-	c:\windows\system32\Samsung_USB_Drivers
2011-10-25 07:59:21	--------	d-----w-	c:\documents and settings\dawson\application data\Samsung
2011-10-25 07:58:56	--------	d-----w-	c:\program files\MSXML 4.0
2011-10-25 07:58:41	--------	d-----w-	c:\program files\Samsung
2011-10-19 16:35:55	4856	----a-w-	c:\windows\system32\drivers\D2672BE1.bin
2011-10-19 16:33:29	259584	----a-w-	c:\windows\system32\drivers\XHASP.sys
2011-10-19 16:32:50	685056	----a-w-	c:\windows\system32\drivers\hardlock.sys
2011-10-19 16:32:39	6656	----a-w-	c:\windows\system32\haspvdd.dll
2011-10-19 16:32:39	47616	----a-w-	c:\windows\system32\drivers\Haspnt.sys
2011-10-19 16:32:39	383	----a-w-	c:\windows\system32\haspdos.sys
2011-10-19 16:32:33	3063808	----a-w-	c:\windows\system32\hinstd.dll
2011-10-19 16:32:33	24576	----a-w-	c:\windows\system32\hdduinst.exe
2011-10-19 16:32:33	2164411	----a-w-	c:\windows\system32\haspds_windows.dll
2011-10-19 16:32:33	164864	----a-w-	c:\windows\system32\UNWISE.EXE
2011-10-19 16:32:19	--------	d-----w-	c:\program files\CyberDNC Pro 11.2
2011-10-19 03:22:42	--------	d-----w-	c:\documents and settings\dawson\.qualnetUserDir
2011-10-19 03:19:22	--------	d-----w-	C:\snt
2011-10-15 17:15:14	86016	----a-w-	c:\windows\system32\ZSPOOL.DLL
2011-10-15 17:15:14	24576	----a-w-	c:\windows\system32\ZTAG32.DLL
2011-10-15 17:15:13	86016	----a-w-	c:\windows\system32\ZLhp1020.DLL
2011-10-15 17:15:13	397312	----a-w-	c:\windows\system32\ZSHP1020.EXE
2011-10-15 17:15:13	28672	----a-w-	c:\windows\system32\ZLM.DLL
2011-10-15 17:15:11	106496	----a-w-	c:\windows\system32\VSHP1020.DLL
2011-10-15 17:15:08	49152	----a-w-	c:\windows\system32\spool\prtprocs\w32x86\IMFPRINT.DLL
2011-10-15 17:15:08	28672	----a-w-	c:\windows\system32\IMF32.DLL
2011-10-15 16:53:10	25856	----a-w-	c:\windows\system32\drivers\usbprint.sys
2011-10-15 16:53:10	25856	----a-w-	c:\windows\system32\dllcache\usbprint.sys
2011-10-09 15:56:38	--------	d-----w-	c:\documents and settings\dawson\application data\Malwarebytes
2011-10-09 15:56:31	--------	d-----w-	c:\documents and settings\all users\application data\Malwarebytes
2011-10-09 15:56:28	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-10-09 15:56:27	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-10-05 02:51:45	24448	----a-w-	c:\windows\system32\drivers\ewdcsc.sys
2011-10-05 02:51:45	113280	----a-w-	c:\windows\system32\drivers\ewusbnet.sys
2011-10-05 02:51:45	102528	----a-w-	c:\windows\system32\drivers\ewusbmdm.sys
2011-10-05 02:51:45	100736	----a-w-	c:\windows\system32\drivers\ewusbdev.sys
2011-10-05 02:51:37	--------	d-----w-	c:\program files\Tata Photon+
2011-10-03 12:57:00	--------	d-----w-	C:\Scenario
2011-10-01 06:31:14	--------	d-----w-	c:\documents and settings\dawson\application data\Microsoft Games
2011-10-01 06:30:58	--------	d-----w-	c:\program files\GameSpy Arcade
2011-10-01 06:28:57	--------	d-----w-	c:\program files\Microsoft Games
2011-09-27 11:53:56	--------	d-----w-	c:\documents and settings\dawson\application data\bang
.
==================== Find3M ====================
.
2011-10-02 23:36:04	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-10-02 21:07:52	73728	----a-w-	c:\windows\system32\javacpl.cpl
2011-08-08 16:38:40	0	----a-w-	c:\windows\system32\ConduitEngine.tmp
.
============= FINISH: 17:20:15.98 ===============


----------



## anujchopra (Mar 11, 2011)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/15/2011 9:54:38 PM
System Uptime: 10/25/2011 4:54:20 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 3618
Processor: Intel(R) Core(TM)2 Duo CPU T5470 @ 1.60GHz | U10 | 1596/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (FAT32) - 49 GiB total, 9.392 GiB free.
D: is FIXED (NTFS) - 63 GiB total, 52.577 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: 
Device ID: HDAUDIO\FUNC_02&VEN_11C1&DEV_1040&SUBSYS_103C1378&REV_1002\4&C3F7DAE&0&0101
Manufacturer: 
Name: 
PNP Device ID: HDAUDIO\FUNC_02&VEN_11C1&DEV_1040&SUBSYS_103C1378&REV_1002\4&C3F7DAE&0&0101
Service: 
.
Class GUID: 
Description: 
Device ID: ACPI\HPQ0006\2&DABA3FF&0
Manufacturer: 
Name: 
PNP Device ID: ACPI\HPQ0006\2&DABA3FF&0
Service: 
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 7210 Supernova
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0001
Manufacturer: Nokia
Name: X2-01
PNP Device ID: ROOT\WPD\0001
Service: WUDFRd
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0002
Manufacturer: Nokia
Name: C2-00
PNP Device ID: ROOT\WPD\0002
Service: WUDFRd
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Phone
Device ID: ROOT\WPD\0003
Manufacturer: Nokia
Name: Nokia Phone
PNP Device ID: ROOT\WPD\0003
Service: WUDFRd
.
==== System Restore Points ===================
.
RP55: 9/29/2011 11:30:41 PM - System Checkpoint
RP56: 10/1/2011 11:50:31 AM - System Checkpoint
RP57: 10/2/2011 2:00:32 PM - System Checkpoint
RP58: 10/3/2011 7:58:49 PM - System Checkpoint
RP59: 10/9/2011 1:53:21 AM - System Checkpoint
RP60: 10/10/2011 2:39:56 AM - System Checkpoint
RP61: 10/13/2011 7:26:31 PM - System Checkpoint
RP62: 10/14/2011 7:33:34 PM - System Checkpoint
RP63: 10/15/2011 10:47:30 PM - Unsigned printer driver HP LaserJet 1020 installed.
RP64: 10/17/2011 8:28:59 AM - System Checkpoint
RP65: 10/18/2011 6:20:47 PM - System Checkpoint
RP66: 10/19/2011 8:51:11 AM - Installed Microsoft Visual C++ 2005 Redistributable
RP67: 10/20/2011 6:46:47 PM - System Checkpoint
RP68: 10/22/2011 10:34:57 PM - System Checkpoint
RP69: 10/23/2011 11:07:46 AM - Installed Java(TM) 6 Update 29
RP70: 10/24/2011 1:27:09 PM - System Checkpoint
RP71: 10/25/2011 1:47:08 PM - Installed Samsung PC Studio 3 USB Driver Installer
RP72: 10/25/2011 2:08:09 PM - Installed Samsung PC Studio 5
RP73: 10/25/2011 2:09:23 PM - Installed Samsung USB Installer
.
==== Installed Programs ======================
.
µTorrent
Adobe Acrobat 7.0 Professional
Adobe Flash Player Plugin
Adobe Shockwave Player 11.6
Conduit Engine 
CyberDNC Pro 11.2
GameSpy Arcade
Google Chrome
Google Talk Plugin
HASP4 Device Drivers
Hotfix for Windows XP (KB942288-v3)
HP Integrated Module with Bluetooth wireless technology
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Java Auto Updater
Java(TM) 6 Update 29
K-Lite Codec Pack 7.2.0 (Basic)
Malwarebytes' Anti-Malware version 1.51.2.1300
MBlaze UI
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Excel 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable
MSVC80_x86
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Nokia PC Suite
Ovi Desktop Sync Engine
OviMPlatform
PC Connectivity Solution
QualNet Developer 5.0.2
Real Alternative 2.0.2
Rise of Nations
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 USB Driver Installer
Samsung PC Studio 5
SAMSUNG SYMBIAN USB Download Driver
Samsung USB Installer
SamsungConnectivityCableDriver
SoundMAX
swMSM
Tata Photon+
uTorrentBar Toolbar
VLC media player 1.1.11
WebFldrs XP
Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpmdm) Modem (12/06/2005 2.4.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (12/06/2005 2.4.0)
Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8)
Windows Driver Package - Nokia Modem (10/07/2010 4.6)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
10/24/2011 7:49:50 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00215C9FED0F has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10/23/2011 11:07:39 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================


----------



## eddie5659 (Mar 19, 2001)

Hiya

*P2P Warning!*


*IMPORTANT* I notice there are signs of one or more *P2P (Person to Person) File Sharing Programs* on your computer.

* µTorrent
*

Please note that as long as you are using any form of *Peer-to-Peer networking* and *downloading files* from non-documented sources, you can expect infestations of malware to occur 
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

I'd like you to read the *Guidelines for P2P Programs* where we explain why it's not a good idea to have them.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

Cyber Education Letter
File sharing infects 500,000 computers 
USAToday

I would recommend that you uninstall the above, however that choice is up to you. If you choose to remove these programs, you can do so via *Control Panel >> Add or Remove Programs*.

*If you decide to keep the program in spite of the risks involved, do not use it until I have finished cleaning your computer and have given you the all clear.*

----------------------------
Now that's out of the way, lets get started 

Can you go to AddRemove Programs via the Control Panel, and uninstall this:

*Conduit Engine *

Then, as I see you have Malwarebytes' Anti-Malware installed, can you update it and run a scan as follows:


If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Full Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.*

*Download and scan with* *SUPERAntiSpyware* Free for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._)
Under "*Configuration and Preferences*", click the *Preferences* button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._
_Scan for tracking cookies._
_Terminate memory threats before quarantining._

Click the "*Close*" button to leave the control center screen.
Back on the main screen, under "*Scan for Harmful Software*" click *Scan your computer*.
On the left, make sure you check *C:\Fixed Drive*.
On the right, under "*Complete Scan*", choose *Perform Complete Scan*.
Click "*Next*" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*OK*".
Make sure everything has a checkmark next to it and click "*Next*".
A notification will appear that "_Quarantine and Removal is Complete_". Click "*OK*" and then click the "*Finish*" button to return to the main menu.
If asked if you want to reboot, click "*Yes*".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *Preferences*, then click the *Statistics/Logs* tab._
_Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*._
_If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor._
_Please copy and paste the Scan Log results in your next reply._

Click *Close* to exit the program.

Please include the *MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log *in your next reply

eddie


----------



## anujchopra (Mar 11, 2011)

Sorry for the delayed reply..... here are the logs you had asked for

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/31/2011 at 09:23 PM

Application Version : 5.0.1134

Core Rules Database Version : 7869
Trace Rules Database Version: 5681

Scan type : Quick Scan
Total Scan Time : 00:07:41

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 500
Memory threats detected : 0
Registry items scanned : 31318
Registry threats detected : 0
File items scanned : 7088
File threats detected : 274

Adware.Tracking Cookie
C:\Documents and Settings\DAWSON\Cookies\[email protected][2].txt [ /adnetwork.bharatbhasha ]
C:\Documents and Settings\DAWSON\Cookies\[email protected][1].txt [ /atdmt ]
C:\Documents and Settings\DAWSON\Cookies\[email protected][1].txt [ /msnportal.112.2o7 ]
C:\Documents and Settings\DAWSON\Cookies\[email protected][2].txt [ /server.cpmstar ]
C:\Documents and Settings\DAWSON\Cookies\[email protected][1].txt [ /content.yieldmanager ]
C:\Documents and Settings\DAWSON\Cookies\[email protected]usion[1].txt [ /tribalfusion ]
C:\Documents and Settings\DAWSON\Cookies\[email protected][1].txt [ /ads.ad4game ]
C:\Documents and Settings\DAWSON\Cookies\[email protected][2].txt [ /mediafire ]
C:\Documents and Settings\DAWSON\Cookies\[email protected][1].txt [ /lucidmedia ]
C:\Documents and Settings\DAWSON\Cookies\[email protected][1].txt [ /invitemedia ]
C:\Documents and Settings\DAWSON\Cookies\[email protected][1].txt [ /statcounter ]
C:\Documents and Settings\DAWSON\Cookies\[email protected][1].txt [ /googleads.g.doubleclick ]
C:\Documents and Settings\DAWSON\Cookies\[email protected][1].txt [ /serving-sys ]
C:\Documents and Settings\DAWSON\Cookies\[email protected][1].txt [ /doubleclick ]
C:\Documents and Settings\DAWSON\Cookies\[email protected][2].txt [ /apmebf ]
C:\Documents and Settings\DAWSON\Cookies\[email protected][2].txt [ /mediaplex ]
C:\Documents and Settings\DAWSON\Cookies\[email protected][1].txt [ /microsoftwindows.112.2o7 ]
C:\Documents and Settings\DAWSON\Cookies\[email protected][2].txt [ /zedo ]
C:\Documents and Settings\DAWSON\Cookies\[email protected][1].txt [ /ad.yieldmanager ]
C:\Documents and Settings\DAWSON\Cookies\[email protected][2].txt [ /adinterax ]
C:\Documents and Settings\DAWSON\Cookies\[email protected][2].txt [ /ad.wsod ]
C:\Documents and Settings\DAWSON\Cookies\[email protected][1].txt [ /ads.cnczone ]
.getclicky.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.static.getclicky.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
analytics.iworld-media.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
in.getclicky.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaforge.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
a.visualrevenue.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yadro.ru [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.crackfind.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.crackfind.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cracksguru.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cracksguru.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cracksguru.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.warezko.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.warezko.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.warezko.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.keygendb.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.downloadwarez.org [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.downloadwarez.org [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.downloadwarez.org [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.crackzone.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.crackzone.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.crackzone.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.keygendb.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.keygendb.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.microsoftwindows.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.harrenmedianetwork.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.in.omgpm.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.in.omgpm.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yatra.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads1.tyroo.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.premiumtv.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.crakmedia.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.star-advertising.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.star-advertising.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.star-advertising.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.star-advertising.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.star-advertising.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.star-advertising.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.zeusclicks.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exoclick.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.crakmedia.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.crakmedia.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.crakmedia.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver.adreactor.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.r1-ads.ace.advertising.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
testdata.coremetrics.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
shadow.media2win.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
shadow.media2win.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
shadow.media2win.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickaider.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.gamesbannernet.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.gamesbannernet.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.gamesbannernet.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
banners.dragonfable.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
banners.dragonfable.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
banners.dragonfable.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.flashtrackz.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.flashtrackz.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.flashtrackz.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.flashtrackz.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
wstat.wibiya.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.webstatschecker.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.webstatschecker.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webstatschecker.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webstatschecker.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webstatschecker.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tripod.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tripod.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gostats.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
s08.flagcounter.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
s07.flagcounter.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionpaper.in [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionpaper.in [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionpaper.in [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gostats.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.myroitracking.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
count.asnetworks.de [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mm.chitika.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.usatoday1.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickfuse.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickfuse.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.googleads.g.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads1.tyroo.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultfriendfinder.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpansion.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.track.gridlockparadise.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.track.gridlockparadise.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.track.gridlockparadise.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bookfinder.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bookfinder.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bookfinder.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bookfinder.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bookfinder.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bookfinder.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads2.songs.pk [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.1clickwatch.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.1clickwatch.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.1clickwatch.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
timesofindia.indiatimes.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
timesofindia.indiatimes.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
netspiderads2.indiatimes.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
netspiderads3.indiatimes.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
timesofindia.indiatimes.com [ C:\DOCUMENTS AND SETTINGS\DAWSON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]


----------



## anujchopra (Mar 11, 2011)

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8051

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10/31/2011 9:49:15 PM
mbam-log-2011-10-31 (21-49-14).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 211082
Time elapsed: 13 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## eddie5659 (Mar 19, 2001)

Thats okay 

Download *OTL* to your Desktop 

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. 
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic 


eddie


----------



## anujchopra (Mar 11, 2011)

OTL logfile created on: 11/1/2011 8:02:08 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\DAWSON\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 80.49% Memory free
3.84 Gb Paging File | 3.63 Gb Available in Paging File | 94.51% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.82 Gb Total Space | 7.80 Gb Free Space | 15.99% Space Free | Partition Type: FAT32
Drive D: | 62.95 Gb Total Space | 52.32 Gb Free Space | 83.11% Space Free | Partition Type: NTFS

Computer Name: ANUJ | User Name: DAWSON | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/01 07:57:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DAWSON\My Documents\Downloads\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/12 05:08:08 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/06/29 02:27:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/29 02:27:16 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/12/11 13:34:28 | 000,512,000 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe
PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/06 15:14:00 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/02/06 15:11:50 | 001,409,108 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/01 05:08:46 | 001,604,608 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11110100\algo.dll
MOD - [2011/10/31 13:49:40 | 001,603,072 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11103100\algo.dll
MOD - [2011/10/29 21:51:16 | 000,239,432 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11110100\aswRep.dll
MOD - [2011/10/29 21:51:16 | 000,239,432 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11103100\aswRep.dll
MOD - [2010/06/29 02:28:58 | 000,123,296 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\aswDld.dll
MOD - [2009/12/11 13:34:28 | 000,512,000 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe
MOD - [2007/02/06 15:20:00 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007/02/06 15:16:06 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/12 05:08:08 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/06/29 02:27:16 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/29 02:27:16 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/29 02:27:16 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/12/11 13:34:28 | 000,512,000 | ---- | M] () [Auto | Running] -- C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe -- (UDisk Monitor)

========== Driver Services (SafeList) ==========

DRV - [2011/10/19 22:03:30 | 000,259,584 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\XHASP.sys -- (XHASP)
DRV - [2011/10/19 22:02:40 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 21:57:04 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 03:25:24 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/18 10:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/05/18 10:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/05/18 10:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/05/18 10:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/06/29 02:07:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/29 02:07:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/29 02:03:14 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/29 02:02:46 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/29 02:02:34 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/29 02:02:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/12/11 13:32:10 | 000,104,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV - [2009/10/12 15:21:54 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/09/10 14:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/28 06:14:54 | 003,626,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/03/13 19:21:52 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2008/03/13 19:20:02 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/04/19 21:17:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2007/02/14 14:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/02/14 14:21:00 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007/02/14 14:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/02/14 14:20:58 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/02/14 14:20:58 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/02/14 14:20:56 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005/07/28 08:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\DAWSON\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\DAWSON\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/08/01 00:20:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/08/01 00:20:18 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\plugins\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\DAWSON\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\DAWSON\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: The Godfather: Five Families = C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\edfkoljdeffeedleidebkmmamepgbnbl\0.1_0\

O1 HOSTS File: ([2008/04/14 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [Aliiii] C:\Documents and Settings\DAWSON\Application Data\Aliiii.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Shell = explorer.exe,C:\Documents and Settings\DAWSON\Application Data\Aliiii.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 32
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A6A0AE9-B9D4-49A7-A017-764C4084598D}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: C:\Documents and Settings\DAWSON\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/21 14:19:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{0c0ac6ca-00b6-11e1-befa-002186e97f0c}\Shell - "" = AutoRun
O33 - MountPoints2\{0c0ac6ca-00b6-11e1-befa-002186e97f0c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0c0ac6ca-00b6-11e1-befa-002186e97f0c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1e80caa2-afa0-11e0-be24-00215c9fed0f}\Shell - "" = AutoRun
O33 - MountPoints2\{1e80caa2-afa0-11e0-be24-00215c9fed0f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1e80caa2-afa0-11e0-be24-00215c9fed0f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\Aliiii.exe
O33 - MountPoints2\{1e80caa2-afa0-11e0-be24-00215c9fed0f}\Shell\explore\command - "" = F:\RECYCLER\Aliiii.exe
O33 - MountPoints2\{1e80caa2-afa0-11e0-be24-00215c9fed0f}\Shell\open\command - "" = F:\RECYCLER\Aliiii.exe
O33 - MountPoints2\{291b1088-ef33-11e0-bece-002186e97f0c}\Shell - "" = AutoRun
O33 - MountPoints2\{291b1088-ef33-11e0-bece-002186e97f0c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{291b1088-ef33-11e0-bece-002186e97f0c}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL 
O33 - MountPoints2\{291b1088-ef33-11e0-bece-002186e97f0c}\Shell\explore\command - "" = F:\RECYCLER\Aliiii.exe
O33 - MountPoints2\{291b1088-ef33-11e0-bece-002186e97f0c}\Shell\open\command - "" = F:\
O33 - MountPoints2\{431ce102-f0d5-11e0-bed2-002186e97f0c}\Shell - "" = AutoRun
O33 - MountPoints2\{431ce102-f0d5-11e0-bed2-002186e97f0c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{431ce102-f0d5-11e0-bed2-002186e97f0c}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL 
O33 - MountPoints2\{431ce102-f0d5-11e0-bed2-002186e97f0c}\Shell\explore\command - "" = F:\RECYCLER\Aliiii.exe
O33 - MountPoints2\{431ce102-f0d5-11e0-bed2-002186e97f0c}\Shell\open\command - "" = F:\RECYCLER\Aliiii.exe
O33 - MountPoints2\{5fa7e4b9-b15b-11e0-be30-00215c9fed0f}\Shell - "" = AutoRun
O33 - MountPoints2\{5fa7e4b9-b15b-11e0-be30-00215c9fed0f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5fa7e4b9-b15b-11e0-be30-00215c9fed0f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\Aliiii.exe
O33 - MountPoints2\{5fa7e4b9-b15b-11e0-be30-00215c9fed0f}\Shell\explore\command - "" = F:\RECYCLER\Aliiii.exe
O33 - MountPoints2\{5fa7e4b9-b15b-11e0-be30-00215c9fed0f}\Shell\open\command - "" = F:\RECYCLER\Aliiii.exe
O33 - MountPoints2\{639c2b6c-aeff-11e0-be1b-cb9709654cd3}\Shell - "" = AutoRun
O33 - MountPoints2\{639c2b6c-aeff-11e0-be1b-cb9709654cd3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{639c2b6c-aeff-11e0-be1b-cb9709654cd3}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\Odrorc.exe
O33 - MountPoints2\{639c2b6c-aeff-11e0-be1b-cb9709654cd3}\Shell\explore\command - "" = F:\RECYCLER\Odrorc.exe
O33 - MountPoints2\{639c2b6c-aeff-11e0-be1b-cb9709654cd3}\Shell\open\command - "" = F:\RECYCLER\Odrorc.exe
O33 - MountPoints2\{b83826ce-fb96-11e0-beec-002186e97f0c}\Shell - "" = AutoRun
O33 - MountPoints2\{b83826ce-fb96-11e0-beec-002186e97f0c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b83826ce-fb96-11e0-beec-002186e97f0c}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\Aliiii.exe
O33 - MountPoints2\{b83826ce-fb96-11e0-beec-002186e97f0c}\Shell\explore\command - "" = F:\RECYCLER\Aliiii.exe
O33 - MountPoints2\{b83826ce-fb96-11e0-beec-002186e97f0c}\Shell\open\command - "" = F:\RECYCLER\Aliiii.exe
O33 - MountPoints2\{ca5e67ce-eefc-11e0-becd-002186e97f0c}\Shell - "" = AutoRun
O33 - MountPoints2\{ca5e67ce-eefc-11e0-becd-002186e97f0c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ca5e67ce-eefc-11e0-becd-002186e97f0c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ca5e67cf-eefc-11e0-becd-002186e97f0c}\Shell - "" = AutoRun
O33 - MountPoints2\{ca5e67cf-eefc-11e0-becd-002186e97f0c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ca5e67cf-eefc-11e0-becd-002186e97f0c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ebc29886-b60d-11e0-be3e-002186e97f0c}\Shell - "" = AutoRun
O33 - MountPoints2\{ebc29886-b60d-11e0-be3e-002186e97f0c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ebc29886-b60d-11e0-be3e-002186e97f0c}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\Aliiii.exe
O33 - MountPoints2\{ebc29886-b60d-11e0-be3e-002186e97f0c}\Shell\explore\command - "" = F:\RECYCLER\Aliiii.exe
O33 - MountPoints2\{ebc29886-b60d-11e0-be3e-002186e97f0c}\Shell\open\command - "" = F:\RECYCLER\Aliiii.exe
O33 - MountPoints2\{fe8c967f-c7ca-11e0-be68-002186e97f0c}\Shell - "" = AutoRun
O33 - MountPoints2\{fe8c967f-c7ca-11e0-be68-002186e97f0c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe8c967f-c7ca-11e0-be68-002186e97f0c}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\Aliiii.exe
O33 - MountPoints2\{fe8c967f-c7ca-11e0-be68-002186e97f0c}\Shell\explore\command - "" = G:\RECYCLER\Aliiii.exe
O33 - MountPoints2\{fe8c967f-c7ca-11e0-be68-002186e97f0c}\Shell\open\command - "" = G:\RECYCLER\Aliiii.exe
O33 - MountPoints2\{fe8c968c-c7ca-11e0-be68-002186e97f0c}\Shell - "" = AutoRun
O33 - MountPoints2\{fe8c968c-c7ca-11e0-be68-002186e97f0c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe8c968c-c7ca-11e0-be68-002186e97f0c}\Shell\AutoRun\command - "" = F:\Dp_Inst.exe /AutoRun
O33 - MountPoints2\{fe8c968d-c7ca-11e0-be68-002186e97f0c}\Shell - "" = AutoRun
O33 - MountPoints2\{fe8c968d-c7ca-11e0-be68-002186e97f0c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe8c968d-c7ca-11e0-be68-002186e97f0c}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\Aliiii.exe
O33 - MountPoints2\{fe8c968d-c7ca-11e0-be68-002186e97f0c}\Shell\explore\command - "" = G:\RECYCLER\Aliiii.exe
O33 - MountPoints2\{fe8c968d-c7ca-11e0-be68-002186e97f0c}\Shell\open\command - "" = G:\RECYCLER\Aliiii.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\drivers\mshcmd.sys.
[2011/10/31 21:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\Application Data\SUPERAntiSpyware.com
[2011/10/31 21:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/10/31 21:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/10/31 21:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/10/25 17:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/10/25 17:52:48 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/10/25 17:52:48 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/10/25 17:52:47 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/10/25 17:52:46 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/10/25 17:52:45 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/10/25 17:52:45 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/10/25 17:52:45 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/10/25 17:52:35 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/10/25 17:52:35 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2011/10/25 17:52:29 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/10/25 17:52:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/10/25 17:19:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\DAWSON\Start Menu\Programs\Administrative Tools
[2011/10/25 14:08:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Samsung PC Studio 5
[2011/10/25 13:47:17 | 000,106,792 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdmdm.sys
[2011/10/25 13:47:17 | 000,080,552 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdbus.sys
[2011/10/25 13:47:17 | 000,011,944 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdmdfl.sys
[2011/10/25 13:47:17 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdwhnt.sys
[2011/10/25 13:47:17 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdwh.sys
[2011/10/25 13:47:17 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdcmnt.sys
[2011/10/25 13:47:17 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdcm.sys
[2011/10/25 13:47:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers
[2011/10/25 13:29:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\Application Data\Samsung
[2011/10/25 13:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/10/25 13:28:41 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2011/10/23 11:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/19 22:02:50 | 000,685,056 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\drivers\hardlock.sys
[2011/10/19 22:02:39 | 000,047,616 | ---- | C] (Aladdin Knowledge Systems) -- C:\WINDOWS\System32\drivers\Haspnt.sys
[2011/10/19 22:02:39 | 000,006,656 | ---- | C] (Aladdin Knowledge Systems.) -- C:\WINDOWS\System32\haspvdd.dll
[2011/10/19 22:02:33 | 003,063,808 | ---- | C] (Aladdin Knowledge Systems.) -- C:\WINDOWS\System32\hinstd.dll
[2011/10/19 22:02:33 | 002,164,411 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\haspds_windows.dll
[2011/10/19 22:02:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CyberDNC Pro 11.2
[2011/10/19 22:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\CyberDNC Pro 11.2
[2011/10/19 08:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\.qualnetUserDir
[2011/10/19 08:51:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\Start Menu\Programs\SNT
[2011/10/19 08:49:22 | 000,000,000 | ---D | C] -- C:\snt
[2011/10/15 22:45:14 | 000,086,016 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZSPOOL.DLL
[2011/10/15 22:45:14 | 000,024,576 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZTAG32.DLL
[2011/10/15 22:45:13 | 000,086,016 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZLhp1020.DLL
[2011/10/15 22:45:13 | 000,028,672 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZLM.DLL
[2011/10/15 22:45:08 | 000,028,672 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\IMF32.DLL
[2011/10/15 22:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\My Documents\HP 1020
[2011/10/09 21:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\Application Data\Malwarebytes
[2011/10/09 21:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/09 21:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/09 21:26:28 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/09 21:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/05 08:21:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tata Photon+
[2011/10/05 08:21:45 | 000,113,280 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2011/10/05 08:21:45 | 000,102,528 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2011/10/05 08:21:45 | 000,100,736 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbdev.sys
[2011/10/05 08:21:45 | 000,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2011/10/05 08:21:37 | 000,000,000 | ---D | C] -- C:\Program Files\Tata Photon+
[2011/10/03 18:27:00 | 000,000,000 | ---D | C] -- C:\Scenario
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\DAWSON\My Documents\*.tmp files -> C:\Documents and Settings\DAWSON\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\drivers\mshcmd.sys.
[2011/11/01 07:58:46 | 000,401,032 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/01 07:58:46 | 000,061,026 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/01 07:55:54 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/11/01 07:54:28 | 008,405,015 | ---- | M] () -- C:\WINDOWS\TempFile
[2011/11/01 07:53:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/01 01:49:54 | 003,431,213 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\Gym class heroes-Stereo Hearts.mp3
[2011/11/01 01:48:58 | 000,469,595 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\Foo Fighters-Learn to fly.mp3
[2011/11/01 01:44:04 | 007,545,503 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\LA Woman-The Doors.mp3
[2011/10/31 23:57:20 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\usb.lnk
[2011/10/31 23:56:34 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2011/10/31 21:54:02 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1773885956-1800692235-1590129524-1006Core1cc94c43fda087a.job
[2011/10/31 21:11:38 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/31 19:55:36 | 006,059,504 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\Gloria-The Doors.mp3
[2011/10/29 22:05:12 | 000,299,324 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\zeitgeisthtml5-png.png
[2011/10/28 08:07:48 | 000,002,197 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\Google Chrome.lnk
[2011/10/28 08:07:48 | 000,002,175 | ---- | M] () -- C:\Documents and Settings\DAWSON\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/27 18:34:50 | 002,362,633 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\phase_locked_loop_design_as_a_frequency_multiplier.pdf
[2011/10/27 12:35:10 | 000,056,320 | ---- | M] () -- C:\Documents and Settings\DAWSON\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/25 18:02:10 | 002,965,504 | ---- | M] (Cyberin Systems) -- C:\WINDOWS\System32\protected.exe
[2011/10/25 17:52:50 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/10/25 17:52:46 | 000,002,670 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/10/25 16:47:14 | 000,001,243 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\Music.lnk
[2011/10/25 14:09:08 | 000,001,687 | ---- | M] () -- C:\Documents and Settings\DAWSON\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung PC Studio 5.lnk
[2011/10/25 14:09:08 | 000,001,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Samsung PC Studio 5.lnk
[2011/10/25 12:41:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/19 22:05:56 | 000,004,856 | ---- | M] () -- C:\WINDOWS\System32\drivers\D2672BE1.bin
[2011/10/19 22:03:30 | 000,259,584 | ---- | M] () -- C:\WINDOWS\System32\drivers\XHASP.sys
[2011/10/19 22:02:40 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\System32\drivers\Haspnt.sys
[2011/10/19 22:02:40 | 000,006,656 | ---- | M] (Aladdin Knowledge Systems.) -- C:\WINDOWS\System32\haspvdd.dll
[2011/10/19 22:02:40 | 000,000,383 | ---- | M] () -- C:\WINDOWS\System32\haspdos.sys
[2011/10/19 22:02:22 | 000,000,631 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CyberDNC Pro 11.2.lnk
[2011/10/19 22:02:22 | 000,000,586 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NC Simulator.lnk
[2011/10/19 08:51:36 | 000,001,651 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\QualNet Developer 5.0.2.lnk
[2011/10/19 08:51:36 | 000,000,493 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\QualNet Developer 5.0.2 Command-Line.lnk
[2011/10/09 21:26:32 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/05 08:21:56 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\DAWSON\Application Data\Microsoft\Internet Explorer\Quick Launch\Tata Photon+.lnk
[2011/10/05 08:21:56 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tata Photon+.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\DAWSON\My Documents\*.tmp files -> C:\Documents and Settings\DAWSON\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/01 01:43:14 | 000,469,595 | ---- | C] () -- C:\Documents and Settings\DAWSON\Desktop\Foo Fighters-Learn to fly.mp3
[2011/11/01 01:33:43 | 007,545,503 | ---- | C] () -- C:\Documents and Settings\DAWSON\Desktop\LA Woman-The Doors.mp3
[2011/10/31 21:11:37 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/29 22:05:16 | 000,299,324 | ---- | C] () -- C:\Documents and Settings\DAWSON\Desktop\zeitgeisthtml5-png.png
[2011/10/29 15:30:04 | 006,059,504 | ---- | C] () -- C:\Documents and Settings\DAWSON\Desktop\Gloria-The Doors.mp3
[2011/10/29 15:25:43 | 003,431,213 | ---- | C] () -- C:\Documents and Settings\DAWSON\Desktop\Gym class heroes-Stereo Hearts.mp3
[2011/10/28 01:06:46 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\DAWSON\Desktop\usb.lnk
[2011/10/27 21:49:49 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1773885956-1800692235-1590129524-1006Core1cc94c43fda087a.job
[2011/10/27 18:34:51 | 002,362,633 | ---- | C] () -- C:\Documents and Settings\DAWSON\Desktop\phase_locked_loop_design_as_a_frequency_multiplier.pdf
[2011/10/25 17:52:49 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/10/25 16:46:42 | 000,001,243 | ---- | C] () -- C:\Documents and Settings\DAWSON\Desktop\Music.lnk
[2011/10/25 14:09:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2011/10/25 14:09:06 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\DAWSON\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung PC Studio 5.lnk
[2011/10/25 14:09:06 | 000,001,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Samsung PC Studio 5.lnk
[2011/10/25 14:08:33 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/10/19 22:05:55 | 000,004,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\D2672BE1.bin
[2011/10/19 22:03:29 | 000,259,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\XHASP.sys
[2011/10/19 22:02:51 | 008,405,015 | ---- | C] () -- C:\WINDOWS\TempFile
[2011/10/19 22:02:39 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\config.hsp
[2011/10/19 22:02:39 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2011/10/19 22:02:33 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2011/10/19 22:02:33 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\hdduinst.exe
[2011/10/19 22:02:21 | 000,000,631 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CyberDNC Pro 11.2.lnk
[2011/10/19 22:02:21 | 000,000,586 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NC Simulator.lnk
[2011/10/19 08:51:35 | 000,001,651 | ---- | C] () -- C:\Documents and Settings\DAWSON\Desktop\QualNet Developer 5.0.2.lnk
[2011/10/19 08:51:35 | 000,000,493 | ---- | C] () -- C:\Documents and Settings\DAWSON\Desktop\QualNet Developer 5.0.2 Command-Line.lnk
[2011/10/15 22:45:13 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ZSHP1020.EXE
[2011/10/15 22:45:11 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL
[2011/10/15 22:45:04 | 000,574,100 | ---- | C] () -- C:\WINDOWS\System32\hp1022n.img
[2011/10/15 22:45:03 | 000,206,768 | ---- | C] () -- C:\WINDOWS\System32\hp1022.img
[2011/10/15 22:45:00 | 000,128,612 | ---- | C] () -- C:\WINDOWS\System32\hp1020.img
[2011/10/09 21:26:31 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/05 08:21:54 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\DAWSON\Application Data\Microsoft\Internet Explorer\Quick Launch\Tata Photon+.lnk
[2011/10/05 08:21:54 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tata Photon+.lnk
[2011/07/21 17:03:00 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/07/18 14:43:17 | 000,056,320 | ---- | C] () -- C:\Documents and Settings\DAWSON\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/15 22:12:28 | 002,215,364 | ---- | C] () -- C:\WINDOWS\System32\igklg400.bin
[2011/07/15 22:12:28 | 001,971,732 | ---- | C] () -- C:\WINDOWS\System32\igklg450.bin
[2011/07/15 22:12:28 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4935.dll
[2011/07/15 22:12:28 | 000,029,932 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.bin
[2008/08/21 15:10:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/08/21 15:09:12 | 000,050,055 | ---- | C] () -- C:\WINDOWS\oformat.com
[2008/08/21 15:09:12 | 000,027,357 | ---- | C] () -- C:\WINDOWS\cvtarea.exe
[2008/08/21 15:02:04 | 000,000,166 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/08/21 14:22:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/08/21 14:17:31 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/21 14:12:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/08/21 14:11:56 | 000,142,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 12:00:00 | 000,401,032 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 12:00:00 | 000,061,026 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 12:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/02/06 15:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/02/06 14:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2011/07/16 17:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/07/16 17:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/08/01 00:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2011/10/25 17:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/07/16 17:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAWSON\Application Data\ZTEEVDO
[2011/07/16 17:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAWSON\Application Data\PC Suite
[2011/07/16 17:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAWSON\Application Data\Nokia
[2011/08/08 22:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAWSON\Application Data\uTorrent
[2011/09/27 17:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAWSON\Application Data\bang
[2011/10/25 13:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAWSON\Application Data\Samsung

========== Purity Check ==========

< End of report >


----------



## anujchopra (Mar 11, 2011)

OTL Extras logfile created on: 11/1/2011 8:02:08 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\DAWSON\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 80.49% Memory free
3.84 Gb Paging File | 3.63 Gb Available in Paging File | 94.51% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.82 Gb Total Space | 7.80 Gb Free Space | 15.99% Space Free | Partition Type: FAT32
Drive D: | 62.95 Gb Total Space | 52.32 Gb Free Space | 83.11% Space Free | Partition Type: NTFS

Computer Name: ANUJ | User Name: DAWSON | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe" = C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe:*:Enabled:Rise of Nations -- (Big Huge Games, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite
"{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{2B518DF9-4963-4AC7-9250-0EA6154D0AC6}" = Samsung PC Studio 5
"{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C89D9F0-1527-4B4F-8272-9943C630F326}_is1" = CyberDNC Pro 11.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{A06CA842-3EF2-4F21-85C8-007D402223D6}" = Samsung PC Studio 5
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CDE7F960-BE39-4F9A-A1FF-3799C72CB705}" = Samsung USB Installer
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"09DA5A1E4E89D27A472F4075BFB98DE53AFE5769" = Windows Driver Package - MobileTop (sshpusb) USB (12/06/2005 2.4.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows Driver Package - Nokia Modem (10/07/2010 4.6)
"6F20211A07D2A216859CBC3248BDE3B338E543E0" = Windows Driver Package - MobileTop (sshpmdm) Modem (12/06/2005 2.4.0)
"A106663FD3361BDFACB045D83EBA03858EB1E411" = Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"E5372C32E8562C76C24DBA6525002B1031495F34" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8)
"EXCEL" = Microsoft Office Excel 2007
"F2F24872454C7CAEAABD8BB063F70FBEFF01989D" = Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
"GameSpy Arcade" = GameSpy Arcade
"HASP4 Device Drivers" = HASP4 Device Drivers
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.2.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"OUTLOOK" = Microsoft Office Outlook 2007
"POWERPOINT" = Microsoft Office PowerPoint 2007
"PROSet" = Intel(R) PRO Network Connections Drivers
"QualNet" = QualNet Developer 5.0.2
"RealAlt_is1" = Real Alternative 2.0.2
"RiseOfNationsExpansion 1.0" = Rise of Nations
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Tata Photon+" = Tata Photon+
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"VLC media player" = VLC media player 1.1.11
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WORD" = Microsoft Office Word 2007
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"ZTEWireless-101_is1" = MBlaze UI

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/26/2011 9:27:48 PM | Computer Name = ANUJ | Source = Application Error | ID = 1000
Description = Faulting application aliiii.exe, version 0.0.0.0, faulting module 
unknown, version 0.0.0.0, fault address 0x8054b6ed.

Error - 9/27/2011 2:09:04 AM | Computer Name = ANUJ | Source = Application Error | ID = 1000
Description = Faulting application aliiii.exe, version 0.0.0.0, faulting module 
unknown, version 0.0.0.0, fault address 0x8054b6ed.

Error - 9/27/2011 2:09:04 AM | Computer Name = ANUJ | Source = Application Error | ID = 1000
Description = Faulting application aliiii.exe, version 0.0.0.0, faulting module 
unknown, version 0.0.0.0, fault address 0x8054b6ed.

Error - 9/27/2011 7:29:32 AM | Computer Name = ANUJ | Source = Application Error | ID = 1000
Description = Faulting application aliiii.exe, version 0.0.0.0, faulting module 
unknown, version 0.0.0.0, fault address 0x8054b6ed.

Error - 9/28/2011 9:37:25 AM | Computer Name = ANUJ | Source = Application Error | ID = 1000
Description = Faulting application aliiii.exe, version 0.0.0.0, faulting module 
unknown, version 0.0.0.0, fault address 0x8054b6ed.

Error - 9/28/2011 9:37:25 AM | Computer Name = ANUJ | Source = Application Error | ID = 1000
Description = Faulting application aliiii.exe, version 0.0.0.0, faulting module 
unknown, version 0.0.0.0, fault address 0x8054b6ed.

Error - 9/29/2011 8:59:27 AM | Computer Name = ANUJ | Source = Application Error | ID = 1000
Description = Faulting application aliiii.exe, version 0.0.0.0, faulting module 
unknown, version 0.0.0.0, fault address 0x8054b6ed.

Error - 9/29/2011 8:59:27 AM | Computer Name = ANUJ | Source = Application Error | ID = 1000
Description = Faulting application aliiii.exe, version 0.0.0.0, faulting module 
unknown, version 0.0.0.0, fault address 0x8054b6ed.

Error - 9/30/2011 12:33:59 AM | Computer Name = ANUJ | Source = Application Error | ID = 1000
Description = Faulting application aliiii.exe, version 0.0.0.0, faulting module 
unknown, version 0.0.0.0, fault address 0x8054b6ed.

Error - 9/30/2011 12:33:59 AM | Computer Name = ANUJ | Source = Application Error | ID = 1000
Description = Faulting application aliiii.exe, version 0.0.0.0, faulting module 
unknown, version 0.0.0.0, fault address 0x8054b6ed.

[ OSession Events ]
Error - 8/15/2011 1:57:27 PM | Computer Name = ANUJ | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7155
seconds with 420 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/24/2011 10:19:50 AM | Computer Name = ANUJ | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 00215C9FED0F has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10/25/2011 8:38:25 AM | Computer Name = ANUJ | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

Error - 10/26/2011 12:31:45 AM | Computer Name = ANUJ | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 00215C9FED0F has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10/26/2011 12:40:01 AM | Computer Name = ANUJ | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avast! Antivirus service.

Error - 10/29/2011 8:58:49 AM | Computer Name = ANUJ | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 10/29/2011 9:03:48 AM | Computer Name = ANUJ | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 00215C9FED0F has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10/31/2011 3:15:34 AM | Computer Name = ANUJ | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 00215C9FED0F has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10/31/2011 12:20:52 PM | Computer Name = ANUJ | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00215C9FED0F. The following
error occurred: %%1223. Your computer will continue to try and obtain an address 
on its own from the network address (DHCP) server.

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Is this the same computer:

http://forums.techguy.org/virus-other-malware-removal/1023925-windows-xp-taking-forever-start.html

If so, I'll merge the threads together, and Larusso will continue helping you. Also, please do not create duplicate threads for the same problems.

eddie


----------



## eddie5659 (Mar 19, 2001)

Okay, spoken to Larusso and we'll continue in this thread, but I'm closing the other one. I'll be back with my replies in a minute


----------



## eddie5659 (Mar 19, 2001)

*1 - Flash Drive Disinfector* 
Download *Flash_Disinfector.exe by sUBs* from *here* and save it to your desktop. 
 Double-click *Flash_Disinfector.exe* to run it and follow any prompts that may appear. 
 The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well. 
 Wait until it has finished scanning and then exit the program. 
 Reboot your computer when done.

*Note*: _Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection._ 

-------------

After doing that, can you run this tool

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop *


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

eddie


----------



## anujchopra (Mar 11, 2011)

ComboFix 11-11-04.04 - DAWSON 11/05/2011 19:23:53.1.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1306 [GMT 5.5:30]
Running from: c:\documents and settings\DAWSON\My Documents\Downloads\Programs\ComboFix_2.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\DAWSON\Application Data\IDM\idmmzcc3
c:\documents and settings\DAWSON\Application Data\IDM\idmmzcc3\chrome.manifest
c:\documents and settings\DAWSON\Application Data\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\documents and settings\DAWSON\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
c:\documents and settings\DAWSON\Application Data\IDM\idmmzcc3\components\iIDMMzCC.xpt
c:\documents and settings\DAWSON\Application Data\IDM\idmmzcc3\install.js
c:\documents and settings\DAWSON\Application Data\IDM\idmmzcc3\install.rdf
c:\documents and settings\DAWSON\Application Data\IDM\idmmzcc3\META-INF\manifest.mf
c:\documents and settings\DAWSON\Application Data\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\documents and settings\DAWSON\Application Data\IDM\idmmzcc3\META-INF\zigbert.sf
c:\documents and settings\DAWSON\My Documents\$AP53.tmp
c:\windows\Readme.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-10-05 to 2011-11-05 )))))))))))))))))))))))))))))))
.
.
2011-11-01 07:54 . 2011-11-01 07:54	--------	d-----w-	c:\documents and settings\DAWSON\Application Data\IDM
2011-11-01 07:54 . 2011-11-01 07:54	--------	d-----w-	c:\documents and settings\DAWSON\Application Data\DMCache
2011-11-01 07:54 . 2011-11-01 07:54	--------	d-----w-	c:\program files\Internet Download Manager
2011-10-31 15:42 . 2011-10-31 15:42	--------	d-----w-	c:\documents and settings\DAWSON\Application Data\SUPERAntiSpyware.com
2011-10-31 15:41 . 2011-10-31 15:41	--------	d-----w-	c:\program files\SUPERAntiSpyware
2011-10-31 15:41 . 2011-10-31 15:41	--------	d-----w-	c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-10-25 12:32 . 2011-10-25 12:32	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-25 12:22 . 2010-06-28 20:37	165456	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-10-25 12:22 . 2010-06-28 20:32	17744	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-10-25 12:22 . 2010-06-28 20:33	23376	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-10-25 12:22 . 2010-06-28 20:37	46672	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-10-25 12:22 . 2010-06-28 20:32	100176	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2011-10-25 12:22 . 2010-06-28 20:32	94544	----a-w-	c:\windows\system32\drivers\aswmon.sys
2011-10-25 12:22 . 2010-06-28 20:32	28880	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2011-10-25 12:22 . 2010-06-28 20:57	38848	----a-w-	c:\windows\avastSS.scr
2011-10-25 12:22 . 2010-06-28 20:57	165032	----a-w-	c:\windows\system32\aswBoot.exe
2011-10-25 12:22 . 2011-10-25 12:22	--------	d-----w-	c:\program files\Alwil Software
2011-10-25 12:22 . 2011-10-25 12:22	--------	d-----w-	c:\documents and settings\All Users\Application Data\Alwil Software
2011-10-25 08:39 . 2006-05-03 17:23	174592	----a-w-	c:\windows\system32\framedyn.dll
2011-10-25 08:38 . 2007-04-19 15:47	5632	----a-w-	c:\windows\system32\drivers\StarOpen.sys
2011-10-25 08:17 . 2007-07-03 11:30	9256	----a-w-	c:\windows\system32\drivers\sscdwhnt.sys
2011-10-25 08:17 . 2007-07-03 11:30	9256	----a-w-	c:\windows\system32\drivers\sscdwh.sys
2011-10-25 08:17 . 2007-07-03 11:28	106792	----a-w-	c:\windows\system32\drivers\sscdmdm.sys
2011-10-25 08:17 . 2007-07-03 11:27	11944	----a-w-	c:\windows\system32\drivers\sscdmdfl.sys
2011-10-25 08:17 . 2007-07-03 11:26	9256	----a-w-	c:\windows\system32\drivers\sscdcmnt.sys
2011-10-25 08:17 . 2007-07-03 11:26	9256	----a-w-	c:\windows\system32\drivers\sscdcm.sys
2011-10-25 08:17 . 2007-07-03 11:24	80552	----a-w-	c:\windows\system32\drivers\sscdbus.sys
2011-10-25 08:17 . 2011-10-25 08:17	--------	d-----w-	c:\windows\system32\Samsung_USB_Drivers
2011-10-25 07:59 . 2011-10-25 07:59	--------	d-----w-	c:\documents and settings\DAWSON\Application Data\Samsung
2011-10-25 07:58 . 2011-10-25 07:58	--------	d-----w-	c:\program files\MSXML 4.0
2011-10-25 07:58 . 2011-10-25 07:58	--------	d-----w-	c:\program files\Samsung
2011-10-23 05:38 . 2011-10-23 05:38	--------	d-----w-	c:\program files\Common Files\Java
2011-10-19 16:35 . 2011-10-19 16:35	4856	----a-w-	c:\windows\system32\drivers\D2672BE1.bin
2011-10-19 16:33 . 2011-10-19 16:33	259584	----a-w-	c:\windows\system32\drivers\XHASP.sys
2011-10-19 16:32 . 2005-07-28 02:48	685056	----a-w-	c:\windows\system32\drivers\hardlock.sys
2011-10-19 16:32 . 2011-10-19 16:32	6656	----a-w-	c:\windows\system32\haspvdd.dll
2011-10-19 16:32 . 2011-10-19 16:32	47616	----a-w-	c:\windows\system32\drivers\Haspnt.sys
2011-10-19 16:32 . 2011-10-19 16:32	383	----a-w-	c:\windows\system32\haspdos.sys
2011-10-19 16:32 . 2005-10-12 14:19	3063808	----a-w-	c:\windows\system32\hinstd.dll
2011-10-19 16:32 . 2005-09-28 08:54	2164411	----a-w-	c:\windows\system32\haspds_windows.dll
2011-10-19 16:32 . 2005-09-06 12:37	24576	----a-w-	c:\windows\system32\hdduinst.exe
2011-10-19 16:32 . 2001-09-28 13:30	164864	----a-w-	c:\windows\system32\UNWISE.EXE
2011-10-19 16:32 . 2011-10-19 16:32	--------	d-----w-	c:\program files\CyberDNC Pro 11.2
2011-10-19 03:22 . 2011-10-19 03:22	--------	d-----w-	c:\documents and settings\DAWSON\.qualnetUserDir
2011-10-19 03:19 . 2011-10-19 03:19	--------	d-----w-	C:\snt
2011-10-15 17:15 . 2005-03-18 11:18	86016	----a-w-	c:\windows\system32\ZSPOOL.DLL
2011-10-15 17:15 . 2005-03-18 11:18	24576	----a-w-	c:\windows\system32\ZTAG32.DLL
2011-10-15 17:15 . 2010-12-20 12:32	397312	----a-w-	c:\windows\system32\ZSHP1020.EXE
2011-10-15 17:15 . 2005-03-18 11:18	86016	----a-w-	c:\windows\system32\ZLhp1020.DLL
2011-10-15 17:15 . 2005-03-18 11:18	28672	----a-w-	c:\windows\system32\ZLM.DLL
2011-10-15 17:15 . 2005-03-18 11:18	106496	----a-w-	c:\windows\system32\VSHP1020.DLL
2011-10-15 17:15 . 2005-03-18 11:18	49152	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\IMFPRINT.DLL
2011-10-15 17:15 . 2005-03-18 11:18	28672	----a-w-	c:\windows\system32\IMF32.DLL
2011-10-15 16:53 . 2008-04-13 18:47	25856	----a-w-	c:\windows\system32\drivers\usbprint.sys
2011-10-15 16:53 . 2008-04-13 18:47	25856	----a-w-	c:\windows\system32\dllcache\usbprint.sys
2011-10-09 15:56 . 2011-10-09 15:56	--------	d-----w-	c:\documents and settings\DAWSON\Application Data\Malwarebytes
2011-10-09 15:56 . 2011-10-09 15:56	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-09 15:56 . 2011-08-31 11:30	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-10-09 15:56 . 2011-10-09 15:56	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-25 12:32 . 2008-08-21 09:39	93184	----a-w-	c:\windows\sysprep.exe
2011-10-25 12:32 . 2008-08-21 09:39	544768	----a-w-	c:\windows\setupmgr.exe
2011-10-25 12:32 . 2008-08-21 09:39	136192	----a-w-	c:\windows\factory.exe
2011-10-25 12:32 . 2008-08-21 09:32	2965504	----a-w-	c:\windows\system32\protected.exe
2011-10-02 23:36 . 2011-07-20 18:50	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-10-02 21:07 . 2011-07-20 18:50	73728	----a-w-	c:\windows\system32\javacpl.cpl
2011-08-08 16:38 . 2011-08-08 16:38	0	----a-w-	c:\windows\system32\ConduitEngine.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-09-09 3118512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-22 137752]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"Shell"= explorer.exe,c:\documents and settings\DAWSON\Application Data\Aliiii.exe
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54	551296	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-13 20:42	483328	----a-w-	c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-07-15 17:31	136176	----a-w-	c:\documents and settings\DAWSON\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 11:30	449608	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2011-07-21 08:31	966712	----a-w-	c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-12-21 06:23	1483264	----a-w-	c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 07:36	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-10-17 17:18	4615552	----a-w-	c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\DAWSON\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/25/2011 5:52 PM 165456]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:57 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/13/2011 3:25 AM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/12/2011 5:08 AM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/25/2011 5:52 PM 17744]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/9/2011 9:26 PM 366152]
R2 XHASP;XHASP;c:\windows\system32\drivers\XHASP.sys [10/19/2011 10:03 PM 259584]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/9/2011 9:26 PM 22216]
S2 UDisk Monitor;UDisk Monitor;c:\program files\MBlaze UI\bin\MonServiceUDisk.exe [7/16/2011 5:36 PM 512000]
S3 80BE45A7;80BE45A7;c:\windows\system32\80BE45A7.exe --> c:\windows\system32\80BE45A7.exe [?]
S3 D089877D;D089877D;c:\windows\system32\D089877D.exe --> c:\windows\system32\D089877D.exe [?]
S3 FtFilter;FtFilter;\??\c:\windows\system32\SfFilter.sys --> c:\windows\system32\SfFilter.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [10/5/2011 8:21 AM 100736]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [7/16/2011 5:36 PM 104704]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1773885956-1800692235-1590129524-1006Core1cc94c43fda087a.job
- c:\documents and settings\DAWSON\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-15 17:31]
.
.
------- Supplementary Scan -------
.
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\windows\system32\idmmbc.dll
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Aliiii - c:\documents and settings\DAWSON\Application Data\Aliiii.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-05 19:27
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(720)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'lsass.exe'(780)
c:\windows\system32\idmmbc.dll
.
Completion time: 2011-11-05 19:28:12
ComboFix-quarantined-files.txt 2011-11-05 13:58
.
Pre-Run: 8,147,206,144 bytes free
Post-Run: 9,374,105,600 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 4DAE079091A24F1BFB3D0B8192F8CFDB


----------



## eddie5659 (Mar 19, 2001)

Can you also run this and I'll create a fix tonight:

Download *OTS* to your Desktop and double-click on it to run it 

Make sure you close all other programs and *don't* use the PC while the scan runs. 
Now click the *Run Scan* button on the toolbar. Make sure not to use the PC while the program is running or it will freeze. 
When the scan is complete Notepad will open with the report file loaded in it. 
Click the *Format* menu and make sure that *Wordwrap* is not checked. If it is then click on it to uncheck it. 
Use the Add Reply button and post the information back here in an *attachment*. I will review it when it comes in. The last line is *< End of Report >*, so make sure that is the last line in the attached report.

*Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way*


----------



## eddie5659 (Mar 19, 2001)

Can you also run this fix:

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [Aliiii] C:\Documents and Settings\DAWSON\Application Data\Aliiii.exe File not found
O33 - MountPoints2\{1e80caa2-afa0-11e0-be24-00215c9fed0f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\Aliiii.exe
O33 - MountPoints2\{1e80caa2-afa0-11e0-be24-00215c9fed0f}\Shell\explore\command - "" = F:\RECYCLER\Aliiii.exe
O33 - MountPoints2\{1e80caa2-afa0-11e0-be24-00215c9fed0f}\Shell\open\command - "" = F:\RECYCLER\Aliiii.exe
O33 - MountPoints2\{291b1088-ef33-11e0-bece-002186e97f0c}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL 
O33 - MountPoints2\{291b1088-ef33-11e0-bece-002186e97f0c}\Shell\explore\command - "" = F:\RECYCLER\Aliiii.exe
O33 - MountPoints2\{431ce102-f0d5-11e0-bed2-002186e97f0c}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL 
O33 - MountPoints2\{431ce102-f0d5-11e0-bed2-002186e97f0c}\Shell\explore\command - "" = F:\RECYCLER\Aliiii.exe
O33 - MountPoints2\{431ce102-f0d5-11e0-bed2-002186e97f0c}\Shell\open\command - "" = F:\RECYCLER\Aliiii.exe
O33 - MountPoints2\{5fa7e4b9-b15b-11e0-be30-00215c9fed0f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\Aliiii.exe
O33 - MountPoints2\{5fa7e4b9-b15b-11e0-be30-00215c9fed0f}\Shell\explore\command - "" = F:\RECYCLER\Aliiii.exe
O33 - MountPoints2\{5fa7e4b9-b15b-11e0-be30-00215c9fed0f}\Shell\open\command - "" = F:\RECYCLER\Aliiii.exe
O33 - MountPoints2\{639c2b6c-aeff-11e0-be1b-cb9709654cd3}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\Odrorc.exe
O33 - MountPoints2\{639c2b6c-aeff-11e0-be1b-cb9709654cd3}\Shell\explore\command - "" = F:\RECYCLER\Odrorc.exe
O33 - MountPoints2\{639c2b6c-aeff-11e0-be1b-cb9709654cd3}\Shell\open\command - "" = F:\RECYCLER\Odrorc.exe
O33 - MountPoints2\{b83826ce-fb96-11e0-beec-002186e97f0c}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\Aliiii.exe
O33 - MountPoints2\{b83826ce-fb96-11e0-beec-002186e97f0c}\Shell\explore\command - "" = F:\RECYCLER\Aliiii.exe
O33 - MountPoints2\{b83826ce-fb96-11e0-beec-002186e97f0c}\Shell\open\command - "" = F:\RECYCLER\Aliiii.exe
O33 - MountPoints2\{ebc29886-b60d-11e0-be3e-002186e97f0c}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\Aliiii.exe
O33 - MountPoints2\{ebc29886-b60d-11e0-be3e-002186e97f0c}\Shell\explore\command - "" = F:\RECYCLER\Aliiii.exe
O33 - MountPoints2\{ebc29886-b60d-11e0-be3e-002186e97f0c}\Shell\open\command - "" = F:\RECYCLER\Aliiii.exe
O33 - MountPoints2\{fe8c967f-c7ca-11e0-be68-002186e97f0c}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\Aliiii.exe
O33 - MountPoints2\{fe8c967f-c7ca-11e0-be68-002186e97f0c}\Shell\explore\command - "" = G:\RECYCLER\Aliiii.exe
O33 - MountPoints2\{fe8c967f-c7ca-11e0-be68-002186e97f0c}\Shell\open\command - "" = G:\RECYCLER\Aliiii.exe
O33 - MountPoints2\{fe8c968c-c7ca-11e0-be68-002186e97f0c}\Shell\AutoRun\command - "" = F:\Dp_Inst.exe /AutoRun
O33 - MountPoints2\{fe8c968d-c7ca-11e0-be68-002186e97f0c}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\Aliiii.exe
O33 - MountPoints2\{fe8c968d-c7ca-11e0-be68-002186e97f0c}\Shell\explore\command - "" = G:\RECYCLER\Aliiii.exe
O33 - MountPoints2\{fe8c968d-c7ca-11e0-be68-002186e97f0c}\Shell\open\command - "" = G:\RECYCLER\Aliiii.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\DAWSON\My Documents\*.tmp files -> C:\Documents and Settings\DAWSON\My Documents\*.tmp -> ]
:Files
ipconfig /flushdns /c 
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply

eddie


----------



## anujchopra (Mar 11, 2011)

The OTS log. attached


----------



## anujchopra (Mar 11, 2011)

custom scan report:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files\uTorrentBar\prxtbuTo0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files\uTorrentBar\prxtbuTo0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files\uTorrentBar\prxtbuTo0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
File C:\Program Files\uTorrentBar\prxtbuTo0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Aliiii not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e80caa2-afa0-11e0-be24-00215c9fed0f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e80caa2-afa0-11e0-be24-00215c9fed0f}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\Aliiii.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e80caa2-afa0-11e0-be24-00215c9fed0f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e80caa2-afa0-11e0-be24-00215c9fed0f}\ not found.
File F:\RECYCLER\Aliiii.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e80caa2-afa0-11e0-be24-00215c9fed0f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e80caa2-afa0-11e0-be24-00215c9fed0f}\ not found.
File F:\RECYCLER\Aliiii.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{291b1088-ef33-11e0-bece-002186e97f0c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{291b1088-ef33-11e0-bece-002186e97f0c}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{291b1088-ef33-11e0-bece-002186e97f0c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{291b1088-ef33-11e0-bece-002186e97f0c}\ not found.
File F:\RECYCLER\Aliiii.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{431ce102-f0d5-11e0-bed2-002186e97f0c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{431ce102-f0d5-11e0-bed2-002186e97f0c}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{431ce102-f0d5-11e0-bed2-002186e97f0c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{431ce102-f0d5-11e0-bed2-002186e97f0c}\ not found.
File F:\RECYCLER\Aliiii.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{431ce102-f0d5-11e0-bed2-002186e97f0c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{431ce102-f0d5-11e0-bed2-002186e97f0c}\ not found.
File F:\RECYCLER\Aliiii.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5fa7e4b9-b15b-11e0-be30-00215c9fed0f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5fa7e4b9-b15b-11e0-be30-00215c9fed0f}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\Aliiii.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5fa7e4b9-b15b-11e0-be30-00215c9fed0f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5fa7e4b9-b15b-11e0-be30-00215c9fed0f}\ not found.
File F:\RECYCLER\Aliiii.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5fa7e4b9-b15b-11e0-be30-00215c9fed0f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5fa7e4b9-b15b-11e0-be30-00215c9fed0f}\ not found.
File F:\RECYCLER\Aliiii.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{639c2b6c-aeff-11e0-be1b-cb9709654cd3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{639c2b6c-aeff-11e0-be1b-cb9709654cd3}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\Odrorc.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{639c2b6c-aeff-11e0-be1b-cb9709654cd3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{639c2b6c-aeff-11e0-be1b-cb9709654cd3}\ not found.
File F:\RECYCLER\Odrorc.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{639c2b6c-aeff-11e0-be1b-cb9709654cd3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{639c2b6c-aeff-11e0-be1b-cb9709654cd3}\ not found.
File F:\RECYCLER\Odrorc.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b83826ce-fb96-11e0-beec-002186e97f0c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b83826ce-fb96-11e0-beec-002186e97f0c}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\Aliiii.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b83826ce-fb96-11e0-beec-002186e97f0c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b83826ce-fb96-11e0-beec-002186e97f0c}\ not found.
File F:\RECYCLER\Aliiii.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b83826ce-fb96-11e0-beec-002186e97f0c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b83826ce-fb96-11e0-beec-002186e97f0c}\ not found.
File F:\RECYCLER\Aliiii.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebc29886-b60d-11e0-be3e-002186e97f0c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebc29886-b60d-11e0-be3e-002186e97f0c}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\Aliiii.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebc29886-b60d-11e0-be3e-002186e97f0c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebc29886-b60d-11e0-be3e-002186e97f0c}\ not found.
File F:\RECYCLER\Aliiii.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebc29886-b60d-11e0-be3e-002186e97f0c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebc29886-b60d-11e0-be3e-002186e97f0c}\ not found.
File F:\RECYCLER\Aliiii.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe8c967f-c7ca-11e0-be68-002186e97f0c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe8c967f-c7ca-11e0-be68-002186e97f0c}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\Aliiii.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe8c967f-c7ca-11e0-be68-002186e97f0c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe8c967f-c7ca-11e0-be68-002186e97f0c}\ not found.
File G:\RECYCLER\Aliiii.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe8c967f-c7ca-11e0-be68-002186e97f0c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe8c967f-c7ca-11e0-be68-002186e97f0c}\ not found.
File G:\RECYCLER\Aliiii.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe8c968c-c7ca-11e0-be68-002186e97f0c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe8c968c-c7ca-11e0-be68-002186e97f0c}\ not found.
File F:\Dp_Inst.exe /AutoRun not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe8c968d-c7ca-11e0-be68-002186e97f0c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe8c968d-c7ca-11e0-be68-002186e97f0c}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\Aliiii.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe8c968d-c7ca-11e0-be68-002186e97f0c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe8c968d-c7ca-11e0-be68-002186e97f0c}\ not found.
File G:\RECYCLER\Aliiii.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe8c968d-c7ca-11e0-be68-002186e97f0c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe8c968d-c7ca-11e0-be68-002186e97f0c}\ not found.
File G:\RECYCLER\Aliiii.exe not found.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\ConduitEngine.tmp deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
D:\Anuj\Software\cmd.bat deleted successfully.
D:\Anuj\Software\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: DAWSON
->Temp folder emptied: 260734 bytes
->Temporary Internet Files folder emptied: 18401322 bytes
->Java cache emptied: 461647 bytes
->Google Chrome cache emptied: 123462001 bytes
->Flash cache emptied: 1711 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 136.00 mb

[EMPTYFLASH]

User: Default User

User: All Users

User: NetworkService

User: LocalService

User: DAWSON
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 11092011_184552

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...


----------



## eddie5659 (Mar 19, 2001)

Download the latest version of TDSSKiller from *here* and save it to your Desktop.


Doubleclick on *TDSSKiller.exe* to run the application, then click on *Change parameters*.










Check the boxes beside *Verify Driver Digital Signature and Detect TDLFS* file system, then click OK.










Click the *Start Scan* button.










If a suspicious object is detected, the default action will be *Skip*, click on *Continue*.










If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure *Cure* is selected, then click *Continue* => *Reboot now* to finish the cleaning process.










Note: *If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.*

A report will be created in your root directory, (usually C:\ folder) in the form of *"TDSSKiller.[Version]_[Date]_[Time]_log.txt"*. Please copy and paste its contents on your next reply


----------



## anujchopra (Mar 11, 2011)

whenever i put in the removable media, i get those shortcuts, does that mean the problem is in my system or in the pen drive or any other such removable media?


----------



## eddie5659 (Mar 19, 2001)

Did you run the Flash Drive Disinfector that I posted in this thread:

http://forums.techguy.org/8135965-post17.html

You also have some files/folders on your actual computer that need to be looked at, and removed.


----------



## anujchopra (Mar 11, 2011)

sorry for my carelessness.
i did run it but i did it without my portable media inserted... should i repeat the process with the removable device attached?


----------



## eddie5659 (Mar 19, 2001)

Are you talking about the Flash Disinfector? If so, yes, please insert the devices and try it again 

Then, run TDSSKiller on the main computer.


----------



## anujchopra (Mar 11, 2011)

22:17:39.0875 1624	TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
22:17:41.0531 1624	============================================================
22:17:41.0531 1624	Current date / time: 2011/11/16 22:17:41.0531
22:17:41.0531 1624	SystemInfo:
22:17:41.0531 1624	
22:17:41.0531 1624	OS Version: 5.1.2600 ServicePack: 3.0
22:17:41.0531 1624	Product type: Workstation
22:17:41.0531 1624	ComputerName: ANUJ
22:17:41.0531 1624	UserName: DAWSON
22:17:41.0531 1624	Windows directory: C:\WINDOWS
22:17:41.0531 1624	System windows directory: C:\WINDOWS
22:17:41.0531 1624	Processor architecture: Intel x86
22:17:41.0531 1624	Number of processors: 2
22:17:41.0531 1624	Page size: 0x1000
22:17:41.0531 1624	Boot type: Normal boot
22:17:41.0531 1624	============================================================
22:17:42.0781 1624	Initialize success
22:17:55.0093 3032	============================================================
22:17:55.0093 3032	Scan started
22:17:55.0093 3032	Mode: Manual; SigCheck; TDLFS; 
22:17:55.0093 3032	============================================================
22:17:55.0953 3032	Aavmker4 (467f062f76e07512ecc1f5f60aab2988) C:\WINDOWS\system32\drivers\Aavmker4.sys
22:17:56.0078 3032	Aavmker4 - ok
22:17:56.0234 3032	Abiosdsk - ok
22:17:56.0390 3032	abp480n5 - ok
22:17:56.0515 3032	ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:17:56.0609 3032	ACPI - ok
22:17:56.0640 3032	ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:17:56.0750 3032	ACPIEC - ok
22:17:56.0875 3032	ADIHdAudAddService (dfc0162928bfa584b5e5c0cc4a07dfd1) C:\WINDOWS\system32\drivers\ADIHdAud.sys
22:17:56.0890 3032	ADIHdAudAddService - ok
22:17:57.0046 3032	adpu160m - ok
22:17:57.0171 3032	AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
22:17:57.0187 3032	AEAudio - ok
22:17:57.0328 3032	aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:17:57.0437 3032	aec - ok
22:17:57.0515 3032	AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
22:17:57.0625 3032	AFD - ok
22:17:57.0781 3032	Aha154x - ok
22:17:57.0937 3032	aic78u2 - ok
22:17:58.0093 3032	aic78xx - ok
22:17:58.0265 3032	AliIde - ok
22:17:58.0421 3032	amsint - ok
22:17:58.0593 3032	asc - ok
22:17:58.0750 3032	asc3350p - ok
22:17:58.0906 3032	asc3550 - ok
22:17:59.0078 3032	aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\WINDOWS\system32\drivers\aswFsBlk.sys
22:17:59.0093 3032	aswFsBlk - ok
22:17:59.0250 3032	aswMon2 (aa504fa592c9ed79174cb06b8ae340aa) C:\WINDOWS\system32\drivers\aswMon2.sys
22:17:59.0250 3032	aswMon2 - ok
22:17:59.0406 3032	aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\WINDOWS\system32\drivers\aswRdr.sys
22:17:59.0421 3032	aswRdr - ok
22:17:59.0578 3032	aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\WINDOWS\system32\drivers\aswSP.sys
22:17:59.0578 3032	aswSP - ok
22:17:59.0953 3032	aswTdi (c4ee975c87176f1900662d2874233c7f) C:\WINDOWS\system32\drivers\aswTdi.sys
22:18:00.0062 3032	aswTdi - ok
22:18:00.0140 3032	AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:18:00.0250 3032	AsyncMac - ok
22:18:00.0375 3032	atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:18:00.0500 3032	atapi - ok
22:18:00.0656 3032	Atdisk - ok
22:18:00.0718 3032	Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:18:00.0828 3032	Atmarpc - ok
22:18:00.0937 3032	audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:18:01.0046 3032	audstub - ok
22:18:01.0062 3032	Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:18:01.0187 3032	Beep - ok
22:18:01.0359 3032	btaudio (3aa4bf555c00c5b87fd48dd7bdbd4e97) C:\WINDOWS\system32\drivers\btaudio.sys
22:18:01.0406 3032	btaudio - ok
22:18:01.0562 3032	BTDriver (07f0a66cfa550b13ad0674ae09e3cba0) C:\WINDOWS\system32\DRIVERS\btport.sys
22:18:01.0593 3032	BTDriver - ok
22:18:01.0765 3032	BTKRNL (ba57f31eab93dc597d772f6f5b9ed54f) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
22:18:01.0859 3032	BTKRNL - ok
22:18:02.0000 3032	BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
22:18:02.0015 3032	BTWDNDIS - ok
22:18:02.0171 3032	btwmodem (e206ec370646e42dc862fd995869d31d) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
22:18:02.0187 3032	btwmodem - ok
22:18:02.0328 3032	BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
22:18:02.0359 3032	BTWUSB - ok
22:18:02.0453 3032	catchme - ok
22:18:02.0484 3032	cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:18:02.0609 3032	cbidf2k - ok
22:18:02.0781 3032	cd20xrnt - ok
22:18:02.0796 3032	Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:18:02.0906 3032	Cdaudio - ok
22:18:03.0000 3032	Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:18:03.0109 3032	Cdfs - ok
22:18:03.0171 3032	Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:18:03.0281 3032	Cdrom - ok
22:18:03.0437 3032	Changer - ok
22:18:03.0546 3032	CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:18:03.0671 3032	CmBatt - ok
22:18:03.0828 3032	CmdIde - ok
22:18:03.0937 3032	Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:18:04.0046 3032	Compbatt - ok
22:18:04.0203 3032	Cpqarray - ok
22:18:04.0375 3032	dac2w2k - ok
22:18:04.0531 3032	dac960nt - ok
22:18:04.0578 3032	Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:18:04.0671 3032	Disk - ok
22:18:04.0781 3032	dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:18:04.0937 3032	dmboot - ok
22:18:04.0984 3032	dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:18:05.0078 3032	dmio - ok
22:18:05.0093 3032	dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:18:05.0203 3032	dmload - ok
22:18:05.0359 3032	DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:18:05.0468 3032	DMusic - ok
22:18:05.0625 3032	dpti2o - ok
22:18:05.0750 3032	drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:18:05.0859 3032	drmkaud - ok
22:18:06.0015 3032	e1express (ed91f1042071a36f54e7c430e130e4cd) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
22:18:06.0015 3032	e1express - ok
22:18:06.0093 3032	Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:18:06.0203 3032	Fastfat - ok
22:18:06.0250 3032	Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:18:06.0359 3032	Fdc - ok
22:18:06.0421 3032	Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:18:06.0546 3032	Fips - ok
22:18:06.0593 3032	Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:18:06.0703 3032	Flpydisk - ok
22:18:06.0828 3032	FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:18:06.0937 3032	FltMgr - ok
22:18:06.0953 3032	Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:18:07.0062 3032	Fs_Rec - ok
22:18:07.0218 3032	FTDIBUS (47b9cf937ac479046da289bd5a769ce9) C:\WINDOWS\system32\drivers\ftdibus.sys
22:18:07.0218 3032	FTDIBUS - ok
22:18:07.0250 3032	Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:18:07.0375 3032	Ftdisk - ok
22:18:08.0718 3032	FtFilter - ok
22:18:08.0859 3032	FTSER2K (216b9a2191676034999785c7f94fa5d6) C:\WINDOWS\system32\drivers\ftser2k.sys
22:18:08.0859 3032	FTSER2K - ok
22:18:08.0937 3032	Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:18:09.0046 3032	Gpc - ok
22:18:09.0265 3032	Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\WINDOWS\system32\drivers\hardlock.sys
22:18:09.0328 3032	Hardlock - ok
22:18:09.0500 3032	Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
22:18:09.0500 3032	Haspnt ( UnsignedFile.Multi.Generic ) - warning
22:18:09.0500 3032	Haspnt - detected UnsignedFile.Multi.Generic (1)
22:18:09.0593 3032	HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:18:09.0703 3032	HDAudBus - ok
22:18:10.0062 3032	HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:18:10.0171 3032	HidUsb - ok
22:18:10.0328 3032	hpn - ok
22:18:10.0437 3032	HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
22:18:10.0562 3032	HTTP - ok
22:18:10.0718 3032	hwdatacard (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
22:18:10.0750 3032	hwdatacard - ok
22:18:10.0890 3032	hwusbdev (922065957563d851b5a68b95aadac6ad) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys
22:18:10.0906 3032	hwusbdev - ok
22:18:11.0078 3032	i2omgmt - ok
22:18:11.0234 3032	i2omp - ok
22:18:11.0343 3032	i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:18:11.0437 3032	i8042prt - ok
22:18:11.0781 3032	ialm (cd32607f1cc8ac67224334ae123f7b98) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
22:18:12.0234 3032	ialm - ok
22:18:12.0296 3032	Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:18:12.0421 3032	Imapi - ok
22:18:12.0578 3032	ini910u - ok
22:18:12.0750 3032	IntelIde - ok
22:18:12.0828 3032	intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:18:12.0937 3032	intelppm - ok
22:18:13.0031 3032	Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:18:13.0125 3032	Ip6Fw - ok
22:18:13.0156 3032	IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:18:13.0281 3032	IpFilterDriver - ok
22:18:13.0359 3032	IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:18:13.0468 3032	IpInIp - ok
22:18:13.0546 3032	IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:18:13.0671 3032	IpNat - ok
22:18:13.0750 3032	IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:18:13.0859 3032	IPSec - ok
22:18:13.0968 3032	IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:18:14.0031 3032	IRENUM - ok
22:18:14.0156 3032	isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:18:14.0281 3032	isapnp - ok
22:18:14.0375 3032	Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:18:14.0468 3032	Kbdclass - ok
22:18:14.0625 3032	kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:18:14.0718 3032	kmixer - ok
22:18:14.0765 3032	KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
22:18:14.0875 3032	KSecDD - ok
22:18:15.0031 3032	lbrtfdc - ok
22:18:15.0187 3032	MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
22:18:15.0203 3032	MBAMProtector - ok
22:18:15.0250 3032	mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:18:15.0343 3032	mnmdd - ok
22:18:15.0406 3032	Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:18:15.0515 3032	Modem - ok
22:18:15.0609 3032	Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:18:15.0703 3032	Mouclass - ok
22:18:15.0828 3032	mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:18:15.0937 3032	mouhid - ok
22:18:15.0968 3032	MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:18:16.0078 3032	MountMgr - ok
22:18:16.0218 3032	mraid35x - ok
22:18:16.0281 3032	MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:18:16.0390 3032	MRxDAV - ok
22:18:16.0453 3032	MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:18:16.0578 3032	MRxSmb - ok
22:18:16.0625 3032	Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:18:16.0734 3032	Msfs - ok
22:18:16.0890 3032	MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:18:17.0015 3032	MSKSSRV - ok
22:18:17.0171 3032	MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:18:17.0281 3032	MSPCLOCK - ok
22:18:17.0421 3032	MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:18:17.0531 3032	MSPQM - ok
22:18:17.0640 3032	mssmbios  (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:18:17.0750 3032	mssmbios - ok
22:18:17.0781 3032	Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
22:18:17.0890 3032	Mup - ok
22:18:17.0984 3032	NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:18:18.0109 3032	NDIS - ok
22:18:18.0187 3032	NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:18:18.0296 3032	NdisTapi - ok
22:18:18.0390 3032	Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:18:18.0484 3032	Ndisuio - ok
22:18:18.0531 3032	NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:18:18.0625 3032	NdisWan - ok
22:18:18.0734 3032	NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
22:18:18.0828 3032	NDProxy - ok
22:18:18.0906 3032	NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:18:19.0015 3032	NetBIOS - ok
22:18:19.0109 3032	NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:18:19.0234 3032	NetBT - ok
22:18:19.0546 3032	NETw5x32 (0888844230083ce3b47395102bca8207) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
22:18:20.0343 3032	NETw5x32 - ok
22:18:20.0500 3032	nmwcd (cfe3462a9e94a57dcd9676f6b7fe7f67) C:\WINDOWS\system32\drivers\ccdcmb.sys
22:18:20.0625 3032	nmwcd - ok
22:18:20.0781 3032	nmwcdc (8f2a94f991f8c73cec26b4b5620d1edc) C:\WINDOWS\system32\drivers\ccdcmbo.sys
22:18:20.0859 3032	nmwcdc - ok
22:18:20.0906 3032	Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:18:21.0000 3032	Npfs - ok
22:18:21.0125 3032	Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:18:21.0234 3032	Ntfs - ok
22:18:21.0265 3032	Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:18:21.0390 3032	Null - ok
22:18:21.0421 3032	NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:18:21.0515 3032	NwlnkFlt - ok
22:18:21.0546 3032	NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:18:21.0640 3032	NwlnkFwd - ok
22:18:21.0734 3032	Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:18:21.0828 3032	Parport - ok
22:18:21.0875 3032	PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:18:21.0968 3032	PartMgr - ok
22:18:22.0000 3032	ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:18:22.0125 3032	ParVdm - ok
22:18:22.0265 3032	pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
22:18:22.0312 3032	pccsmcfd - ok
22:18:22.0421 3032	PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:18:22.0531 3032	PCI - ok
22:18:22.0687 3032	PCIDump - ok
22:18:22.0796 3032	PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:18:22.0890 3032	PCIIde - ok
22:18:22.0984 3032	Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:18:23.0093 3032	Pcmcia - ok
22:18:23.0250 3032	PDCOMP - ok
22:18:23.0406 3032	PDFRAME - ok
22:18:23.0578 3032	PDRELI - ok
22:18:23.0734 3032	PDRFRAME - ok
22:18:23.0890 3032	perc2 - ok
22:18:24.0046 3032	perc2hib - ok
22:18:24.0125 3032	PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:18:24.0234 3032	PptpMiniport - ok
22:18:24.0296 3032	PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:18:24.0406 3032	PSched - ok
22:18:24.0421 3032	Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:18:24.0531 3032	Ptilink - ok
22:18:24.0687 3032	ql1080 - ok
22:18:24.0859 3032	Ql10wnt - ok
22:18:25.0015 3032	ql12160 - ok
22:18:25.0171 3032	ql1240 - ok
22:18:25.0328 3032	ql1280 - ok
22:18:25.0359 3032	RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:18:25.0453 3032	RasAcd - ok
22:18:25.0515 3032	Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:18:25.0625 3032	Rasl2tp - ok
22:18:25.0671 3032	RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:18:25.0781 3032	RasPppoe - ok
22:18:25.0796 3032	Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:18:25.0890 3032	Raspti - ok
22:18:25.0953 3032	Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:18:26.0078 3032	Rdbss - ok
22:18:26.0109 3032	RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:18:26.0203 3032	RDPCDD - ok
22:18:26.0312 3032	rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:18:26.0421 3032	rdpdr - ok
22:18:26.0546 3032	RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
22:18:26.0640 3032	RDPWD - ok
22:18:26.0812 3032	redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:18:26.0906 3032	redbook - ok
22:18:26.0937 3032	ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
22:18:27.0031 3032	ROOTMODEM - ok
22:18:27.0218 3032	RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
22:18:27.0234 3032	RsFx0103 - ok
22:18:27.0359 3032	SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:18:27.0375 3032	SASDIFSV - ok
22:18:27.0437 3032	SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:18:27.0437 3032	SASKUTIL - ok
22:18:27.0546 3032	Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:18:27.0593 3032	Secdrv - ok
22:18:27.0687 3032	serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:18:27.0796 3032	serenum - ok
22:18:27.0843 3032	Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:18:27.0937 3032	Serial - ok
22:18:28.0031 3032	Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
22:18:28.0140 3032	Sfloppy - ok
22:18:28.0296 3032	Simbad - ok
22:18:28.0453 3032	Sparrow - ok
22:18:28.0609 3032	splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:18:28.0703 3032	splitter - ok
22:18:28.0828 3032	sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:18:28.0875 3032	sr - ok
22:18:28.0953 3032	Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
22:18:29.0078 3032	Srv - ok
22:18:29.0234 3032	sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
22:18:29.0265 3032	sscdbus - ok
22:18:29.0421 3032	sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
22:18:29.0453 3032	sscdmdfl - ok
22:18:29.0625 3032	sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
22:18:29.0640 3032	sscdmdm - ok
22:18:30.0000 3032	StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
22:18:30.0000 3032	StarOpen ( UnsignedFile.Multi.Generic ) - warning
22:18:30.0000 3032	StarOpen - detected UnsignedFile.Multi.Generic (1)
22:18:30.0078 3032	swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:18:30.0171 3032	swenum - ok
22:18:30.0312 3032	swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:18:30.0406 3032	swmidi - ok
22:18:30.0562 3032	symc810 - ok
22:18:30.0718 3032	symc8xx - ok
22:18:30.0875 3032	sym_hi - ok
22:18:31.0031 3032	sym_u3 - ok
22:18:31.0171 3032	sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:18:31.0265 3032	sysaudio - ok
22:18:31.0359 3032	Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:18:31.0484 3032	Tcpip - ok
22:18:31.0578 3032	TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:18:31.0687 3032	TDPIPE - ok
22:18:31.0796 3032	TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:18:31.0906 3032	TDTCP - ok
22:18:32.0015 3032	TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:18:32.0109 3032	TermDD - ok
22:18:32.0281 3032	TosIde - ok
22:18:32.0390 3032	Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:18:32.0484 3032	Udfs - ok
22:18:32.0640 3032	ultra - ok
22:18:32.0734 3032	Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:18:32.0859 3032	Update - ok
22:18:33.0046 3032	upperdev (ec01da44b090d2651fc032c8b9257232) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
22:18:33.0109 3032	upperdev - ok
22:18:33.0265 3032	usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:18:33.0359 3032	usbccgp - ok
22:18:33.0484 3032	usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:18:33.0593 3032	usbehci - ok
22:18:33.0718 3032	usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:18:33.0812 3032	usbhub - ok
22:18:33.0984 3032	usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:18:34.0093 3032	usbprint - ok
22:18:34.0328 3032	usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
22:18:34.0421 3032	usbser - ok
22:18:34.0562 3032	UsbserFilt (4abd37cfbd710e64f01f9da8710c73f7) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
22:18:34.0640 3032	UsbserFilt - ok
22:18:34.0765 3032	USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:18:34.0890 3032	USBSTOR - ok
22:18:35.0031 3032	usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:18:35.0125 3032	usbuhci - ok
22:18:35.0187 3032	VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:18:35.0281 3032	VgaSave - ok
22:18:35.0437 3032	ViaIde - ok
22:18:35.0500 3032	VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:18:35.0609 3032	VolSnap - ok
22:18:35.0703 3032	Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:18:35.0781 3032	Wanarp - ok
22:18:35.0968 3032	Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
22:18:35.0984 3032	Wdf01000 - ok
22:18:36.0140 3032	WDICA - ok
22:18:36.0296 3032	wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:18:36.0390 3032	wdmaud - ok
22:18:36.0515 3032	WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:18:36.0609 3032	WmiAcpi - ok
22:18:36.0750 3032	WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:18:36.0796 3032	WpdUsb - ok
22:18:36.0843 3032	WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:18:36.0953 3032	WS2IFSL - ok
22:18:37.0093 3032	WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:18:37.0125 3032	WudfPf - ok
22:18:37.0281 3032	WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:18:37.0312 3032	WudfRd - ok
22:18:37.0484 3032	XHASP (e22df15af05e35a8263d03e6b375090a) c:\windows\system32\drivers\XHASP.sys
22:18:37.0500 3032	XHASP ( UnsignedFile.Multi.Generic ) - warning
22:18:37.0500 3032	XHASP - detected UnsignedFile.Multi.Generic (1)
22:18:37.0656 3032	ztemtusbser (33a5e7628230636e718f2504b8f3d02a) C:\WINDOWS\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys
22:18:37.0687 3032	ztemtusbser - ok
22:18:37.0703 3032	MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:18:37.0937 3032	\Device\Harddisk0\DR0 - ok
22:18:37.0937 3032	MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR3
22:18:38.0515 3032	\Device\Harddisk1\DR3 - ok
22:18:38.0515 3032	Boot (0x1200) (fab77fe83b80741c0eb925f980014472) \Device\Harddisk0\DR0\Partition0
22:18:38.0515 3032	\Device\Harddisk0\DR0\Partition0 - ok
22:18:38.0562 3032	Boot (0x1200) (ea9eb63033708b07f7a58d5ec4292b84) \Device\Harddisk0\DR0\Partition1
22:18:38.0562 3032	\Device\Harddisk0\DR0\Partition1 - ok
22:18:38.0562 3032	Boot (0x1200) (466c1ab9724a34b64871664fd0f3d4d1) \Device\Harddisk1\DR3\Partition0
22:18:38.0562 3032	\Device\Harddisk1\DR3\Partition0 - ok
22:18:38.0562 3032	============================================================
22:18:38.0562 3032	Scan finished
22:18:38.0562 3032	============================================================
22:18:38.0671 3024	Detected object count: 3
22:18:38.0671 3024	Actual detected object count: 3
22:18:54.0046 3024	Haspnt ( UnsignedFile.Multi.Generic ) - skipped by user
22:18:54.0046 3024	Haspnt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:18:54.0046 3024	StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
22:18:54.0046 3024	StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:18:54.0046 3024	XHASP ( UnsignedFile.Multi.Generic ) - skipped by user
22:18:54.0046 3024	XHASP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:19:17.0718 2612	Deinitialize success


----------



## anujchopra (Mar 11, 2011)

thanks for the flash drive disinfector bit. have performed the action as instructed. 
the font of the welcome screen of windows xp becomes kind of pixelated after a second of display.... is this of concern? can it be cured? moreover, the computer remains unresponsive until the balloon saying " your computer might be at risk" is displayed. no network components are loaded either. it takes between 30 to 45 seconds for the balloon to be displayed.


----------



## eddie5659 (Mar 19, 2001)

For the startup times etc, try this:

Download *TFC* to your desktop 

Open the file and close any other windows. 
It *will close all programs itself* when run, make sure to let it run uninterrupted. 
Click the Start button to begin the process. The program should not take long to finish its job 
Once its finished it should *reboot your machine*, if not, do this yourself to ensure a complete clean

--

Please download *ATF Cleaner* by Atribune.

*Caution: This program is for Windows 2000, XP and Vista only*


Double-click *ATF-Cleaner.exe* to run the program.
Under *Main* choose: *Select All*
Click the *Empty Selected* button.
If you use Firefox browser
Click *Firefox* at the top and choose: *Select All*
Click the *Empty Selected* button.
*NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.
If you use Opera browser
Click *Opera* at the top and choose: *Select All*
Click the *Empty Selected* button.
*NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.
Click *Exit* on the Main menu to close the program.
For *Technical Support*, double-click the e-mail address located at the bottom of each menu.

========

Also, can you do this for me:

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:file
C:\WINDOWS\system32\drivers\XHASP.sys
c:\windows\system32\drivers\D2672BE1.bin
c:\windows\system32\SfFilter.sys
c:\windows\sysprep.exe
c:\windows\setupmgr.exe
c:\windows\factory.exe
c:\windows\system32\protected.exe
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

eddie


----------



## anujchopra (Mar 11, 2011)

the system look log 

SystemLook 30.07.11 by jpshortstuff
Log created at 06:22 on 22/11/2011 by DAWSON
Administrator - Elevation successful

========== file ==========

C:\WINDOWS\system32\drivers\XHASP.sys - File found and opened.
MD5: E22DF15AF05E35A8263D03E6B375090A
Created at 16:33 on 19/10/2011
Modified at 16:33 on 19/10/2011
Size: 259584 bytes
Attributes: --a----
No version information available.

c:\windows\system32\drivers\D2672BE1.bin - File found and opened.
MD5: 9C00222656ABE3469A832000575D3A3B
Created at 16:35 on 19/10/2011
Modified at 16:35 on 19/10/2011
Size: 4856 bytes
Attributes: --a----
No version information available.

c:\windows\system32\SfFilter.sys - Unable to find/read file.

c:\windows\sysprep.exe - File found and opened.
MD5: DD5C9AB31A3DE1672306B80C1218722F
Created at 09:39 on 21/08/2008
Modified at 12:32 on 25/10/2011
Size: 93184 bytes
Attributes: --a----
FileDescription: sysprep utility
FileVersion: 5.1.2600.5512 (xpsp.080413-2111)
ProductVersion: 5.1.2600.5512
OriginalFilename: sysprep.EXE
InternalName: sysprep.EXE
ProductName: Microsoft® Windows® Operating System
CompanyName: Microsoft Corporation
LegalCopyright: © Microsoft Corporation. All rights reserved.

c:\windows\setupmgr.exe - File found and opened.
MD5: B4F940628987282AE37AFE90455B4686
Created at 09:39 on 21/08/2008
Modified at 12:32 on 25/10/2011
Size: 544768 bytes
Attributes: --a----
FileDescription: Microsoft Setup Manager Wizard
FileVersion: 5.1.2600.5512 (xpsp.080413-2111)
ProductVersion: 5.1.2600.5512
OriginalFilename: SETUPMGR.EXE
InternalName: SETUPMGR
ProductName: Microsoft® Windows® Operating System
CompanyName: Microsoft Corporation
LegalCopyright: © Microsoft Corporation. All rights reserved.

c:\windows\factory.exe - File found and opened.
MD5: 6E19CB719570ECAF23303A86316F15E9
Created at 09:39 on 21/08/2008
Modified at 12:32 on 25/10/2011
Size: 136192 bytes
Attributes: --a----
FileDescription: Factory pre-installation utility
FileVersion: 5.1.2600.5512 (xpsp.080413-2111)
ProductVersion: 5.1.2600.5512
OriginalFilename: factory.EXE
InternalName: factory.EXE
ProductName: Microsoft® Windows® Operating System
CompanyName: Microsoft Corporation
LegalCopyright: © Microsoft Corporation. All rights reserved.

c:\windows\system32\protected.exe - File found and opened.
MD5: 3A71307BD7DF2B561882BFACF815476D
Created at 09:32 on 21/08/2008
Modified at 12:32 on 25/10/2011
Size: 2965504 bytes
Attributes: --a----
FileDescription: 
FileVersion: 2.c
ProductVersion: 2.c
OriginalFilename: branding.exe
InternalName: branding
ProductName: Cyberin Recovery Centre 2.8c
CompanyName: Cyberin Systems
LegalCopyright: Copyright 2001-2008
Comments: 

-= EOF =-


----------



## anujchopra (Mar 11, 2011)

the problem of the startup and the balloon as mentioned by me in my previous posts has had no effect. i ran TFC as instructed, but could not download ATF cleaner. it opened a page saying "id does not exist". could you help me out a little further here.
regards
PS. i don't use any of the browsers mentioned in your post regarding ATF cleaner, that is opera, firefox. 
i use chrome.


----------



## eddie5659 (Mar 19, 2001)

Okay, lets look a bit deeper for the issues, and we'll leave ATF alone for now 


Download *random's system information tool (RSIT)* by *random/random* from *here*.
*It is important that is saved to your desktop.*
Double click on *RSIT.exe* to run *RSIT*.
Click *Continue* at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both *log.txt* (<<will be maximized) and *info.txt* (<<will be minimized)


----------



## anujchopra (Mar 11, 2011)

Log.txt

Logfile of random's system information tool 1.09 (written by random/random)
Run by DAWSON at 2011-11-25 19:24:14
Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (27%) free of 50 GB
Total RAM: 2039 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:24:27 PM, on 11/25/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\PROGRA~1\COMMON~1\Nokia\MPLATF~1\NOKIAM~1.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DAWSON\Desktop\RSIT.exe
C:\Program Files\trend micro\DAWSON.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] "C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1161629.exe" -Update
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: 80BE45A7 - Unknown owner - C:\WINDOWS\system32\80BE45A7.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: D089877D - Unknown owner - C:\WINDOWS\system32\D089877D.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: UDisk Monitor - Unknown owner - C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe

--
End of file - 8516 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1773885956-1800692235-1590129524-1006Core1cc94c43fda087a.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2009-09-09 173488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-18 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-05-22 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-05-22 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-05-22 137752]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-29 2837864]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1161629.exe [2011-08-02 1040824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-15 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Program Files\Internet Download Manager\IDMan.exe [2009-09-09 3118512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-08-31 449608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2011-07-21 966712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-12-21 1483264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2011-10-17 4615552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2011-07-15 25214]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04 551296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-03-17 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-19 113024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"Shell"=explorer.exe,C:\Documents and Settings\DAWSON\Application Data\Aliiii.exe

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=0xFFFFFFFF
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe"="C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe:*:Enabled:Rise of Nations"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-11-25 19:24:14 ----D---- C:\rsit
2011-11-25 19:24:14 ----D---- C:\Program Files\trend micro
2011-11-24 22:05:59 ----D---- C:\Documents and Settings\DAWSON\Application Data\Mozilla
2011-11-23 13:23:53 ----A---- C:\Shortcut to Local Disk (D).lnk
2011-11-22 16:17:00 ----D---- C:\WINDOWS\Minidump
2011-11-21 12:37:39 ----D---- C:\Tanner Libraries
2011-11-21 12:32:22 ----SHD---- C:\FOUND.000
2011-11-21 10:49:01 ----A---- C:\WINDOWS\system32\sysprs7.dll
2011-11-21 10:49:01 ----A---- C:\WINDOWS\system32\lsprst7.dll
2011-11-21 10:47:49 ----D---- C:\Program Files\Common Files\SafeNet Sentinel
2011-11-21 10:47:30 ----D---- C:\WINDOWS\Downloaded Installations
2011-11-21 10:45:35 ----D---- C:\Program Files\Tanner EDA
2011-11-21 10:45:35 ----D---- C:\Documents and Settings\DAWSON\Application Data\Tanner EDA
2011-11-21 06:45:14 ----HD---- C:\Program Files\Zero G Registry
2011-11-16 22:39:42 ----D---- C:\WINDOWS\system32\NtmsData
2011-11-16 22:17:39 ----A---- C:\TDSSKiller.2.6.19.0_16.11.2011_22.17.39_log.txt
2011-11-16 22:17:18 ----A---- C:\TDSSKiller.2.6.19.0_16.11.2011_22.17.18_log.txt
2011-11-14 01:07:13 ----A---- C:\WINDOWS\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2011-11-14 01:06:53 ----A---- C:\WINDOWS\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2011-11-14 01:05:59 ----D---- C:\WINDOWS\system32\RsFx
2011-11-14 01:05:12 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2011-11-14 01:03:00 ----D---- C:\Program Files\Microsoft SQL Server
2011-11-14 01:01:03 ----D---- C:\Program Files\Microsoft Synchronization Services
2011-11-14 01:01:02 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2011-11-14 00:58:09 ----D---- C:\WINDOWS\symbols
2011-11-14 00:58:06 ----D---- C:\Program Files\MSBuild
2011-11-14 00:58:06 ----D---- C:\Program Files\Microsoft Visual Studio 10.0
2011-11-14 00:58:06 ----D---- C:\Program Files\Microsoft SDKs
2011-11-14 00:58:06 ----D---- C:\Program Files\Microsoft Help Viewer
2011-11-14 00:58:06 ----D---- C:\Program Files\Common Files\Merge Modules
2011-11-14 00:57:34 ----D---- C:\Program Files\Reference Assemblies
2011-11-13 23:36:00 ----HD---- C:\WINDOWS\$NtUninstallKB958655-v2$
2011-11-13 23:24:10 ----D---- C:\Program Files\Microsoft.NET
2011-11-09 18:46:04 ----SHD---- C:\Recycled
2011-11-09 10:16:19 ----HD---- C:\WINDOWS\PIF
2011-11-05 19:28:12 ----A---- C:\ComboFix.txt
2011-11-05 19:22:57 ----A---- C:\Boot.bak
2011-11-05 19:22:55 ----RASHD---- C:\cmdcons
2011-11-05 19:20:50 ----A---- C:\WINDOWS\zip.exe
2011-11-05 19:20:50 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-11-05 19:20:50 ----A---- C:\WINDOWS\SWSC.exe
2011-11-05 19:20:50 ----A---- C:\WINDOWS\SWREG.exe
2011-11-05 19:20:50 ----A---- C:\WINDOWS\sed.exe
2011-11-05 19:20:50 ----A---- C:\WINDOWS\PEV.exe
2011-11-05 19:20:50 ----A---- C:\WINDOWS\NIRCMD.exe
2011-11-05 19:20:50 ----A---- C:\WINDOWS\MBR.exe
2011-11-05 19:20:50 ----A---- C:\WINDOWS\grep.exe
2011-11-05 19:20:26 ----D---- C:\WINDOWS\ERDNT
2011-11-05 19:17:14 ----D---- C:\Qoobox
2011-11-04 18:53:58 ----A---- C:\WINDOWS\system32\d3d9caps.dat
2011-11-02 01:51:56 ----RAD---- C:\autorun.inf
2011-11-01 13:24:46 ----D---- C:\Documents and Settings\DAWSON\Application Data\IDM
2011-11-01 13:24:45 ----D---- C:\Documents and Settings\DAWSON\Application Data\DMCache
2011-11-01 13:24:34 ----D---- C:\Program Files\Internet Download Manager
2011-10-31 21:12:36 ----D---- C:\Documents and Settings\DAWSON\Application Data\SUPERAntiSpyware.com
2011-10-31 21:11:27 ----D---- C:\Program Files\SUPERAntiSpyware
2011-10-31 21:11:27 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2011-10-29 18:55:01 ----A---- C:\WINDOWS\ModemLog_SAMSUNG Mobile Modem #3.txt
2011-10-28 01:06:49 ----A---- C:\WINDOWS\ModemLog_SAMSUNG Mobile Modem #2.txt
2011-10-27 21:40:14 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - Modem #2.txt

======List of files/folders modified in the last 1 month======

2011-11-24 18:24:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-11-24 05:17:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-11-23 09:52:50 ----A---- C:\WINDOWS\ModemLog_Nokia C3-00 USB Modem.txt
2011-11-21 09:41:36 ----RASH---- C:\boot.ini
2011-11-21 09:41:36 ----A---- C:\WINDOWS\win.ini
2011-11-21 09:41:36 ----A---- C:\WINDOWS\system.ini
2011-10-31 23:56:36 ----A---- C:\WINDOWS\ModemLog_PC Connectivity Bluetooth Modem.txt
2011-10-29 16:34:32 ----A---- C:\WINDOWS\ModemLog_SAMSUNG Mobile Modem.txt
2011-10-28 01:26:20 ----A---- C:\WINDOWS\ModemLog_Bluetooth Modem.txt
2011-10-26 23:57:28 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - Modem.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-06-29 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-06-29 165456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-06-29 46672]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-04-19 5632]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-06-29 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-06-29 100176]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2008-07-11 92712]
R2 XHASP;XHASP; \??\c:\windows\system32\drivers\XHASP.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-04-24 281600]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-06-29 23376]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-02-14 530861]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-02-14 30459]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-14 868298]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-02-14 149123]
R3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2007-02-14 30285]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-02-14 67960]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-04-12 250776]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-03-17 5955872]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NETw5x32;Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit ; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-04-28 3626112]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
S3 catchme;catchme; \??\C:\DOCUME~1\DAWSON\LOCALS~1\Temp\catchme.sys []
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2008-03-13 57536]
S3 FtFilter;FtFilter; \??\C:\WINDOWS\system32\SfFilter.sys []
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2008-03-13 72000]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-09-10 102528]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys [2009-10-12 100736]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-05-18 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-05-18 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2011-05-18 8192]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-05-18 8192]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S3 ztemtusbser;ZTEMT Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [2009-12-11 104704]
S4 RsFx0103;RsFx0103 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-12 116608]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-29 40384]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-02-06 266295]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-03 153376]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 UDisk Monitor;UDisk Monitor; C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe [2009-12-11 512000]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-29 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-29 40384]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 80BE45A7;80BE45A7; C:\WINDOWS\system32\80BE45A7.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2011-07-15 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 D089877D;D089877D; C:\WINDOWS\system32\D089877D.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]

-----------------EOF-----------------


----------



## anujchopra (Mar 11, 2011)

info.txt




info.txt logfile of random's system information tool 1.09 2011-11-25 19:24:29

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Acrobat 7.0 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10x_ActiveX.exe -maintain activex
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11.6-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
CyberDNC Pro 11.2-->"C:\Program Files\CyberDNC Pro 11.2\unins000.exe"
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Talk Plugin-->MsiExec.exe /I{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}
HASP4 Device Drivers-->C:\WINDOWS\system32\UNWISE.EXE C:\WINDOWS\system32\HDD32.LOG
Hotfix for Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB958655-v2)-->"C:\WINDOWS\$NtUninstallKB958655-v2$\spuninst\spuninst.exe"
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe
Java(TM) 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216026FF}
K-Lite Codec Pack 7.2.0 (Basic)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware version 1.51.2.1300-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MBlaze UI-->"C:\Program Files\MBlaze UI\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 4 Client Profile-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft .NET Framework 4 Extended-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702}
Microsoft .NET Framework 4 Multi-Targeting Pack-->MsiExec.exe /I{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Help Viewer 1.0-->C:\Program Files\Microsoft Help Viewer\v1.0\Microsoft Help Viewer 1.0\install.exe
Microsoft Help Viewer 1.0-->MsiExec.exe /X{47C39E4A-28F2-33B1-B9B7-97F24E52D917}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWdf01009$\spuninst\spuninst.exe"
Microsoft Office Excel 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall EXCEL /dll OSETUP.DLL
Microsoft Office Excel 2007-->MsiExec.exe /X{90120000-0016-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall OUTLOOK /dll OSETUP.DLL
Microsoft Office Outlook 2007-->MsiExec.exe /X{90120000-001A-0000-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall POWERPOINT /dll OSETUP.DLL
Microsoft Office PowerPoint 2007-->MsiExec.exe /X{90120000-0018-0000-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WORD /dll OSETUP.DLL
Microsoft Office Word 2007-->MsiExec.exe /X{90120000-001B-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2008 Browser-->MsiExec.exe /X{C688457E-03FD-4941-923B-A27F4D42A7DD}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{4A6F34E2-09E5-4616-B227-4A26A488A6F9}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{4815BD99-96A4-49FE-A885-DCF06E9E4E78}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{F3494AB6-6900-41C6-AF57-823626827ED8}
Microsoft SQL Server 2008 Native Client-->MsiExec.exe /I{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}
Microsoft SQL Server 2008 RsFx Driver-->MsiExec.exe /I{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}
Microsoft SQL Server 2008 Setup Support Files -->MsiExec.exe /X{D441BD04-E548-4F8E-97A4-1B66135BAAA8}
Microsoft SQL Server 2008-->"C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /x86 
Microsoft SQL Server 2008-->"C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /X86 
Microsoft SQL Server Compact 3.5 SP2 ENU-->MsiExec.exe /I{3A9FC03D-C685-4831-94CF-4EDFD3749497}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}
Microsoft User-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWudf01009$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974-->MsiExec.exe /X{B7E38540-E355-3503-AFD7-635B2F2F76E1}
Microsoft Visual C++ 2010 Express - ENU-->C:\Program Files\Microsoft Visual Studio 10.0\Microsoft Visual C++ 2010 Express - ENU\setup.exe
Microsoft Visual C++ 2010 Express - ENU-->MsiExec.exe /X{46F8CF66-AB83-38A7-99B2-A5BE507EE472}
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVC90_x86-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{2D99A593-C841-43A7-B7C9-D6F3AE70B756}
Nokia Ovi Suite Software Updater-->MsiExec.exe /X{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}
Nokia Ovi Suite-->C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe
Nokia Ovi Suite-->MsiExec.exe /X{07D77970-B205-460C-84E4-263F30455597}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{F38FD0E4-B991-462B-873D-F2115EADD093}\Nokia_PC_Suite_eng_us_web.exe
Nokia PC Suite-->MsiExec.exe /I{F38FD0E4-B991-462B-873D-F2115EADD093}
Ovi Desktop Sync Engine-->MsiExec.exe /X{2CC53A53-44F4-4667-8584-2FFC9ACB2242}
OviMPlatform-->MsiExec.exe /I{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}
PC Connectivity Solution-->MsiExec.exe /I{C373F7C4-05D2-4047-96D1-6AF30661C6AA}
QualNet Developer 5.0.2-->c:\snt\qualnet\5.0\Uninstall.exe
Real Alternative 2.0.2-->"C:\Program Files\Real Alternative\unins000.exe"
Rise of Nations-->"C:\Program Files\Microsoft Games\Rise of Nations\Uninstal.exe" /runtemp /uninstall
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SSCDUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x0009 -removeonly
Samsung PC Studio 5-->"C:\Program Files\InstallShield Installation Information\{2B518DF9-4963-4AC7-9250-0EA6154D0AC6}\setup.exe" -runfromtemp -l0x0009 -removeonly
SAMSUNG SYMBIAN USB Download Driver-->C:\Program Files\SAMSUNG\SYMBIAN USB Download Driver\Uninstall.exe
Samsung USB Installer-->"C:\Program Files\InstallShield Installation Information\{CDE7F960-BE39-4F9A-A1FF-3799C72CB705}\setup.exe" -runfromtemp -l0x0009 -removeonly
SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25}
Sentinel System Driver Installer 7.5.0-->MsiExec.exe /I{FAEE61D3-2A5E-4F7F-926F-77AAC08CE4DD}
Service Pack 1 for SQL Server 2008 (KB968369)-->"C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB968369\ServicePack\setup.exe" /Action=RemovePatch /AllInstances 
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Sql Server Customer Experience Improvement Program-->MsiExec.exe /I{C965F01C-76EA-4BD7-973E-46236AE312D7}
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
Tanner Tools v14.1 32-bit-->MsiExec.exe /X{B1226C01-EFA6-493F-96ED-BE109BEF4D74}
Tanner Utilities v14.1-->MsiExec.exe /I{69C1A164-30A2-482C-BE8B-20964F1D32D3}
Tata Photon+-->C:\Program Files\Tata Photon+\Huawei\uninst.exe
VLC media player 1.1.11-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInstx86.exe /u C:\WINDOWS\system32\DRVSTORE\ftdibus_9E256B7D98A828C5E32AA2A56664AF336E092846\ftdibus.inf
Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInstx86.exe /u C:\WINDOWS\system32\DRVSTORE\ftdiport_7C3FFC3E04092913979D7E6D761354E5BA36EC6C\ftdiport.inf
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpacm_18A9B92ED8DEDC602E49E767FA4BE98A30525207\shpacm.inf
Windows Driver Package - MobileTop (sshpmdm) Modem (12/06/2005 2.4.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpacm_7EC0F399201103077F3FFB84BBD51AE2588894D9\shpacm.inf
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpusb_558D416BCEB984F35885804D3E1A9C3773F1B17C\shpusb.inf
Windows Driver Package - MobileTop (sshpusb) USB (12/06/2005 2.4.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpusb_38B1C9B64C9368D24AD0CD8D7030BACD9384F055\shpusb.inf
Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_A6F4DB5C7B968742C0CEC6C3D94F498B3F04B319\nokbtmdm.inf
Windows Driver Package - Nokia Modem (10/07/2010 4.6)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_0E737C5DBBFCF603DB03D27D4DE0E55B5A00309C\nokia_bluetooth.inf
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

::1 localhost

======Security center information======

AV: avast! Antivirus

======System event log======

Computer Name: ANUJ
Event Code: 2504
Message: The server could not bind to the transport \Device\NetBT_Tcpip_{9A6A0AE9-B9D4-49A7-A017-764C4084598D}.

Record Number: 11178
Source Name: Server
Time Written: 20111029161220.000000+330
Event Type: warning
User: 

Computer Name: ANUJ
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 00215C9FED0F. The IP address being used is 169.254.3.31.

Record Number: 11167
Source Name: Dhcp
Time Written: 20111029150656.000000+330
Event Type: warning
User: 

Computer Name: ANUJ
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00215C9FED0F. The following
error occurred: 
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 11165
Source Name: Dhcp
Time Written: 20111029150653.000000+330
Event Type: warning
User: 

Computer Name: ANUJ
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 00215C9FED0F. The IP address being used is 169.254.3.31.

Record Number: 11155
Source Name: Dhcp
Time Written: 20111029143910.000000+330
Event Type: warning
User: 

Computer Name: ANUJ
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00215C9FED0F. The following
error occurred: 
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 11153
Source Name: Dhcp
Time Written: 20111029143907.000000+330
Event Type: warning
User: 

=====Application event log=====

Computer Name: ANUJ
Event Code: 15151
Message: Cannot find the object 'database_audit_specifications', because it does not exist or you do not have permission.

Record Number: 3727
Source Name: MSSQL$SQLEXPRESS
Time Written: 20111114010814.000000+330
Event Type: error
User: 

Computer Name: ANUJ
Event Code: 15151
Message: Cannot find the object 'database_audit_specification_details', because it does not exist or you do not have permission.

Record Number: 3726
Source Name: MSSQL$SQLEXPRESS
Time Written: 20111114010814.000000+330
Event Type: error
User: 

Computer Name: ANUJ
Event Code: 15151
Message: Cannot find the object 'fulltext_index_fragments', because it does not exist or you do not have permission.

Record Number: 3725
Source Name: MSSQL$SQLEXPRESS
Time Written: 20111114010814.000000+330
Event Type: error
User: 

Computer Name: ANUJ
Event Code: 15151
Message: Cannot find the object 'fulltext_stoplists', because it does not exist or you do not have permission.

Record Number: 3724
Source Name: MSSQL$SQLEXPRESS
Time Written: 20111114010814.000000+330
Event Type: error
User: 

Computer Name: ANUJ
Event Code: 15151
Message: Cannot find the object 'fulltext_stopwords', because it does not exist or you do not have permission.

Record Number: 3723
Source Name: MSSQL$SQLEXPRESS
Time Written: 20111114010814.000000+330
Event Type: error
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\Samsung\Samsung PC Studio 5;C:\Program Files\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0d
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"VS100COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 10.0\Common7\Tools\
"TANNERHOST"=local

-----------------EOF-----------------


----------



## eddie5659 (Mar 19, 2001)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the quotebox below into it:



> http://forums.techguy.org/8141099-post18.html
> 
> Collect::
> c:\windows\system32\80BE45A7.exe
> ...


Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

-----------------------

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:filefind
*Aliiii.exe
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

-----------------------

Also, post a fresh OTL log


----------



## anujchopra (Mar 11, 2011)

please find the combofix log attached herewith


----------



## anujchopra (Mar 11, 2011)

the system look report:

SystemLook 30.07.11 by jpshortstuff
Log created at 00:48 on 28/11/2011 by DAWSON
Administrator - Elevation successful

========== filefind ==========

Searching for "*Aliiii.exe"
No files found.

-= EOF =-


----------



## anujchopra (Mar 11, 2011)

OTL:

OTL logfile created on: 11/28/2011 12:49:44 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = D:\Anuj\Software
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.30% Memory free
3.84 Gb Paging File | 3.49 Gb Available in Paging File | 90.87% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.82 Gb Total Space | 7.35 Gb Free Space | 15.05% Space Free | Partition Type: FAT32
Drive D: | 62.95 Gb Total Space | 9.03 Gb Free Space | 14.34% Space Free | Partition Type: NTFS

Computer Name: ANUJ | User Name: DAWSON | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/15 11:09:58 | 001,036,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/11/01 07:57:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Anuj\Software\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/12 05:08:08 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/06/29 02:27:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/29 02:27:16 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/12/11 13:34:28 | 000,512,000 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe
PRC - [2009/09/09 20:06:54 | 003,118,512 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/18 18:31:02 | 000,251,312 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2007/02/06 15:14:00 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/02/06 15:11:50 | 001,409,108 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/27 12:20:50 | 001,619,456 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11112700\algo.dll
MOD - [2011/11/25 22:42:36 | 000,241,528 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11112700\aswRep.dll
MOD - [2011/11/15 11:09:56 | 000,420,920 | ---- | M] () -- C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll
MOD - [2011/11/15 11:09:54 | 003,702,840 | ---- | M] () -- C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
MOD - [2011/11/15 11:08:18 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avutil-51.dll
MOD - [2011/11/15 11:08:16 | 001,746,504 | ---- | M] () -- C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avcodec-53.dll
MOD - [2011/11/15 11:08:16 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avformat-53.dll
MOD - [2010/06/29 02:28:58 | 000,123,296 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\aswDld.dll
MOD - [2009/12/11 13:34:28 | 000,512,000 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe
MOD - [2007/05/22 10:59:22 | 000,128,512 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/02/06 15:20:00 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007/02/06 15:16:06 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (D089877D)
SRV - File not found [On_Demand | Stopped] -- -- (80BE45A7)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/12 05:08:08 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/06/29 02:27:16 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/29 02:27:16 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/29 02:27:16 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/12/11 13:34:28 | 000,512,000 | ---- | M] () [Auto | Running] -- C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe -- (UDisk Monitor)

========== Driver Services (SafeList) ==========

DRV - [2011/10/19 22:03:30 | 000,259,584 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\XHASP.sys -- (XHASP)
DRV - [2011/10/19 22:02:40 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 21:57:04 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 03:25:24 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/18 10:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/05/18 10:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/05/18 10:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/05/18 10:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/06/29 02:07:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/29 02:07:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/29 02:03:14 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/29 02:02:46 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/29 02:02:34 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/29 02:02:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/12/11 13:32:10 | 000,104,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV - [2009/10/12 15:21:54 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/09/10 14:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/11 07:05:00 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2008/04/28 06:14:54 | 003,626,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/03/13 19:21:52 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2008/03/13 19:20:02 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/04/19 21:17:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2007/02/14 14:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/02/14 14:21:00 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007/02/14 14:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/02/14 14:20:58 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/02/14 14:20:58 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/02/14 14:20:56 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005/07/28 08:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\DAWSON\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\DAWSON\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/08/01 00:20:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/08/01 00:20:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\DAWSON\Application Data\IDM\idmmzcc3 [2011/11/28 00:43:30 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\plugins\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\DAWSON\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\DAWSON\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Cargo Bridge = C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\

O1 HOSTS File: ([2011/11/28 00:42:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Shell = explorer.exe,C:\Documents and Settings\DAWSON\Application Data\Aliiii.exe (Microsoft Corporation)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A6A0AE9-B9D4-49A7-A017-764C4084598D}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/21 14:19:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2011/11/02 01:51:58 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2011/11/02 01:51:56 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\drivers\mshcmd.sys.
[2011/11/28 00:35:29 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/28 00:31:45 | 004,309,802 | R--- | C] (Swearware) -- C:\Documents and Settings\DAWSON\Desktop\ComboFix.exe
[2011/11/25 19:24:14 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/11/25 19:24:14 | 000,000,000 | ---D | C] -- C:\rsit
[2011/11/24 22:05:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\Application Data\Mozilla
[2011/11/23 11:33:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\Desktop\Useful
[2011/11/23 09:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\My Documents\inno
[2011/11/22 16:17:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/11/21 12:38:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\My Documents\aaq
[2011/11/21 12:37:39 | 000,000,000 | ---D | C] -- C:\Tanner Libraries
[2011/11/21 12:37:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\My Documents\Tanner Tools v12.6
[2011/11/21 12:32:22 | 000,000,000 | ---D | C] -- C:\FOUND.000
[2011/11/21 10:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\My Documents\asd
[2011/11/21 10:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SafeNet Sentinel
[2011/11/21 10:47:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2011/11/21 10:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tanner EDA
[2011/11/21 10:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Tanner EDA
[2011/11/21 10:45:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\Application Data\Tanner EDA
[2011/11/21 06:45:14 | 000,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry
[2011/11/21 06:45:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\DAWSON\InstallAnywhere
[2011/11/16 22:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/11/14 01:07:13 | 000,050,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
[2011/11/14 01:06:53 | 000,079,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
[2011/11/14 01:05:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RsFx
[2011/11/14 01:05:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2011/11/14 01:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft SQL Server 2008
[2011/11/14 01:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2011/11/14 01:01:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/11/14 01:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/11/14 01:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\My Documents\Visual Studio 2010
[2011/11/14 00:59:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2011/11/14 00:58:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\symbols
[2011/11/14 00:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/11/14 00:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2011/11/14 00:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2011/11/14 00:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2011/11/14 00:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2011/11/14 00:57:34 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/11/13 23:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/11/09 10:16:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/11/05 19:22:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/05 19:20:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/05 19:20:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/05 19:20:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/05 19:20:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/05 19:20:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/05 19:17:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/02 01:51:56 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2011/11/01 13:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\Application Data\IDM
[2011/11/01 13:24:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\Application Data\DMCache
[2011/11/01 13:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\Start Menu\Programs\Internet Download Manager
[2011/11/01 13:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Internet Download Manager
[2011/11/01 13:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2011/10/31 21:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\Application Data\SUPERAntiSpyware.com
[2011/10/31 21:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/10/31 21:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/10/31 21:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\drivers\mshcmd.sys.
[2011/11/28 00:46:52 | 000,526,792 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/28 00:46:52 | 000,101,590 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/28 00:42:40 | 008,405,015 | ---- | M] () -- C:\WINDOWS\TempFile
[2011/11/28 00:42:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/28 00:35:10 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1773885956-1800692235-1590129524-1006Core1cc94c43fda087a.job
[2011/11/28 00:33:50 | 004,309,802 | R--- | M] (Swearware) -- C:\Documents and Settings\DAWSON\Desktop\ComboFix.exe
[2011/11/28 00:30:14 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\SystemLook (1).exe
[2011/11/27 23:54:54 | 000,086,528 | ---- | M] () -- C:\Documents and Settings\DAWSON\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/27 13:00:12 | 005,364,662 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\The warrior song.mp3
[2011/11/27 12:43:38 | 000,122,087 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\318409_10150378553905658_588105657_8851330_878395246_n.jpg
[2011/11/27 02:22:52 | 000,002,540 | ---- | M] () -- C:\Documents and Settings\DAWSON\toolkit.prefs
[2011/11/27 02:17:28 | 000,005,294 | ---- | M] () -- C:\Documents and Settings\DAWSON\nmb.prefs
[2011/11/27 02:16:54 | 000,000,881 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\Shortcut to nmb.exe.lnk
[2011/11/27 02:16:42 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\Shortcut to Toolkit.exe.lnk
[2011/11/27 02:09:12 | 011,961,329 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\YouTube - Shree Ramchandra ( bhajan ) -----.flv
[2011/11/26 03:58:02 | 023,016,690 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\YouTube - SRI RAM AMRITVANI - PART - 02 -SRI RAM - RAM KRIPA AVATARAN.wmv.flv
[2011/11/26 03:41:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/26 03:20:02 | 004,252,027 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\Why this kolaveri di.mp3
[2011/11/25 19:23:54 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\RSIT.exe
[2011/11/23 13:23:54 | 000,000,275 | ---- | M] () -- C:\Shortcut to Local Disk (D).lnk
[2011/11/23 10:02:54 | 000,000,016 | -H-- | M] () -- C:\WINDOWS\System32\servdat.slm
[2011/11/23 09:55:18 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2011/11/22 21:59:00 | 000,002,197 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\Google Chrome.lnk
[2011/11/22 21:59:00 | 000,002,175 | ---- | M] () -- C:\Documents and Settings\DAWSON\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/21 10:49:02 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.tgz
[2011/11/21 10:49:02 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.dll
[2011/11/21 10:46:26 | 000,001,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\S-Edit v14.1 32-bit.lnk
[2011/11/21 10:46:26 | 000,001,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\T-Spice v14.1 32-bit.lnk
[2011/11/21 10:46:26 | 000,001,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\W-Edit v14.1 32-bit.lnk
[2011/11/21 10:46:26 | 000,001,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\L-Edit v14.1 32-bit.lnk
[2011/11/21 10:46:26 | 000,001,666 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LVS v14.1 32-bit.lnk
[2011/11/21 09:41:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/11/18 15:13:20 | 000,171,457 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\diode_schootky_data_sheet.pdf
[2011/11/14 01:11:54 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\Microsoft Visual C++ 2010 Express.lnk
[2011/11/13 23:36:24 | 000,000,165 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/11/11 01:02:00 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\DAWSON\My Documents\Untitled.csv
[2011/11/11 00:37:46 | 000,000,488 | ---- | M] () -- C:\Documents and Settings\DAWSON\My Documents\table.csv
[2011/11/04 18:54:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/01 07:55:54 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/10/31 23:57:20 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\usb.lnk
[2011/10/31 23:56:34 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt

========== Files Created - No Company Name ==========

[2011/11/28 00:29:50 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\DAWSON\Desktop\SystemLook (1).exe
[2011/11/27 12:57:31 | 005,364,662 | ---- | C] () -- C:\Documents and Settings\DAWSON\Desktop\The warrior song.mp3
[2011/11/27 12:43:39 | 000,122,087 | ---- | C] () -- C:\Documents and Settings\DAWSON\Desktop\318409_10150378553905658_588105657_8851330_878395246_n.jpg
[2011/11/27 02:16:53 | 000,000,881 | ---- | C] () -- C:\Documents and Settings\DAWSON\Desktop\Shortcut to nmb.exe.lnk
[2011/11/27 02:16:40 | 000,000,950 | ---- | C] () -- C:\Documents and Settings\DAWSON\Desktop\Shortcut to Toolkit.exe.lnk
[2011/11/27 02:03:54 | 011,961,329 | ---- | C] () -- C:\Documents and Settings\DAWSON\Desktop\YouTube - Shree Ramchandra ( bhajan ) -----.flv
[2011/11/26 03:50:32 | 023,016,690 | ---- | C] () -- C:\Documents and Settings\DAWSON\Desktop\YouTube - SRI RAM AMRITVANI - PART - 02 -SRI RAM - RAM KRIPA AVATARAN.wmv.flv
[2011/11/26 03:18:09 | 004,252,027 | ---- | C] () -- C:\Documents and Settings\DAWSON\Desktop\Why this kolaveri di.mp3
[2011/11/25 19:23:40 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\DAWSON\Desktop\RSIT.exe
[2011/11/23 13:23:53 | 000,000,275 | ---- | C] () -- C:\Shortcut to Local Disk (D).lnk
[2011/11/22 23:55:00 | 000,005,294 | ---- | C] () -- C:\Documents and Settings\DAWSON\nmb.prefs
[2011/11/22 16:21:45 | 000,002,540 | ---- | C] () -- C:\Documents and Settings\DAWSON\toolkit.prefs
[2011/11/21 10:49:01 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.tgz
[2011/11/21 10:49:01 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2011/11/21 10:49:01 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.tgz
[2011/11/21 10:49:01 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\servdat.slm
[2011/11/21 10:46:25 | 000,001,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\S-Edit v14.1 32-bit.lnk
[2011/11/21 10:46:25 | 000,001,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\T-Spice v14.1 32-bit.lnk
[2011/11/21 10:46:25 | 000,001,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\W-Edit v14.1 32-bit.lnk
[2011/11/21 10:46:25 | 000,001,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\L-Edit v14.1 32-bit.lnk
[2011/11/21 10:46:25 | 000,001,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LVS v14.1 32-bit.lnk
[2011/11/18 15:13:25 | 000,171,457 | ---- | C] () -- C:\Documents and Settings\DAWSON\Desktop\diode_schootky_data_sheet.pdf
[2011/11/14 01:29:12 | 001,394,536 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1773885956-1800692235-1590129524-1006-0.dat
[2011/11/14 01:29:10 | 000,146,842 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/11/14 01:11:53 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\DAWSON\Desktop\Microsoft Visual C++ 2010 Express.lnk
[2011/11/13 23:36:23 | 000,000,165 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/11/11 00:37:45 | 000,000,488 | ---- | C] () -- C:\Documents and Settings\DAWSON\My Documents\table.csv
[2011/11/09 12:02:48 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\DAWSON\My Documents\Untitled.csv
[2011/11/05 19:22:57 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/11/05 19:22:55 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/05 19:20:50 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/05 19:20:50 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/05 19:20:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/05 19:20:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/05 19:20:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/04 18:53:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/25 14:09:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2011/10/25 14:08:33 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/10/19 22:05:55 | 000,004,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\D2672BE1.bin
[2011/10/19 22:03:29 | 000,259,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\XHASP.sys
[2011/10/19 22:02:39 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2011/10/19 22:02:33 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2011/10/19 22:02:33 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\hdduinst.exe
[2011/10/15 22:45:13 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ZSHP1020.EXE
[2011/10/15 22:45:11 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL
[2011/07/21 17:03:00 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/07/18 14:43:17 | 000,086,528 | ---- | C] () -- C:\Documents and Settings\DAWSON\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/15 22:12:28 | 002,215,364 | ---- | C] () -- C:\WINDOWS\System32\igklg400.bin
[2011/07/15 22:12:28 | 001,971,732 | ---- | C] () -- C:\WINDOWS\System32\igklg450.bin
[2011/07/15 22:12:28 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4935.dll
[2011/07/15 22:12:28 | 000,029,932 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.bin
[2008/08/21 15:10:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/08/21 15:09:12 | 000,050,055 | ---- | C] () -- C:\WINDOWS\oformat.com
[2008/08/21 15:09:12 | 000,027,357 | ---- | C] () -- C:\WINDOWS\cvtarea.exe
[2008/08/21 15:02:04 | 000,000,166 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/08/21 14:22:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/08/21 14:17:31 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/21 14:12:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/08/21 14:11:56 | 000,142,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 12:00:00 | 000,526,792 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 12:00:00 | 000,101,590 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 12:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/02/06 15:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/02/06 14:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Hi

Sorry for the lateness, had a migraine today, and still feel groggy, so off tomorrow as well 

Download *OTS* to your Desktop and double-click on it to run it 

Make sure you close all other programs and *don't* use the PC while the scan runs. 
Now click the *Run Scan* button on the toolbar. Make sure not to use the PC while the program is running or it will freeze. 
When the scan is complete Notepad will open with the report file loaded in it. 
Click the *Format* menu and make sure that *Wordwrap* is not checked. If it is then click on it to uncheck it. 
Use the Add Reply button and post the information back here in an *attachment*. I will review it when it comes in. The last line is *< End of Report >*, so make sure that is the last line in the attached report.

*Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way*


----------



## anujchopra (Mar 11, 2011)

please find the log attached.
i hope you're feeling better now.
.


----------



## eddie5659 (Mar 19, 2001)

Yep, a lot better, thanks 

Off out in a bit, as I'm working on another computer for someone at work 

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says *"Paste fix here"* and then click the *Run Fix* button.


```
[Unregister Dlls]
[Win32 Services - Safe List]
YN -> (HidServ) Human Interface Device Access [Disabled | Stopped] -> 
YN -> (D089877D) D089877D [On_Demand | Stopped] -> 
YN -> (80BE45A7) 80BE45A7 [On_Demand | Stopped] -> 
[Registry - Safe List]
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\Shell
YN -> C:\Documents and Settings\DAWSON\Application Data\Aliiii.exe -> 
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
[Files/Folders - Modified Within 30 Days]
NY ->  1 C:\Documents and Settings\DAWSON\Local Settings\temp\*.tmp files -> C:\Documents and Settings\DAWSON\Local Settings\temp\*.tmp
```
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the *Ok* button and Notepad will open with a log of actions taken during the fix. Post that information back here

--------

Also, can you re-run OTL, and post the log it produces. Just the one will appear 

eddie


----------



## anujchopra (Mar 11, 2011)

ots :

[Win32 Services - Safe List]
Service HidServ stopped successfully!
Service D089877D stopped successfully!
Service 80BE45A7 stopped successfully!
[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\Shell:C:\Documents and Settings\DAWSON\Application Data\Aliiii.exe deleted successfully.
[Files/Folders - Modified Within 30 Days]
C:\Documents and Settings\DAWSON\Local Settings\temp\div1.tmp folder deleted successfully.
C:\Documents and Settings\DAWSON\Local Settings\temp\div180.tmp\div181.tmp deleted successfully.
C:\Documents and Settings\DAWSON\Local Settings\temp\div180.tmp folder deleted successfully.
C:\Documents and Settings\DAWSON\Local Settings\temp\div189.tmp\div18A.tmp deleted successfully.
C:\Documents and Settings\DAWSON\Local Settings\temp\div189.tmp folder deleted successfully.
C:\Documents and Settings\DAWSON\Local Settings\temp\AAX101.tmp deleted successfully.
C:\Documents and Settings\DAWSON\Local Settings\temp\59.tmp deleted successfully.
C:\Documents and Settings\DAWSON\Local Settings\temp\div1A2.tmp\div1A3.tmp deleted successfully.
C:\Documents and Settings\DAWSON\Local Settings\temp\div1A2.tmp\div1A5.tmp deleted successfully.
C:\Documents and Settings\DAWSON\Local Settings\temp\div1A2.tmp\div1A7.tmp deleted successfully.
C:\Documents and Settings\DAWSON\Local Settings\temp\div1A2.tmp folder deleted successfully.
C:\Documents and Settings\DAWSON\Local Settings\temp\aax219.tmp folder deleted successfully.
C:\Documents and Settings\DAWSON\Local Settings\temp\aax53.tmp folder deleted successfully.
C:\Documents and Settings\DAWSON\Local Settings\temp\div17B.tmp\div17C.tmp deleted successfully.
C:\Documents and Settings\DAWSON\Local Settings\temp\div17B.tmp folder deleted successfully.
C:\Documents and Settings\DAWSON\Local Settings\temp\div186.tmp\div187.tmp deleted successfully.
C:\Documents and Settings\DAWSON\Local Settings\temp\div186.tmp folder deleted successfully.
C:\Documents and Settings\DAWSON\Local Settings\temp\Web Data.tmp deleted successfully.
C:\Documents and Settings\DAWSON\Local Settings\temp\div1A8.tmp\div1A9.tmp deleted successfully.
C:\Documents and Settings\DAWSON\Local Settings\temp\div1A8.tmp folder deleted successfully.
C:\Documents and Settings\DAWSON\Local Settings\temp\div20D.tmp folder deleted successfully.
C:\Documents and Settings\DAWSON\Local Settings\temp\aax21B.tmp\mod21C.tmp deleted successfully.
C:\Documents and Settings\DAWSON\Local Settings\temp\aax21B.tmp\mod21C.tmp.mkv deleted successfully.
C:\Documents and Settings\DAWSON\Local Settings\temp\aax21B.tmp folder deleted successfully.
C:\Documents and Settings\DAWSON\Local Settings\temp\div111.tmp\div112.tmp deleted successfully.
C:\Documents and Settings\DAWSON\Local Settings\temp\div111.tmp folder deleted successfully.
C:\Documents and Settings\DAWSON\Local Settings\temp\mod21D.tmp deleted successfully.
< End of fix log >
OTS by OldTimer - Version 3.1.46.0 fix logfile created on 12092011_122636


----------



## anujchopra (Mar 11, 2011)

OTL logfile created on: 12/9/2011 12:27:20 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = D:\Anuj\Software
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.32% Memory free
3.84 Gb Paging File | 3.47 Gb Available in Paging File | 90.27% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.82 Gb Total Space | 6.26 Gb Free Space | 12.81% Space Free | Partition Type: FAT32
Drive D: | 62.95 Gb Total Space | 3.57 Gb Free Space | 5.67% Space Free | Partition Type: NTFS

Computer Name: ANUJ | User Name: DAWSON | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/15 11:09:58 | 001,036,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/11/01 07:57:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Anuj\Software\OTL.exe
PRC - [2010/06/29 02:27:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/29 02:27:16 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/12/11 13:34:28 | 000,512,000 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe
PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/18 18:31:02 | 000,251,312 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2007/02/06 15:14:00 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/02/06 15:11:50 | 001,409,108 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

========== Modules (No Company Name) ==========

MOD - [2011/12/09 12:23:04 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll
MOD - [2011/12/09 00:01:18 | 001,645,056 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11120801\algo.dll
MOD - [2011/12/08 05:02:10 | 000,241,528 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11120801\aswRep.dll
MOD - [2011/11/15 11:09:56 | 000,420,920 | ---- | M] () -- C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll
MOD - [2011/11/15 11:09:54 | 003,702,840 | ---- | M] () -- C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
MOD - [2011/11/15 11:08:18 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avutil-51.dll
MOD - [2011/11/15 11:08:16 | 001,746,504 | ---- | M] () -- C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avcodec-53.dll
MOD - [2011/11/15 11:08:16 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avformat-53.dll
MOD - [2011/11/15 08:06:20 | 008,593,056 | ---- | M] () -- C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
MOD - [2010/06/29 02:28:58 | 000,123,296 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\aswDld.dll
MOD - [2009/12/11 13:34:28 | 000,512,000 | ---- | M] () -- C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe
MOD - [2007/02/06 15:20:00 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007/02/06 15:16:06 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (D089877D)
SRV - File not found [On_Demand | Stopped] -- -- (80BE45A7)
SRV - [2011/12/02 14:17:38 | 000,074,752 | ---- | M] (Freemake) [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [On_Demand | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/06/29 02:27:16 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/29 02:27:16 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/29 02:27:16 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/12/11 13:34:28 | 000,512,000 | ---- | M] () [Auto | Running] -- C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe -- (UDisk Monitor)

========== Driver Services (SafeList) ==========

DRV - [2011/10/19 22:03:30 | 000,259,584 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\XHASP.sys -- (XHASP)
DRV - [2011/10/19 22:02:40 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/18 10:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/05/18 10:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/05/18 10:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/05/18 10:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/05/18 10:09:48 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/06/29 02:07:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/29 02:07:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/29 02:03:14 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/29 02:02:46 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/29 02:02:34 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/29 02:02:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/12/11 13:32:10 | 000,104,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV - [2009/10/12 15:21:54 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/09/10 14:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/11 07:05:00 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2008/04/28 06:14:54 | 003,626,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/03/13 19:21:52 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2008/03/13 19:20:02 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/04/19 21:17:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2007/02/14 14:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/02/14 14:21:00 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007/02/14 14:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/02/14 14:20:58 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/02/14 14:20:58 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/02/14 14:20:56 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005/07/28 08:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=100490&babsrc=HP_ss&mntrId=a408db9c000000000000002186e97f0c
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\DAWSON\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\DAWSON\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/08/01 00:20:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011/12/08 18:55:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/08/01 00:20:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\DAWSON\Application Data\IDM\idmmzcc3 [2011/11/28 00:43:30 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\plugins\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\DAWSON\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\DAWSON\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Dino Strike = C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eepmehbdicbagmhabimoigdhhfmffoof\1.4_0\
CHR - Extension: Apple Shooter = C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ingecjekeggadjbbklelffkgeppklgnm\2.1_0\
CHR - Extension: Freemake Video Converter = C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: Cargo Bridge = C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\
CHR - Extension: The Young Cobra : Arm Of Revenge = C:\Documents and Settings\DAWSON\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfhcfldjkgagfmfphejgmjgdakpclajf\1.1.4_0\

O1 HOSTS File: ([2011/11/28 00:42:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Shell = explorer.exe,
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\DAWSON\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\DAWSON\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A6A0AE9-B9D4-49A7-A017-764C4084598D}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/02 01:51:58 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2011/11/02 01:51:56 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\drivers\mshcmd.sys.
[2011/12/08 18:55:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\My Documents\Freemake
[2011/12/08 18:55:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Freemake
[2011/12/08 18:55:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Freemake
[2011/12/08 18:55:02 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake
[2011/12/08 18:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\Start Menu\Programs\Freemake
[2011/12/08 18:33:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDVideoSoft
[2011/12/08 18:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2011/12/08 18:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\My Documents\DVDVideoSoft
[2011/12/08 18:28:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\Local Settings\Application Data\Ilivid Player
[2011/12/08 18:27:04 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2011/12/08 18:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\Local Settings\Application Data\PackageAware
[2011/12/08 18:22:10 | 000,000,000 | ---D | C] -- C:\OutputFolder
[2011/12/08 18:20:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ultra Video Converter
[2011/12/08 18:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\Ultra Video Converter
[2011/12/08 00:27:54 | 000,000,000 | ---D | C] -- C:\divx
[2011/12/08 00:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\Application Data\DivX
[2011/12/08 00:11:40 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/12/07 23:56:01 | 000,000,000 | ---D | C] -- C:\output media
[2011/12/07 23:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\Free Convert to DIVX AVI WMV MP4 MPEG Converter
[2011/12/07 23:54:08 | 000,860,160 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2011/12/07 23:54:08 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2011/12/07 23:54:08 | 000,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2011/12/07 23:38:08 | 000,895,256 | ---- | C] (DivX, Inc. ) -- C:\Documents and Settings\DAWSON\Desktop\DivXInstaller.exe
[2011/12/07 22:27:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\Application Data\DVDVideoSoftIEHelpers
[2011/12/07 22:26:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\Application Data\DVDVideoSoft
[2011/12/07 22:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2011/12/07 21:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\Local Settings\Application Data\Babylon
[2011/12/07 21:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\Application Data\Babylon
[2011/12/07 21:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011/12/07 16:01:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Total Video Converter
[2011/12/07 12:24:55 | 000,266,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TweakUI.exe
[2011/12/07 12:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Powertoys for Windows XP
[2011/12/06 16:30:22 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2011/12/06 09:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\Application Data\Softplicity
[2011/12/06 09:56:52 | 000,000,000 | ---D | C] -- C:\Program Files\TotalImageConverter
[2011/12/06 09:39:29 | 000,000,000 | ---D | C] -- C:\Program Files\Total Video Converter
[2011/11/30 04:54:38 | 000,389,120 | ---- | C] (WinMain Software (http://www.winmain.com)) -- C:\WINDOWS\System32\cmax20.ocx
[2011/11/28 23:39:35 | 000,000,000 | -HSD | C] -- C:\Recycled
[2011/11/28 12:07:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/11/28 11:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\Start Menu\Programs\WinRAR
[2011/11/28 11:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/11/28 00:35:29 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/25 19:24:14 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/11/25 19:24:14 | 000,000,000 | ---D | C] -- C:\rsit
[2011/11/24 22:05:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\Application Data\Mozilla
[2011/11/23 09:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\My Documents\inno
[2011/11/22 16:17:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/11/21 12:38:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\My Documents\aaq
[2011/11/21 12:37:39 | 000,000,000 | ---D | C] -- C:\Tanner Libraries
[2011/11/21 12:37:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\My Documents\Tanner Tools v12.6
[2011/11/21 10:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\My Documents\asd
[2011/11/21 10:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SafeNet Sentinel
[2011/11/21 10:47:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2011/11/21 10:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tanner EDA
[2011/11/21 10:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Tanner EDA
[2011/11/21 10:45:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\Application Data\Tanner EDA
[2011/11/21 06:45:14 | 000,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry
[2011/11/21 06:45:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\DAWSON\InstallAnywhere
[2011/11/16 22:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/11/14 01:07:13 | 000,050,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
[2011/11/14 01:06:53 | 000,079,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
[2011/11/14 01:05:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RsFx
[2011/11/14 01:05:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2011/11/14 01:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft SQL Server 2008
[2011/11/14 01:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2011/11/14 01:01:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/11/14 01:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/11/14 01:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAWSON\My Documents\Visual Studio 2010
[2011/11/14 00:59:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2011/11/14 00:58:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\symbols
[2011/11/14 00:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/11/14 00:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2011/11/14 00:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2011/11/14 00:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2011/11/14 00:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2011/11/14 00:57:34 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/11/13 23:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\drivers\mshcmd.sys.
[2011/12/09 12:24:30 | 000,526,792 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/09 12:24:30 | 000,101,590 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/09 12:20:18 | 008,405,015 | ---- | M] () -- C:\WINDOWS\TempFile
[2011/12/09 12:19:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/09 12:19:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/09 02:21:34 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1773885956-1800692235-1590129524-1006Core1cc94c43fda087a.job
[2011/12/09 01:45:02 | 003,072,054 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\specs.jpeg
[2011/12/09 01:13:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/08 19:09:26 | 000,105,984 | ---- | M] () -- C:\Documents and Settings\DAWSON\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/08 19:08:54 | 040,373,978 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\YouTube - Yaar Bathere Alfaaz feat Yo Yo Honey Singh Brand New Punjabi Song.avi
[2011/12/08 18:55:18 | 000,000,877 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Freemake Video Converter.lnk
[2011/12/08 18:33:26 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\DVDVideoSoft Free Studio.lnk
[2011/12/08 18:20:18 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ultra Video Converter.lnk
[2011/12/08 16:24:32 | 000,000,586 | ---- | M] () -- C:\Documents and Settings\DAWSON\Application Data\Microsoft\Internet Explorer\Quick Launch\Total Video Player.lnk
[2011/12/08 16:24:32 | 000,000,568 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\Total Video Player.lnk
[2011/12/08 16:24:30 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\Total Video Converter.lnk
[2011/12/08 12:30:52 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/12/08 12:08:20 | 019,583,053 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\YouTube - Yaar Bathere Alfaaz feat Yo Yo Honey Singh Brand New Punjabi Song.flv
[2011/12/08 00:24:48 | 000,001,352 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\DivX Movies.lnk
[2011/12/07 23:54:36 | 000,000,034 | -H-- | M] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2011/12/07 23:39:34 | 000,895,256 | ---- | M] (DivX, Inc. ) -- C:\Documents and Settings\DAWSON\Desktop\DivXInstaller.exe
[2011/12/07 21:44:34 | 000,000,031 | ---- | M] () -- C:\WINDOWS\System32\wdsdtdsini.dll
[2011/12/07 09:39:14 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/07 09:36:26 | 000,143,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/05 08:03:22 | 000,003,673 | ---- | M] () -- C:\Documents and Settings\DAWSON\toolkit.prefs
[2011/12/05 07:36:12 | 000,005,760 | ---- | M] () -- C:\Documents and Settings\DAWSON\nmb.prefs
[2011/12/02 21:05:00 | 000,000,847 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\usb2.lnk
[2011/12/02 21:04:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2011/11/23 10:02:54 | 000,000,016 | -H-- | M] () -- C:\WINDOWS\System32\servdat.slm
[2011/11/23 09:55:18 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2011/11/22 21:59:00 | 000,002,197 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\Google Chrome.lnk
[2011/11/22 21:59:00 | 000,002,175 | ---- | M] () -- C:\Documents and Settings\DAWSON\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/21 10:49:02 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.tgz
[2011/11/21 10:49:02 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.dll
[2011/11/21 10:46:26 | 000,001,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\S-Edit v14.1 32-bit.lnk
[2011/11/21 10:46:26 | 000,001,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\T-Spice v14.1 32-bit.lnk
[2011/11/21 10:46:26 | 000,001,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\W-Edit v14.1 32-bit.lnk
[2011/11/21 10:46:26 | 000,001,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\L-Edit v14.1 32-bit.lnk
[2011/11/21 10:46:26 | 000,001,666 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LVS v14.1 32-bit.lnk
[2011/11/14 01:11:54 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\DAWSON\Desktop\Microsoft Visual C++ 2010 Express.lnk
[2011/11/13 23:36:24 | 000,000,165 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/11/11 01:02:00 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\DAWSON\My Documents\Untitled.csv
[2011/11/11 00:37:46 | 000,000,488 | ---- | M] () -- C:\Documents and Settings\DAWSON\My Documents\table.csv

========== Files Created - No Company Name ==========

[2011/12/09 01:45:00 | 003,072,054 | ---- | C] () -- C:\Documents and Settings\DAWSON\Desktop\specs.jpeg
[2011/12/08 19:07:37 | 040,373,978 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\YouTube - Yaar Bathere Alfaaz feat Yo Yo Honey Singh Brand New Punjabi Song.avi
[2011/12/08 18:55:16 | 000,000,877 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Freemake Video Converter.lnk
[2011/12/08 18:33:25 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\DAWSON\Desktop\DVDVideoSoft Free Studio.lnk
[2011/12/08 18:20:17 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ultra Video Converter.lnk
[2011/12/08 18:20:16 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2011/12/08 18:20:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2011/12/08 12:02:48 | 019,583,053 | ---- | C] () -- C:\Documents and Settings\DAWSON\Desktop\YouTube - Yaar Bathere Alfaaz feat Yo Yo Honey Singh Brand New Punjabi Song.flv
[2011/12/08 00:24:47 | 000,001,352 | ---- | C] () -- C:\Documents and Settings\DAWSON\Desktop\DivX Movies.lnk
[2011/12/07 23:54:35 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2011/12/07 23:54:08 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2011/12/07 23:54:07 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2011/12/07 23:54:07 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/12/07 23:54:07 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/12/07 23:54:04 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/12/07 21:44:33 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\wdsdtdsini.dll
[2011/12/07 16:01:36 | 000,000,599 | ---- | C] () -- C:\Documents and Settings\DAWSON\Desktop\Total Video Converter.lnk
[2011/12/07 16:01:36 | 000,000,586 | ---- | C] () -- C:\Documents and Settings\DAWSON\Application Data\Microsoft\Internet Explorer\Quick Launch\Total Video Player.lnk
[2011/12/07 16:01:36 | 000,000,568 | ---- | C] () -- C:\Documents and Settings\DAWSON\Desktop\Total Video Player.lnk
[2011/12/07 12:24:55 | 000,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2011/12/02 21:04:58 | 000,000,847 | ---- | C] () -- C:\Documents and Settings\DAWSON\Desktop\usb2.lnk
[2011/11/22 23:55:00 | 000,005,760 | ---- | C] () -- C:\Documents and Settings\DAWSON\nmb.prefs
[2011/11/22 16:21:45 | 000,003,673 | ---- | C] () -- C:\Documents and Settings\DAWSON\toolkit.prefs
[2011/11/21 10:49:01 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.tgz
[2011/11/21 10:49:01 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2011/11/21 10:49:01 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.tgz
[2011/11/21 10:49:01 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\servdat.slm
[2011/11/21 10:46:25 | 000,001,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\S-Edit v14.1 32-bit.lnk
[2011/11/21 10:46:25 | 000,001,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\T-Spice v14.1 32-bit.lnk
[2011/11/21 10:46:25 | 000,001,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\W-Edit v14.1 32-bit.lnk
[2011/11/21 10:46:25 | 000,001,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\L-Edit v14.1 32-bit.lnk
[2011/11/21 10:46:25 | 000,001,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LVS v14.1 32-bit.lnk
[2011/11/14 01:29:12 | 001,542,150 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1773885956-1800692235-1590129524-1006-0.dat
[2011/11/14 01:29:10 | 000,147,894 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/11/14 01:11:53 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\DAWSON\Desktop\Microsoft Visual C++ 2010 Express.lnk
[2011/11/13 23:36:23 | 000,000,165 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/11/11 00:37:45 | 000,000,488 | ---- | C] () -- C:\Documents and Settings\DAWSON\My Documents\table.csv
[2011/11/05 19:20:50 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/05 19:20:50 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/05 19:20:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/05 19:20:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/05 19:20:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/04 18:53:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/25 14:09:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2011/10/25 14:08:33 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/10/19 22:05:55 | 000,004,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\D2672BE1.bin
[2011/10/19 22:03:29 | 000,259,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\XHASP.sys
[2011/10/19 22:02:39 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2011/10/19 22:02:33 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2011/10/19 22:02:33 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\hdduinst.exe
[2011/10/15 22:45:13 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ZSHP1020.EXE
[2011/10/15 22:45:11 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL
[2011/07/21 17:03:00 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/07/18 14:43:17 | 000,105,984 | ---- | C] () -- C:\Documents and Settings\DAWSON\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/15 22:12:28 | 002,215,364 | ---- | C] () -- C:\WINDOWS\System32\igklg400.bin
[2011/07/15 22:12:28 | 001,971,732 | ---- | C] () -- C:\WINDOWS\System32\igklg450.bin
[2011/07/15 22:12:28 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4935.dll
[2011/07/15 22:12:28 | 000,029,932 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.bin
[2008/08/21 15:10:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/08/21 15:09:12 | 000,050,055 | ---- | C] () -- C:\WINDOWS\oformat.com
[2008/08/21 15:09:12 | 000,027,357 | ---- | C] () -- C:\WINDOWS\cvtarea.exe
[2008/08/21 15:02:04 | 000,000,166 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/08/21 14:22:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/08/21 14:17:31 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/21 14:12:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/08/21 14:11:56 | 000,143,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 12:00:00 | 000,526,792 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 12:00:00 | 000,101,590 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 12:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/02/06 15:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/02/06 14:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

< End of report >


----------



## anujchopra (Mar 11, 2011)

about a few days back i was running some program and a low disk space message came up. i did what i could and now have more that 15% of that disk free, but, the computer seems to have really slowed down after that. computer usage nearly 50 to 100% with just about 40 to 45 programs running. moreover the explorer quite often becomes unresponsive after which i need to end that process and start a new one.

i tried running malware bytes, but it did not detect anything wrong and neither did my anti virus. could you please look into this.
thanks


----------



## anujchopra (Mar 11, 2011)

computer seems to be responding pretty fine now. 
on its own . 
way better than the last time i posted.


----------



## eddie5659 (Mar 19, 2001)

Glad to hear it 

Now, there are two services that do not want to be removed that are linked to the malware, so lets try this tool instead:

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

*First we will run a virus scan *

Click the cog in the upper right 









Select down to and including your main drive, once done select the Automatic scan tab and press *Start Scan* 









Allow AVP to delete all infections found 
Once it has finished select report tab (last tab) 
Select *Detected threads* report from the left and press *Save* button 
Save it to your desktop and attach to your next post

*Now the Analysis*

Rerun AVP and select the *Manual Disinfection* tab and press *Start Gathering System Information*










On completion click the link to locate the zip file to upload and attach to your next post










eddie


----------



## anujchopra (Mar 11, 2011)

started with exams... will be free on 17th. please dont close the thread. thanks


----------



## eddie5659 (Mar 19, 2001)

No problem, these threads only autoclose after 45 days of non activity 

Good luck on the exams :up:


----------



## anujchopra (Mar 11, 2011)

have downloaded the software and will post the results soon. i dont know why but my system idle process is forever 90%.


----------



## anujchopra (Mar 11, 2011)

do i need to uninstall this software after i'm done following the instructions? if i dont, would it conflict and cause problems with the already installed avast?


----------



## anujchopra (Mar 11, 2011)

no threats were detected.

the zip file on following the link is attached.


----------



## eddie5659 (Mar 19, 2001)

It shouldn't conflict, and we'll be removing it soon 


Re-run AVPTool 
Select the *Manual Disinfection* tab and press *Script execution* 








Where it states *Insert text script in the following box * copy the below script and press *Run script* 
Copy from *Begin* until *End* 









```
begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
SetAVZPMStatus(True);
 BC_DeleteSvc('80BE45A7');
 BC_DeleteSvc('D089877D');
 BC_DeleteFile('C:\WINDOWS\system32\80BE45A7.exe');
 BC_DeleteFile('C:\WINDOWS\system32\D089877D.exe');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
```

Your system will reboot on completion, if it does not please do so yourself 
On completion please run another analysis scan and attach the zip file


----------



## anujchopra (Mar 11, 2011)

attached


----------



## eddie5659 (Mar 19, 2001)

Okay, that looks like its finally removed it, but there was one file that I just want to have another look at. Can you use Systemlook again, like you did here, but use the following script:

http://forums.techguy.org/8157383-post30.html


```
:file
C:\WINDOWS\system32\DRIVERS\4116971drv.sys
```
And post the log created.

-----------

Also, can you do a scan here:


Please go to  VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the *"Suspicious files to scan"*box on the top of the page:

*C:\WINDOWS\system32\DRIVERS\4116971drv.sys*

 Click on the *Upload* button
 Once the Scan is completed, click on the "*Copy to Clipboard*" button. This will copy the link of the report into the Clipboard.
 Paste the contents of the Clipboard in your next reply.

eddie


----------



## anujchopra (Mar 11, 2011)

SystemLook 30.07.11 by jpshortstuff
Log created at 21:17 on 27/12/2011 by DAWSON
Administrator - Elevation successful

========== file ==========

C:\WINDOWS\system32\DRIVERS\4116971drv.sys - Unable to find/read file.

-= EOF =-


----------



## anujchopra (Mar 11, 2011)

could not perform virusscan.org test as i couldn't locate the box to paste the url you gave.


----------



## eddie5659 (Mar 19, 2001)

That's okay, looks like its gone already. May have been a file created by AVZ.


Okay, it all looks okay to me, how's the computer running now?

If its all okay, we'll remove the tools we've used, but I'll wait until you reply


----------



## anujchopra (Mar 11, 2011)

the folder problem is over. thanks a ton for that but i dont know why, but things seem to have slowed down.
my laptop fan is always running at almost full speed. i got it checked for any h/w problems but was told that the h/w was fine.
computer usage varies between 50% to 100% and whenever i turn my system on, a searching for drivers window shows up and i cant figure out for which hardware is this driver being searched for. have tried running malware bytes and have performed full system scans through avast but no problems were detected.
apart from all this the folder thing is superb. 
even in my portable hard disk everything is normal.
thanks


----------



## eddie5659 (Mar 19, 2001)

Do the following, to see if it helps on the slowness:

Uninstall *SUPERAntiSpyware* from AddRemove Programs

*Clear Cache/Temp Files*
Download *TFC by OldTimer* to your desktop

 Please double-click *TFC.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
It *will close all programs* when run, so make sure you have *saved all your work* before you begin.
Click the *Start* button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. *Let it run uninterrupted to completion*. 
Once it's finished it should *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.

Also, its a good idea to keep on top of removing any Temp files etc every month or so. To do this, Windows has a pretty good tool.

Go to Start | Programs | Accessories | System Tools | Disk Cleanup
It should start straight away, but if you have to select a drive, click on the C-drive.
Let it run, and at the end it will give you some boxes to tick. 
All are okay to enable, then press *OK* and then *Yes* to the question after.
It will close after its completed.

--------------

As for the driver issue, does it say any name etc? We'll remove the tools once the driver issue is sorted 

eddie


----------



## anujchopra (Mar 11, 2011)

didint find superantispyware installed for me to remove it.
no driver name is shown. only a question mark


----------



## eddie5659 (Mar 19, 2001)

Okay, lets see if we can find out what its for, the driver that is 

Please download MiniToolBox and save it to your desktop and run it.

Checkmark following checkboxes:

List last 10 Event Viewer log
List Minidump Files.
Click *Go* and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

eddie


----------



## anujchopra (Mar 11, 2011)

MiniToolBox by Farbar Version: 18-01-2012
Ran by DAWSON (administrator) on 21-01-2012 at 00:35:23
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/17/2012 00:18:08 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module fun_avcodec.dll, version 0.0.0.0, fault address 0x0000301a.
Processing media-specific event for [explorer.exe!ws!]

Error: (01/15/2012 09:47:18 PM) (Source: Application Error) (User: )
Description: Faulting application speed.exe, version 0.0.0.0, faulting module speed.exe, version 0.0.0.0, fault address 0x0006578c.
Processing media-specific event for [speed.exe!ws!]

Error: (01/14/2012 10:33:49 PM) (Source: MsiInstaller) (User: DAWSON)DAWSON
Description: Product: AutoCAD 2008 - English -- Error 1308. Source file not found: D:\Anuj\Software\autocad 2008\en-us\Acad\Program Files\Root\Help\ISYS.IXC. Verify that the file exists and that you can access it.

Error: (01/14/2012 10:33:48 PM) (Source: MsiInstaller) (User: DAWSON)DAWSON
Description: Product: AutoCAD 2008 - English -- Error 1308. Source file not found: D:\Anuj\Software\autocad 2008\en-us\Acad\Program Files\Root\Help\ISYS.IXC. Verify that the file exists and that you can access it.

Error: (01/14/2012 10:33:48 PM) (Source: MsiInstaller) (User: DAWSON)DAWSON
Description: Product: AutoCAD 2008 - English -- Error 1308. Source file not found: D:\Anuj\Software\autocad 2008\en-us\Acad\Program Files\Root\Help\ISYS.IXC. Verify that the file exists and that you can access it.

Error: (01/14/2012 10:33:48 PM) (Source: MsiInstaller) (User: DAWSON)DAWSON
Description: Product: AutoCAD 2008 - English -- Error 1308. Source file not found: D:\Anuj\Software\autocad 2008\en-us\Acad\Program Files\Root\Help\ISYS.IXC. Verify that the file exists and that you can access it.

Error: (01/14/2012 10:33:47 PM) (Source: MsiInstaller) (User: DAWSON)DAWSON
Description: Product: AutoCAD 2008 - English -- Error 1308. Source file not found: D:\Anuj\Software\autocad 2008\en-us\Acad\Program Files\Root\Help\ISYS.IXC. Verify that the file exists and that you can access it.

Error: (01/14/2012 10:33:46 PM) (Source: MsiInstaller) (User: DAWSON)DAWSON
Description: Product: AutoCAD 2008 - English -- Error 1308. Source file not found: D:\Anuj\Software\autocad 2008\en-us\Acad\Program Files\Root\Help\ISYS.IXC. Verify that the file exists and that you can access it.

Error: (01/10/2012 02:04:17 PM) (Source: Application Error) (User: )
Description: Faulting application speed.exe, version 0.0.0.0, faulting module speed.exe, version 0.0.0.0, fault address 0x00064f20.
Processing media-specific event for [speed.exe!ws!]

Error: (01/09/2012 03:11:52 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module fun_avcodec.dll, version 0.0.0.0, fault address 0x0000301a.
Processing media-specific event for [explorer.exe!ws!]

System errors:
=============
Error: (01/20/2012 09:27:35 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.44 for the Network Card with network address 00215C9FED0F has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (01/20/2012 10:41:29 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.40 for the Network Card with network address 0022647D271D has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (01/18/2012 08:51:07 PM) (Source: Dhcp) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 7A7905C477FF. The following error
occurred: 
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Error: (01/18/2012 08:47:40 PM) (Source: Dhcp) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 7A7900000000. The following error
occurred: 
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Error: (01/18/2012 08:46:35 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: 
%%1053

Error: (01/18/2012 08:46:35 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the LogMeIn Hamachi Tunneling Engine service to connect.

Error: (01/18/2012 03:27:27 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 00215C9FED0F has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (01/18/2012 10:32:32 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (01/18/2012 10:32:32 AM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (01/18/2012 10:31:19 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Microsoft Office Sessions:
=========================
Error: (11/18/2011 03:32:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 513 seconds with 60 seconds of active time. This session ended with a crash.

Error: (11/10/2011 11:16:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6388 seconds with 4440 seconds of active time. This session ended with a crash.

Error: (08/15/2011 11:27:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7155 seconds with 420 seconds of active time. This session ended with a crash.

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini112211-01.dmp
C:\WINDOWS\Minidump\Mini122311-01.dmp

**** End of log ****


----------



## eddie5659 (Mar 19, 2001)

Okay, that has shown me a few things of which I need to check out a bit deeper 

So, for the first one:



> Error: (01/17/2012 00:18:08 AM) (Source: Application Error) (User: )
> Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module fun_avcodec.dll, version 0.0.0.0, fault address 0x0000301a.
> Processing media-specific event for [explorer.exe!ws!]


Lets look at that, at the same time as these ones:



> Error: (01/15/2012 09:47:18 PM) (Source: Application Error) (User: )
> Description: Faulting application speed.exe, version 0.0.0.0, faulting module speed.exe, version 0.0.0.0, fault address 0x0006578c.
> Processing media-specific event for [speed.exe!ws!]





> Error: (01/14/2012 10:33:49 PM) (Source: MsiInstaller) (User: DAWSON)DAWSON
> Description: Product: AutoCAD 2008 - English -- Error 1308. Source file not found: D:\Anuj\Software\autocad 2008\en-us\Acad\Program Files\Root\Help\ISYS.IXC. Verify that the file exists and that you can access it.


Using Systemlook if you still have it, and if not here it is, can you do this:

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:filefind
fun_avcodec.dll
speed.exe
:dir
D:\Anuj\Software\autocad 2008\en-us\Acad\Program Files\Root\Help
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

eddie


----------



## anujchopra (Mar 11, 2011)

SystemLook 30.07.11 by jpshortstuff
Log created at 18:22 on 24/01/2012 by DAWSON
Administrator - Elevation successful

========== filefind ==========

Searching for "fun_avcodec.dll"
C:\Program Files\Samsung\Samsung PC Studio 5\fun_avcodec.dll	-ra---- 3566434 bytes	[08:38 25/10/2011]	[05:19 07/06/2007] E7A9B6806EF559BF1B7047ED93E61E24

Searching for "speed.exe"
C:\Documents and Settings\DAWSON\My Documents\most wanted setup\speed.exe	--a---- 6029312 bytes	[10:22 09/01/2012]	[17:22 03/02/2006] 9BCC93BC2EE50FD29DC880A20C6BAE1B
C:\Documents and Settings\DAWSON\My Documents\most wanted setup\CRACK\speed.exe	--a---- 6029312 bytes	[10:22 09/01/2012]	[17:22 03/02/2006] 9BCC93BC2EE50FD29DC880A20C6BAE1B
C:\Documents and Settings\DAWSON\My Documents\most wanted setup\CRACK\Original EXE\speed.exe	--a---- 7254894 bytes	[10:22 09/01/2012]	[02:06 01/12/2005] BEC4534A690A81C72A1EFDD38076E60B
C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe	--a---- 6029312 bytes	[11:06 09/01/2012]	[17:22 03/02/2006] 9BCC93BC2EE50FD29DC880A20C6BAE1B

========== dir ==========

D:\Anuj\Software\autocad 2008\en-us\Acad\Program Files\Root\Help - Parameters: "(none)"

---Files---
acad171.chm	--a---- 180133 bytes	[03:25 10/12/2011]	[21:44 24/01/2007]
acadauto.chm	--a---- 1932552 bytes	[03:25 10/12/2011]	[17:58 17/01/2007]
acadctxt.chm	--a---- 113073 bytes	[03:25 10/12/2011]	[18:23 20/01/2007]
acad_aag.chm	--a---- 1561555 bytes	[03:25 10/12/2011]	[20:56 16/01/2007]
acad_acg.chm	--a---- 19554344 bytes	[03:25 10/12/2011]	[20:33 19/01/2007]
acad_acr.chm	--a---- 8606665 bytes	[03:25 10/12/2011]	[21:03 23/01/2007]
acad_alg.chm	--a---- 3013488 bytes	[03:25 10/12/2011]	[21:01 16/01/2007]
acad_alr.chm	--a---- 1187208 bytes	[03:25 10/12/2011]	[20:59 16/01/2007]
acad_alt.chm	--a---- 980489 bytes	[03:25 10/12/2011]	[21:01 16/01/2007]
acad_aug.chm	--a---- 33979560 bytes	[03:25 10/12/2011]	[20:58 23/01/2007]
acad_brw.chm	--a---- 550409 bytes	[03:25 10/12/2011]	[21:05 16/01/2007]
acad_car.chm	--a---- 193754 bytes	[03:25 10/12/2011]	[21:37 17/01/2007]
acad_dev.chm	--a---- 154621 bytes	[03:25 10/12/2011]	[18:32 25/01/2007]
acad_dpg.chm	--a---- 807738 bytes	[03:25 10/12/2011]	[21:04 19/01/2007]
acad_dxf.chm	--a---- 913041 bytes	[03:25 10/12/2011]	[21:18 16/01/2007]
acad_nag.chm	--a---- 821668 bytes	[03:25 10/12/2011]	[20:30 23/01/2007]
acad_NFW.CHM	--a---- 40979901 bytes	[03:25 10/12/2011]	[12:27 30/01/2007]
acad_sig.chm	--a---- 640667 bytes	[03:25 10/12/2011]	[16:38 24/01/2007]
acad_sso.chm	--a---- 257444 bytes	[03:25 10/12/2011]	[18:09 17/01/2007]
AdRefMan.chm	--a---- 646345 bytes	[03:25 10/12/2011]	[21:03 16/01/2007]
AdRefMan.hlp	--a---- 14434 bytes	[03:25 10/12/2011]	[20:37 19/12/2002]
adrefmanctxt.chm	--a---- 11523 bytes	[03:25 10/12/2011]	[21:03 16/01/2007]
adsk_nlg.chm	--a---- 608623 bytes	[03:25 10/12/2011]	[21:20 16/01/2007]
adsk_slg.chm	--a---- 561024 bytes	[03:25 10/12/2011]	[21:23 16/01/2007]
augi.htm	--a---- 3098 bytes	[03:25 10/12/2011]	[18:47 24/02/2006]
augibanner.jpg	--a---- 23617 bytes	[03:25 10/12/2011]	[18:41 29/04/2002]
augilogo.gif	--a---- 15828 bytes	[03:25 10/12/2011]	[18:30 24/02/2006]
drvnew_fx.chm	--a---- 28556 bytes	[03:25 10/12/2011]	[13:54 06/12/2006]
drv_kmwf.chm	--a---- 12445 bytes	[03:25 10/12/2011]	[14:17 09/11/2006]
fujixerox_readme.txt	--a---- 6781 bytes	[03:25 10/12/2011]	[07:20 24/11/2006]
fujixerox_releasenote.txt	--a---- 9694 bytes	[03:25 10/12/2011]	[17:17 10/11/2006]
HelpSearch.ini	--a---- 1546 bytes	[03:25 10/12/2011]	[18:57 19/01/2007]
ISYS.CAT	--a---- 338 bytes	[03:25 10/12/2011]	[09:34 15/09/2006]
ISYS.CFG	--a---- 334 bytes	[03:25 10/12/2011]	[00:31 31/01/2007]
ISYS.FLD	--a---- 0 bytes	[03:25 10/12/2011]	[14:44 09/05/2006]
ISYS.IXA	--a---- 313680 bytes	[03:25 10/12/2011]	[01:13 31/01/2007]
ISYS.IXB	--a---- 8091168 bytes	[03:25 10/12/2011]	[01:13 31/01/2007]
ISYS.IXE	--a---- 97844 bytes	[03:25 10/12/2011]	[01:13 31/01/2007]
ISYS.IXF	--a---- 20594 bytes	[03:25 10/12/2011]	[03:01 31/10/2006]
ISYS.NET	--a---- 0 bytes	[03:25 10/12/2011]	[00:38 31/01/2007]
ISYS.SYN	--a---- 4674 bytes	[03:25 10/12/2011]	[21:43 18/01/2007]
ole_err.chm	--a---- 37951 bytes	[03:25 10/12/2011]	[22:58 25/09/2006]
readme.chm	--a---- 56366 bytes	[03:25 10/12/2011]	[20:31 06/02/2007]
SXFManual.pdf	--a---- 1717042 bytes	[03:25 10/12/2011]	[13:24 12/01/2007]
webbrw.chm	--a---- 10915 bytes	[03:25 10/12/2011]	[15:38 05/12/2006]

---Folders---
buildyourworld	d------	[03:25 10/12/2011]
GettingStarted	d------	[03:25 10/12/2011]
newfeatures	d------	[03:25 10/12/2011]

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Okay, the first error is for this:



> Error: (01/17/2012 00:18:08 AM) (Source: Application Error) (User: )
> Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module fun_avcodec.dll, version 0.0.0.0, fault address 0x0000301a.
> Processing media-specific event for [explorer.exe!ws!]


And it looks like its for this program:

*C:\Program Files\Samsung\Samsung PC Studio 5\fun_avcodec.dll *

Do you use Samsung PC Studio 5? If you do, can you re-install it, as it may be a corrupt file.

--

The second one:



> Error: (01/15/2012 09:47:18 PM) (Source: Application Error) (User: )
> Description: Faulting application speed.exe, version 0.0.0.0, faulting module speed.exe, version 0.0.0.0, fault address 0x0006578c.
> Processing media-specific event for [speed.exe!ws!]


Looks to be this one:

*C:\Documents and Settings\DAWSON\My Documents\most wanted setup\speed.exe
C:\Documents and Settings\DAWSON\My Documents\most wanted setup\CRACK\speed.exe
C:\Documents and Settings\DAWSON\My Documents\most wanted setup\CRACK\Original EXE\speed.exe
C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe*

Now, this looks to be a cracked version, not a paid version. This will probably contain malware, so I highly suggest that this is uninstalled, and the files removed. If you want to do this, just uninstall it via AddRemove Programs, and then delete the following folders:

*
C:\Documents and Settings\DAWSON\My Documents\most wanted setup
C:\Program Files\EA GAMES\Need for Speed Most Wanted
*

--

The third one:



> Error: (01/14/2012 10:33:49 PM) (Source: MsiInstaller) (User: DAWSON)DAWSON
> Description: Product: AutoCAD 2008 - English -- Error 1308. Source file not found: D:\Anuj\Software\autocad 2008\en-us\Acad\Program Files\Root\Help\ISYS.IXC. Verify that the file exists and that you can access it.


Now, looking in the folder it references to:

*D:\Anuj\Software\autocad 2008\en-us\Acad\Program Files\Root\Help *

And the file *ISYS.IXC* isn't listed in the folder. You may have to reinstall Autocad 2008 for the file to re-appear 

eddie


----------



## anujchopra (Mar 11, 2011)

what if i just uninstall autocad completely? dont quite need it as of now. would i get rid of the error then?


----------



## eddie5659 (Mar 19, 2001)

Yep, uninstalling it fully should remove the error message. Let me know if it works or not


----------



## anujchopra (Mar 11, 2011)

have gotten rid of both autocad as well as NFS. what next?


----------



## eddie5659 (Mar 19, 2001)

Has the error message stopped coming up? If not, have you reinstalled Samsung PC Studio 5?


----------



## anujchopra (Mar 11, 2011)

the found new hardware message has stopped. should i run minitoolbox again?


----------



## eddie5659 (Mar 19, 2001)

Good to see, and yes, re-run it again to see what comes up


----------



## anujchopra (Mar 11, 2011)

SystemLook 30.07.11 by jpshortstuff
Log created at 18:07 on 26/02/2012 by DAWSON
Administrator - Elevation successful

========== filefind ==========

Searching for "fun_avcodec.dll"
C:\Program Files\Samsung\Samsung PC Studio 5\fun_avcodec.dll	-ra---- 3566434 bytes	[08:38 25/10/2011]	[05:19 07/06/2007] E7A9B6806EF559BF1B7047ED93E61E24

Searching for "speed.exe"
No files found.

========== dir ==========

D:\Anuj\Software\autocad 2008\en-us\Acad\Program Files\Root\Help - Parameters: "(none)"

---Files---
acad171.chm	--a---- 180133 bytes	[03:25 10/12/2011]	[21:44 24/01/2007]
acadauto.chm	--a---- 1932552 bytes	[03:25 10/12/2011]	[17:58 17/01/2007]
acadctxt.chm	--a---- 113073 bytes	[03:25 10/12/2011]	[18:23 20/01/2007]
acad_aag.chm	--a---- 1561555 bytes	[03:25 10/12/2011]	[20:56 16/01/2007]
acad_acg.chm	--a---- 19554344 bytes	[03:25 10/12/2011]	[20:33 19/01/2007]
acad_acr.chm	--a---- 8606665 bytes	[03:25 10/12/2011]	[21:03 23/01/2007]
acad_alg.chm	--a---- 3013488 bytes	[03:25 10/12/2011]	[21:01 16/01/2007]
acad_alr.chm	--a---- 1187208 bytes	[03:25 10/12/2011]	[20:59 16/01/2007]
acad_alt.chm	--a---- 980489 bytes	[03:25 10/12/2011]	[21:01 16/01/2007]
acad_aug.chm	--a---- 33979560 bytes	[03:25 10/12/2011]	[20:58 23/01/2007]
acad_brw.chm	--a---- 550409 bytes	[03:25 10/12/2011]	[21:05 16/01/2007]
acad_car.chm	--a---- 193754 bytes	[03:25 10/12/2011]	[21:37 17/01/2007]
acad_dev.chm	--a---- 154621 bytes	[03:25 10/12/2011]	[18:32 25/01/2007]
acad_dpg.chm	--a---- 807738 bytes	[03:25 10/12/2011]	[21:04 19/01/2007]
acad_dxf.chm	--a---- 913041 bytes	[03:25 10/12/2011]	[21:18 16/01/2007]
acad_nag.chm	--a---- 821668 bytes	[03:25 10/12/2011]	[20:30 23/01/2007]
acad_NFW.CHM	--a---- 40979901 bytes	[03:25 10/12/2011]	[12:27 30/01/2007]
acad_sig.chm	--a---- 640667 bytes	[03:25 10/12/2011]	[16:38 24/01/2007]
acad_sso.chm	--a---- 257444 bytes	[03:25 10/12/2011]	[18:09 17/01/2007]
AdRefMan.chm	--a---- 646345 bytes	[03:25 10/12/2011]	[21:03 16/01/2007]
AdRefMan.hlp	--a---- 14434 bytes	[03:25 10/12/2011]	[20:37 19/12/2002]
adrefmanctxt.chm	--a---- 11523 bytes	[03:25 10/12/2011]	[21:03 16/01/2007]
adsk_nlg.chm	--a---- 608623 bytes	[03:25 10/12/2011]	[21:20 16/01/2007]
adsk_slg.chm	--a---- 561024 bytes	[03:25 10/12/2011]	[21:23 16/01/2007]
augi.htm	--a---- 3098 bytes	[03:25 10/12/2011]	[18:47 24/02/2006]
augibanner.jpg	--a---- 23617 bytes	[03:25 10/12/2011]	[18:41 29/04/2002]
augilogo.gif	--a---- 15828 bytes	[03:25 10/12/2011]	[18:30 24/02/2006]
drvnew_fx.chm	--a---- 28556 bytes	[03:25 10/12/2011]	[13:54 06/12/2006]
drv_kmwf.chm	--a---- 12445 bytes	[03:25 10/12/2011]	[14:17 09/11/2006]
fujixerox_readme.txt	--a---- 6781 bytes	[03:25 10/12/2011]	[07:20 24/11/2006]
fujixerox_releasenote.txt	--a---- 9694 bytes	[03:25 10/12/2011]	[17:17 10/11/2006]
HelpSearch.ini	--a---- 1546 bytes	[03:25 10/12/2011]	[18:57 19/01/2007]
ISYS.CAT	--a---- 338 bytes	[03:25 10/12/2011]	[09:34 15/09/2006]
ISYS.CFG	--a---- 334 bytes	[03:25 10/12/2011]	[00:31 31/01/2007]
ISYS.FLD	--a---- 0 bytes	[03:25 10/12/2011]	[14:44 09/05/2006]
ISYS.IXA	--a---- 313680 bytes	[03:25 10/12/2011]	[01:13 31/01/2007]
ISYS.IXB	--a---- 8091168 bytes	[03:25 10/12/2011]	[01:13 31/01/2007]
ISYS.IXE	--a---- 97844 bytes	[03:25 10/12/2011]	[01:13 31/01/2007]
ISYS.IXF	--a---- 20594 bytes	[03:25 10/12/2011]	[03:01 31/10/2006]
ISYS.NET	--a---- 0 bytes	[03:25 10/12/2011]	[00:38 31/01/2007]
ISYS.SYN	--a---- 4674 bytes	[03:25 10/12/2011]	[21:43 18/01/2007]
ole_err.chm	--a---- 37951 bytes	[03:25 10/12/2011]	[22:58 25/09/2006]
readme.chm	--a---- 56366 bytes	[03:25 10/12/2011]	[20:31 06/02/2007]
SXFManual.pdf	--a---- 1717042 bytes	[03:25 10/12/2011]	[13:24 12/01/2007]
webbrw.chm	--a---- 10915 bytes	[03:25 10/12/2011]	[15:38 05/12/2006]

---Folders---
buildyourworld	d------	[03:25 10/12/2011]
GettingStarted	d------	[03:25 10/12/2011]
newfeatures	d------	[03:25 10/12/2011]

-= EOF =-


----------



## anujchopra (Mar 11, 2011)

MiniToolBox by Farbar 
Ran by DAWSON (administrator) on 26-02-2012 at 18:08:27
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/23/2012 07:06:43 PM) (Source: Application Error) (User: )
Description: Faulting application nokiaovisuite.exe, version 3.1.1.80, faulting module qtgui4.dll, version 4.7.1.0, fault address 0x00457355.
Processing media-specific event for [nokiaovisuite.exe!ws!]

Error: (02/23/2012 07:06:24 PM) (Source: Application Error) (User: )
Description: Faulting application nokiaovisuite.exe, version 3.1.1.80, faulting module qtgui4.dll, version 4.7.1.0, fault address 0x00457355.
Processing media-specific event for [nokiaovisuite.exe!ws!]

Error: (02/23/2012 07:06:13 PM) (Source: Application Error) (User: )
Description: Faulting application nokiaovisuite.exe, version 3.1.1.80, faulting module qtgui4.dll, version 4.7.1.0, fault address 0x00457355.
Processing media-specific event for [nokiaovisuite.exe!ws!]

Error: (02/20/2012 02:09:46 AM) (Source: Application Error) (User: )
Description: Faulting application nokiaovisuite.exe, version 3.1.1.80, faulting module qtgui4.dll, version 4.7.1.0, fault address 0x00457355.
Processing media-specific event for [nokiaovisuite.exe!ws!]

Error: (02/17/2012 02:52:26 PM) (Source: Application Error) (User: )
Description: Faulting application videomanager.exe, version 7.1.44.0, faulting module msvcr80.dll, version 8.0.50727.6195, fault address 0x000149d1.
Processing media-specific event for [videomanager.exe!ws!]

Error: (02/16/2012 01:58:35 PM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/16/2012 01:56:06 PM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/16/2012 11:17:39 AM) (Source: MsiInstaller) (User: DAWSON)DAWSON
Description: Product: PIC32 Starter Kits -- Error 1905.Module C:\Microchip Starter Kits\PIC32 Starter Kits\MPLAB IDE\Core\MPDisplay2.dll failed to unregister. HRESULT -2147220472. Contact your support personnel.

Error: (02/16/2012 11:17:39 AM) (Source: MsiInstaller) (User: DAWSON)DAWSON
Description: Product: PIC32 Starter Kits -- Error 1905.Module C:\Microchip Starter Kits\PIC32 Starter Kits\MPLAB IDE\PICkit 2\PICkit2.dll failed to unregister. HRESULT -2147220472. Contact your support personnel.

Error: (02/15/2012 04:44:46 PM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:
=============
Error: (02/24/2012 01:55:33 AM) (Source: Service Control Manager) (User: )
Description: The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).

Error: (02/20/2012 01:55:14 AM) (Source: Service Control Manager) (User: )
Description: The ServiceLayer service terminated unexpectedly. It has done this 5 time(s).

Error: (02/20/2012 01:54:12 AM) (Source: Service Control Manager) (User: )
Description: The ServiceLayer service terminated unexpectedly. It has done this 4 time(s).

Error: (02/20/2012 01:53:41 AM) (Source: Service Control Manager) (User: )
Description: The ServiceLayer service terminated unexpectedly. It has done this 3 time(s).

Error: (02/20/2012 01:53:09 AM) (Source: Service Control Manager) (User: )
Description: The ServiceLayer service terminated unexpectedly. It has done this 2 time(s).

Error: (02/20/2012 01:52:44 AM) (Source: Service Control Manager) (User: )
Description: The ServiceLayer service terminated unexpectedly. It has done this 1 time(s).

Error: (02/17/2012 02:54:18 PM) (Source: Service Control Manager) (User: )
Description: The ServiceLayer service terminated unexpectedly. It has done this 8 time(s).

Error: (02/17/2012 02:53:52 PM) (Source: Service Control Manager) (User: )
Description: The ServiceLayer service terminated unexpectedly. It has done this 7 time(s).

Error: (02/17/2012 02:53:32 PM) (Source: Service Control Manager) (User: )
Description: The ServiceLayer service terminated unexpectedly. It has done this 6 time(s).

Error: (02/17/2012 02:53:19 PM) (Source: Service Control Manager) (User: )
Description: The ServiceLayer service terminated unexpectedly. It has done this 5 time(s).

Microsoft Office Sessions:
=========================
Error: (11/18/2011 03:32:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 513 seconds with 60 seconds of active time. This session ended with a crash.

Error: (11/10/2011 11:16:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6388 seconds with 4440 seconds of active time. This session ended with a crash.

Error: (08/15/2011 11:27:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7155 seconds with 420 seconds of active time. This session ended with a crash.

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini112211-01.dmp
C:\WINDOWS\Minidump\Mini122311-01.dmp

**** End of log ****


----------



## eddie5659 (Mar 19, 2001)

Okay, you say you have uninstalled autocad, but it looks like there are some remains there. So, lets just see what is left overall for that, and clean that up.

Can you run SystemLook again, and use the following code:


```
:folderfind
*autocad
:regfind
*autocad
```
And post the log again


----------



## anujchopra (Mar 11, 2011)

SystemLook 30.07.11 by jpshortstuff
Log created at 21:24 on 08/03/2012 by DAWSON
Administrator - Elevation successful

========== folderfind ==========

Searching for "*autocad"
C:\Program Files\Adobe\Acrobat 7.0\PDFMaker\AutoCAD	d------	[16:36 15/07/2011]

========== regfind ==========

Searching for "*autocad"
No data found.

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

*edit* Just in case you saw a different reply in your email 

That looks okay, as its part of Adobe.

How's the computer running now?


----------



## anujchopra (Mar 11, 2011)

its smooth now but the fan speed and the core utilization problem is still there.....


----------



## anujchopra (Mar 11, 2011)

i have attched 2 photos in a rar file. one of them shows complete core utilization even when a few processes are run (shown in the other one) 
thanks.


----------



## eddie5659 (Mar 19, 2001)

Hmmm, lets have a look to see if there is something in the processes. When is this happeing most?

The following program checks the running services on your system, to determine if there are any malicious files running.

Download *Getservices.zip*

Extract the Zip file to your C drive. Once it is extracted there will be a directory called *Getservice*. Inside the C:\getservice directory will be a file called *getservice.bat *. Simply double-click on the *getservice.bat* file and when it is completed a notepad will open with a lot of information.

Copy/Paste the contents here


----------



## anujchopra (Mar 11, 2011)

SERVICE_NAME: ALG
DISPLAY_NAME: Application Layer Gateway Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 2812
FLAGS : 
DESCRIPTION : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.

TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\alg.exe
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Application Layer Gateway Service
SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: AudioSrv
DISPLAY_NAME: Windows Audio
TYPE : 20 WIN32_SHARE_PROCESS
 STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1288
FLAGS : 
DESCRIPTION : Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : AudioGroup
TAG : 0
DISPLAY_NAME : Windows Audio
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: avast! Antivirus
DISPLAY_NAME: avast! Antivirus
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1932
FLAGS : 
DESCRIPTION : Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
LOAD_ORDER_GROUP : ShellSvcGroup
TAG : 0
DISPLAY_NAME : avast! Antivirus
DEPENDENCIES : aswMon2
: RpcSS
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: BITS
DISPLAY_NAME: Background Intelligent Transfer Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1288
FLAGS : 
DESCRIPTION : Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Background Intelligent Transfer Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Browser
DISPLAY_NAME: Computer Browser
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1288
FLAGS : 
DESCRIPTION : Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Computer Browser
DEPENDENCIES : LanmanWorkstation
: LanmanServer
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: btwdins
DISPLAY_NAME: Bluetooth Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1312
FLAGS : 
DESCRIPTION : Handles installation and removal of Bluetooth devices.

TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
LOAD_ORDER_GROUP : PlugPlay
TAG : 0
DISPLAY_NAME : Bluetooth Service
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: CryptSvc
DISPLAY_NAME: CryptSvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1288
FLAGS : 
DESCRIPTION : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : CryptSvc
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: DcomLaunch
DISPLAY_NAME: DCOM Server Process Launcher
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1180
FLAGS : 
DESCRIPTION : Provides launch functionality for DCOM services.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k DcomLaunch
LOAD_ORDER_GROUP : Event Log
TAG : 0
DISPLAY_NAME : DCOM Server Process Launcher
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Dhcp
DISPLAY_NAME: DHCP Client
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1288
FLAGS : 
DESCRIPTION : Manages network configuration by registering and updating IP addresses and DNS names.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: dmserver
DISPLAY_NAME: Logical Disk Manager
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1288
FLAGS : 
DESCRIPTION : Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Logical Disk Manager
DEPENDENCIES : RpcSs
: PlugPlay
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Dnscache
DISPLAY_NAME: DNS Client
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1520
FLAGS : 
DESCRIPTION : Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tcpip
SERVICE_START_NAME : NT AUTHORITY\NetworkService

SERVICE_NAME: ERSvc
DISPLAY_NAME: Error Reporting Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1288
FLAGS : 
DESCRIPTION : Allows error reporting for services and applictions running in non-standard environments.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Error Reporting Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Eventlog
DISPLAY_NAME: Event Log
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1004
FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS
DESCRIPTION : Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : Event log
TAG : 0
DISPLAY_NAME : Event Log
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: EventSystem
DISPLAY_NAME: COM+ Event System
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1288
FLAGS : 
DESCRIPTION : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : COM+ Event System
DEPENDENCIES : RPCSS
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: FastUserSwitchingCompatibility
DISPLAY_NAME: Fast User Switching Compatibility
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1288
FLAGS : 
DESCRIPTION : Provides management for applications that require assistance in a multiple user environment.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Fast User Switching Compatibility
DEPENDENCIES : TermService
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: helpsvc
DISPLAY_NAME: Help and Support
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1288
FLAGS : 
DESCRIPTION : Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Help and Support
DEPENDENCIES : RPCSS
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: HidServ
DISPLAY_NAME: HID Input Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1288
FLAGS : 
DESCRIPTION : Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : HID Input Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: LanmanServer
DISPLAY_NAME: Server
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1288
FLAGS : 
DESCRIPTION : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Server
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: lanmanworkstation
DISPLAY_NAME: Workstation
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1288
FLAGS : 
DESCRIPTION : Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : Workstation
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: LmHosts
DISPLAY_NAME: TCP/IP NetBIOS Helper
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1600
FLAGS : 
DESCRIPTION : Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: Netman
DISPLAY_NAME: Network Connections
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1288
FLAGS : 
DESCRIPTION : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.

TYPE : 120 WIN32_SHARE_PROCESS (interactive)
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Network Connections
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Nla
DISPLAY_NAME: Network Location Awareness (NLA)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1288
 FLAGS : 
DESCRIPTION : Collects and stores network configuration and location information, and notifies applications when this information changes.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Network Location Awareness (NLA)
DEPENDENCIES : Tcpip
: Afd
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: PlugPlay
DISPLAY_NAME: Plug and Play
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1004
FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS
DESCRIPTION : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : PlugPlay
TAG : 0
DISPLAY_NAME : Plug and Play
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: PolicyAgent
DISPLAY_NAME: IPSEC Services
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1016
FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS
DESCRIPTION : Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : IPSEC Services
DEPENDENCIES : RPCSS
: Tcpip
: IPSec
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: ProtectedStorage
DISPLAY_NAME: Protected Storage
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1016
FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS
DESCRIPTION : Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.

TYPE : 120 WIN32_SHARE_PROCESS (interactive)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Protected Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: RasMan
DISPLAY_NAME: Remote Access Connection Manager
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1288
FLAGS : 
DESCRIPTION : Creates a network connection.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Remote Access Connection Manager
DEPENDENCIES : Tapisrv
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: RemoteRegistry
DISPLAY_NAME: Remote Registry
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1600
FLAGS : 
DESCRIPTION : Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Remote Registry
DEPENDENCIES : RPCSS
SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: RpcSs
DISPLAY_NAME: Remote Procedure Call (RPC)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1236
FLAGS : 
DESCRIPTION : Provides the endpoint mapper and other miscellaneous RPC services.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k rpcss
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC)
SERVICE_START_NAME : NT AUTHORITY\NetworkService

SERVICE_NAME: SamSs
DISPLAY_NAME: Security Accounts Manager
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1016
FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS
DESCRIPTION : Stores security information for local user accounts.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP : LocalValidation
TAG : 0
DISPLAY_NAME : Security Accounts Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Schedule
DISPLAY_NAME: Task Scheduler
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1288
FLAGS : 
DESCRIPTION : Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : SchedulerGroup
TAG : 0
DISPLAY_NAME : Task Scheduler
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: seclogon
DISPLAY_NAME: Secondary Logon
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1288
FLAGS : 
DESCRIPTION : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 120 WIN32_SHARE_PROCESS (interactive)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Secondary Logon
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: SENS
DISPLAY_NAME: System Event Notification
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1288
FLAGS : 
DESCRIPTION : Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : System Event Notification
DEPENDENCIES : EventSystem
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: SharedAccess
DISPLAY_NAME: Windows Firewall/Internet Connection Sharing (ICS)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1288
FLAGS : 
DESCRIPTION : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)
DEPENDENCIES : Netman
: WinMgmt
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: ShellHWDetection
DISPLAY_NAME: Shell Hardware Detection
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1288
FLAGS : 
DESCRIPTION : Provides notifications for AutoPlay hardware events.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : ShellSvcGroup
TAG : 0
DISPLAY_NAME : Shell Hardware Detection
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Spooler
DISPLAY_NAME: Print Spooler
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1516
FLAGS : 
DESCRIPTION : Loads files to memory for later printing.

TYPE : 110 WIN32_OWN_PROCESS (interactive)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\spoolsv.exe
LOAD_ORDER_GROUP : SpoolerGroup
TAG : 0
DISPLAY_NAME : Print Spooler
DEPENDENCIES : RPCSS
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: SQLWriter
DISPLAY_NAME: SQL Server VSS Writer
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1848
FLAGS : 
DESCRIPTION : Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure.

TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : SQL Server VSS Writer
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: srservice
DISPLAY_NAME: System Restore Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
 WAIT_HINT : 0x0
PID : 1288
FLAGS : 
DESCRIPTION : Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : System Restore Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: SSDPSRV
DISPLAY_NAME: SSDP Discovery Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1600
FLAGS : 
DESCRIPTION : Enables discovery of UPnP devices on your home network.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : SSDP Discovery Service
DEPENDENCIES : HTTP
SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: stisvc
DISPLAY_NAME: Windows Image Acquisition (WIA)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 2124
FLAGS : 
DESCRIPTION : Provides image acquisition services for scanners and cameras.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k imgsvc
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Windows Image Acquisition (WIA)
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: TapiSrv
DISPLAY_NAME: Telephony
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1288
FLAGS : 
DESCRIPTION : Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Telephony
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: TermService
DISPLAY_NAME: Terminal Services
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1180
FLAGS : 
DESCRIPTION : Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k DComLaunch
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Terminal Services
DEPENDENCIES : RPCSS
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Themes
DISPLAY_NAME: Themes
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1288
FLAGS : 
DESCRIPTION : Provides user experience theme management.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : UIGroup
TAG : 0
DISPLAY_NAME : Themes
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: TrkWks
DISPLAY_NAME: Distributed Link Tracking Client
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1288
FLAGS : 
DESCRIPTION : Maintains links between NTFS files within a computer or across computers in a network domain.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Distributed Link Tracking Client
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: UDisk Monitor
DISPLAY_NAME: UDisk Monitor
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 2192
FLAGS : 
DESCRIPTION : 

TYPE : 110 WIN32_OWN_PROCESS (interactive)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1  NORMAL
BINARY_PATH_NAME : C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : UDisk Monitor
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: upnphost
DISPLAY_NAME: Universal Plug and Play Device Host
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1600
FLAGS : 
DESCRIPTION : Provides support to host Universal Plug and Play devices.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Universal Plug and Play Device Host
DEPENDENCIES : SSDPSRV
: HTTP
SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: W32Time
DISPLAY_NAME: Windows Time
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1288
FLAGS : 
DESCRIPTION : Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.


TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Windows Time
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: WebClient
DISPLAY_NAME: WebClient
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1600
FLAGS : 
DESCRIPTION : Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : WebClient
DEPENDENCIES : MRxDAV
SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: winmgmt
DISPLAY_NAME: Windows Management Instrumentation
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
 (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1288
FLAGS : 
DESCRIPTION : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation
DEPENDENCIES : RPCSS
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: wscsvc
DISPLAY_NAME: Security Center
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1288
FLAGS : 
DESCRIPTION : Monitors system security settings and configurations.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Security Center
DEPENDENCIES : RpcSs
: winmgmt
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: wuauserv
DISPLAY_NAME: Automatic Updates
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1288
FLAGS : 
DESCRIPTION : Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Automatic Updates
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: WudfSvc
DISPLAY_NAME: Windows Driver Foundation - User-mode Driver Framework
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1344
FLAGS : 
DESCRIPTION : Manages user-mode driver host processes

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1  NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
LOAD_ORDER_GROUP : PlugPlay
TAG : 0
DISPLAY_NAME : Windows Driver Foundation - User-mode Driver Framework
DEPENDENCIES : PlugPlay
: WudfPf
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: WZCSVC
DISPLAY_NAME: Wireless Zero Configuration
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1288
FLAGS : 
DESCRIPTION : Provides automatic configuration for the 802.11 adapters

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Wireless Zero Configuration
DEPENDENCIES : RpcSs
: Ndisuio
SERVICE_START_NAME : LocalSystem


----------



## flavallee (May 12, 2002)

anujchopra:

I've been called in to assist you with your CPU spike issue.

Do the following in the order listed.

-----------------------------------------------------------

Right-click MY COMPUTER, then click Properties.

What's listed in the *Computer:* section in the "General" tab?

-----------------------------------------------------------

Start HiJackThis, then click "Do a system scan and save a log file".

Save the new log that appears, then copy-and-paste it here.

-----------------------------------------------------------

Start HiJackThis.

Click on the "Open The Misc Tools Section" button.

Click on the "Open Uninstall Manager" button.

Click on the "Save List" button.

Save the "uninstall_list.txt" file somewhere.

It'll then open in Notepad.

Return here to your thread, then copy-and-paste the entire file here.

-----------------------------------------------------------


----------



## eddie5659 (Mar 19, 2001)

Hi anujchopra, I thought I'd ask flavallee for some help on the cpu spiking 

Thanks flavallee :up:


----------



## anujchopra (Mar 11, 2011)

sorry flavalee could not reply earlier. my friend dropped the laptop down about a few weeks back :-( and its been at the service centre since.... thanks for all you and eddie have helped me with.


----------



## flavallee (May 12, 2002)

A dropped laptop doesn't do well. Good luck getting it fixed. 

------------------------------------------------------------


----------



## anujchopra (Mar 11, 2011)

btw, i got a call from the service centre today. they're asking for a price for which i could buy a new laptop with better specs. 
he said the damages included: broken laptop chassis, (the exterior had broken on the spot) , broken screen, motherboard cracked. the only things that seemed to have survived the fall were the HDD and the RAM .
*sob sob*


----------



## flavallee (May 12, 2002)

It's safe to say we can put this thread to sleep.

-----------------------------------------------------------------


----------



## anujchopra (Mar 11, 2011)

lol......... RIP would sound better


----------



## eddie5659 (Mar 19, 2001)

Sorry to hear that after all that 

I'll mark this solved, as it is in a way 

eddie


----------

