Inactive Need help - svchost, iexplorer and explorer taking my process capacity

[gsureshmendon]

Dear All,

My pc got infected with malware and virus. svchost.exe, iexplorer and explorer takes too much usage in my process. Two iexplorer and two explorer running at same time. I have done the 7-step virus removing process and got those log files. So plz find the attachments and help me out

 

[Bobbye]

Welcome to TechSpot! I'll be glad to help but you missed a very important direction:

When you have finished, leave the logs for review in your next reply .

NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed

I'll review the logs after you have pasted them in.
====================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• Follow the order of the tasks I give you. Order is crucial in cleaning process.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.
• Please let me know if there is any change in the system.

If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================

 

[gsureshmendon]

Thanks for the basic instructions man

Sorry i dont know how to proceed or reply for you, so i try in my way that iam going to paste those logs in this thread.


==============================================================================================================================


MALWARE LOGS


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7316

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

7/29/2011 5:15:53 PM
mbam-log-2011-07-29 (17-15-53).txt

Scan type: Quick scan
Objects scanned: 179628
Time elapsed: 6 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Windows\System32\wvsrvnil.dll (IPH.GenericBHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{467C1A57-C8F7-ED97-851B-7C2BD734A397} (IPH.GenericBHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Soaejlze (IPH.GenericBHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467C1A57-C8F7-ED97-851B-7C2BD734A397} (IPH.GenericBHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{467C1A57-C8F7-ED97-851B-7C2BD734A397} (IPH.GenericBHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{467C1A57-C8F7-ED97-851B-7C2BD734A397} (IPH.GenericBHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\wvsrvnil.dll (IPH.GenericBHO) -> Delete on reboot.
c:\Windows\System32\fsb.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\Users\Suresh\downloads\go_v1.3.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\hpci.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\pstc.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\plugs\mmc114.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\plugs\mmc229.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\plugs\mmc254.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\plugs\mmc31163742.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\plugs\mmc64.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.


==============================================================================================================================

 

[Bobbye]

That's fine. Please paste in the 2 log from the DDS scan just like you did for Malwarebytes.

There are several different malwares. One of them is going to be hard to remove:

generic!bg.iph is a virus detection that infects other files in order to spread. Viruses are programs that copy themselves to spread from one system to another through Internet, Email, or carried in a removable medium such as a floppy disk, CD, DVD, or USB drive. Viruses also can be disguised as attachments of funny images, greeting cards, or audio and video files. They are reproducible and damageable

IF you have connected a flash drive, we will need to disinfect that.

Mbam has removed many entries for this, but we have to see how much it spread to other files.

 

[gsureshmendon]

Thanks for that . Here the two logs from DDS

DDS.TXT
-----------------

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_18
Run by Suresh at 20:03:37 on 2011-07-29
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3069.1599 [GMT 5.5:30]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Airtel NetXpert\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Airtel NetXpert\bin\tgsrvc.exe
C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10n_ActiveX.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = >>> 'Full Speed' Enabled <<<
uSearch Bar =
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SBCONVERT Class: {3017fb3e-9a77-4396-88c5-0ec9548fb42f} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
BHO: SBCONVERT Class: {31b27f2d-6bc6-451b-b3d2-4eab36b2fc3b} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: SearchPredictObj Class: {389943b0-c3a2-4e69-82cb-8596a84cb3dc} - c:\progra~1\search~1\SEARCH~1.DLL
BHO: : {467c1a57-c8f7-ed97-851b-7c2bd734a397} - c:\windows\system32\wvsrvnil.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\speedb~1\toolbar\grabber.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2011\IEToolbar.dll
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
uRun: [AdobeBridge]
mRun: [<NO NAME>]
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2011\ieshow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2011\bdagent.exe"
dRun: [Google Update] c:\windows\system32\config\systemprofile\appdata\local\google\update\gupdate.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10n_ActiveX.exe -update activex
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{028DA33B-2951-4937-8540-645A8FF74E36} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AC364EA0-B13A-45CA-91D1-53A18098825E}\0756E64716 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AC364EA0-B13A-45CA-91D1-53A18098825E}\1496274756C6 : DhcpNameServer = 203.145.184.13 203.145.184.32
TCP: Interfaces\{AC364EA0-B13A-45CA-91D1-53A18098825E}\2494C4C414 : DhcpNameServer = 192.168.1.1
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
.
============= SERVICES / DRIVERS ===============
.
R1 bdfwfpf;bdfwfpf;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys [2010-7-15 88656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 sprtsvc_netxpert;SupportSoft Sprocket Service (netxpert);c:\program files\airtel netxpert\bin\sprtsvc.exe [2011-7-6 206120]
R2 tgsrvc_netxpert;SupportSoft Repair Service (netxpert);c:\program files\airtel netxpert\bin\tgsrvc.exe [2011-7-6 185640]
R2 Updatesrv;BitDefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2011\updatesrv.exe [2010-7-21 42912]
R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2010-5-13 152528]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-5-20 59904]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-5-11 64544]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-11-30 167936]
R3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2010-7-14 299008]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 raywatrz;i8042 Keyboard and PS/2 Mouse Port Controller;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [2011-3-5 105984]
S3 iscFlash;iscFlash;c:\program files\sp45765\iscflash.sys [2009-6-16 13312]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-7-22 116136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-7-24 1343400]
S4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe [2009-11-29 81920]
S4 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2010-6-28 633424]
S4 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2010-6-28 970320]
S4 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [2011-3-5 135168]
S4 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-2-26 26168]
S4 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-2-25 2253688]
.
=============== Created Last 30 ================
.
2011-07-29 11:35:49 -------- d-----w- c:\users\suresh\appdata\roaming\Malwarebytes
2011-07-29 11:35:43 -------- d-----w- c:\programdata\Malwarebytes
2011-07-29 11:35:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-29 10:02:20 -------- d-----w- c:\windows\system32\wbem\Logs
2011-07-29 09:50:57 -------- d--h--w- c:\windows\PIF
2011-07-29 09:49:10 -------- d-----w- c:\program files\common files\ParetoLogic
2011-07-29 09:49:09 -------- d-----w- c:\program files\ParetoLogic
2011-07-29 09:19:28 -------- d-----w- c:\users\suresh\appdata\roaming\ParetoLogic
2011-07-29 09:19:28 -------- d-----w- c:\users\suresh\appdata\roaming\DriverCure
2011-07-29 09:19:16 -------- d-----w- c:\programdata\ParetoLogic
2011-07-27 17:59:38 -------- d-----w- c:\users\suresh\appdata\local\DDMSettings
2011-07-27 08:45:06 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-07-26 17:57:20 46928 ----a-w- c:\windows\system32\AdobePDF.dll
2011-07-26 17:47:42 -------- d-----w- c:\program files\Applied Linguistics
2011-07-25 12:50:53 194 ----a-w- c:\windows\system32\RBDELDRV.BAT
2011-07-25 09:27:20 -------- d-----w- c:\programdata\bdch
2011-07-25 09:23:56 801792 ----a-w- c:\windows\system32\FntCache.dll
2011-07-24 12:26:54 393216 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-07-24 12:26:53 60416 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-07-24 07:57:01 -------- d-----w- c:\windows\system32\Wat
2011-07-23 21:56:39 257024 ----a-w- c:\windows\system32\msv1_0.dll
2011-07-23 21:52:52 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-07-23 21:52:52 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-07-23 21:52:52 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-07-23 21:52:52 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-07-23 21:52:52 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-07-23 21:33:14 -------- d-----w- c:\program files\MSXML 4.0
2011-07-23 17:39:31 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2011-07-23 17:39:30 1413632 ----a-w- c:\windows\system32\ole32.dll
2011-07-23 17:39:09 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-23 17:39:09 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-07-23 17:39:07 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-07-23 17:39:07 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-07-23 17:39:07 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-07-23 17:37:58 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-07-23 17:35:55 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-07-23 17:35:54 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-07-23 17:35:52 738816 ----a-w- c:\windows\system32\wmpmde.dll
2011-07-23 17:35:51 101760 ----a-w- c:\windows\system32\consent.exe
2011-07-23 17:35:46 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-07-23 17:35:46 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-07-23 17:35:16 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-07-23 17:35:14 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-07-23 17:35:09 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-07-23 17:35:08 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-23 17:35:07 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-07-23 17:35:07 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-23 17:18:13 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-07-23 17:17:53 132608 ----a-w- c:\windows\system32\cabview.dll
2011-07-23 16:45:18 -------- d-----w- c:\users\suresh\appdata\roaming\BitDefender
2011-07-23 16:44:59 -------- d-----w- c:\program files\BitDefender
2011-07-23 16:40:43 -------- d-----w- c:\programdata\99eb0000-107a-4b20-2aa4-d69b7ea7d0b4
2011-07-23 16:29:28 0 ----a-w- c:\windows\system32\E6e14QyY.exe
2011-07-23 16:01:47 -------- d-----w- c:\programdata\87c30000-547f-4384-cf3c-92fd46ae0397
2011-07-23 15:23:13 -------- d-----w- c:\users\suresh\appdata\roaming\QuickScan
2011-07-23 15:22:52 253072 ----a-w- c:\windows\system32\drivers\Trufos.sys
2011-07-23 15:22:04 -------- d-----w- c:\programdata\BitDefender
2011-07-23 15:22:04 -------- d-----w- c:\program files\common files\BitDefender
2011-07-23 15:20:36 327368 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2011-07-23 15:20:31 816727 ----a-w- c:\programdata\bdinstall.bin
2011-07-22 10:44:49 -------- d-----w- c:\programdata\Big Fish Games
2011-07-22 10:43:46 -------- d-----w- C:\BigFishGamesCache
2011-07-22 06:57:16 832512 ----a-w- c:\windows\system32\wvsrvnil.dll
2011-07-19 14:04:11 71680 --sha-r- c:\windows\system32\httpapiu.dll
2011-07-19 06:42:08 -------- d-----w- c:\program files\DAP
2011-07-18 11:06:04 -------- d-----w- c:\program files\DU Meter
2011-07-17 18:00:51 -------- d-----w- c:\users\suresh\appdata\roaming\ISP Monitor
2011-07-17 04:45:49 -------- d-----w- c:\programdata\Solidshield
2011-07-15 22:57:09 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{50a69dc4-5d56-4f38-b39a-a306d4fa8ce4}\mpengine.dll
2011-07-06 15:15:35 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2011-07-06 08:52:44 161 ----a-w- c:\users\suresh\startAgent.bat
2011-07-06 08:51:47 -------- d-----w- c:\program files\common files\SupportSoft
2011-07-06 08:51:35 -------- d-----w- c:\users\suresh\appdata\local\SupportSoft
2011-07-06 08:51:34 -------- d-----w- c:\program files\Airtel NetXpert
2011-07-06 08:51:19 314 ----a-w- c:\users\suresh\launchAgent.bat
2011-07-06 08:51:19 30 ----a-w- c:\users\suresh\launchDrTCP.bat
2011-07-06 08:50:52 7057587 ----a-w- c:\users\suresh\agent.exe
2011-07-06 08:50:52 53760 ----a-w- c:\users\suresh\DRTCP021.exe
2011-07-04 08:13:14 16896 ----a-w- c:\windows\system32\KeyHook.dll
.
==================== Find3M ====================
.
2011-07-28 06:33:58 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2011-07-25 09:23:56 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-07-17 18:00:15 737280 ----a-w- c:\windows\iun6002.exe
2011-06-25 22:57:02 71679 --sha-w- c:\windows\pstc.exe
2011-06-25 22:46:14 71568 --sh--w- c:\windows\lksi.exe
2011-06-25 22:44:20 59716 --sha-w- c:\windows\hpci.exe
2011-06-11 02:37:19 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-06-02 17:53:02 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-06-02 05:58:05 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-02 03:45:49 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-05-24 13:44:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 10:35:34 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-14 06:35:55 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-05-14 06:33:14 271872 ----a-w- c:\windows\system32\conhost.exe
2011-05-03 04:50:29 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-07-08 05:07:14 101544 ----a-w- c:\program files\common files\LinkInstaller.exe
2007-07-17 06:43:45 61440 ----a-w- c:\program files\RGSGrowBounds.aex
.
============= FINISH: 20:04:23.19 ===============

 

[gsureshmendon]

ATTACH.TXT



ATTACH
------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/29/2009 1:39:48 AM
System Uptime: 7/29/2011 5:19:17 PM (3 hours ago)
.
Motherboard: Compal | | 30F8
Processor: Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz | CPU | 800/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 49 GiB total, 8.591 GiB free.
D: is FIXED (NTFS) - 110 GiB total, 5.213 GiB free.
E: is FIXED (NTFS) - 9 GiB total, 2.924 GiB free.
F: is CDROM ()
H: is FIXED (NTFS) - 65 GiB total, 5.82 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00010000_PID&C0AF\7&33DC9272&0&001D28C7B03B_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00010000_PID&C0AF\7&33DC9272&0&001D28C7B03B_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&33DC9272&0&001DFDEFDBF0_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&33DC9272&0&001DFDEFDBF0_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C0AF\7&33DC9272&0&001D28C7B03B_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C0AF\7&33DC9272&0&001D28C7B03B_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00010001_PID&008C\7&33DC9272&0&9C18749B3D4D_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00010001_PID&008C\7&33DC9272&0&9C18749B3D4D_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C0AF\7&33DC9272&0&001D28C7B03B_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C0AF\7&33DC9272&0&001D28C7B03B_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C0AF\7&33DC9272&0&001D28C7B03B_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C0AF\7&33DC9272&0&001D28C7B03B_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_LOCALMFG&000F\7&33DC9272&0&001BEE157220_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_LOCALMFG&000F\7&33DC9272&0&001BEE157220_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00000004-0000-1000-8000-0002EE000002}_LOCALMFG&000F\7&33DC9272&0&001DFDEFDBF0_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00000004-0000-1000-8000-0002EE000002}_LOCALMFG&000F\7&33DC9272&0&001DFDEFDBF0_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_VID&00010001_PID&008C\7&33DC9272&0&9C18749B3D4D_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_VID&00010001_PID&008C\7&33DC9272&0&9C18749B3D4D_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_LOCALMFG&000F\7&33DC9272&0&001BEE157220_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_LOCALMFG&000F\7&33DC9272&0&001BEE157220_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_LOCALMFG&000F\7&33DC9272&0&001DFDEFDBF0_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_LOCALMFG&000F\7&33DC9272&0&001DFDEFDBF0_C00000000
Service:
.
Class GUID:
Description:
Device ID: USB\VID_138A&PID_0001\5&1479ABFB&0&2
Manufacturer:
Name:
PNP Device ID: USB\VID_138A&PID_0001\5&1479ABFB&0&2
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000111B-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&33DC9272&0&001BEE157220_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000111B-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&33DC9272&0&001BEE157220_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_LOCALMFG&000F\7&33DC9272&0&001DFDEFDBF0_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_LOCALMFG&000F\7&33DC9272&0&001DFDEFDBF0_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00000000_PID&C056\7&33DC9272&0&001B59A07163_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00000000_PID&C056\7&33DC9272&0&001B59A07163_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000111B-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&33DC9272&0&001DFDEFDBF0_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000111B-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&33DC9272&0&001DFDEFDBF0_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_LOCALMFG&000F\7&33DC9272&0&001DFDEFDBF0_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_LOCALMFG&000F\7&33DC9272&0&001DFDEFDBF0_C00000000
Service:
.
Class GUID:
Description: pcouffin device ...
Device ID: ROOT\PCOUFFIN\0000
Manufacturer:
Name: pcouffin device ...
PNP Device ID: ROOT\PCOUFFIN\0000
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
AC3Filter (remove only)
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.4.5 - CPSID_83708
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dreamweaver CS3
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS3
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Airtel NetXpert 3.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashes Cricket 2009
Autodesk DirectConnect 2009
Autodesk MotionBuilder 7.5
Baraha 9.3
BitDefender Antivirus Pro 2011
BitTorrent
Bonjour
Camtasia Studio 6
Celtx (2.7)
Connect
ConvertXtoDVD 3.0.0.1
Craft Director Studio
DivX Setup
DNA
Download Accelerator Plus (DAP)
eKalappai (remove only)
ENE CIR Receiver Driver
FBX Plugin 2009.0 for Max 2009
Google Chrome
Grammarly Add-In
IDT Audio
James Cameron's AVATAR(tm): THE GAME
Java Auto Updater
Java(TM) 6 Update 18
Keyman Package - eKalappai20b
kuler
Macromedia Extension Manager
Magic ISO Maker v5.5 (build 0274)
MagicDisc 2.7.106
Maya 2009
Maya 2009 Documentation (en_US)
Microsoft Office Excel MUI (English) 2010 (Beta)
Microsoft Office Groove MUI (English) 2010 (Beta)
Microsoft Office MondoOnly MUI (English) 2010 (Beta)
Microsoft Office OneNote MUI (English) 2010 (Beta)
Microsoft Office Outlook MUI (English) 2010 (Beta)
Microsoft Office PowerPoint MUI (English) 2010 (Beta)
Microsoft Office Proof (English) 2010 (Beta)
Microsoft Office Proof (French) 2010 (Beta)
Microsoft Office Proof (Spanish) 2010 (Beta)
Microsoft Office Proofing (English) 2010 (Beta)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
Microsoft Office SharePoint Designer MUI (English) 2010 (Beta)
Microsoft Office Visio MUI (English) 2010 (Beta)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ Run Time Lib Setup
Microsoft WSE 3.0 Runtime
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Murasu Anjal2000
NVIDIA Drivers
NVIDIA PhysX
OpenOffice.org 3.2
ParetoLogic PC Health Advisor
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
PowerISO
QuickTime
RapidTyping
RealFlow
RealFlow Plugin for Maya
Realtek 8136 8168 8169 Ethernet Driver
Skype Toolbars
Skype™ 5.3
SpeedBit Video Downloader
Suite Shared Configuration CS4
Tavultesoft Keyman for ThamiZha! 6.0
TeamViewer 6
Trapcode Form
Trapcode Particular
VC80CRTRedist - 8.0.50727.4053
Veoh Video Compass
Veoh Web Player
VLC media player 1.0.3
Windows SideShow Managed Runtime 1.0
WinRAR archiver
WordWeb
Xvid Video Codec
ZBrush3
.
==== Event Viewer Messages From Past Week ========
.
7/29/2011 8:03:35 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
7/29/2011 7:28:39 PM, Error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
7/29/2011 7:24:51 PM, Error: Service Control Manager [7001] - The COM+ System Application service depends on the System Event Notification Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/29/2011 7:11:45 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/29/2011 6:38:21 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
7/29/2011 5:22:47 PM, Error: Microsoft-Windows-WMPNSS-Service [14333] - Service 'WMPNetworkSvc' did not start correctly due to error '0x8007042c'. Restart your computer, and then try to restart the service.
7/29/2011 5:22:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/29/2011 5:20:57 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/29/2011 5:20:57 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
7/29/2011 5:20:28 PM, Error: Service Control Manager [7023] - The i8042 Keyboard and PS/2 Mouse Port Controller service terminated with the following error: i8042 Keyboard and PS/2 Mouse Port Controller is not a valid Win32 application.
7/29/2011 5:20:23 PM, Error: Service Control Manager [7000] - The DS1410D service failed to start due to the following error: The system cannot find the file specified.
7/29/2011 4:55:16 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
7/29/2011 4:53:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
7/29/2011 4:53:56 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/29/2011 4:53:47 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).
7/29/2011 4:53:26 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/29/2011 4:53:16 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s).
7/29/2011 4:53:16 PM, Error: Service Control Manager [7034] - The i8042 Keyboard and PS/2 Mouse Port Controller service terminated unexpectedly. It has done this 1 time(s).
7/29/2011 4:53:16 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
7/29/2011 4:53:16 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/29/2011 4:53:16 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/29/2011 4:53:16 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/29/2011 4:53:16 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/29/2011 4:53:16 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/29/2011 4:53:16 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/29/2011 4:53:16 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/29/2011 4:53:16 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/29/2011 4:53:16 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/29/2011 4:53:16 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/29/2011 4:53:16 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/29/2011 4:53:16 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/29/2011 4:53:16 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/29/2011 4:53:07 PM, Error: Service Control Manager [7034] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s).
7/29/2011 4:53:07 PM, Error: Service Control Manager [7034] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s).
7/29/2011 4:53:07 PM, Error: Service Control Manager [7034] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s).
7/29/2011 4:53:07 PM, Error: Service Control Manager [7034] - The Superfetch service terminated unexpectedly. It has done this 1 time(s).
7/29/2011 4:53:07 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
7/29/2011 4:53:07 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/29/2011 3:57:38 PM, Error: Service Control Manager [7034] - The SupportSoft Sprocket Service (netxpert) service terminated unexpectedly. It has done this 1 time(s).
7/29/2011 3:57:38 PM, Error: Service Control Manager [7034] - The SupportSoft Repair Service (netxpert) service terminated unexpectedly. It has done this 1 time(s).
7/29/2011 3:33:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/29/2011 2:33:58 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/29/2011 2:28:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/29/2011 12:57:07 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8424f4a0, 0x8e91b82c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072911-55208-01.
7/29/2011 12:48:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD bdfsfltr bdfwfpf DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf
7/29/2011 12:48:52 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/29/2011 12:48:52 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/29/2011 12:48:52 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/29/2011 12:48:52 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/29/2011 12:48:52 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/29/2011 12:48:52 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
7/29/2011 12:48:52 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/29/2011 12:48:52 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/29/2011 12:48:52 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/29/2011 12:48:52 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/29/2011 1:59:35 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: There are no more endpoints available from the endpoint mapper.
7/29/2011 1:59:33 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/29/2011 1:59:33 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
7/29/2011 1:59:30 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the Network Store Interface Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/29/2011 1:59:02 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/29/2011 1:58:54 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Network Store Interface Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/29/2011 1:46:07 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service has not been started.
7/29/2011 1:45:26 PM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Windows Audio Endpoint Builder service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/29/2011 1:40:40 PM, Error: Service Control Manager [7023] - The System Event Notification Service service terminated with the following error: Overlapped I/O operation is in progress.
7/29/2011 1:04:05 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
7/29/2011 1:02:05 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/29/2011 1:02:05 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/29/2011 1:02:05 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/28/2011 9:50:01 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x005c00cd, 0x00000002, 0x00000001, 0x8408888c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072811-43227-01.
7/28/2011 7:57:46 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
7/28/2011 11:25:27 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows 7 Service Pack 1 (KB976932).
7/27/2011 7:55:08 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
7/27/2011 12:30:51 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The pipe has been ended.
7/27/2011 12:22:30 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x8410a419, 0x8e92bb50, 0x8e92b730). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072711-45505-01.
7/26/2011 8:04:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
7/26/2011 4:42:15 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000074, 0x00000002, 0x00000001, 0x8407e88c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072611-61121-01.
7/25/2011 6:29:30 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
7/25/2011 5:36:55 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {E9513610-F218-4DDA-B954-2C7E6BA7CABB} as /. The error: "740" Happened while starting this command: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe -Embedding
7/25/2011 2:45:47 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Event Log service, but this action failed with the following error: An instance of the service is already running.
7/25/2011 2:45:00 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/25/2011 2:44:52 PM, Error: Service Control Manager [7023] - The Remote Access Connection Manager service terminated with the following error: The parameter is incorrect.
7/25/2011 2:44:47 PM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/25/2011 2:44:47 PM, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/25/2011 2:44:47 PM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
7/25/2011 2:44:47 PM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/25/2011 2:33:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
7/24/2011 5:44:28 AM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The process cannot access the file because it is being used by another process.
7/24/2011 12:43:52 AM, Error: Service Control Manager [7034] - The kmhfoot service terminated unexpectedly. It has done this 1 time(s).
7/24/2011 1:35:27 PM, Error: Service Control Manager [7023] -
7/23/2011 8:37:57 PM, Error: Service Control Manager [7034] - The DU Meter Service service terminated unexpectedly. It has done this 1 time(s).
7/23/2011 8:18:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
7/23/2011 4:06:11 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x841042e1, 0x8e91bb50, 0x8e91b730). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072311-46847-01.
7/23/2011 10:53:51 PM, Error: Service Control Manager [7034] - The NVIDIA Update Service service terminated unexpectedly. It has done this 1 time(s).
7/23/2011 10:19:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/23/2011 10:19:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/23/2011 10:19:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/23/2011 10:19:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/23/2011 10:19:30 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bdfsfltr bdfwfpf discache SCDEmu spldr Wanarpv6
7/22/2011 7:49:11 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume System Reserved.
7/22/2011 7:49:11 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
7/22/2011 7:48:47 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
7/22/2011 1:50:03 PM, Error: Service Control Manager [7034] - The Problem Reports and Solutions Control Panel Support service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

 

[Bobbye]

Okay, it's fairly easy to see where some of the 'overuse' is coming from. You've added some features to 'optimize' the system. What you didn't realize is they brought more than you asked for, like adding toolbars, browser helper objects and so on. Most 'optimizers' them selves, don't actually do much but use a lot of system resources while they run.

The dll files for their toolbars contain some spyware/adware functionality, although not all of the toolbars use this. So we'll be removing some of them. There are several entries hat I can identify so we'll have to see if Combofix picks them up
======================================
I strongly recommend that you remove everything you have from ParetoLogic. Not only are the products bad, but there are very few site that are safe to download them. I use the WOT Site Advisor and only click on 'green' sites. Most for this company are red or amber.
=====================================
What are you trying to do with all these .bat files?

2011-07-06 08:52:44 161 ----a-w- c:\users\suresh\startAgent.bat
2011-07-06 08:51:19 314 ----a-w- c:\users\suresh\launchAgent.bat
2011-07-06 08:51:19 30 ----a-w- c:\users\suresh\launchDrTCP.bat
2011-07-25 12:50:53 194 ----a-w- c:\windows\system32\RBDELDRV.BAT

======================================
Java is way out of date. You have v6u18. The current is v6u26. Please update now: Java Updates After the update uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
======================================
Let's see how much of this 'stuff' will be handled by the following:

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESETOnlineScan
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  [o] Double click on the
  
  on your desktop.
• Check 'Yes I accept terms of use.'
• Click Start button
• Accept any security warnings from your browser.
  
  
• Uncheck 'Remove found threats'
• Check 'Scan archives/
• Leave remaining settings as is.
• Press the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
• When the scan completes, press List of found threats
• Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
• Push the Back button
• Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
============================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.

 

[Bobbye]

Forgot to ask: there are 17 Bluetooth Peripheral devices showing in the log. Could some/any of these account for the high usage?

Additionally, I noticed you have Bit Torrent installed.
P2P Warning:
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall Bit Torrent for the following reasons:

• As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
• Malware writers use these program to include malicious content.
• File sharing is usually unmonitored and there is a danger that your private files might be accessed.
• The 'sharing' also includes malware that the shared system has on it.
• Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers.

 

[gsureshmendon]

ESET and COMBO FIX

Hi man did everything as you instructed.

ESETScan

D:\BitDefender Antivirus Pro 2011 14.0.22.326 By Adrian Dennis.rar Win32/Packed.Autoit.E.Gen application
D:\James Cameron's Avatar The Game [PC ~ Multi6] RELOADED.iso Win32/Packed.VMProtect.D trojan
D:\ParetoLogic_PC_Health_Advisor_3_0__Patch_by_goodperson541.rar a variant of Win32/Delf.PSD trojan
D:\Maya2010_Win32\Maya 2010\Crack\xf-maya2010-32bits.rar a variant of Win32/Keygen.BL application
D:\softwares\Camtasia Studio 6.0.0 Build 689 [ iron Doom ]\keygen.rar probably a variant of Win32/Keygen.BJ application
===============================================================


COMBO FIX

ComboFix 11-08-03.02 - Suresh 08/03/2011 16:12:03.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3069.1560 [GMT 5.5:30]
Running from: d:\softwares\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
c:\program files\SpeedBit Video Downloader\Toolbar\tbhelper.dll
c:\users\Suresh\agent.exe
c:\users\Suresh\AppData\Roaming\inst.exe
c:\users\Suresh\DRTCP021.exe
c:\windows\iun6002.exe
c:\windows\system32\E6e14QyY.exe
c:\windows\system32\wvsrvnil.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
-------\Service_raywatrz
.
.
((((((((((((((((((((((((( Files Created from 2011-07-03 to 2011-08-03 )))))))))))))))))))))))))))))))
.
.
2011-08-03 10:54 . 2011-08-03 11:03 -------- d-----w- c:\users\Suresh\AppData\Local\temp
2011-08-03 10:54 . 2011-08-03 10:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-02 05:40 . 2011-08-02 05:40 -------- d-----w- c:\program files\ESET
2011-08-02 05:39 . 2011-08-02 05:40 -------- d-----w- c:\windows\Downloaded Program Files
2011-08-02 05:39 . 2011-08-02 05:39 -------- d-----w- c:\program files\Common Files\Java
2011-08-02 05:38 . 2011-08-02 05:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-01 07:04 . 2011-08-01 07:04 -------- d-----w- c:\program files\Pixar
2011-07-30 18:03 . 2011-07-30 18:03 -------- d-----w- c:\program files\Chaos Group
2011-07-30 17:52 . 2011-07-30 18:04 -------- d-----w- c:\program files\Common Files\ChaosGroup
2011-07-29 13:58 . 2011-07-29 14:48 -------- d-----w- c:\windows\debug
2011-07-29 11:35 . 2011-07-29 11:35 -------- d-----w- c:\users\Suresh\AppData\Roaming\Malwarebytes
2011-07-29 11:35 . 2011-07-29 11:35 -------- d-----w- c:\programdata\Malwarebytes
2011-07-29 11:35 . 2011-07-29 11:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-29 10:02 . 2011-07-29 10:02 -------- d-----w- c:\windows\system32\wbem\Logs
2011-07-29 09:50 . 2011-07-29 09:50 -------- d--h--w- c:\windows\PIF
2011-07-29 09:49 . 2011-07-29 09:49 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-07-29 09:49 . 2011-07-29 09:49 -------- d-----w- c:\program files\ParetoLogic
2011-07-29 09:19 . 2011-07-29 09:19 -------- d-----w- c:\users\Suresh\AppData\Roaming\ParetoLogic
2011-07-29 09:19 . 2011-07-29 09:19 -------- d-----w- c:\users\Suresh\AppData\Roaming\DriverCure
2011-07-29 09:19 . 2011-07-29 09:49 -------- d-----w- c:\programdata\ParetoLogic
2011-07-27 17:59 . 2011-07-27 17:59 -------- d-----w- c:\users\Suresh\AppData\Local\DDMSettings
2011-07-27 08:45 . 2009-08-19 18:20 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-07-26 17:57 . 2009-08-19 18:20 46928 ----a-w- c:\windows\system32\AdobePDF.dll
2011-07-26 17:47 . 2011-07-26 17:47 -------- d-----w- c:\program files\Applied Linguistics
2011-07-25 12:50 . 2011-07-25 12:50 194 ----a-w- c:\windows\system32\RBDELDRV.BAT
2011-07-25 09:27 . 2011-07-25 09:27 -------- d-----w- c:\programdata\bdch
2011-07-25 09:23 . 2011-07-25 09:23 801792 ----a-w- c:\windows\system32\FntCache.dll
2011-07-24 12:26 . 2011-04-28 03:29 393216 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-07-24 12:26 . 2011-04-28 03:29 60416 ------w- c:\windows\system32\drivers\BTHUSB.SYS
2011-07-24 07:57 . 2011-07-24 07:57 -------- d-----w- c:\windows\system32\Wat
2011-07-23 21:56 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2011-07-23 21:52 . 2009-11-25 07:17 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-07-23 21:52 . 2009-11-25 07:17 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-07-23 21:52 . 2009-11-25 07:17 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-07-23 21:52 . 2009-11-25 07:17 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-07-23 21:52 . 2009-11-25 07:17 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-07-23 21:33 . 2011-07-23 21:33 -------- d-----w- c:\program files\MSXML 4.0
2011-07-23 17:39 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2011-07-23 17:39 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2011-07-23 17:39 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-07-23 17:39 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-23 17:39 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-07-23 17:39 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-07-23 17:39 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-07-23 17:37 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-07-23 17:35 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-07-23 17:35 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-07-23 17:35 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
2011-07-23 17:35 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
2011-07-23 17:35 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-07-23 17:35 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-07-23 17:35 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-07-23 17:35 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-07-23 17:35 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-07-23 17:35 . 2011-05-04 02:43 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-23 17:35 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-07-23 17:35 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-23 17:18 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-07-23 17:17 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2011-07-23 16:45 . 2011-07-23 16:45 -------- d-----w- c:\users\Suresh\AppData\Roaming\BitDefender
2011-07-23 16:44 . 2011-07-23 16:44 -------- d-----w- c:\program files\BitDefender
2011-07-23 16:40 . 2011-07-23 16:40 -------- d-----w- c:\programdata\99eb0000-107a-4b20-2aa4-d69b7ea7d0b4
2011-07-23 16:01 . 2011-07-23 16:01 -------- d-----w- c:\programdata\87c30000-547f-4384-cf3c-92fd46ae0397
2011-07-23 15:23 . 2011-07-23 15:23 -------- d-----w- c:\users\Suresh\AppData\Roaming\QuickScan
2011-07-23 15:22 . 2010-07-27 07:20 253072 ----a-w- c:\windows\system32\drivers\Trufos.sys
2011-07-23 15:22 . 2011-07-23 16:45 -------- d-----w- c:\programdata\BitDefender
2011-07-23 15:22 . 2011-07-23 16:44 -------- d-----w- c:\program files\Common Files\BitDefender
2011-07-23 15:20 . 2010-07-27 07:05 327368 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2011-07-23 15:20 . 2011-07-23 16:46 816727 ----a-w- c:\programdata\bdinstall.bin
2011-07-22 10:44 . 2011-07-23 15:14 -------- d-----w- c:\programdata\Big Fish Games
2011-07-22 10:43 . 2011-07-23 15:14 -------- d-----w- C:\BigFishGamesCache
2011-07-19 14:19 . 2011-07-19 14:19 -------- d-----w- c:\windows\Sun
2011-07-19 14:04 . 2011-07-19 14:04 71680 --sha-r- c:\windows\system32\httpapiu.dll
2011-07-19 06:42 . 2011-07-19 06:44 -------- d-----w- c:\program files\DAP
2011-07-18 11:06 . 2011-07-25 12:05 -------- d-----w- c:\program files\DU Meter
2011-07-17 18:00 . 2011-07-17 18:27 -------- d-----w- c:\users\Suresh\AppData\Roaming\ISP Monitor
2011-07-17 04:45 . 2011-07-17 04:48 -------- d-----w- c:\programdata\Solidshield
2011-07-17 04:25 . 2011-07-17 04:25 -------- d-----w- c:\program files\Ubisoft
2011-07-15 22:57 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{50A69DC4-5D56-4F38-B39A-A306D4FA8CE4}\mpengine.dll
2011-07-10 05:32 . 2011-08-03 10:39 -------- d-----w- c:\users\Administrator.Suresh-PC
2011-07-06 15:15 . 1998-12-05 07:48 172032 ------w- c:\windows\system32\AniGIF.ocx
2011-07-06 08:52 . 2011-07-06 08:52 161 ----a-w- c:\users\Suresh\startAgent.bat
2011-07-06 08:51 . 2011-07-06 08:51 -------- d-----w- c:\program files\Common Files\SupportSoft
2011-07-06 08:51 . 2011-07-06 08:51 -------- d-----w- c:\users\Suresh\AppData\Local\SupportSoft
2011-07-06 08:51 . 2011-07-06 08:51 -------- d-----w- c:\program files\Airtel NetXpert
2011-07-06 08:51 . 2011-07-06 08:51 -------- d-----w- c:\programdata\SupportSoft
2011-07-06 08:51 . 2011-07-06 08:51 314 ----a-w- c:\users\Suresh\launchAgent.bat
2011-07-06 08:51 . 2011-07-06 08:51 30 ----a-w- c:\users\Suresh\launchDrTCP.bat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-28 06:33 . 2008-08-14 02:27 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2011-06-25 22:57 . 2011-06-25 22:57 71679 --sha-w- c:\windows\pstc.exe
2011-06-25 22:46 . 2011-06-25 22:46 71568 ------w- c:\windows\lksi.exe
2011-06-23 21:36 . 2011-06-23 21:36 69632 ----a-r- c:\users\Suresh\AppData\Roaming\Microsoft\Installer\{6084D038-3401-4C9D-A216-86E6EEA25AFB}\ZBrush3.exe1_6084D03834014C9DA21686E6EEA25AFB.exe
2011-06-23 21:36 . 2011-06-23 21:36 69632 ----a-r- c:\users\Suresh\AppData\Roaming\Microsoft\Installer\{6084D038-3401-4C9D-A216-86E6EEA25AFB}\ZBrush3.exe_6084D03834014C9DA21686E6EEA25AFB.exe
2011-06-02 17:53 . 2011-06-02 17:53 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-05-24 13:44 . 2009-11-29 01:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-07-08 05:07 . 2010-07-08 05:07 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe
2007-07-17 06:43 . 2008-02-08 11:51 61440 ----a-w- c:\program files\RGSGrowBounds.aex
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2011-04-10 400760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitDefender Antiphishing Helper"="c:\program files\bitdefender\bitdefender 2011\ieshow.exe" [2010-07-19 71216]
"BDAgent"="c:\program files\bitdefender\bitdefender 2011\bdagent.exe" [2010-07-28 1403000]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10n_ActiveX.exe" [2011-03-08 234656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Murasu Anjal2000.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Murasu Anjal2000.lnk
backup=c:\windows\pss\Murasu Anjal2000.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Suresh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Suresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-09-22 12:41 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2011-06-07 15:24 40376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2011-07-28 06:33 611712 ------w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2011-04-10 06:49 400760 ----a-w- c:\program files\BitTorrent\bittorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-30 17:15 323392 ----a-w- c:\users\Suresh\Program Files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fsb]
2010-05-05 17:35 77824 ----a-w- c:\windows\System32\fsb.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-11-28 21:49 135664 ----atw- c:\users\Suresh\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 10:45 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\netxpert]
2010-05-10 03:32 206120 ----a-w- c:\program files\Airtel NetXpert\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-08-19 09:54 13793824 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2006-05-20 10:13 188416 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 16:23 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-06-15 09:32 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition]
2009-07-14 01:14 51712 ----a-w- c:\windows\Speech\Common\sapisvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 07:29 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2009-07-22 04:03 458844 ----a-w- c:\program files\IDT\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-04-28 18:15 2633976 ------w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WordWeb]
2009-11-08 17:48 65216 ------w- c:\program files\WordWeb\wweb32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2010-02-25 105984]
R3 iscFlash;iscFlash;c:\program files\SP45765\iscflash.sys [2009-06-16 13312]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-22 116136]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-07-14 299008]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-23 1343400]
R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [x]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe [2009-03-03 81920]
R4 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2010-06-28 633424]
R4 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2010-06-28 970320]
R4 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [2010-09-27 135168]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-02-26 26168]
R4 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-02 721904]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-07-15 88656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 sprtsvc_netxpert;SupportSoft Sprocket Service (netxpert);c:\program files\Airtel NetXpert\bin\sprtsvc.exe [2010-05-10 206120]
S2 tgsrvc_netxpert;SupportSoft Repair Service (netxpert);c:\program files\Airtel NetXpert\bin\tgsrvc.exe [2010-05-10 185640]
S2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [2010-07-20 42912]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-05-13 152528]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-05-20 59904]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-05-11 64544]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-02 c:\windows\Tasks\At3.job
- c:\windows\pstc.exe [2011-06-25 22:57]
.
2011-08-02 c:\windows\Tasks\At4.job
- c:\windows\lksi.exe [2011-06-25 22:46]
.
2011-08-02 c:\windows\Tasks\At5.job
- c:\windows\hpci.exe [2011-06-25 22:44]
.
2011-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1694817892-1893496286-3961741074-1000Core.job
- c:\users\Suresh\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-28 21:49]
.
2011-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1694817892-1893496286-3961741074-1000UA.job
- c:\users\Suresh\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-28 21:49]
.
2011-08-02 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]
.
2011-07-29 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]
.
2011-08-02 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 09:53]
.
2011-07-29 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 09:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.speedbit.com
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local;<local>
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{3017FB3E-9A77-4396-88C5-0EC9548FB42F} - c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
BHO-{31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
BHO-{467C1A57-C8F7-ED97-851B-7C2BD734A397} - c:\windows\system32\wvsrvnil.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-DNS7reminder - c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe
MSConfigStartUp-FileZilla Server Interface - c:\program files\FileZilla Server\FileZilla Server Interface.exe
MSConfigStartUp-googletalk - c:\program files\Google\Google Talk\googletalk.exe
MSConfigStartUp-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-SSBkgdUpdate - c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
AddRemove-V-Ray for Maya 2012 for x86 - d:\program files\Autodesk\Maya2009\bin\plug-ins/uninstall/wininstaller.exe-uninstall=d:\program files\Autodesk\Maya2009\bin\plug-ins/uninstall/install.log
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2a,bd,83,bf,ed,7c,86,41,83,80,4a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2a,bd,83,bf,ed,7c,86,41,83,80,4a,\
.
[HKEY_USERS\.Default\Software\SetId\Internal]
@Denied: (A 2) (LocalSystem)
"DEVICE2"="vcvIsaaxyAA="
"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"0\" InstallSTD=\"1289332796\" isSubsc=\"0\" authStat_av=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"3\" moduleId1=\"9\" moduleId2=\"0\" relType=\"1\" />"
.
[HKEY_USERS\S-1-5-21-1694817892-1893496286-3961741074-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"
.
[HKEY_USERS\S-1-5-21-1694817892-1893496286-3961741074-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"
.
[HKEY_USERS\S-1-5-21-1694817892-1893496286-3961741074-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"
.
[HKEY_USERS\S-1-5-21-1694817892-1893496286-3961741074-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1364)
c:\windows\System32\netshell.dll
c:\windows\System32\QUtil.dll
c:\windows\System32\npmproxy.dll
c:\windows\System32\hgcpl.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\UI0Detect.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2011-08-03 16:41:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-03 11:11
.
Pre-Run: 5,858,697,216 bytes free
Post-Run: 7,009,734,656 bytes free
.
- - End Of File - - A03C5CDDD46A1B306946EAAECBA08DB4
===============================================================

 

[gsureshmendon]

Done

============================================
What are you trying to do with all these .bat files?


Quote:



2011-07-06 08:52:44 161 ----a-w- c:\users\suresh\startAgent.bat
2011-07-06 08:51:19 314 ----a-w- c:\users\suresh\launchAgent.bat
2011-07-06 08:51:19 30 ----a-w- c:\users\suresh\launchDrTCP.bat
2011-07-25 12:50:53 194 ----a-w- c:\windows\system32\RBDELDRV.BAT


============================================


My answer is "I DONT KNOW"


Then i uninstalled ParetoLogic

updated Java

============================================

Forgot to ask: there are 17 Bluetooth Peripheral devices showing in the log. Could some/any of these account for the high usage?

============================================

My answer is "HELP ME PLZ"


and BIT TORRENT any excuses can i get for this. Badly need that for collecting animation tutorials.

============================================

 

[Bobbye]

Regarding the .bat files You answer of "I don't know" is not enough:
1. Are you the Administrator on this system?
2. Are there other accounts?
3. Do you mean that you or the Administrator didn't set up these batch files?
4. Is your account name suresh?
=====================================
I can't answer the question about the Bluetooth peripherals because I don't know what they are. But I do know that having 17 of them isn't 'normal!
===========================================
For the Eset entries:

Please download OTMovit by Old Timer and save to your desktop.

• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  :Files  
  D:\BitDefender Antivirus Pro 2011 14.0.22.326 By Adrian Dennis.rar 
  D:\James Cameron's Avatar The Game [PC ~ Multi6] RELOADED.iso 
  D:\ParetoLogic_PC_Health_Advisor_3_0__Patch_by_goodperson541.rar 
  D:\Maya2010_Win32\Maya 2010\Crack\xf-maya2010-32bits.rar 
  D:\softwares\Camtasia Studio 6.0.0 Build 689 [ iron Doom ]\keygen.rar
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
==========================================
It would appear that you're using Bit Torrent for more than tutorials: All of the entries in Eset are from pirated programs.
Pirated Programs:
1. Maya2010
2. Camtasia Studio 6.0.0 Build 689
3. James Cameron's Avatar The Game [PC ~ Multi6]
4. BitDefender Antivirus Pro 2011
5. ParetoLogic_PC_Health_Advisor
===================================================
Download CKScanner and save to your desktop.

• Doubleclick CKScanner.exe and click Search For Files.
• When the cursor hourglass disappears, click Save List To File.
• A message box will verify that the file is saved.
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
  in your next reply.

 

[gsureshmendon]

Now i uninstalled BitTorrent

The QandA
1. Are you the Administrator on this system? YES
2. Are there other accounts? YES, but created by me
3. Do you mean that you or the Administrator didn't set up these batch files? YES
4. Is your account name suresh? YES

===============================================================

Bluetooth peripherals : Is ther any option to disable it - My friends sometimes ask me to send some pics or mp3s from my laptop so i use my laptops bluetooth and they connect with their mobile bluetooth to transfer the files. Can i go and delete all those bluetooth names in my devices list. Pls Correct me

===============================================================

All processes killed
========== FILES ==========
File/Folder D:\BitDefender Antivirus Pro 2011 14.0.22.326 By Adrian Dennis.rar not found.
File move failed. D:\James Cameron's Avatar The Game [PC ~ Multi6] RELOADED.iso scheduled to be moved on reboot.
File/Folder D:\ParetoLogic_PC_Health_Advisor_3_0__Patch_by_goodperson541.rar not found.
D:\Maya2010_Win32\Maya 2010\Crack\xf-maya2010-32bits.rar moved successfully.
D:\softwares\Camtasia Studio 6.0.0 Build 689 [ iron Doom ]\keygen.rar moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: Administrator.Suresh-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Suresh
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 59371834 bytes
->Java cache emptied: 10597484 bytes
->Flash cache emptied: 7746 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13278 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 67.00 mb


OTM by OldTimer - Version 3.1.18.0 log created on 08062011_124854

Files moved on Reboot...
File move failed. D:\James Cameron's Avatar The Game [PC ~ Multi6] RELOADED.iso scheduled to be moved on reboot.

Registry entries deleted on Reboot...

===============================================================

I think i already deleted those files , i visited those file paths the file doesn't exist.

===============================================================

CKScanner - Additional Security Risks - These are not necessarily bad
c:\flexlm\awkeygen.exe
c:\program files\autodesk\maya2009\brushes\fun\cracks.mel
c:\program files\autodesk\maya2009\brushes\fun\cracks.mel.icon
c:\program files\autodesk\maya2009\docs\maya2009\en_us\files\uv_texture_mapping_creating_a_cracker_box_model.htm
c:\program files\autodesk\maya2009\scripts\others\crackshatter.mel
c:\program files\autodesk\maya2009\scripts\others\crackshatter.res.mel
c:\program files\du meter\crack\dumeter.exe
c:\program files\du meter\crack\dumetersvc.exe
c:\program files\du meter\crack\registration.reg
c:\users\suresh\documents\e-on software\vue 7 xstream\objects\miscellaneous\boolean objects\24_cracked sphere.vob
c:\users\suresh\downloads\real_money_doubling_forex_robot_fap_turbo_-_sells_like_candy!_full_cracked_sept_2009_.exe (1).torrent
c:\users\suresh\downloads\real_money_doubling_forex_robot_fap_turbo_-_sells_like_candy!_full_cracked_sept_2009_.exe.torrent
c:\_otm\movedfiles\08062011_124854\d_maya2010_win32\maya 2010\crack\xf-maya2010-32bits.rar
c:\_otm\movedfiles\08062011_124854\d_softwares\camtasia studio 6.0.0 build 689 [ iron doom ]\keygen.rar
scanner sequence 3.JD.11.UNAPUD
----- EOF -----

 

[Bobbye]

You will have to search for which of those Bluetooth devices is doing what and why there are so many! I do not suggest you delete them all. Something put them there.

About the batch files: Because of your history of using files sharing, cracks and keygens, I won't remove the files. There are on your account and recently set up.

 

[Bobbye]

Please round up the bits of information you've put in the 3 threads about this same problem and input it here, on this thread.

 

[gsureshmendon]

Its getting bigger

My problem is not the same now. Its getting bigger that now i cant access my net and my display is also not working. See im ready to uninstall anything which corrupts my routine digital life. So, help me out of those batch files now mainly on my services. Its not working it says authentication is not there for me to start a service. so System notification, tcp/ip, win event log not getting start. And my DHCP service says starting..... but holds there still.

Im planning to renstall win7 and go to my home winxp baby.

Now tell me wat to do

 

[Bobbye]

There are so many problems with the system that I don't think you have any choice other than to reformat and reinstall:

Things to be concerned about:

1. No hard drive space free:
C: is FIXED (NTFS) - 49 GiB total, 8.591 GiB free.
D: is FIXED (NTFS) - 110 GiB total, 5.213 GiB free.
E: is FIXED (NTFS) - 9 GiB total, 2.924 GiB free.
Total hard drive space= 168GB Total Hard drive space available=None

2. System install date shows: Install Date: 11/29/2009 1:39:48 AM
There are no updates for security or Windows.

3. 17 Bluetooth Devices

4. No System Restore points.>> Errors have shut it down

5. Outdated Beta version: This may be what need Authentication
Microsoft Office Excel MUI (English) 2010 (Beta)
Microsoft Office Groove MUI (English) 2010 (Beta)
Microsoft Office MondoOnly MUI (English) 2010 (Beta)
Microsoft Office OneNote MUI (English) 2010 (Beta)
Microsoft Office Outlook MUI (English) 2010 (Beta)
Microsoft Office PowerPoint MUI (English) 2010 (Beta)
Microsoft Office Proof (English) 2010 (Beta)
Microsoft Office Proof (French) 2010 (Beta)
Microsoft Office Proof (Spanish) 2010 (Beta)
Microsoft Office Proofing (English) 2010 (Beta)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
Microsoft Office SharePoint Designer MUI (English) 2010 (Beta)

6. Multiple Errors in the Even Viewer for Services not starting, in part because their dependencies weren't running.

7. Error: The file system structure on the disk is corrupt and unusable on volume System Reserved and volume C.
7/22/2011 7:49:11 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the :.
Error: Failing updates: This problem can be caused by system corruption on your computer.

And lastly, I have to wonder if you have a legitimate copy of Windows 7.

 

[gsureshmendon]

Ba bye

Already done . You are late

 

[Bobbye]

People like you who don't even bother with a thank you, make a smart a.. comment instead, make me sorry I wasted my time on you.

This thread is closed.