Browser Not Connecting To Web Pages

Solved
By dbhojwani
Oct 7, 2010
Topic Status:
Not open for further replies.
  1. Have a bit of a frustrating situation. I am unable to connect to any webpages using firefox. I have checked my modem and router and everything is functioning as it should. There are two other desktop systems connected to the router and they are functioning perfectly fine. I've tried using IE, however, IE shuts off immediately after starting up.

    I have AVG, Malewarebytes, and SuperAntiSpyware installed but as I cannot establish a proper net connection on my system, I am unable to download updated virus definition files and hence running the scans produce nothing of value except in finding tracking cookies.

    I have run HJT and have attached the log. Not sure if this is maleware based or whether I have some other system problem.

    Any help on this would be great.

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    Let's see, if you have any connection...

    1. Click Start>Run (Start>"Start search" in Vista).

    2. Type in (or copy and paste):

    cmd /c ping google.com>%temp%\$.$&notepad %temp%\$.$

    and press Enter.

    3. Notepad will open.

    4. Copy all text in Notepad ([Ctrl-A], then [Ctrl-C]), and then post it (paste = [Ctrl-V]) in your next reply.
  3. dbhojwani

    dbhojwani Newcomer, in training Topic Starter Posts: 24

    Hi Broni,

    Here's the data you requested from the ping:



    Pinging google.com [74.125.227.48] with 32 bytes of data:



    Reply from 74.125.227.48: bytes=32 time=92ms TTL=51

    Reply from 74.125.227.48: bytes=32 time=94ms TTL=53

    Reply from 74.125.227.48: bytes=32 time=68ms TTL=51

    Reply from 74.125.227.48: bytes=32 time=95ms TTL=51



    Ping statistics for 74.125.227.48:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 68ms, Maximum = 95ms, Average = 87ms
  4. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    Your connection is fine.
    It looks like some malware is blocking your internet access.

    Download following tools on good computer and transfer them to bad computer, using USB flash drive.
    Run them on bad computer.
    Do NOT use that particular USB flash drive on good computer for now.


    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.pif
    * Rkill.exe


    • * Double-click on the Rkill desktop icon to run the tool.
      * If using Vista or Windows 7 right-click on it and choose Run As Administrator.
      * A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
      * If not, delete the file, then download and use the one provided in Link 2.
      * If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
      * Do not reboot until instructed.
      * If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run then try to immediately run the following.

    Now download and run exeHelper.


    • * Please download exeHelper from Raktor to your desktop.
      * Double-click on exeHelper.com to run the fix.
      * A black window should pop up, press any key to close once the fix is completed.
      * A log file named log.txt will be created in the directory where you ran exeHelper.com
      * Attach the log.txt file to your next message.

    Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

    ====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  5. dbhojwani

    dbhojwani Newcomer, in training Topic Starter Posts: 24

    I followed the steps you outlined and here is a summary of the results:

    1st try:
    Ran RKill successfully and immediately followed by running exeHelper which also run successfully.

    After this, I disabled all anti-virus, script-blocking and real-time protection programs and ran ComboFix. Howerver, right after I double clicked the icon, got the blue screen and my system restarted.

    2nd try:
    Re-ran RKill successfully again and immediately followed by running exeHelper which also run successfully.

    Double-clicked on ComboFix and this time it did open up successfully, however, I was not prompted with any instructions and a command prompt window opened with a blinking cursor. This was around 8pm. I checked back around 11pm and still nothing had happened. Thinking it may be running, I left it overnight but once again this morning, didn't seem to have any new information.

    Tried looking for a log file in the event it was created but found nothing.

    Did I do something wrong when I tried to run ComboFix?

    I have attached the log file for exeHelper nonetheless.

    Attached Files:

  6. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    You did just fine.
    Your infection is interfering.

    Delete your Combofix file, download fresh one, but rename combofix.exe to broni.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Restart computer in Safe Mode, run rKill, exehelper and then broni.exe
  7. dbhojwani

    dbhojwani Newcomer, in training Topic Starter Posts: 24

    Running it through Safe Mode worked! Although, the first time around, I didn't boot into Safe Mode with Networking so Recovery Console was not installed.

    I've attached the new exeHelper log and Combofix log.

    Attached Files:

  8. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    Very good :)
    Combofix looks pretty good now :)

    See, if you can run Combofix in normal mode, allow recovery console installation and post new log.

    When done...

    STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.


    STEP 3. Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.



    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  9. dbhojwani

    dbhojwani Newcomer, in training Topic Starter Posts: 24

    ComboFix didn't run in Normal mode so I re-ran it in Safe Mode with Networking and had the Recovery Console installed.

    Additionally, Malewarebytes would now download the updated virus definition file in normal mode so I had to do it through Safe Mode with Networking. I ran this twice, once in Safe mode and once in Normal mode and have attached both files.

    Also attached are the GMER log and the MBRCheck log is posted below:

    MBRCheck Log-
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 151):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xF7A12000 \WINDOWS\system32\KDCOM.DLL
    0xF7922000 \WINDOWS\system32\BOOTVID.dll
    0xF73E3000 ACPI.sys
    0xF7A14000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF73D2000 pci.sys
    0xF7512000 isapnp.sys
    0xF7522000 ohci1394.sys
    0xF7532000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF7926000 compbatt.sys
    0xF792A000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xF7ADA000 pciide.sys
    0xF7792000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF73B4000 pcmcia.sys
    0xF7542000 MountMgr.sys
    0xF7395000 ftdisk.sys
    0xF792E000 ACPIEC.sys
    0xF7ADB000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    0xF779A000 PartMgr.sys
    0xF7932000 UBHelper.sys
    0xF7552000 VolSnap.sys
    0xF737D000 atapi.sys
    0xF7562000 disk.sys
    0xF7572000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF735D000 fltmgr.sys
    0xF734B000 sr.sys
    0xF7582000 PxHelp20.sys
    0xF7327000 Fastfat.sys
    0xF7310000 KSecDD.sys
    0xF72E3000 NDIS.sys
    0xF72C9000 Mup.sys
    0xF75B2000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF7109000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
    0xF70F5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF70CD000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xF6F70000 \SystemRoot\system32\DRIVERS\w39n51.sys
    0xF6F4F000 \SystemRoot\system32\DRIVERS\b57xp32.sys
    0xF77C2000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF6F2B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF77CA000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF75C2000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xF6F03000 \SystemRoot\system32\drivers\tifm21.sys
    0xF75D2000 \SystemRoot\system32\DRIVERS\smcirda.sys
    0xF79BA000 \SystemRoot\system32\DRIVERS\irenum.sys
    0xF75E2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF77D2000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
    0xF77DA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF6ED4000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0xF7A16000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF77E2000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF75F2000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF7602000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF7612000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF6EB1000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF7A18000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
    0xF79C6000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xF79CA000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0xF6DBC000 \SystemRoot\system32\DRIVERS\btkrnl.sys
    0xF6DA1000 \SystemRoot\system32\DRIVERS\dne2000.sys
    0xF7AFE000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF6D8F000 \SystemRoot\system32\DRIVERS\bridge.sys
    0xF77EA000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF77F2000 \SystemRoot\system32\DRIVERS\rasirda.sys
    0xF7672000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF79DE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF6D78000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF7682000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF7692000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF6D67000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF76A2000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF77FA000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF7802000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF6C6F000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF76B2000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF7A1A000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF6C11000 \SystemRoot\system32\DRIVERS\update.sys
    0xF79EE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF76C2000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xEE7F1000 \SystemRoot\system32\drivers\RtkHDAud.sys
    0xEE7CD000 \SystemRoot\system32\drivers\portcls.sys
    0xF7702000 \SystemRoot\system32\drivers\drmk.sys
    0xEE79B000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
    0xEE6A7000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
    0xEE5F6000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    0xF780A000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF7722000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF728D000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xF7A20000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7B46000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7A22000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF782A000 \SystemRoot\System32\drivers\vga.sys
    0xF7A24000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7A26000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF7832000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF783A000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF7289000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xEE4FB000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xEE4A2000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xEE468000 \SystemRoot\System32\Drivers\avgtdix.sys
    0xEE442000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xEE41A000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xEE3F8000 \SystemRoot\System32\drivers\afd.sys
    0xF7772000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xEE3D7000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    0xF7842000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0xEE3AC000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xF6E99000 \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys
    0xEE314000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF7782000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF784A000 \SystemRoot\System32\Drivers\avgmfx86.sys
    0xEE2E0000 \SystemRoot\System32\Drivers\avgldx86.sys
    0xF7622000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xF7632000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xF7642000 \SystemRoot\system32\drivers\lvusbsta.sys
    0xEE1D3000 \SystemRoot\system32\DRIVERS\lv321av.sys
    0xF7652000 \SystemRoot\system32\DRIVERS\STREAM.SYS
    0xF6D27000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xEE193000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF7ABC000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF6CAB000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF786A000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7B1A000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\ati2dvag.dll
    0xBF054000 \SystemRoot\System32\ati2cqag.dll
    0xBF08E000 \SystemRoot\System32\atikvmag.dll
    0xBF0C4000 \SystemRoot\System32\ati3duag.dll
    0xBF32B000 \SystemRoot\System32\ativvaxx.dll
    0xF787A000 \SystemRoot\system32\DRIVERS\AegisP.sys
    0xEBF75000 \SystemRoot\system32\DRIVERS\irda.sys
    0xEC097000 \SystemRoot\system32\DRIVERS\s24trans.sys
    0xEC07F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xEBB60000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xEB9E3000 \SystemRoot\system32\drivers\wdmaud.sys
    0xEBCAD000 \SystemRoot\system32\drivers\sysaudio.sys
    0xF789A000 \??\C:\WINDOWS\system32\drivers\btserial.sys
    0xEB667000 \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
    0xF7BD8000 \??\C:\WINDOWS\system32\drivers\epm-psd.sys
    0xEB653000 \??\C:\WINDOWS\system32\drivers\epm-shd.sys
    0xEB4E4000 \SystemRoot\system32\DRIVERS\srv.sys
    0xEB5A7000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xF7A9C000 \??\C:\WINDOWS\system32\drivers\osaio.sys
    0xF7BFB000 \??\C:\WINDOWS\system32\drivers\osanbm.sys
    0xBA45D000 \SystemRoot\System32\Drivers\HTTP.sys
    0xF7A6E000 \SystemRoot\System32\Drivers\NdisFilt.sys
    0xBA003000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
    0xB9E31000 \??\C:\DOCUME~1\user\LOCALS~1\Temp\fgldapob.sys
    0xB9E06000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\System32\ntdll.dll

    Processes (total 74):
    0 System Idle Process
    4 System
    1176 C:\WINDOWS\System32\SMSS.EXE
    1296 CSRSS.EXE
    1324 C:\WINDOWS\System32\WINLOGON.EXE
    1368 C:\WINDOWS\System32\SERVICES.EXE
    1380 C:\WINDOWS\System32\LSASS.EXE
    1540 C:\WINDOWS\System32\ATI2EVXX.EXE
    1556 C:\WINDOWS\System32\SVCHOST.EXE
    1676 SVCHOST.EXE
    1872 C:\WINDOWS\System32\SVCHOST.EXE
    1936 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    1968 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    2020 SVCHOST.EXE
    416 SVCHOST.EXE
    916 C:\Program Files\AVG\AVG9\AVGCHSVX.EXE
    924 C:\Program Files\AVG\AVG9\AVGRSX.EXE
    912 C:\WINDOWS\System32\SPOOLSV.EXE
    1072 C:\Program Files\AVG\AVG9\AVGCSRVX.EXE
    624 SVCHOST.EXE
    720 C:\Program Files\AVG\AVG9\AVGWDSVC.EXE
    732 C:\Acer\Empowering Technology\admServ.exe
    1780 C:\Program Files\AVG\AVG9\AVGNSX.EXE
    252 C:\WINDOWS\System32\ATI2EVXX.EXE
    2000 SVCHOST.EXE
    1808 C:\Program Files\WIDCOMM\Bluetooth Software\BIN\BTWDINS.EXE
    1852 C:\WINDOWS\EXPLORER.EXE
    2072 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    2116 C:\Program Files\Cisco Systems\VPN Client\CVPND.EXE
    2172 C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    2188 C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    2208 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    2272 C:\Program Files\Java\JRE6\BIN\JQS.EXE
    2356 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    2468 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    2544 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    2800 C:\WINDOWS\System32\SVCHOST.EXE
    2848 C:\Program Files\AVG\AVG9\avgemc.exe
    2904 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    3312 C:\WINDOWS\System32\wuauclt.exe
    3476 C:\Program Files\AVG\AVG9\AVGCSRVX.EXE
    3988 C:\WINDOWS\System32\wscntfy.exe
    4016 C:\WINDOWS\RTHDCPL.EXE
    4036 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    4048 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    228 C:\Program Files\Acer\Acer Arcade\PCMService.exe
    1636 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    1624 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    1736 C:\WINDOWS\System32\rundll32.exe
    1744 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    1900 C:\Program Files\Launch Manager\QtZgAcer.EXE
    1016 C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    1988 C:\WINDOWS\System32\LVCOMSX.EXE
    2056 C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
    784 C:\WINDOWS\System32\ElkCtrl.exe
    2204 C:\Acer\Empowering Technology\admtray.exe
    1008 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    2464 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2592 C:\Program Files\AVG\AVG9\avgtray.exe
    2620 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    2660 C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    2708 C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
    2812 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    3808 wmiprvse.exe
    2224 wmiprvse.exe
    2752 alg.exe
    3788 C:\WINDOWS\System32\WBEM\unsecapp.exe
    440 C:\Program Files\Real\RealPlayer\RealPlay.exe
    848 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    3928 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    4268 C:\WINDOWS\System32\ctfmon.exe
    4668 C:\WINDOWS\System32\wuauclt.exe
    4296 C:\Program Files\Real\RealPlayer\RealPlay.exe
    1768 C:\Documents and Settings\USER\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`f98b7a00 (FAT32)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000c`21d3fe00 (FAT32)

    PhysicalDrive0 Model Number: ST9100824AS, Rev: 7.24

    Size Device Name MBR Status
    --------------------------------------------
    93 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!

    Attached Files:

  10. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  11. dbhojwani

    dbhojwani Newcomer, in training Topic Starter Posts: 24

    I ran TDSKiller but it didn't find anything. Here's the first part of the log:

    2010/10/09 21:25:21.0812 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
    2010/10/09 21:25:21.0812 ================================================================================
    2010/10/09 21:25:21.0812 SystemInfo:
    2010/10/09 21:25:21.0812
    2010/10/09 21:25:21.0812 OS Version: 5.1.2600 ServicePack: 3.0
    2010/10/09 21:25:21.0812 Product type: Workstation
    2010/10/09 21:25:21.0812 ComputerName: DHRUV
    2010/10/09 21:25:21.0812 UserName: user
    2010/10/09 21:25:21.0812 Windows directory: C:\WINDOWS
    2010/10/09 21:25:21.0812 System windows directory: C:\WINDOWS
    2010/10/09 21:25:21.0812 Processor architecture: Intel x86
    2010/10/09 21:25:21.0812 Number of processors: 2
    2010/10/09 21:25:21.0812 Page size: 0x1000
    2010/10/09 21:25:21.0812 Boot type: Normal boot
    2010/10/09 21:25:21.0812 ================================================================================
    2010/10/09 21:25:22.0093 Initialize success
    2010/10/09 21:25:39.0171 ================================================================================
    2010/10/09 21:25:39.0171 Scan started
    2010/10/09 21:25:39.0171 Mode: Manual;
    2010/10/09 21:25:39.0171 ================================================================================
    2010/10/09 21:25:39.0765 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    2010/10/09 21:25:39.0875 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/10/09 21:25:39.0937 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    2010/10/09 21:25:40.0093 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2010/10/09 21:25:40.0187 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/10/09 21:25:40.0359 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    2010/10/09 21:25:40.0546 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2010/10/09 21:25:40.0703 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2010/10/09 21:25:40.0859 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    2010/10/09 21:25:41.0000 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    2010/10/09 21:25:41.0140 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    2010/10/09 21:25:41.0296 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    2010/10/09 21:25:41.0500 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2010/10/09 21:25:41.0640 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    2010/10/09 21:25:41.0734 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    2010/10/09 21:25:41.0890 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    2010/10/09 21:25:42.0000 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2010/10/09 21:25:42.0156 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    2010/10/09 21:25:42.0312 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    2010/10/09 21:25:42.0468 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    2010/10/09 21:25:42.0578 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/10/09 21:25:42.0671 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/10/09 21:25:43.0078 ati2mtag (d81980c64543ba5c39dd2a92dc1d2daf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    2010/10/09 21:25:43.0281 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/10/09 21:25:43.0437 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/10/09 21:25:43.0531 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
    2010/10/09 21:25:43.0609 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
    2010/10/09 21:25:43.0734 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
    2010/10/09 21:25:43.0890 b57w2k (48bf91cffbcdd12a710207f2a08fec4d) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    2010/10/09 21:25:43.0968 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/10/09 21:25:44.0046 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
    2010/10/09 21:25:44.0078 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
    2010/10/09 21:25:44.0265 btaudio (0c7b763abda79b53e2016af1af8b9706) C:\WINDOWS\system32\drivers\btaudio.sys
    2010/10/09 21:25:44.0453 BTDriver (1b24333d2bcb4dc1c5c3b15bedace5b4) C:\WINDOWS\system32\DRIVERS\btport.sys
    2010/10/09 21:25:44.0593 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
    2010/10/09 21:25:44.0703 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
    2010/10/09 21:25:44.0812 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
    2010/10/09 21:25:44.0984 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
    2010/10/09 21:25:45.0218 BTKRNL (54e368a1768c627f2adb8ab5624d0bc4) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
    2010/10/09 21:25:45.0468 BTSERIAL (8aeca4330654da58423e7fe03a704513) C:\WINDOWS\system32\drivers\btserial.sys
    2010/10/09 21:25:45.0656 BTWDNDIS (bde1502aabe76f71d32178e5c6a58e89) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
    2010/10/09 21:25:45.0843 BTWUSB (fca94255e0a0e65c7c93530bdf10adca) C:\WINDOWS\system32\Drivers\btwusb.sys
    2010/10/09 21:25:46.0000 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    2010/10/09 21:25:46.0046 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/10/09 21:25:46.0125 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2010/10/09 21:25:46.0265 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    2010/10/09 21:25:46.0328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/10/09 21:25:46.0406 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/10/09 21:25:46.0468 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/10/09 21:25:46.0781 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    2010/10/09 21:25:46.0968 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    2010/10/09 21:25:47.0031 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    2010/10/09 21:25:47.0203 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    2010/10/09 21:25:47.0390 CVirtA (72f820e457bc8a1c61aeb86df89dd41a) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
    2010/10/09 21:25:47.0484 CVPNDRVA (25f3c293b1a10eb1e1a2cee5c3c1c62d) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
    2010/10/09 21:25:47.0656 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    2010/10/09 21:25:47.0812 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    2010/10/09 21:25:47.0906 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/10/09 21:25:48.0093 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
    2010/10/09 21:25:48.0203 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/10/09 21:25:48.0359 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/10/09 21:25:48.0390 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/10/09 21:25:48.0484 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/10/09 21:25:48.0703 DNE (c86fbf607445bf693450d84b775f168c) C:\WINDOWS\system32\DRIVERS\dne2000.sys
    2010/10/09 21:25:48.0859 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    2010/10/09 21:25:48.0937 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/10/09 21:25:49.0109 EpmPsd (d68564fcfbdfc04280cdbbb37cf7ef7f) C:\WINDOWS\system32\drivers\epm-psd.sys
    2010/10/09 21:25:49.0296 EpmShd (50425cbd80468bf53ba90f0d7cc61805) C:\WINDOWS\system32\drivers\epm-shd.sys
    2010/10/09 21:25:49.0406 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/10/09 21:25:49.0468 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    2010/10/09 21:25:49.0531 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/10/09 21:25:49.0593 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2010/10/09 21:25:49.0703 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2010/10/09 21:25:49.0781 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/10/09 21:25:49.0906 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/10/09 21:25:50.0140 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/10/09 21:25:50.0265 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2010/10/09 21:25:50.0343 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/10/09 21:25:50.0515 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    2010/10/09 21:25:50.0593 HSFHWAZL (a30d7011c1b80a0bc16602d99218d522) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
    2010/10/09 21:25:50.0750 HSF_DPV (5a5a7721d9c62d77fc0faba9b2cf5be9) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
    2010/10/09 21:25:51.0015 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/10/09 21:25:51.0062 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2010/10/09 21:25:51.0109 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    2010/10/09 21:25:51.0171 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/10/09 21:25:51.0406 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/10/09 21:25:51.0593 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    2010/10/09 21:25:51.0921 IntcAzAudAddService (4078d4795e394bf2adbed6fcc9827f78) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2010/10/09 21:25:52.0375 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2010/10/09 21:25:52.0484 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/10/09 21:25:52.0593 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2010/10/09 21:25:52.0640 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/10/09 21:25:52.0890 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/10/09 21:25:53.0140 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/10/09 21:25:53.0390 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/10/09 21:25:53.0640 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
    2010/10/09 21:25:53.0890 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/10/09 21:25:54.0140 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/10/09 21:25:54.0359 ivusb (339dea550cc17283d6fd689ac7e67c57) C:\WINDOWS\system32\DRIVERS\ivusb.sys
    2010/10/09 21:25:54.0578 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/10/09 21:25:54.0843 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/10/09 21:25:55.0000 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/10/09 21:25:55.0484 lv321av (c7513b8eb50d6062384986f279c86078) C:\WINDOWS\system32\DRIVERS\lv321av.sys
    2010/10/09 21:25:55.0765 LVUSBSta (a20f5f044a1ecb19d48fdfc7e161f4d2) C:\WINDOWS\system32\drivers\lvusbsta.sys
    2010/10/09 21:25:55.0906 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    2010/10/09 21:25:56.0015 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/10/09 21:25:56.0250 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/10/09 21:25:56.0500 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/10/09 21:25:56.0703 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/10/09 21:25:56.0968 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/10/09 21:25:57.0125 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    2010/10/09 21:25:57.0359 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/10/09 21:25:57.0484 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/10/09 21:25:57.0734 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/10/09 21:25:57.0984 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/10/09 21:25:58.0218 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/10/09 21:25:58.0468 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/10/09 21:25:58.0578 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/10/09 21:25:58.0828 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2010/10/09 21:25:59.0078 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/10/09 21:25:59.0312 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2010/10/09 21:25:59.0578 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/10/09 21:25:59.0796 NdisFilt (1f76996253071cbae0a5ab5d8551ef88) C:\WINDOWS\system32\Drivers\NdisFilt.sys
    2010/10/09 21:26:00.0031 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2010/10/09 21:26:00.0281 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/10/09 21:26:00.0531 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/10/09 21:26:00.0750 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/10/09 21:26:00.0984 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/10/09 21:26:01.0203 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/10/09 21:26:01.0437 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/10/09 21:26:01.0656 NETMNT (6a25f27202f3122a44a6b74ee46e7a76) C:\WINDOWS\system32\DRIVERS\NETMNT.sys
    2010/10/09 21:26:01.0921 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2010/10/09 21:26:02.0156 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/10/09 21:26:02.0421 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/10/09 21:26:02.0578 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
    2010/10/09 21:26:02.0765 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
    2010/10/09 21:26:02.0828 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/10/09 21:26:02.0890 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/10/09 21:26:02.0937 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/10/09 21:26:03.0156 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2010/10/09 21:26:03.0359 OsaFsLoc (26c4a4b64d1dd8e6fdfb2f4897be029c) C:\WINDOWS\system32\drivers\OsaFsLoc.sys
    2010/10/09 21:26:03.0562 osaio (9d1177c2a8de936b33d85ff75e8cbf1a) C:\WINDOWS\system32\drivers\osaio.sys
    2010/10/09 21:26:03.0765 osanbm (3245bee5176697faf0744a2e1288dc77) C:\WINDOWS\system32\drivers\osanbm.sys
    2010/10/09 21:26:04.0000 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    2010/10/09 21:26:04.0234 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/10/09 21:26:04.0296 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/10/09 21:26:04.0500 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/10/09 21:26:04.0875 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/10/09 21:26:05.0078 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    2010/10/09 21:26:06.0109 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    2010/10/09 21:26:06.0265 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    2010/10/09 21:26:06.0531 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/10/09 21:26:06.0750 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/10/09 21:26:06.0781 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/10/09 21:26:06.0968 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2010/10/09 21:26:07.0140 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    2010/10/09 21:26:07.0281 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    2010/10/09 21:26:07.0437 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    2010/10/09 21:26:07.0578 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    2010/10/09 21:26:07.0734 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

    Attached Files:

     
  12. dbhojwani

    dbhojwani Newcomer, in training Topic Starter Posts: 24

    Here's the remainder of the log:


    2010/10/09 21:26:07.0828 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/10/09 21:26:07.0968 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
    2010/10/09 21:26:08.0171 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/10/09 21:26:08.0390 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/10/09 21:26:08.0421 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/10/09 21:26:08.0656 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/10/09 21:26:08.0718 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/10/09 21:26:08.0921 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2010/10/09 21:26:09.0156 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/10/09 21:26:09.0390 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/10/09 21:26:09.0531 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
    2010/10/09 21:26:09.0765 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
    2010/10/09 21:26:09.0890 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    2010/10/09 21:26:10.0031 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
    2010/10/09 21:26:10.0140 SASKUTIL (67d2688756dd304af655349baad82bff) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    2010/10/09 21:26:10.0406 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/10/09 21:26:10.0625 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    2010/10/09 21:26:10.0859 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/10/09 21:26:11.0187 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    2010/10/09 21:26:11.0421 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2010/10/09 21:26:11.0578 SMCIRDA (62556d170f22c43a544481e4ee16d2e2) C:\WINDOWS\system32\DRIVERS\smcirda.sys
    2010/10/09 21:26:11.0703 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    2010/10/09 21:26:11.0921 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/10/09 21:26:12.0156 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/10/09 21:26:12.0343 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/10/09 21:26:12.0578 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2010/10/09 21:26:12.0781 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/10/09 21:26:13.0015 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/10/09 21:26:13.0171 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    2010/10/09 21:26:13.0312 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    2010/10/09 21:26:13.0453 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    2010/10/09 21:26:13.0609 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    2010/10/09 21:26:13.0765 SynTP (a63401d180863a2cefce51798542ae5f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    2010/10/09 21:26:13.0984 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/10/09 21:26:14.0171 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/10/09 21:26:14.0406 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/10/09 21:26:14.0593 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/10/09 21:26:14.0812 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/10/09 21:26:14.0968 tifm21 (0edc3cf7b38f4260eb006c38e4a44de4) C:\WINDOWS\system32\drivers\tifm21.sys
    2010/10/09 21:26:15.0140 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    2010/10/09 21:26:15.0296 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
    2010/10/09 21:26:15.0531 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/10/09 21:26:15.0703 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    2010/10/09 21:26:15.0828 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/10/09 21:26:15.0937 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/10/09 21:26:16.0140 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/10/09 21:26:16.0359 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/10/09 21:26:16.0578 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/10/09 21:26:16.0796 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/10/09 21:26:17.0000 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/10/09 21:26:17.0093 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    2010/10/09 21:26:17.0296 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2010/10/09 21:26:17.0515 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/10/09 21:26:18.0796 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
    2010/10/09 21:26:19.0093 w39n51 (73395a19fc86461a151d3c330604e8b3) C:\WINDOWS\system32\DRIVERS\w39n51.sys
    2010/10/09 21:26:19.0390 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/10/09 21:26:19.0593 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    2010/10/09 21:26:20.0046 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/10/09 21:26:20.0156 winachsf (e0a00b06ea067c84e124b407dffa1af1) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    2010/10/09 21:26:20.0406 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    2010/10/09 21:26:20.0500 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    2010/10/09 21:26:20.0703 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2010/10/09 21:26:20.0921 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2010/10/09 21:26:21.0109 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2010/10/09 21:26:21.0312 ================================================================================
    2010/10/09 21:26:21.0312 Scan finished
    2010/10/09 21:26:21.0312 ================================================================================
  13. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    How is Firefox doing at the moment?
    Can you update AVG now?
  14. dbhojwani

    dbhojwani Newcomer, in training Topic Starter Posts: 24

    Firefox still won't connect and I still can't update AVG when running in Normal mode. The same situation for Malewarebytes.

    However, when I updated Malewarebyte's virus definitions file in Safe Mode it worked.Haven't tried Firefox or AVG in safe mode yet.
  15. Broni

    Broni Malware Annihilator Posts: 46,123   +251

  16. dbhojwani

    dbhojwani Newcomer, in training Topic Starter Posts: 24

    Firefox and IE works! Uninstalling AVG seems to have done the trick!

    Was the program itself corrupted in some way?

    Should I use Avira or Avast instead of AVG now?
  17. dbhojwani

    dbhojwani Newcomer, in training Topic Starter Posts: 24

    I was looking through the AVG remover log file and noticed that AVG was not removed completely. Is there something I can do ensure it is completely removed?
  18. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    Unfortunately, that's one of the reasons, I don't recommend AVG anymore. Causing all kind of problems.

    Yes, get Avast, or Avira instead.
    We'll take care of AVG leftovers in our next step.
    Make sure, you install new AV program first.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  19. dbhojwani

    dbhojwani Newcomer, in training Topic Starter Posts: 24

    Here is the first part of the OTL.txt log:

    OTL logfile created on: 10/10/2010 9:51:05 AM - Run 1
    OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\user\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,022.00 Mb Total Physical Memory | 446.00 Mb Available Physical Memory | 44.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 44.62 Gb Total Space | 17.67 Gb Free Space | 39.61% Space Free | Partition Type: FAT32
    Drive D: | 44.62 Gb Total Space | 31.06 Gb Free Space | 69.61% Space Free | Partition Type: FAT32
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: DHRUV
    Current User Name: user
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/10/10 09:49:36 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
    PRC - [2010/10/10 01:31:56 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    PRC - [2010/09/07 08:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/09/07 08:12:00 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/03/14 21:58:28 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2008/07/17 17:12:24 | 000,161,064 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    PRC - [2008/07/17 17:12:04 | 000,177,448 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    PRC - [2008/04/23 02:08:14 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
    PRC - [2008/04/13 16:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2005/12/21 10:38:54 | 000,225,280 | ---- | M] (Logitech) -- C:\WINDOWS\system32\LVCOMSX.EXE
    PRC - [2005/12/15 19:13:38 | 000,344,064 | ---- | M] (Acer Incorporated) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    PRC - [2005/12/06 17:11:24 | 000,458,752 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
    PRC - [2005/12/02 15:43:02 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    PRC - [2005/12/02 15:43:00 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    PRC - [2005/12/02 15:42:42 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer\Acer Arcade\PCMService.exe
    PRC - [2005/12/02 15:42:28 | 001,077,376 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    PRC - [2005/12/02 15:42:28 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    PRC - [2005/12/02 14:30:42 | 000,618,557 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    PRC - [2005/11/29 14:45:06 | 000,438,272 | ---- | M] (Acer) -- C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
    PRC - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    PRC - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    PRC - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    PRC - [2005/11/16 17:00:50 | 000,397,312 | ---- | M] (acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    PRC - [2005/11/02 00:11:00 | 000,102,491 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    PRC - [2005/10/24 16:45:32 | 002,462,208 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admtray.exe
    PRC - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe
    PRC - [2005/10/19 09:30:16 | 000,069,632 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    PRC - [2005/08/12 14:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    PRC - [2005/04/07 16:26:10 | 001,421,336 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    PRC - [2004/11/01 17:22:22 | 000,262,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\ElkCtrl.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/10/10 09:49:36 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
    MOD - [2008/04/13 16:11:56 | 001,028,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
    MOD - [2008/04/13 16:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
    MOD - [2005/12/05 16:00:10 | 000,053,248 | ---- | M] (HiTRUST) -- C:\WINDOWS\system32\sysenv.dll
    MOD - [2005/12/02 14:31:56 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
    MOD - [2005/11/02 00:11:00 | 000,069,723 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
    MOD - [2005/10/11 13:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
    MOD - [2005/08/24 01:24:00 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\MSNChatHook.dll
    MOD - [2003/03/18 21:12:12 | 001,047,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MFC71u.dll
    MOD - [2003/03/18 20:44:38 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MFC71ENU.DLL
    MOD - [2003/02/21 04:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/09/07 08:12:00 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/09/07 08:12:00 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/09/07 08:12:00 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2008/07/17 17:12:24 | 000,161,064 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
    SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
    SRV - [2005/12/02 15:43:02 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
    SRV - [2005/12/02 15:43:00 | 000,254,050 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
    SRV - [2005/12/02 15:42:28 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
    SRV - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
    SRV - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
    SRV - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)
    SRV - [2005/04/07 16:26:10 | 001,421,336 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/10/10 01:31:56 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/09/07 07:52:26 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/09/07 07:52:04 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/09/07 07:47:20 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010/09/07 07:47:08 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/09/07 07:46:52 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2010/03/14 21:59:32 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
    DRV - [2010/03/14 21:59:32 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2010/03/10 08:18:20 | 000,024,216 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
    DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
    DRV - [2008/04/13 10:36:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 10:36:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/04/13 08:36:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
    DRV - [2005/12/20 19:28:40 | 001,098,880 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv321av.sys -- (lv321av) Logitech USB PC Camera (VC0321)
    DRV - [2005/12/20 19:27:30 | 000,039,424 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
    DRV - [2005/12/02 14:01:28 | 000,328,141 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
    DRV - [2005/12/02 13:59:20 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
    DRV - [2005/12/02 13:57:48 | 000,854,826 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
    DRV - [2005/12/02 13:54:56 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
    DRV - [2005/12/02 13:54:14 | 000,065,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2005/12/02 13:51:28 | 000,148,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
    DRV - [2005/12/01 07:49:20 | 001,412,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2005/11/28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2005/11/26 16:36:08 | 001,427,968 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
    DRV - [2005/11/17 00:45:40 | 004,069,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2005/11/08 00:12:18 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2005/11/08 00:11:34 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2005/11/08 00:11:30 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2005/11/02 00:11:00 | 000,191,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2005/10/15 18:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
    DRV - [2005/09/13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
    DRV - [2005/07/24 23:15:06 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV - [2005/06/30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
    DRV - [2005/06/22 18:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
    DRV - [2005/05/02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
    DRV - [2005/04/22 16:57:06 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
    DRV - [2005/04/22 16:57:06 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
    DRV - [2005/04/07 16:23:50 | 000,299,083 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
    DRV - [2005/04/05 01:38:32 | 000,132,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2005/02/08 10:27:00 | 000,005,185 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
    DRV - [2005/01/26 06:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
    DRV - [2005/01/14 15:57:16 | 000,004,010 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
    DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
    DRV - [2004/12/17 01:14:44 | 000,013,952 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper)
    DRV - [2004/12/09 14:54:12 | 000,046,592 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
    DRV - [2004/12/08 14:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
    DRV - [2004/08/04 05:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2004/08/04 05:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2004/08/04 05:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2004/08/04 05:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2004/08/04 05:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2004/08/04 05:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2004/08/04 05:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2004/08/04 05:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2004/08/04 05:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2004/08/04 05:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2004/08/04 05:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2004/08/04 05:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2004/08/04 05:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2004/08/04 05:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
    DRV - [2004/08/04 05:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2003/07/24 18:55:50 | 000,139,604 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  20. dbhojwani

    dbhojwani Newcomer, in training Topic Starter Posts: 24

    2nd part of OTL log:

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "http://en-US.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial"

    FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/02/13 08:56:54 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/07/23 21:05:28 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/07/23 21:05:28 | 000,000,000 | ---D | M]

    [2008/07/23 21:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
    [2008/07/23 22:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpsty84n.default\extensions
    [2008/07/23 22:44:28 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpsty84n.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
    [2008/07/23 21:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\rv5cym92.default\extensions
    [2010/09/25 22:20:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\rv5cym92.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2008/07/23 21:05:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/08/07 22:16:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2010/10/08 23:34:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
    O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
    O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
    O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
    O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
    O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
    O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe (Acer)
    O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.)
    O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe (Acer)
    O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech)
    O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
    O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
    O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
    O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/07/24 23:15:48 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - File not found
    Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM File not found
    Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
    Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (17183584330711040)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/10/10 09:49:38 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
    [2010/10/10 09:47:15 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/10/10 09:47:14 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/10/10 09:47:14 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/10/10 09:47:13 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/10/10 09:47:12 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/10/10 09:47:12 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/10/10 09:47:12 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/10/10 09:47:02 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/10/10 09:47:02 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2010/10/10 09:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/10/10 09:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/10/10 00:49:24 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\user\Desktop\avgremover.exe
    [2010/10/09 21:25:08 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\user\Desktop\TDSSKiller.exe
    [2010/10/09 17:31:57 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\Desktop\mbam-setup-1.46.exe
    [2010/10/09 17:29:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2010/10/09 17:24:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/10/08 23:11:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/10/08 23:11:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/10/08 23:11:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/10/08 23:11:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/10/08 23:11:03 | 000,000,000 | ---D | C] -- C:\broni
    [2010/10/07 19:38:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/10/07 19:38:11 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/10/07 19:21:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
    [2010/09/30 22:21:30 | 000,000,000 | ---D | C] -- C:\FOUND.004
    [2010/09/30 06:31:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
    [2010/09/30 06:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
    [2010/09/30 06:30:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
    [2010/09/28 16:33:00 | 000,000,000 | ---D | C] -- C:\FOUND.003
    [2010/09/25 13:24:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Downloaded Installations
    [2010/09/25 13:18:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Seagate
    [2010/09/25 13:18:10 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
    [2010/09/25 13:15:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
    [2010/09/25 13:15:40 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
    [2010/08/12 22:58:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/08/12 22:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/08/12 22:55:48 | 000,000,000 | ---D | C] -- C:\FOUND.002
    [2010/08/11 21:20:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2010/08/07 22:16:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/07/18 10:08:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2010/07/18 10:08:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [5 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
  21. dbhojwani

    dbhojwani Newcomer, in training Topic Starter Posts: 24

    3rd part of OTL log:

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/10/10 09:49:38 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
    [2010/10/10 09:47:15 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/10/10 09:47:14 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/10/10 09:47:14 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/10/10 09:47:13 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/10/10 09:47:12 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/10/10 09:47:12 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/10/10 09:47:12 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/10/10 09:47:02 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/10/10 09:47:02 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2010/10/10 09:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/10/10 09:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/10/10 00:49:24 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\user\Desktop\avgremover.exe
    [2010/10/09 21:25:08 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\user\Desktop\TDSSKiller.exe
    [2010/10/09 17:31:57 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\Desktop\mbam-setup-1.46.exe
    [2010/10/09 17:29:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2010/10/09 17:24:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/10/08 23:11:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/10/08 23:11:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/10/08 23:11:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/10/08 23:11:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/10/08 23:11:03 | 000,000,000 | ---D | C] -- C:\broni
    [2010/10/07 19:38:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/10/07 19:38:11 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/10/07 19:21:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
    [2010/09/30 22:21:30 | 000,000,000 | ---D | C] -- C:\FOUND.004
    [2010/09/30 06:31:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
    [2010/09/30 06:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
    [2010/09/30 06:30:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
    [2010/09/28 16:33:00 | 000,000,000 | ---D | C] -- C:\FOUND.003
    [2010/09/25 13:24:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Downloaded Installations
    [2010/09/25 13:18:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Seagate
    [2010/09/25 13:18:10 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
    [2010/09/25 13:15:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
    [2010/09/25 13:15:40 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
    [2010/08/12 22:58:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/08/12 22:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/08/12 22:55:48 | 000,000,000 | ---D | C] -- C:\FOUND.002
    [2010/08/11 21:20:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2010/08/07 22:16:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/07/18 10:08:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2010/07/18 10:08:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [5 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/10/10 09:49:36 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
    [2010/10/10 09:47:16 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/10/10 09:47:14 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/10/10 01:01:40 | 000,000,684 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/10/10 01:01:22 | 000,000,503 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
    [2010/10/10 01:00:56 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
    [2010/10/10 01:00:16 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/10/10 01:00:14 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3780724069-2906875367-3881392313-1005.job
    [2010/10/10 00:59:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/10/10 00:59:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/10/10 00:59:08 | 1071,763,456 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/10 00:58:30 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\user\NTUSER.DAT
    [2010/10/10 00:58:10 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
    [2010/10/10 00:57:48 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini
    [2010/10/10 00:44:50 | 000,718,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\user\Desktop\avgremover.exe
    [2010/10/10 00:42:24 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/10/09 21:18:38 | 001,211,285 | ---- | M] () -- C:\Documents and Settings\user\Desktop\tdsskiller.zip
    [2010/10/09 17:32:50 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2010/10/09 17:32:50 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/09 17:28:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/10/09 17:24:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2010/10/09 17:21:12 | 003,876,407 | R--- | M] () -- C:\Documents and Settings\user\Desktop\broni.exe
    [2010/10/09 17:16:50 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\Desktop\mbam-setup-1.46.exe
    [2010/10/09 17:13:44 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\user\Desktop\MBRCheck.exe
    [2010/10/09 17:13:24 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\user\Desktop\lxbxc4pz.exe
    [2010/10/07 19:17:14 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\user\Desktop\rkill.exe
    [2010/10/07 19:16:58 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\user\Desktop\rkill.scr
    [2010/10/07 19:16:36 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\user\Desktop\rkill.com
    [2010/10/07 19:14:38 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\user\Desktop\exeHelper.com
    [2010/10/04 09:08:00 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\user\Desktop\TDSSKiller.exe
    [2010/10/03 17:55:04 | 000,164,041 | ---- | M] () -- C:\Documents and Settings\user\Desktop\A_Fast_Scheduling_Algorithm_Considering_Buffer_Occupancy_and_Channel_....pdf
    [2010/10/03 17:30:22 | 000,245,001 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Overview of Scheduling Algorithms.pdf
    [2010/09/26 22:01:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3780724069-2906875367-3881392313-1005.job
    [2010/09/25 22:11:02 | 000,345,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/09/25 22:00:50 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/09/25 13:36:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/09/25 13:18:40 | 000,001,771 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Seagate Manager.lnk
    [2010/09/07 08:12:18 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2010/09/07 08:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/09/07 07:52:26 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/09/07 07:52:04 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/09/07 07:47:20 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/09/07 07:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/09/07 07:47:08 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/09/07 07:46:52 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/08/23 22:53:28 | 003,987,201 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Master's Project Papers.rar
    [2010/08/23 22:45:08 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Papers.doc
    [2010/08/23 22:06:04 | 000,828,095 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Congestion-Based Pricing Resource Management in Broadband Wireless Networks.pdf
    [2010/08/15 17:36:16 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\user\Desktop\~$Papers.doc
    [2010/07/31 13:10:40 | 000,443,254 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/07/31 13:10:40 | 000,385,164 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/07/31 13:10:40 | 000,054,682 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/07/26 22:24:24 | 000,007,258 | ---- | M] () -- C:\Documents and Settings\user\My Documents\AudioCD 1.cdm
    [2010/07/25 17:21:48 | 000,409,830 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Data Throughput of CDMA-HDR a High Efficiency-High Data Rate Personal Communication Wireless System.pdf
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [5 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/10/10 09:47:15 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/10/09 21:25:02 | 001,211,285 | ---- | C] () -- C:\Documents and Settings\user\Desktop\tdsskiller.zip
    [2010/10/09 17:42:56 | 1071,763,456 | -HS- | C] () -- C:\hiberfil.sys
    [2010/10/09 17:32:48 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2010/10/09 17:32:03 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\user\Desktop\lxbxc4pz.exe
    [2010/10/09 17:32:03 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\user\Desktop\MBRCheck.exe
    [2010/10/09 17:24:32 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/10/09 17:24:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/10/08 23:11:07 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/10/08 23:11:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/10/08 23:11:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/10/08 23:11:07 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/10/08 23:11:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/10/08 23:02:59 | 003,876,407 | R--- | C] () -- C:\Documents and Settings\user\Desktop\broni.exe
    [2010/10/07 19:20:44 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\user\Desktop\rkill.scr
    [2010/10/07 19:20:40 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\user\Desktop\rkill.exe
    [2010/10/07 19:20:37 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\user\Desktop\rkill.com
    [2010/10/07 19:20:33 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\user\Desktop\exeHelper.com
    [2010/10/03 17:55:11 | 000,164,041 | ---- | C] () -- C:\Documents and Settings\user\Desktop\A_Fast_Scheduling_Algorithm_Considering_Buffer_Occupancy_and_Channel_....pdf
    [2010/10/03 17:30:21 | 000,245,001 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Overview of Scheduling Algorithms.pdf
    [2010/09/30 05:03:19 | 007,706,423 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Final_Report[1].docx
    [2010/09/30 05:03:18 | 002,976,977 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Replica Placement in CDN.pptx
    [2010/09/30 04:59:23 | 001,629,124 | ---- | C] () -- C:\Documents and Settings\user\Desktop\MS_Project_Report.docx
    [2010/09/25 13:18:38 | 000,001,771 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Seagate Manager.lnk
    [2010/08/23 22:53:24 | 003,987,201 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Master's Project Papers.rar
    [2010/08/23 22:06:03 | 000,828,095 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Congestion-Based Pricing Resource Management in Broadband Wireless Networks.pdf
    [2010/08/15 17:36:14 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\user\Desktop\~$Papers.doc
    [2010/08/08 15:27:19 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Papers.doc
    [2010/07/26 22:24:23 | 000,007,258 | ---- | C] () -- C:\Documents and Settings\user\My Documents\AudioCD 1.cdm
    [2010/07/25 17:21:46 | 000,409,830 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Data Throughput of CDMA-HDR a High Efficiency-High Data Rate Personal Communication Wireless System.pdf
    [2010/01/09 13:13:54 | 000,126,464 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2009/11/16 22:25:17 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2009/07/01 23:46:33 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
    [2009/05/10 22:18:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Isdbg.ini
    [2008/09/28 18:17:18 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
    [2008/09/28 18:16:46 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
    [2008/07/23 21:35:26 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/07/23 21:31:58 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2008/07/23 21:31:58 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2008/07/23 21:22:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/07/16 09:32:32 | 000,000,503 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
    [2008/07/16 09:26:18 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
    [2008/07/16 09:26:15 | 000,013,227 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2008/07/16 09:22:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NT.INI
    [2008/07/16 09:17:13 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
    [2008/07/16 09:17:13 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll
    [2008/07/16 09:17:13 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll
    [2008/07/16 09:17:13 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll
    [2008/07/16 09:17:13 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll
    [2008/07/16 09:16:26 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat
    [2008/07/16 09:10:56 | 000,002,772 | ---- | C] () -- C:\WINDOWS\AntiV.INI
    [2008/06/10 17:07:20 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2005/12/21 10:45:56 | 002,400,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys
    [2005/12/21 10:45:56 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
    [2005/12/14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini
    [2005/12/02 14:14:56 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
    [2005/10/31 03:17:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2005/10/25 23:59:46 | 000,037,774 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2005/07/25 00:48:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2005/07/25 00:05:28 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2005/07/24 23:16:14 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
    [2005/07/24 23:15:10 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
    [2005/07/24 23:15:10 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
    [2005/07/24 23:15:10 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
    [2005/07/24 23:15:10 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
    [2005/05/02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys
    [2005/03/28 00:45:26 | 000,000,091 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
    [2005/02/17 11:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
    [2005/02/17 11:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
    [2004/12/17 01:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
    [2004/08/04 05:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/01/13 03:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
    [2003/12/29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
    [2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
    [2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
    [2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
    [2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
    [1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
    [1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
  22. dbhojwani

    dbhojwani Newcomer, in training Topic Starter Posts: 24

    4th part of OTL:

    ========== LOP Check ==========

    [2008/07/16 09:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acer
    [2008/07/24 21:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
    [2008/07/24 21:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2009/06/11 15:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2010/01/09 12:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NtiDvdCopy
    [2010/02/13 08:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
    [2010/02/13 08:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010/09/25 13:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
    [2010/10/10 09:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2008/07/16 09:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Acer
    [2008/07/24 21:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\acccore
    [2008/10/03 17:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FrostWire
    [2009/01/26 18:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Design Science
    [2009/05/16 12:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\uTorrent
    [2010/01/09 12:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\avidemux

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/10/10 00:59:08 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
    [2009/02/07 17:34:38 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2010/10/09 17:24:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2005/07/24 22:42:36 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2005/07/24 23:15:48 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2005/07/24 22:42:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2005/07/24 22:42:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2005/07/25 01:11:14 | 000,000,076 | RHS- | M] () -- C:\Preload.aaa
    [2010/10/08 23:09:26 | 000,000,390 | ---- | M] () -- C:\rkill.log
    [2010/10/09 17:29:08 | 000,013,595 | ---- | M] () -- C:\ComboFix.txt
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/10/10 00:59:08 | 1071,763,456 | -HS- | M] () -- C:\hiberfil.sys
    [2008/07/16 09:15:34 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/10/09 21:45:58 | 000,055,204 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_09.10.2010_21.25.21_log.txt
    [2009/06/18 21:31:50 | 000,000,899 | -H-- | M] () -- C:\IPH.PH
    [2008/07/26 13:28:38 | 000,000,146 | ---- | M] () -- C:\YServer.txt

    < %systemroot%\Fonts\*.com >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2005/07/24 22:42:10 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2005/12/14 20:56:06 | 000,187,392 | ---- | M] () -- C:\WINDOWS\Acer.scr
    [2010/09/07 08:12:18 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2005/07/24 22:33:16 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
    [2005/07/24 22:33:16 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2005/07/24 22:33:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2009/02/07 17:40:46 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2008/07/16 09:16:52 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/01/09 12:35:36 | 010,112,919 | ---- | M] () -- C:\Documents and Settings\user\Desktop\free-dvd-ripper-setup.exe
    [2010/10/09 17:21:12 | 003,876,407 | R--- | M] () -- C:\Documents and Settings\user\Desktop\broni.exe
    [2010/01/24 10:26:16 | 010,417,688 | ---- | M] () -- C:\Documents and Settings\user\Desktop\VeohWebPlayerSetup_eng.exe
    [2010/01/16 11:17:18 | 014,566,424 | ---- | M] () -- C:\Documents and Settings\user\Desktop\vlc-0.9.4-win32.exe
    [2010/01/20 20:18:16 | 012,951,423 | ---- | M] (Dennis Meuwissen ) -- C:\Documents and Settings\user\Desktop\dvdflick_setup_1.3.0.7.exe
    [2008/07/23 21:31:16 | 000,642,540 | ---- | M] (Xvid team ) -- C:\Documents and Settings\user\Desktop\Xvid-1.1.3-27042008.exe
    [2010/10/07 19:17:14 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\user\Desktop\rkill.exe
    [2010/01/20 20:20:02 | 000,149,815 | ---- | M] () -- C:\Documents and Settings\user\Desktop\XviD-Dec.exe
    [2010/01/24 10:32:48 | 003,782,822 | ---- | M] (DownloadHelper ) -- C:\Documents and Settings\user\Desktop\ConvertHelperSetup.exe
    [2010/01/29 23:12:06 | 001,146,696 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\user\Desktop\wlsetup-custom.exe
    [2010/10/09 17:13:24 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\user\Desktop\lxbxc4pz.exe
    [2010/05/14 20:32:18 | 033,524,019 | ---- | M] (R Development Core Team ) -- C:\Documents and Settings\user\Desktop\R-2.11.0-win32.exe
    [2010/10/10 09:49:36 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
    [2008/07/26 14:13:56 | 004,535,224 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Shockwave_Installer_Slim.exe
    [2010/10/09 17:16:50 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\Desktop\mbam-setup-1.46.exe
    [2010/10/09 17:13:44 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\user\Desktop\MBRCheck.exe
    [2010/10/04 09:08:00 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\user\Desktop\TDSSKiller.exe
    [2010/10/10 00:44:50 | 000,718,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\user\Desktop\avgremover.exe
    [2009/01/26 18:50:18 | 005,357,360 | ---- | M] (Design Science, Inc.) -- C:\Documents and Settings\user\Desktop\MathType6.exe
    [2009/07/01 17:55:58 | 008,087,396 | ---- | M] () -- C:\Documents and Settings\user\Desktop\CVPN4.6.03.0021.exe
    [2009/09/23 20:13:56 | 000,288,560 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\user\Desktop\utorrent.exe
    [2009/10/11 21:48:06 | 009,011,367 | ---- | M] (FrostWire, LLC) -- C:\Documents and Settings\user\Desktop\frostwire-4.18.3.windows.exe
    [2009/11/22 18:39:32 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\user\Desktop\HJTInstall.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2008/01/16 22:08:34 | 000,942,213 | ---- | M] () -- C:\Documents and Settings\user\My Documents\140engc5.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2004/08/04 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2008/07/16 09:16:52 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\user\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2009/06/22 22:13:18 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\user\Cookies\desktop.ini
    [2010/10/10 09:47:34 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\user\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >
    [2005/11/30 16:12:22 | 000,552,960 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe
    [2 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2004/08/04 01:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 01:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 01:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm
    [2008/04/13 16:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2008/04/13 09:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 16:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2008/05/02 06:01:50 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >
    [1998/12/24 17:15:38 | 000,345,983 | ---- | M] () -- C:\WINDOWS\system\RCDsetup.exe

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    < End of report >
  23. dbhojwani

    dbhojwani Newcomer, in training Topic Starter Posts: 24

    Here is the 1st part of the Extras log:

    OTL Extras logfile created on: 10/10/2010 9:51:05 AM - Run 1
    OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\user\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,022.00 Mb Total Physical Memory | 446.00 Mb Available Physical Memory | 44.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 44.62 Gb Total Space | 17.67 Gb Free Space | 39.61% Space Free | Partition Type: FAT32
    Drive D: | 44.62 Gb Total Space | 31.06 Gb Free Space | 69.61% Space Free | Partition Type: FAT32
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: DHRUV
    Current User Name: user
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" = C:\Program Files\ATI Technologies\ATI.ACE\cli.exe:*:Disabled:CLI Application (Command Line Interface) -- (ATI Technologies Inc.)
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
    "C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
    "C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
    "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- File not found
    "C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- File not found
    "C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
    "C:\Documents and Settings\USER\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\USER\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
    "C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" = C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE:*:Enabled:SUPERAntiSpyware Free Edition -- (SUPERAntiSpyware.com)
    "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
    "C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE" = C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE:*:Enabled:SUPERAntiSpyware Alternate Start -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
    "{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
    "{25F31730-1B6C-4E8E-A3B9-818DC0CD961D}" = Seagate Manager Installer
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
    "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
    "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
    "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
    "{5EFDFC8B-D438-4792-A298-E87AA9ADA816}" = Acer eDataSecurity Management
    "{642FCF93-54AE-4F75-A2E2-124DE3756C59}" = ATI Catalyst Control Center
    "{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
    "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
    "{76AC1AEB-1167-4ABC-8861-4E58392A5B7F}" = Acer OrbiCam Software
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
    "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
    "{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
    "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
    "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
    "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
    "{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
    "{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
    "{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
    "{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.23
    "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC CIR HID V5.3.2600.2
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
    "{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = TIxx21
    "AcerOrbiCamDrv" = Acer OrbiCam Driver
    "Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AIM_6" = AIM 6
    "All ATI Software" = ATI - Software Uninstall Utility
    "AskSBar Uninstall" = Ask Toolbar
    "ATI Display Driver" = ATI Display Driver
    "avast5" = avast! Free Antivirus
    "CNXT_MODEM_HDAUDIO_AcrS1025" = HDAUDIO Soft Data Fax Modem with SmartCP
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "DSMT6" = MathType 6
    "DVD Flick_is1" = DVD Flick 1.3.0.7
    "ePresentation" = Acer ePresentation Management
    "FrostWire" = FrostWire 4.18.3
    "GridVista" = Acer GridVista
    "HijackThis" = HijackThis 2.0.2
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield for Microsoft Visual C++ 6" = InstallShield for Microsoft Visual C++ 6
    "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
    "InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
    "InstallShield_{25F31730-1B6C-4E8E-A3B9-818DC0CD961D}" = Seagate Manager Installer
    "InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
    "InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
    "InstallShield_{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
    "InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
    "InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = Texas Instruments PCIxx21/x515 drivers.
    "LManager" = Launch Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "ProInst" = Intel(R) PROSet/Wireless Software
    "R for Windows 2.11.0_is1" = R for Windows 2.11.0
    "RealPlayer 12.0" = RealPlayer
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
    "Visual C++ 6.0 Professional Edition" = Microsoft Visual C++ 6.0 Professional Edition
    "VLC media player" = VLC media player 1.0.5
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Xvid_is1" = Xvid 1.1.3 final uninstall
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
    "uTorrent" = µTorrent
  24. dbhojwani

    dbhojwani Newcomer, in training Topic Starter Posts: 24

    2nd part of Extras:

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 10/7/2010 8:38:59 AM | Computer Name = DHRUV | Source = WmiAdapter | ID = 4099
    Description = Open of service failed.

    Error - 10/7/2010 8:39:39 AM | Computer Name = DHRUV | Source = WmiAdapter | ID = 4099
    Description = Open of service failed.

    Error - 10/7/2010 9:01:04 AM | Computer Name = DHRUV | Source = Application Error | ID = 1000
    Description = Faulting application , version 0.0.0.0, faulting module unknown, version
    0.0.0.0, fault address 0x00000000.

    Error - 10/7/2010 9:50:33 AM | Computer Name = DHRUV | Source = Application Error | ID = 1000
    Description = Faulting application avgnsx.exe, version 9.0.0.855, faulting module
    avgxpl.dll, version 9.0.0.845, fault address 0x00046274.

    Error - 10/7/2010 9:53:53 AM | Computer Name = DHRUV | Source = Application Error | ID = 1004
    Description = Faulting application avgnsx.exe, version 9.0.0.855, faulting module
    avgxpl.dll, version 9.0.0.845, fault address 0x00046274.

    Error - 10/7/2010 10:32:59 PM | Computer Name = DHRUV | Source = Application Error | ID = 1000
    Description = Faulting application avgnsx.exe, version 9.0.0.855, faulting module
    avgxpl.dll, version 9.0.0.845, fault address 0x00046274.

    Error - 10/7/2010 10:33:07 PM | Computer Name = DHRUV | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module avgxpl.dll, version 9.0.0.845, fault address 0x00046274.

    Error - 10/7/2010 10:35:54 PM | Computer Name = DHRUV | Source = Application Error | ID = 1004
    Description = Faulting application avgnsx.exe, version 9.0.0.855, faulting module
    avgxpl.dll, version 9.0.0.845, fault address 0x00046274.

    Error - 10/7/2010 10:36:15 PM | Computer Name = DHRUV | Source = Application Error | ID = 1004
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module avgxpl.dll, version 9.0.0.845, fault address 0x00046274.

    Error - 10/9/2010 2:35:08 AM | Computer Name = DHRUV | Source = Application Error | ID = 1000
    Description = Faulting application avgnsx.exe, version 9.0.0.855, faulting module
    avgxpl.dll, version 9.0.0.845, fault address 0x00046274.

    [ System Events ]
    Error - 10/9/2010 8:43:35 PM | Computer Name = DHRUV | Source = Service Control Manager | ID = 7023
    Description = The HID Input Service service terminated with the following error:
    %%126

    Error - 10/9/2010 9:20:42 PM | Computer Name = DHRUV | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the avg9wd service.

    Error - 10/9/2010 9:22:08 PM | Computer Name = DHRUV | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the avg9wd service.

    Error - 10/9/2010 9:22:42 PM | Computer Name = DHRUV | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the avg9wd service.

    Error - 10/9/2010 9:23:13 PM | Computer Name = DHRUV | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the avg9wd service.

    Error - 10/9/2010 9:24:23 PM | Computer Name = DHRUV | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the avg9wd service.

    Error - 10/9/2010 9:24:52 PM | Computer Name = DHRUV | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the avg9wd service.

    Error - 10/9/2010 9:37:56 PM | Computer Name = DHRUV | Source = Service Control Manager | ID = 7023
    Description = The HID Input Service service terminated with the following error:
    %%126

    Error - 10/10/2010 3:59:25 AM | Computer Name = DHRUV | Source = Service Control Manager | ID = 7023
    Description = The HID Input Service service terminated with the following error:
    %%126

    Error - 10/10/2010 4:32:08 AM | Computer Name = DHRUV | Source = Service Control Manager | ID = 7000
    Description = The SASDIFSV service failed to start due to the following error: %%183


    < End of report >
  25. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
      FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/02/13 08:56:54 | 000,000,000 | ---D | M]
      O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
      O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
      O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
      [2010/10/10 00:49:24 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\user\Desktop\avgremover.exe
      [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [5 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
      [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] 
      [2009/06/11 15:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
      [2010/02/13 08:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
      [2008/07/24 21:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
      
      
      :Services
      
      :Reg
      
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =========================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.