cowdenbeath

Also, I did a scan using BitDefender and it came up with some peculiar results. I've attached the log file, which shows the 160 objects that couldn't be scanned due to password protection. Also, the scan showed that "No action is possible" on Gen:Trojan.Heur.xm0@X8SQJ9bi located at C:\Documents and Settings\Mandeep\Desktop\sys29436.exe=>(NSIS o)=>zlib_nsis0013 Any ideas how to deal with this?? 1285123153_1_02.xml

Both of those boxes where already unchecked on SuperAntiSpyware. I reinstalled Bitdefender without any problems, but the computer is running noticeably slower than when it wasn't installed. Perhaps Bitdefender is using up lots of RAM also? Is there anything I could do to free some? I performed another OTL scan and got the following log if it's any use: OTL logfile created on: 23/09/2010 01:17:53 - Run 2 OTL by OldTimer - Version 3.2.14.0 Folder = C:\Documents and Settings\Mandeep\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 502.00 Mb Total Physical Memory | 94.00 Mb Available Physical Memory | 19.00% Memory free 1.00 Gb Paging File | 0.00 Gb Available in Paging File | 19.00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 71.45 Gb Total Space | 28.24 Gb Free Space | 39.53% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SIDHU Current User Name: Mandeep Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/09/21 01:10:05 | 000,413,696 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe PRC - [2010/09/21 01:10:01 | 001,638,240 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe PRC - [2010/09/21 01:09:57 | 000,675,840 | ---- | M] (BitDefender S.R.L) -- C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe PRC - [2010/09/21 01:09:53 | 000,442,368 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe PRC - [2010/09/21 01:09:37 | 000,782,336 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe PRC - [2010/09/20 16:11:42 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mandeep\My Documents\Downloads\OTL.exe PRC - [2010/09/17 00:01:42 | 000,975,928 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2010/09/01 07:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009/10/19 23:20:33 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/04/05 20:10:20 | 000,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe ========== Modules (SafeList) ========== MOD - [2010/09/20 16:11:42 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mandeep\My Documents\Downloads\OTL.exe MOD - [2009/10/19 23:21:24 | 000,102,400 | ---- | M] (RealPlayer) -- c:\Program Files\Real\realplayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll MOD - [2009/08/13 14:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll MOD - [2008/05/13 10:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2003/03/18 19:14:52 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll MOD - [2003/02/21 03:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt) SRV - [2010/09/21 01:10:05 | 000,413,696 | ---- | M] (BitDefender SRL) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV) SRV - [2010/09/21 01:10:01 | 001,638,240 | ---- | M] (BitDefender S. R. L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV) SRV - [2010/09/21 01:08:51 | 000,323,584 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan) SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009/09/24 11:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\WINDOWS\system32\nagasoft\vjocx.dll -- (vvdsvc) SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2008/07/17 12:06:56 | 000,118,784 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3) SRV - [2008/04/05 20:10:20 | 000,607,576 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice) SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService) SRV - [2006/10/17 19:17:40 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2006/04/14 11:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2005/11/14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Mandeep\LOCALS~1\Temp\mbr.sys -- (mbr) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Combo-Fix\catchme.sys -- (catchme) DRV - [2010/09/21 01:09:40 | 000,008,832 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys -- (BDSelfPr) DRV - [2010/09/21 01:08:52 | 000,137,224 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif) DRV - [2010/09/21 01:08:52 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (trufos) DRV - [2010/07/03 12:34:09 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010/02/18 23:40:39 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV) DRV - [2010/02/18 23:40:39 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr) DRV - [2008/12/10 19:42:46 | 000,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr) DRV - [2008/09/18 11:09:12 | 000,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm) DRV - [2008/09/02 13:32:06 | 000,013,056 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (profos) DRV - [2008/04/13 19:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2008/04/13 19:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008/04/13 19:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007/10/25 19:31:08 | 000,616,064 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207) DRV - [2007/06/28 12:44:58 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd) DRV - [2007/06/28 12:44:18 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm) DRV - [2007/06/28 12:44:18 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj) DRV - [2007/06/28 12:44:16 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc) DRV - [2007/03/13 13:53:47 | 000,252,928 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv) DRV - [2006/10/17 19:09:04 | 000,035,072 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2006/07/14 01:02:22 | 000,013,696 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wsp_pkt.sys -- (wsppkt) DRV - [2006/07/14 01:01:16 | 000,013,824 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hnm_wrls_pkt.sys -- (hnmwrlspkt) DRV - [2006/07/14 01:00:58 | 000,013,440 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet) DRV - [2006/04/05 12:49:40 | 000,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\vaxscsi.sys -- (vaxscsi) DRV - [2006/04/05 12:47:01 | 000,642,560 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2005/12/19 22:15:34 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi) DRV - [2005/08/17 07:41:08 | 001,022,040 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2005/05/31 06:33:00 | 000,100,605 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa) DRV - [2005/05/31 06:33:00 | 000,098,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf) DRV - [2005/05/31 06:33:00 | 000,086,876 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs) DRV - [2005/05/31 06:33:00 | 000,034,845 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs) DRV - [2005/05/31 06:33:00 | 000,025,725 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio) DRV - [2005/05/31 06:33:00 | 000,015,069 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio) DRV - [2005/05/31 06:33:00 | 000,006,365 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool) DRV - [2005/05/31 06:33:00 | 000,004,125 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct) DRV - [2005/05/31 06:33:00 | 000,002,241 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres) DRV - [2005/05/13 11:37:28 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5) DRV - [2005/05/13 11:37:20 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln) DRV - [2005/04/22 04:22:00 | 000,088,352 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb) DRV - [2005/04/21 03:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm) DRV - [2005/02/11 12:24:24 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex) DRV - [2005/02/11 12:22:48 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt) DRV - [2005/02/11 12:21:10 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm) DRV - [2005/02/11 12:21:02 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl) DRV - [2005/02/11 12:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM) DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl) DRV - [2003/11/17 22:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2) DRV - [2003/11/17 22:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2003/11/17 22:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA) DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2517947933-2399065429-2790057291-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-2517947933-2399065429-2790057291-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms} IE - HKU\S-1-5-21-2517947933-2399065429-2790057291-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0 FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4 FF - prefs.js..extensions.enabledItems: {85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}:1.4 FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\ [2010/09/21 01:39:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/13 18:23:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/13 18:23:47 | 000,000,000 | ---D | M] [2009/10/31 01:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\Mozilla\Extensions [2009/05/24 02:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\Mozilla\Extensions\mozswing@mozswing.org [2010/09/15 19:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\Mozilla\Firefox\Profiles\djvoi36x.default\extensions [2010/05/20 17:17:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mandeep\Application Data\Mozilla\Firefox\Profiles\djvoi36x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/09/15 19:22:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2007/07/21 01:41:42 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/08/20 01:04:11 | 000,000,000 | ---D | M] (VideoGet FireFox extension) -- C:\Program Files\Mozilla Firefox\extensions\{85E85FF9-E50C-42DE-8A3D-61485FD6C8DB} [2010/09/07 22:06:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/09/21 01:09:46 | 000,065,536 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\FFComm.dll [2008/09/04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll [2010/05/03 17:06:30 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2004/02/20 21:14:09 | 000,176,177 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll [2009/10/16 19:18:41 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2009/10/16 19:18:41 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2009/10/16 19:18:41 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2009/10/16 19:18:41 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2010/09/11 22:58:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender) O3 - HKU\S-1-5-21-2517947933-2399065429-2790057291-1006\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [bDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.) O4 - HKLM..\Run: [bitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (BitDefender) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-2517947933-2399065429-2790057291-1006..\RunOnce: [shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2517947933-2399065429-2790057291-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2517947933-2399065429-2790057291-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-2517947933-2399065429-2790057291-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-2517947933-2399065429-2790057291-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe File not found O9 - Extra 'Tools' menuitem : EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe File not found O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software) O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found O15 - HKU\.DEFAULT\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O15 - HKU\S-1-5-18\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab (Reg Error: Key error.) O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (Reg Error: Key error.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab46783.cab (Reg Error: Key error.) O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} http://musicstore.connect.com/XSL/mb_us/ht...ALStreaming.cab (MALPlaybackCtrl Class) O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab (Reg Error: Key error.) O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab (QDiagAOLCCUpdateObj Class) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab (Reg Error: Key error.) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Reg Error: Key error.) O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} http://launch.gamespyarcade.com/software/launch/alaunch.cab (Reg Error: Key error.) O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} http://imlive.com/chatsource/ImlCID.cab (Reg Error: Key error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (Reg Error: Key error.) O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMesse...pDownloader.cab (Reg Error: Key error.) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab (Reg Error: Key error.) O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab (Reg Error: Key error.) O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} http://www.systemrequirementslab.com/sysreqlab.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (VodClient Control Class) O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab41227.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/zone/datafiles/heartbeat.cab (Reg Error: Key error.) O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} http://67.15.101.3/g_bin/eng/snooker_2_0_0_28.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Mandeep\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mandeep\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\System32\ZWebAuth.dll () O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010/09/23 01:17:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010/09/21 00:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mandeep\Application Data\BitDefender [2010/09/21 00:57:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender [2010/09/21 00:57:35 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender [2010/09/21 00:57:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender [2010/09/20 02:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX [2010/09/11 23:08:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010/09/06 20:05:36 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/09/06 19:59:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/09/06 19:59:39 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/09/06 19:59:39 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/09/06 19:59:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/09/06 19:59:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/09/06 19:58:17 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/09/05 16:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mandeep\Desktop\JavaRa [2010/08/31 02:40:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2010/08/16 20:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010/06/25 21:48:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mandeep\Recent [2006/11/20 10:01:08 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\AMCap.exe [13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010/09/23 00:46:26 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/09/23 00:46:09 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/09/21 01:40:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/09/21 01:39:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/09/21 01:39:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/09/21 01:39:47 | 526,536,704 | -HS- | M] () -- C:\hiberfil.sys [2010/09/21 01:38:26 | 009,437,184 | ---- | M] () -- C:\Documents and Settings\Mandeep\ntuser.dat [2010/09/21 01:38:26 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Mandeep\ntuser.ini [2010/09/21 01:38:08 | 000,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI [2010/09/21 01:32:40 | 000,001,004 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml [2010/09/21 01:13:49 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin [2010/09/21 00:59:32 | 003,773,200 | -H-- | M] () -- C:\Documents and Settings\Mandeep\Local Settings\Application Data\IconCache.db [2010/09/21 00:58:05 | 000,001,863 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Antivirus 2009.lnk [2010/09/20 15:22:51 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Mandeep\Desktop\SpywareBlaster.lnk [2010/09/20 12:47:24 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2010/09/20 03:05:58 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\Mandeep\Desktop\DivX Movies.lnk [2010/09/20 03:04:11 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk [2010/09/20 03:02:28 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk [2010/09/15 03:11:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/09/14 02:14:44 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\Mandeep\Desktop\iTunes.lnk [2010/09/14 01:56:57 | 000,114,176 | ---- | M] () -- C:\Documents and Settings\Mandeep\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/09/14 00:47:58 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Mandeep\Desktop\Shortcut to 100CASIO Wedding.lnk [2010/09/11 22:58:44 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/09/11 22:58:20 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/09/11 21:51:58 | 003,842,655 | R--- | M] () -- C:\Documents and Settings\Mandeep\Desktop\Combo-Fix.exe [2010/09/09 14:35:24 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Mandeep\Desktop\SystemLook.exe [2010/09/06 20:05:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2010/09/05 19:45:11 | 000,007,636 | ---- | M] () -- C:\Documents and Settings\Mandeep\My Documents\Turkmenistan Airlines Complaint Letter.doc [2010/09/05 19:43:24 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Mandeep\My Documents\Turkmenistan Airlines Complaint Letter.wps [2010/09/04 22:37:47 | 000,005,705 | ---- | M] () -- C:\Documents and Settings\Mandeep\Desktop\Attach.rar [2010/09/03 22:18:43 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Mandeep\defogger_reenable [2010/08/31 02:38:44 | 000,000,444 | ---- | M] () -- C:\WINDOWS\win.ini [2010/08/31 02:38:44 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2010/08/19 01:09:07 | 000,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml [2010/08/16 20:58:36 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Mandeep\Desktop\Hijackthis.lnk [2010/08/14 09:47:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/08/13 02:20:44 | 000,278,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/08/12 02:49:52 | 000,508,476 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/08/12 02:49:52 | 000,446,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/08/12 02:49:52 | 000,073,346 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/08/05 11:07:02 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Mandeep\My Documents\CV hameet.doc.wps [2010/06/25 01:42:59 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Mandeep\Local Settings\Application Data\housecall.guid.cache [13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/09/20 03:04:11 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk [2010/09/20 03:02:28 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk [2010/09/14 00:47:58 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\Mandeep\Desktop\Shortcut to 100CASIO Wedding.lnk [2010/09/09 14:35:24 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Mandeep\Desktop\SystemLook.exe [2010/09/06 20:05:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010/09/06 20:05:42 | 000,260,272 | RHS- | C] () -- C:\cmldr [2010/09/06 19:59:39 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/09/06 19:59:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/09/06 19:59:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/09/06 19:59:39 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/09/06 19:59:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/09/06 19:54:35 | 003,842,655 | R--- | C] () -- C:\Documents and Settings\Mandeep\Desktop\Combo-Fix.exe [2010/09/05 19:33:34 | 000,007,636 | ---- | C] () -- C:\Documents and Settings\Mandeep\My Documents\Turkmenistan Airlines Complaint Letter.doc [2010/09/05 19:32:04 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Mandeep\My Documents\Turkmenistan Airlines Complaint Letter.wps [2010/09/04 23:30:33 | 526,536,704 | -HS- | C] () -- C:\hiberfil.sys [2010/09/03 22:42:31 | 000,005,705 | ---- | C] () -- C:\Documents and Settings\Mandeep\Desktop\Attach.rar [2010/09/03 22:18:25 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Mandeep\defogger_reenable [2010/08/05 11:07:02 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Mandeep\My Documents\CV hameet.doc.wps [2010/07/14 20:39:31 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2010/06/25 01:42:59 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Mandeep\Local Settings\Application Data\housecall.guid.cache [2009/09/11 16:02:40 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll [2009/09/11 16:02:40 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll [2009/09/11 16:02:40 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll [2009/09/11 16:02:40 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll [2009/07/24 02:57:06 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2009/06/15 18:31:45 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI [2008/12/31 17:25:42 | 000,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini [2008/12/24 19:27:00 | 000,000,472 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini [2008/10/09 15:31:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll [2008/08/11 22:33:40 | 000,000,002 | -HS- | C] () -- C:\Documents and Settings\Mandeep\Application Data\evf [2008/05/22 18:43:14 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2008/03/01 16:33:46 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Mandeep\Local Settings\Application Data\fusioncache.dat [2007/06/29 12:07:36 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini [2007/04/10 19:27:15 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2007/02/26 17:49:54 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini [2007/02/26 17:49:53 | 000,565,311 | ---- | C] () -- C:\WINDOWS\gmer.dll [2007/02/21 18:26:03 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll [2007/01/31 13:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll [2007/01/02 23:35:30 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\peer.ini [2006/12/18 20:58:54 | 000,000,397 | ---- | C] () -- C:\WINDOWS\lexstat.ini [2006/12/18 20:58:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll [2006/12/18 20:57:50 | 000,000,270 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.ini [2006/10/17 19:19:22 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2006/08/29 17:43:06 | 000,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini [2006/08/20 19:24:22 | 000,102,912 | R--- | C] () -- C:\WINDOWS\System32\JPEGCODE.DLL [2006/07/05 15:52:32 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll [2006/06/10 22:12:58 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Mandeep\Application Data\iScrobbler.ini [2006/04/14 20:25:31 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/04/05 00:05:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll [2006/04/05 00:05:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll [2006/03/28 16:38:21 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2006/03/24 04:01:20 | 000,004,296 | ---- | C] () -- C:\WINDOWS\pp21cn.dll [2006/02/08 17:15:15 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2005/12/31 19:59:46 | 000,000,272 | ---- | C] () -- C:\WINDOWS\Clony2.ini [2005/12/30 21:54:32 | 000,114,176 | ---- | C] () -- C:\Documents and Settings\Mandeep\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005/12/14 23:55:12 | 000,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll [2005/12/14 23:46:59 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2005/12/14 22:38:55 | 000,000,541 | ---- | C] () -- C:\WINDOWS\AppRun.ini [2005/12/14 22:38:22 | 000,000,448 | ---- | C] () -- C:\WINDOWS\dellstat.ini [2005/12/08 16:26:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/12/08 15:58:30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll [2005/12/08 15:58:30 | 000,000,200 | ---- | C] () -- C:\WINDOWS\System32\dlbcplc.ini [2005/12/08 15:58:28 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini [2005/12/08 15:58:04 | 000,000,402 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/05/12 08:25:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2003/03/27 17:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini ========== LOP Check ========== [2010/09/21 01:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender [2006/12/18 21:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2007/04/24 19:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success [2007/12/14 19:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft [2007/04/24 19:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hazard Perception Training [2008/03/27 00:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations [2006/11/29 22:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm [2009/09/11 16:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software [2006/07/05 16:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2009/12/22 20:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2008/12/31 19:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore [2009/02/07 22:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\AVGTOOLBAR [2010/09/21 00:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\BitDefender [2010/01/05 05:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\BitTorrent [2009/06/24 17:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\DNA [2010/05/03 16:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\Facebook [2009/02/04 19:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\GetRightToGo [2009/06/21 23:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\GrabPro [2006/06/10 22:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\last.fm [2006/03/09 22:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\Leadertech [2009/05/24 22:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\LimeWire [2006/03/07 23:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\MobileAction [2005/12/31 20:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\My Games [2009/07/01 01:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\Orbit [2007/10/24 17:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\PowerChallenge [2007/01/02 23:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\PPLive [2007/01/13 02:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\PPMate [2008/02/24 16:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\ppStream [2007/05/20 21:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\Shareaza [2009/09/11 16:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\Simply Super Software [2008/06/05 20:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\Sports Interactive [2010/02/14 17:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\Spotify [2009/02/14 22:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\SystemRequirementsLab [2005/12/16 20:46:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\Template [2010/05/28 23:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\uTorrent [2008/03/24 18:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\Viewpoint ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 339 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 < End of report >

OTL logfile created on: 20/09/2010 18:29:48 - Run 1 OTL by OldTimer - Version 3.2.14.0 Folder = C:\Documents and Settings\Mandeep\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 502.00 Mb Total Physical Memory | 112.00 Mb Available Physical Memory | 22.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 71.45 Gb Total Space | 29.01 Gb Free Space | 40.60% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SIDHU Current User Name: Mandeep Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/09/20 16:11:42 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mandeep\My Documents\Downloads\OTL.exe PRC - [2010/09/17 00:01:42 | 000,975,928 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2010/09/01 07:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009/10/19 23:20:33 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/04/05 20:10:20 | 000,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe ========== Modules (SafeList) ========== MOD - [2010/09/20 16:11:42 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mandeep\My Documents\Downloads\OTL.exe MOD - [2009/10/19 23:21:24 | 000,102,400 | ---- | M] (RealPlayer) -- c:\Program Files\Real\realplayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll MOD - [2009/10/19 23:20:35 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll MOD - [2009/10/19 23:20:34 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll MOD - [2009/08/13 14:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan) SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt) SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009/09/24 11:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\WINDOWS\system32\nagasoft\vjocx.dll -- (vvdsvc) SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2008/04/05 20:10:20 | 000,607,576 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice) SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService) SRV - [2006/10/17 19:17:40 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2006/04/14 11:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2005/11/14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (trufos) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (profos) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Mandeep\LOCALS~1\Temp\mbr.sys -- (mbr) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Combo-Fix\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys -- (BDSelfPr) DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif) DRV - [2010/07/03 12:34:09 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010/02/18 23:40:39 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV) DRV - [2010/02/18 23:40:39 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr) DRV - [2008/12/10 19:42:46 | 000,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr) DRV - [2008/09/18 11:09:12 | 000,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm) DRV - [2008/04/13 19:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2008/04/13 19:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008/04/13 19:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007/10/25 19:31:08 | 000,616,064 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207) DRV - [2007/06/28 12:44:58 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd) DRV - [2007/06/28 12:44:18 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm) DRV - [2007/06/28 12:44:18 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj) DRV - [2007/06/28 12:44:16 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc) DRV - [2007/03/13 13:53:47 | 000,252,928 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv) DRV - [2006/10/17 19:09:04 | 000,035,072 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2006/07/14 01:02:22 | 000,013,696 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wsp_pkt.sys -- (wsppkt) DRV - [2006/07/14 01:01:16 | 000,013,824 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hnm_wrls_pkt.sys -- (hnmwrlspkt) DRV - [2006/07/14 01:00:58 | 000,013,440 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet) DRV - [2006/04/05 12:49:40 | 000,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\vaxscsi.sys -- (vaxscsi) DRV - [2006/04/05 12:47:01 | 000,642,560 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2005/12/19 22:15:34 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi) DRV - [2005/08/17 07:41:08 | 001,022,040 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2005/05/31 06:33:00 | 000,100,605 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa) DRV - [2005/05/31 06:33:00 | 000,098,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf) DRV - [2005/05/31 06:33:00 | 000,086,876 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs) DRV - [2005/05/31 06:33:00 | 000,034,845 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs) DRV - [2005/05/31 06:33:00 | 000,025,725 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio) DRV - [2005/05/31 06:33:00 | 000,015,069 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio) DRV - [2005/05/31 06:33:00 | 000,006,365 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool) DRV - [2005/05/31 06:33:00 | 000,004,125 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct) DRV - [2005/05/31 06:33:00 | 000,002,241 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres) DRV - [2005/05/13 11:37:28 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5) DRV - [2005/05/13 11:37:20 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln) DRV - [2005/04/22 04:22:00 | 000,088,352 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb) DRV - [2005/04/21 03:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm) DRV - [2005/02/11 12:24:24 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex) DRV - [2005/02/11 12:22:48 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt) DRV - [2005/02/11 12:21:10 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm) DRV - [2005/02/11 12:21:02 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl) DRV - [2005/02/11 12:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM) DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl) DRV - [2003/11/17 22:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2) DRV - [2003/11/17 22:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2003/11/17 22:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA) DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2517947933-2399065429-2790057291-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-2517947933-2399065429-2790057291-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms} IE - HKU\S-1-5-21-2517947933-2399065429-2790057291-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0 FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4 FF - prefs.js..extensions.enabledItems: {85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}:1.4 FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\ FF - HKLM\software\mozilla\Mozilla Firefox 3.5.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/13 18:23:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/13 18:23:47 | 000,000,000 | ---D | M] [2009/10/31 01:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\Mozilla\Extensions [2009/05/24 02:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\Mozilla\Extensions\mozswing@mozswing.org [2010/09/15 19:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\Mozilla\Firefox\Profiles\djvoi36x.default\extensions [2010/05/20 17:17:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mandeep\Application Data\Mozilla\Firefox\Profiles\djvoi36x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/09/15 19:22:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2007/07/21 01:41:42 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/08/20 01:04:11 | 000,000,000 | ---D | M] (VideoGet FireFox extension) -- C:\Program Files\Mozilla Firefox\extensions\{85E85FF9-E50C-42DE-8A3D-61485FD6C8DB} [2010/09/07 22:06:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/04/18 18:13:47 | 000,065,536 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\FFComm.dll [2008/09/04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll [2010/05/03 17:06:30 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2004/02/20 21:14:09 | 000,176,177 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll [2009/10/16 19:18:41 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2009/10/16 19:18:41 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2009/10/16 19:18:41 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2009/10/16 19:18:41 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2010/09/11 22:58:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll File not found O3 - HKU\S-1-5-21-2517947933-2399065429-2790057291-1006\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-2517947933-2399065429-2790057291-1006..\RunOnce: [shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2517947933-2399065429-2790057291-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2517947933-2399065429-2790057291-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-2517947933-2399065429-2790057291-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-2517947933-2399065429-2790057291-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe File not found O9 - Extra 'Tools' menuitem : EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe File not found O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software) O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found O15 - HKU\.DEFAULT\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O15 - HKU\S-1-5-18\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab (Reg Error: Key error.) O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (Reg Error: Key error.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab46783.cab (Reg Error: Key error.) O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} http://musicstore.connect.com/XSL/mb_us/ht...ALStreaming.cab (MALPlaybackCtrl Class) O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab (Reg Error: Key error.) O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab (QDiagAOLCCUpdateObj Class) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab (Reg Error: Key error.) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Reg Error: Key error.) O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} http://launch.gamespyarcade.com/software/launch/alaunch.cab (Reg Error: Key error.) O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} http://imlive.com/chatsource/ImlCID.cab (Reg Error: Key error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (Reg Error: Key error.) O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMesse...pDownloader.cab (Reg Error: Key error.) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab (Reg Error: Key error.) O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab (Reg Error: Key error.) O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} http://www.systemrequirementslab.com/sysreqlab.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (VodClient Control Class) O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab41227.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/zone/datafiles/heartbeat.cab (Reg Error: Key error.) O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} http://67.15.101.3/g_bin/eng/snooker_2_0_0_28.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Mandeep\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mandeep\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\System32\ZWebAuth.dll () O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010/09/20 02:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX [2010/09/11 23:08:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010/09/06 20:05:36 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/09/06 19:59:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/09/06 19:59:39 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/09/06 19:59:39 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/09/06 19:59:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/09/06 19:59:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/09/06 19:58:17 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/09/05 16:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mandeep\Desktop\JavaRa [2010/08/31 02:40:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2010/08/16 20:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010/06/25 21:48:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mandeep\Recent [2010/06/24 20:38:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mandeep\Local Settings\Application Data\cache [2006/11/20 10:01:08 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\AMCap.exe [13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010/09/20 17:46:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/09/20 15:22:51 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Mandeep\Desktop\SpywareBlaster.lnk [2010/09/20 15:20:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/09/20 15:20:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/09/20 15:19:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/09/20 15:19:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/09/20 15:19:51 | 526,536,704 | -HS- | M] () -- C:\hiberfil.sys [2010/09/20 14:23:05 | 009,437,184 | ---- | M] () -- C:\Documents and Settings\Mandeep\ntuser.dat [2010/09/20 14:23:05 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Mandeep\ntuser.ini [2010/09/20 12:47:24 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2010/09/20 03:05:58 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\Mandeep\Desktop\DivX Movies.lnk [2010/09/20 03:04:11 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk [2010/09/20 03:02:28 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk [2010/09/15 03:11:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/09/14 02:14:44 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\Mandeep\Desktop\iTunes.lnk [2010/09/14 01:56:57 | 000,114,176 | ---- | M] () -- C:\Documents and Settings\Mandeep\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/09/14 00:47:58 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Mandeep\Desktop\Shortcut to 100CASIO Wedding.lnk [2010/09/11 22:58:44 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/09/11 22:58:20 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/09/11 21:51:58 | 003,842,655 | R--- | M] () -- C:\Documents and Settings\Mandeep\Desktop\Combo-Fix.exe [2010/09/11 02:15:46 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin [2010/09/09 14:35:24 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Mandeep\Desktop\SystemLook.exe [2010/09/06 20:05:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2010/09/05 19:45:11 | 000,007,636 | ---- | M] () -- C:\Documents and Settings\Mandeep\My Documents\Turkmenistan Airlines Complaint Letter.doc [2010/09/05 19:43:24 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Mandeep\My Documents\Turkmenistan Airlines Complaint Letter.wps [2010/09/04 22:37:47 | 000,005,705 | ---- | M] () -- C:\Documents and Settings\Mandeep\Desktop\Attach.rar [2010/09/03 22:18:43 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Mandeep\defogger_reenable [2010/08/31 02:38:44 | 000,000,444 | ---- | M] () -- C:\WINDOWS\win.ini [2010/08/31 02:38:44 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2010/08/23 19:36:54 | 000,000,807 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml [2010/08/19 03:38:33 | 000,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI [2010/08/19 01:09:07 | 000,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml [2010/08/16 20:58:36 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Mandeep\Desktop\Hijackthis.lnk [2010/08/14 11:06:23 | 003,772,846 | -H-- | M] () -- C:\Documents and Settings\Mandeep\Local Settings\Application Data\IconCache.db [2010/08/14 09:47:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/08/13 02:20:44 | 000,278,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/08/12 02:49:52 | 000,508,476 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/08/12 02:49:52 | 000,446,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/08/12 02:49:52 | 000,073,346 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/08/05 11:07:02 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Mandeep\My Documents\CV hameet.doc.wps [2010/06/25 01:42:59 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Mandeep\Local Settings\Application Data\housecall.guid.cache [13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/09/20 03:04:11 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk [2010/09/20 03:02:28 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk [2010/09/14 00:47:58 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\Mandeep\Desktop\Shortcut to 100CASIO Wedding.lnk [2010/09/09 14:35:24 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Mandeep\Desktop\SystemLook.exe [2010/09/06 20:05:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010/09/06 20:05:42 | 000,260,272 | RHS- | C] () -- C:\cmldr [2010/09/06 19:59:39 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/09/06 19:59:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/09/06 19:59:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/09/06 19:59:39 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/09/06 19:59:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/09/06 19:54:35 | 003,842,655 | R--- | C] () -- C:\Documents and Settings\Mandeep\Desktop\Combo-Fix.exe [2010/09/05 19:33:34 | 000,007,636 | ---- | C] () -- C:\Documents and Settings\Mandeep\My Documents\Turkmenistan Airlines Complaint Letter.doc [2010/09/05 19:32:04 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Mandeep\My Documents\Turkmenistan Airlines Complaint Letter.wps [2010/09/04 23:30:33 | 526,536,704 | -HS- | C] () -- C:\hiberfil.sys [2010/09/03 22:42:31 | 000,005,705 | ---- | C] () -- C:\Documents and Settings\Mandeep\Desktop\Attach.rar [2010/09/03 22:18:25 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Mandeep\defogger_reenable [2010/08/05 11:07:02 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Mandeep\My Documents\CV hameet.doc.wps [2010/07/14 20:39:31 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2010/06/25 01:42:59 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Mandeep\Local Settings\Application Data\housecall.guid.cache [2009/09/11 16:02:40 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll [2009/09/11 16:02:40 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll [2009/09/11 16:02:40 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll [2009/09/11 16:02:40 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll [2009/07/24 02:57:06 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2009/06/15 18:31:45 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI [2008/12/31 17:25:42 | 000,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini [2008/12/24 19:27:00 | 000,000,472 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini [2008/10/09 15:31:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll [2008/08/11 22:33:40 | 000,000,002 | -HS- | C] () -- C:\Documents and Settings\Mandeep\Application Data\evf [2008/05/22 18:43:14 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2008/03/01 16:33:46 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Mandeep\Local Settings\Application Data\fusioncache.dat [2007/06/29 12:07:36 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini [2007/04/10 19:27:15 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2007/02/26 17:49:54 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini [2007/02/26 17:49:53 | 000,565,311 | ---- | C] () -- C:\WINDOWS\gmer.dll [2007/02/21 18:26:03 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll [2007/01/31 13:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll [2007/01/02 23:35:30 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\peer.ini [2006/12/18 20:58:54 | 000,000,397 | ---- | C] () -- C:\WINDOWS\lexstat.ini [2006/12/18 20:58:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll [2006/12/18 20:57:50 | 000,000,270 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.ini [2006/10/17 19:19:22 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2006/08/29 17:43:06 | 000,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini [2006/08/20 19:24:22 | 000,102,912 | R--- | C] () -- C:\WINDOWS\System32\JPEGCODE.DLL [2006/07/05 15:52:32 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll [2006/06/10 22:12:58 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Mandeep\Application Data\iScrobbler.ini [2006/04/14 20:25:31 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/04/05 00:05:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll [2006/04/05 00:05:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll [2006/03/28 16:38:21 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2006/03/24 04:01:20 | 000,004,296 | ---- | C] () -- C:\WINDOWS\pp21cn.dll [2006/02/08 17:15:15 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2005/12/31 19:59:46 | 000,000,272 | ---- | C] () -- C:\WINDOWS\Clony2.ini [2005/12/30 21:54:32 | 000,114,176 | ---- | C] () -- C:\Documents and Settings\Mandeep\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005/12/14 23:55:12 | 000,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll [2005/12/14 23:46:59 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2005/12/14 22:38:55 | 000,000,541 | ---- | C] () -- C:\WINDOWS\AppRun.ini [2005/12/14 22:38:22 | 000,000,448 | ---- | C] () -- C:\WINDOWS\dellstat.ini [2005/12/08 16:26:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/12/08 15:58:30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll [2005/12/08 15:58:30 | 000,000,200 | ---- | C] () -- C:\WINDOWS\System32\dlbcplc.ini [2005/12/08 15:58:28 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini [2005/12/08 15:58:04 | 000,000,402 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/05/12 08:25:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2003/03/27 17:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini ========== LOP Check ========== [2006/12/18 21:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2007/04/24 19:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success [2007/12/14 19:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft [2007/04/24 19:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hazard Perception Training [2008/03/27 00:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations [2006/11/29 22:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm [2009/09/11 16:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software [2006/07/05 16:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2009/12/22 20:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2008/12/31 19:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore [2009/02/07 22:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\AVGTOOLBAR [2010/01/05 05:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\BitTorrent [2009/06/24 17:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\DNA [2010/05/03 16:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\Facebook [2009/02/04 19:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\GetRightToGo [2009/06/21 23:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\GrabPro [2006/06/10 22:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\last.fm [2006/03/09 22:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\Leadertech [2009/05/24 22:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\LimeWire [2006/03/07 23:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\MobileAction [2005/12/31 20:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\My Games [2009/07/01 01:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\Orbit [2007/10/24 17:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\PowerChallenge [2007/01/02 23:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\PPLive [2007/01/13 02:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\PPMate [2008/02/24 16:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\ppStream [2007/05/20 21:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\Shareaza [2009/09/11 16:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\Simply Super Software [2008/06/05 20:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\Sports Interactive [2010/02/14 17:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\Spotify [2009/02/14 22:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\SystemRequirementsLab [2005/12/16 20:46:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\Template [2010/05/28 23:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\uTorrent [2008/03/24 18:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandeep\Application Data\Viewpoint ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 339 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 < End of report > OTL Extras logfile created on: 20/09/2010 18:29:48 - Run 1 OTL by OldTimer - Version 3.2.14.0 Folder = C:\Documents and Settings\Mandeep\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 502.00 Mb Total Physical Memory | 112.00 Mb Available Physical Memory | 22.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 71.45 Gb Total Space | 29.01 Gb Free Space | 40.60% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SIDHU Current User Name: Mandeep Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-2517947933-2399065429-2790057291-1006\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [browse with Paint Shop Pro Studio] -- "C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\\Paint Shop Pro Studio.exe" "/Browse" "%L" (Jasc Software, Inc.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol "10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- File not found "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com) "C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast -- (www.sopcast.com) "C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVU Player Component -- (TVU Networks) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\GameSpy Arcade\Aphex.exe" = C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- (IGN Entertainment, Inc.) "C:\Program Files\TVAnts\Tvants.exe" = C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Program Files\Red Storm Entertainment\Rogue Spear\RogueSpear.exe" = C:\Program Files\Red Storm Entertainment\Rogue Spear\RogueSpear.exe:*:Enabled:RogueSpear -- () "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks) "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC) "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- (Veoh Networks) "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.) "C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.) "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) "C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB) "C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) "C:\Documents and Settings\Mandeep\Desktop\Unused Desktop Shortcuts\utorrent.exe" = C:\Documents and Settings\Mandeep\Desktop\Unused Desktop Shortcuts\utorrent.exe:*:Enabled:

Nah, BitDefender was the antivirus. I haven't used AVG in years, the leftovers must have been from AVG. I'll re-install it later though, so no major problems. The computer is still running as it was, very unresponsive. What scan should i do next?

Sorry, the wrong log was attached. The correct one is attached to this post ComboFix.txt

The log file is very large so I've attached it again. The scan has deleted BitDefender so I'm working without an antivirus program at the moment! log.txt

Sorry, I keep getting the error message that the log is too long for a single post. I've added it as an attachment instead SystemLook.txt

ComboFix 10-09-07.01 - Mandeep 08/09/2010 3:33.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.231 [GMT 1:00] Running from: c:\documents and settings\Mandeep\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Mandeep\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Norton c:\documents and settings\All Users\Application Data\Norton\symdata.xml c:\documents and settings\All Users\Application Data\Viewpoint c:\program files\Common Files\Symantec Shared c:\program files\Norton Security Scan . ((((((((((((((((((((((((( Files Created from 2010-08-08 to 2010-09-08 ))))))))))))))))))))))))))))))) . 2010-08-31 01:40 . 2010-08-31 01:40 -------- d--h--w- c:\windows\PIF 2010-08-16 19:58 . 2010-08-16 19:58 -------- d-----w- c:\program files\Trend Micro . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-07 21:02 . 2008-08-16 11:46 -------- d-----w- c:\program files\Microsoft Silverlight 2010-09-07 01:32 . 2009-06-15 17:30 81984 ----a-w- c:\windows\system32\bdod.bin 2010-09-06 19:21 . 2006-03-11 17:31 -------- d-----w- c:\program files\Extension Changer 2010-09-05 14:42 . 2005-12-14 23:10 -------- d-----w- c:\program files\Common Files\Adobe 2010-09-03 17:48 . 2007-02-08 18:41 -------- d-----w- c:\program files\SpywareBlaster 2010-08-26 23:13 . 2007-01-10 17:25 -------- d-----w- c:\program files\Full Tilt Poker 2010-08-12 01:52 . 2009-01-09 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-08-02 13:04 . 2007-12-11 19:48 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-06-30 12:31 . 2004-08-10 12:51 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:22 . 2004-08-10 12:51 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-23 13:44 . 2004-08-10 12:51 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2005-12-08 14:56 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2004-08-10 12:51 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 07:41 . 2004-08-10 12:51 1172480 ----a-w- c:\windows\system32\msxml3.dll 2006-11-20 09:01 . 2006-11-20 09:01 163840 ----a-w- c:\program files\Common Files\AMCap.exe 2010-04-18 17:13 . 2008-10-30 16:34 65536 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll 2005-10-27 00:14 . 2005-10-27 00:16 184565 --sha-r- c:\windows\system32\patcher.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2010-04-18 782336] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-09-11 69632] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-19 198160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-23 18:49 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk backup=c:\windows\pss\dlbcserv.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Mandeep^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=c:\documents and settings\Mandeep\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Mandeep^Start Menu^Programs^Startup^Xfire.lnk] path=c:\documents and settings\Mandeep\Start Menu\Programs\Startup\Xfire.lnk backup=c:\windows\pss\Xfire.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\%FP%Friendly fts.exe] 2003-05-06 09:28 72192 ----a-w- c:\program files\VoyagerTest\fts.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3dfx Tools] 2000-10-19 14:44 118784 ----a-w- c:\windows\system32\3dfxCmn.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] 2009-06-23 16:59 321344 ----a-w- c:\program files\DNA\btdna.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] 2005-11-08 22:00 128920 ----a-w- c:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] 2007-03-15 10:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] 2005-05-31 05:33 122941 ----a-w- c:\windows\system32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] 2005-02-23 16:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] 2005-12-16 01:38 50792 ----a-w- c:\program files\Common Files\AOL\1139417421\ee\aolsoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] 2005-10-14 13:46 77824 ----a-w- c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] 2005-10-14 13:50 114688 ----a-w- c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] 2005-10-14 13:49 94208 ----a-w- c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2004-07-27 16:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2004-07-27 16:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2007-03-14 19:05 257088 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series] 2006-07-13 05:22 57344 ----a-w- c:\program files\Lexmark 1200 Series\lxczbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor] 2006-11-03 11:01 319488 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC207_Monitor] 2006-11-03 11:01 319488 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-06-29 05:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] 2009-10-19 22:20 222728 ----a-w- c:\program files\Real\realplayer\realplay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics] 2004-01-26 10:38 866816 ----a-w- c:\program files\Thomson\SpeedTouch USB\dragdiag.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2010-08-02 13:04 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkTalk] 2005-08-15 23:12 192512 ----a-w- c:\program files\TalkTalk\bin\sprtcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2009-10-19 22:20 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner] 2009-09-04 15:39 1069960 ----a-w- c:\program files\Trojan Remover\Trjscan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] 2007-10-17 00:29 3313664 ----a-w- c:\program files\Veoh Networks\Veoh\VeohClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin] 2009-05-19 23:26 3561720 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\GameSpy Arcade\\Aphex.exe"= "c:\\Program Files\\TVAnts\\Tvants.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Red Storm Entertainment\\Rogue Spear\\RogueSpear.exe"= "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\Xfire\\Xfire.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Documents and Settings\\Mandeep\\Desktop\\Unused Desktop Shortcuts\\utorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol "10426:UDP"= 10426:UDP:SingleClick ICC R2 gupdate1ca5109915e350a;Google Update Service (gupdate1ca5109915e350a);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-19 133104] R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784] R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2006-10-17 35072] R3 PAC207;PC Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2007-10-25 616064] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-18 12872] R3 vaxscsi;vaxscsi;c:\windows\System32\Drivers\vaxscsi.sys [2006-04-05 223128] R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2006-04-05 642560] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-18 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-07-03 67656] S2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\DRIVERS\hnm_wrls_pkt.sys [2006-07-14 13824] S2 wsppkt;Wireless Security Protocol;c:\windows\system32\DRIVERS\wsp_pkt.sys [2006-07-14 13696] S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan vvdsvc REG_MULTI_SZ vvdsvc . Contents of the 'Scheduled Tasks' folder 2010-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42] 2010-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-19 22:14] 2010-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-19 22:14] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms} uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} - hxxp://67.15.101.3/g_bin/eng/snooker_2_0_0_28.cab FF - ProfilePath - c:\documents and settings\Mandeep\Application Data\Mozilla\Firefox\Profiles\djvoi36x.default\ FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll FF - plugin: c:\documents and settings\Mandeep\Application Data\Facebook\npfbplugin_1_0_3.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Veetle\Player\npvlc.dll FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-08 03:46 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2517947933-2399065429-2790057291-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(680) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . Completion time: 2010-09-08 04:07:51 ComboFix-quarantined-files.txt 2010-09-08 03:07 ComboFix2.txt 2010-09-06 20:01 Pre-Run: 32,063,545,344 bytes free Post-Run: 32,048,640,000 bytes free Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5 - - End Of File - - 2CFAE1B24B7D65313F1EA8136879108D

ComboFix 10-09-06.02 - Mandeep 06/09/2010 20:10:48.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.225 [GMT 1:00] Running from: c:\documents and settings\Mandeep\Desktop\Combo-Fix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Mandeep\Application Data\Kaspersky_Key_Finder_(KKF c:\documents and settings\Mandeep\Application Data\Kaspersky_Key_Finder_(KKF\Kaspersky_Key_Finder_V1.5_Url_dxdpsr41ps1m2f20ucs3w2sl34srz15d\1.5.2.0\user.config c:\documents and settings\Mandeep\err.log c:\program files\Extension Changer\extmain.exe c:\windows\system32\_000008_.tmp.dll c:\windows\system32\dumphive.exe c:\windows\system32\logs c:\windows\system32\logs\{4C063648-43F2-40F3-84C8-B11242D88ADB}.log c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\winmain32 c:\windows\winmain32\winsys.nls.ln . ((((((((((((((((((((((((( Files Created from 2010-08-06 to 2010-09-06 ))))))))))))))))))))))))))))))) . 2010-08-31 01:40 . 2010-08-31 01:40 -------- d--h--w- c:\windows\PIF 2010-08-16 19:58 . 2010-08-16 19:58 -------- d-----w- c:\program files\Trend Micro . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-06 19:21 . 2006-03-11 17:31 -------- d-----w- c:\program files\Extension Changer 2010-09-05 15:11 . 2005-12-08 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2010-09-05 14:45 . 2010-01-20 18:00 -------- d-----w- c:\program files\Norton Security Scan 2010-09-05 14:45 . 2009-11-19 22:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-09-05 14:45 . 2009-11-19 22:21 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-09-05 14:42 . 2005-12-14 23:10 -------- d-----w- c:\program files\Common Files\Adobe 2010-09-03 17:48 . 2007-02-08 18:41 -------- d-----w- c:\program files\SpywareBlaster 2010-08-26 23:13 . 2007-01-10 17:25 -------- d-----w- c:\program files\Full Tilt Poker 2010-08-19 02:39 . 2009-06-15 17:30 81984 ----a-w- c:\windows\system32\bdod.bin 2010-08-12 01:52 . 2009-01-09 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-08-02 13:04 . 2007-12-11 19:48 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-06-30 12:31 . 2004-08-10 12:51 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:22 . 2004-08-10 12:51 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-23 13:44 . 2004-08-10 12:51 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2005-12-08 14:56 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2004-08-10 12:51 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 07:41 . 2004-08-10 12:51 1172480 ----a-w- c:\windows\system32\msxml3.dll 2006-11-20 09:01 . 2006-11-20 09:01 163840 ----a-w- c:\program files\Common Files\AMCap.exe 2010-04-18 17:13 . 2008-10-30 16:34 65536 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2010-04-18 782336] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-09-11 69632] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-19 198160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-23 18:49 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk backup=c:\windows\pss\dlbcserv.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Mandeep^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=c:\documents and settings\Mandeep\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Mandeep^Start Menu^Programs^Startup^Xfire.lnk] path=c:\documents and settings\Mandeep\Start Menu\Programs\Startup\Xfire.lnk backup=c:\windows\pss\Xfire.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\%FP%Friendly fts.exe] 2003-05-06 09:28 72192 ----a-w- c:\program files\VoyagerTest\fts.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3dfx Tools] 2000-10-19 14:44 118784 ----a-w- c:\windows\system32\3dfxCmn.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] 2009-06-23 16:59 321344 ----a-w- c:\program files\DNA\btdna.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] 2005-11-08 22:00 128920 ----a-w- c:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] 2007-03-15 10:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] 2005-05-31 05:33 122941 ----a-w- c:\windows\system32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] 2005-02-23 16:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] 2005-12-16 01:38 50792 ----a-w- c:\program files\Common Files\AOL\1139417421\ee\aolsoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] 2005-10-14 13:46 77824 ----a-w- c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] 2005-10-14 13:50 114688 ----a-w- c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] 2005-10-14 13:49 94208 ----a-w- c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2004-07-27 16:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2004-07-27 16:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2007-03-14 19:05 257088 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series] 2006-07-13 05:22 57344 ----a-w- c:\program files\Lexmark 1200 Series\lxczbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor] 2006-11-03 11:01 319488 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC207_Monitor] 2006-11-03 11:01 319488 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-06-29 05:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] 2009-10-19 22:20 222728 ----a-w- c:\program files\Real\realplayer\realplay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics] 2004-01-26 10:38 866816 ----a-w- c:\program files\Thomson\SpeedTouch USB\dragdiag.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2010-08-02 13:04 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkTalk] 2005-08-15 23:12 192512 ----a-w- c:\program files\TalkTalk\bin\sprtcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2009-10-19 22:20 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner] 2009-09-04 15:39 1069960 ----a-w- c:\program files\Trojan Remover\Trjscan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] 2007-10-17 00:29 3313664 ----a-w- c:\program files\Veoh Networks\Veoh\VeohClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin] 2009-05-19 23:26 3561720 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\GameSpy Arcade\\Aphex.exe"= "c:\\Program Files\\TVAnts\\Tvants.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Red Storm Entertainment\\Rogue Spear\\RogueSpear.exe"= "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\Xfire\\Xfire.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Documents and Settings\\Mandeep\\Desktop\\Unused Desktop Shortcuts\\utorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol "10426:UDP"= 10426:UDP:SingleClick ICC R2 gupdate1ca5109915e350a;Google Update Service (gupdate1ca5109915e350a);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-19 133104] R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784] R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2006-10-17 35072] R3 PAC207;PC Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2007-10-25 616064] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-18 12872] R3 vaxscsi;vaxscsi;c:\windows\System32\Drivers\vaxscsi.sys [2006-04-05 223128] R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2006-04-05 642560] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-18 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-07-03 67656] S2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\DRIVERS\hnm_wrls_pkt.sys [2006-07-14 13824] S2 wsppkt;Wireless Security Protocol;c:\windows\system32\DRIVERS\wsp_pkt.sys [2006-07-14 13696] S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan vvdsvc REG_MULTI_SZ vvdsvc . Contents of the 'Scheduled Tasks' folder 2010-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42] 2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-19 22:14] 2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-19 22:14] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms} uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} - hxxp://67.15.101.3/g_bin/eng/snooker_2_0_0_28.cab FF - ProfilePath - c:\documents and settings\Mandeep\Application Data\Mozilla\Firefox\Profiles\djvoi36x.default\ FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll FF - plugin: c:\documents and settings\Mandeep\Application Data\Facebook\npfbplugin_1_0_3.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Veetle\Player\npvlc.dll FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); . - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) SafeBoot-AVG Anti-Spyware Driver SafeBoot-AVG Anti-Spyware Guard MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe MSConfigStartUp-Anti-Blaxx Manager - c:\program files\Anti-Blaxx\Anti-Blaxx.exe MSConfigStartUp-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe MSConfigStartUp-MskAgentexe - c:\program files\McAfee\MSK\MskAgent.exe MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\msnmsgr.exe MSConfigStartUp-SiteAdvisor - c:\program files\SiteAdvisor\6261\SiteAdv.exe MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe MSConfigStartUp-Spyware Doctor - c:\progra~1\SPYWAR~2\swdoctor.exe MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0\bin\jusched.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-06 20:26 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,c3,75,b7,a4,0b,a0,45,bc,a7,a2,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,c3,75,b7,a4,0b,a0,45,bc,a7,a2,\ [HKEY_USERS\S-1-5-21-2517947933-2399065429-2790057291-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\System\MountedDevices] @Denied: (Read) (Administrators) "\\??\\Volume{1908ad64-6ce8-11da-8ea6-806d6172696f}"=hex:8c,73,f4,d0,00,0c,f1, 02,00,00,00,00 "\\??\\Volume{1908ad65-6ce8-11da-8ea6-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c, 00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,54,00,53,00,53,00,\ "\\DosDevices\\C:"=hex:8c,73,f4,d0,00,0c,f1,02,00,00,00,00 "\\DosDevices\\D:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00, 64,00,52,00,6f,00,6d,00,54,00,53,00,53,00,54,00,63,00,6f,00,72,00,70,00,5f,\ "\\??\\Volume{1908ad7a-6ce8-11da-8ea6-5050506f4531}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\DosDevices\\E:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00, 47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\ "\\??\\Volume{97a3a3b6-70d4-11da-8eb5-009096c23cd5}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\ "\\??\\Volume{0f8e4364-77c6-11da-8ec8-009096c23cd5}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\ "\\DosDevices\\F:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00, 47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\ "\\??\\Volume{00e8e1ba-77db-11da-8ecb-009096c23cd5}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\ "\\??\\Volume{89eea1fe-78ba-11da-8ece-009096c23cd5}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\ "\\DosDevices\\G:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,43,00,53,00,49,00,23,00, 43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,65,00,6e,00,5f,00,53,00,42,00,33,\ "\\??\\Volume{89eea202-78ba-11da-8ece-009096c23cd5}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\ "\\DosDevices\\H:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,43,00,53,00,49,00,23,00, 43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,65,00,6e,00,5f,00,53,00,42,00,33,\ "\\??\\Volume{89eea203-78ba-11da-8ece-009096c23cd5}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\ "\\DosDevices\\I:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00, 47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\ "\\??\\Volume{4a21be44-7a31-11da-8ed1-009096c23cd5}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\ "\\DosDevices\\J:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00, 47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\ "\\??\\Volume{919c1977-7dec-11da-8edb-009096c23cd5}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\ "\\??\\Volume{ea8ae594-ae26-11da-8f6d-009096c23cd5}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{4732df9c-c49a-11da-8fbb-009096c23cd5}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\ "\\??\\Volume{4732df9d-c49a-11da-8fbb-009096c23cd5}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\ "\\??\\Volume{2247548f-d5f4-11da-8ff0-009096c23cd5}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\ "\\??\\Volume{22475490-d5f4-11da-8ff0-009096c23cd5}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\ "\\??\\Volume{23480156-307b-11db-90df-000e50dba003}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{904127c2-4ce2-11dc-93b1-000e50dba003}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{cffe899e-a779-11dc-9452-000e50dba003}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{18b36b1c-d7ec-11dc-94a3-000e50dba003}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{0f5f93e2-f5ec-11dc-94dd-000e50dba003}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{e0856480-0bc7-11dd-9511-000e50dba003}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{9b9c5e66-487c-11dd-95af-000e50dba003}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{bc12425e-9e36-11dd-9697-000e50dba003}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{aa957d32-beea-11dd-96c0-000e50dba003}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{deee9394-ca42-11dd-96d2-000e50dba003}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{71040ed0-52aa-11de-97b6-001320ac7879}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{d1842c8a-a2e8-11de-9859-001320ac7879}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{56339b50-bb3f-11de-987d-001320ac7879}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{56339b51-bb3f-11de-987d-001320ac7879}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{449c7186-bfe1-11de-9882-001320ac7879}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{2bc13b50-517d-11df-993c-001320ac7879}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{2bc13b51-517d-11df-993c-001320ac7879}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{9337449e-6ffc-11df-9969-001320ac7879}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ "\\??\\Volume{4c3da6c2-a079-11df-99cc-001320ac7879}"=hex:5c,00,3f,00,3f,00,5c, 00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(684) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(1828) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\BitDefender\BitDefender 2009\seccenter.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2010-09-06 21:01:16 - machine was rebooted ComboFix-quarantined-files.txt 2010-09-06 20:01 Pre-Run: 32,859,975,680 bytes free Post-Run: 32,811,003,904 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5 - - End Of File - - 19E815586DDB375441187A05CA06D459

Hi Borislav, thanks for helping. I followed your instructions exactly and obtained the logs: JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sun Sep 05 16:04:30 2010 Found and removed: C:\WINDOWS\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142030} Found and removed: Software\JavaSoft\Java2D\1.5.0_03 Found and removed: Software\JavaSoft\Java2D\1.5.0_06 Found and removed: Software\JavaSoft\Java2D\1.5.0_09 Found and removed: Software\JavaSoft\Java2D\1.5.0_10 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_09 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510009 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511000 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410203 Found and removed: SOFTWARE\Classes\JavaPlugin.142_03 Found and removed: Software\Classes\JavaPlugin.160 ------------------------------------ Finished reporting. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4550 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 05/09/2010 16:27:59 mbam-log-2010-09-05 (16-27-59).txt Scan type: Quick scan Objects scanned: 135663 Time elapsed: 13 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS (Ver_10-03-17.01) - NTFSx86 Run by Mandeep at 19:56:14.09 on 05/09/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.259 [GMT 1:00] AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Mandeep\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms} uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\localsys64.exe, BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File TB: {5D956A61-05E7-427B-A2B1-BF32FB18B1BE} - No File TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.nationalexpress.com/coach/index.cfm?utm_source=Google&utm_medium=ppc" mRun: [bDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe" mRun: [bitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe IE: {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\empirepokermaster\empirepoker\RunEPoker.exe IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - c:\progra~1\nuclea~1\videoget\plugins\VIDEOG~1.DLL IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} - hxxp://zone.msn.com/bingame/zpagames/zpa_kqrp.cab46783.cab DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} - hxxp://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - hxxp://launch.gamespyarcade.com/software/launch/alaunch.cab DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} - hxxp://imlive.com/chatsource/ImlCID.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab47946.cab DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab31267.cab DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} - hxxp://www.systemrequirementslab.com/sysreqlab.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vexcast.com/download/vexcast.cab DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab41227.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} - hxxp://67.15.101.3/g_bin/eng/snooker_2_0_0_28.cab Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll LSA: Authentication Packages = msv1_0 c:\windows\system32\vtUnnMFv ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\mandeep\applic~1\mozilla\firefox\profiles\djvoi36x.default\ FF - component: c:\program files\mozilla firefox\components\FFComm.dll FF - plugin: c:\documents and settings\mandeep\application data\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); ============= SERVICES / DRIVERS =============== R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-22 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 67656] R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-10-29 607576] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-10-4 54752] R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-7-14 13824] R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-7-14 13696] R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-5-28 38224] S2 gupdate1ca5109915e350a;Google Update Service (gupdate1ca5109915e350a);c:\program files\google\update\GoogleUpdate.exe [2009-10-19 133104] S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2008-7-17 118784] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864] S3 mbr;mbr;\??\c:\docume~1\mandeep\locals~1\temp\mbr.sys --> c:\docume~1\mandeep\locals~1\temp\mbr.sys [?] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2006-10-17 35072] S3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [2007-10-25 616064] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 12872] S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2006-4-5 223128] =============== Created Last 30 ================ 2010-09-03 21:18:25 20 ----a-w- c:\documents and settings\mandeep\defogger_reenable 2010-08-31 01:40:11 0 d--h--w- c:\windows\PIF 2010-08-16 19:58:34 0 d-----w- c:\program files\Trend Micro ==================== Find3M ==================== 2010-08-19 02:39:39 81984 ----a-w- c:\windows\system32\bdod.bin 2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll 2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll 2010-06-24 16:51:58 11077120 ----a-w- c:\windows\system32\dllcache\ieframe.dll 2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll 2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2010-06-24 12:22:02 1210368 ----a-w- c:\windows\system32\dllcache\urlmon.dll 2010-06-24 12:22:01 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll 2010-06-24 12:22:01 5951488 ----a-w- c:\windows\system32\dllcache\mshtml.dll 2010-06-24 12:22:01 206848 ----a-w- c:\windows\system32\dllcache\occache.dll 2010-06-24 12:21:59 599040 ----a-w- c:\windows\system32\dllcache\msfeeds.dll 2010-06-24 12:21:59 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-06-24 12:21:59 25600 ----a-w- c:\windows\system32\dllcache\jsproxy.dll 2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll 2010-06-24 12:21:58 1986560 ----a-w- c:\windows\system32\dllcache\iertutil.dll 2010-06-24 12:21:58 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll 2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-24 12:21:55 387584 ----a-w- c:\windows\system32\dllcache\iedkcs32.dll 2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys 2010-06-23 12:08:09 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe 2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys 2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll 2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll 2006-11-20 09:01:08 163840 ----a-w- c:\program files\common files\AMCap.exe 2005-10-27 00:14:05 184565 --sha-r- c:\windows\system32\patcher.exe 2010-05-18 21:50:36 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat 2009-06-24 22:31:09 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat 2009-06-24 22:31:09 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009062420090625\index.dat 2010-05-18 21:50:36 98304 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat 2009-06-24 22:31:09 32768 --sha-w- c:\windows\system32\config\systemprofile\privacie\index.dat ============= FINISH: 20:01:04.65 ===============

Hi, So my computer has got to the point were it's ridiculously unresponsive. I mean I can't even stream videos without having google chrome giving me a few unresponsive page warnings. It is slow to start up, and I constantly have my browser crashing when surfing the internet(IE and chrome as well as firefox). I am using BitDefender antivirus and a scan with this did not make things any better. I use Windows XP and my computer is now about 6 or 7 years old, so I attribute the slowness to an accumulation of malware over time. I have also performed a scan with MBAM, and this returned no malware detections. I followed the instructions in http://forums.malwarebytes.org/index.php?showtopic=9573 exactly and obtained the required logs, which are listed below. DDS and MBAM ran ok, but I had to put the computer into Safe mode before GMER would complete a scan. The first few times I got the blue screen of death, but it worked after switching to Safe mode. I want to get my computer running smoothly again so I was hoping someone could instruct me how to remove the malware infecting it. Any advice would be much appreciated. Thanks DDS (Ver_10-03-17.01) - NTFSx86 Run by Mandeep at 22:33:45.71 on 03/09/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.247 [GMT 1:00] AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wuauclt.exe C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Mandeep\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms} uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\localsys64.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File TB: {5D956A61-05E7-427B-A2B1-BF32FB18B1BE} - No File TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.nationalexpress.com/coach/index.cfm?utm_source=Google&utm_medium=ppc" mRun: [bDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe" mRun: [bitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe IE: {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\empirepokermaster\empirepoker\RunEPoker.exe IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - c:\progra~1\nuclea~1\videoget\plugins\VIDEOG~1.DLL IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} - hxxp://zone.msn.com/bingame/zpagames/zpa_kqrp.cab46783.cab DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} - hxxp://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - hxxp://launch.gamespyarcade.com/software/launch/alaunch.cab DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} - hxxp://imlive.com/chatsource/ImlCID.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab47946.cab DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab31267.cab DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} - hxxp://www.systemrequirementslab.com/sysreqlab.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vexcast.com/download/vexcast.cab DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab41227.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} - hxxp://67.15.101.3/g_bin/eng/snooker_2_0_0_28.cab Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll LSA: Authentication Packages = msv1_0 c:\windows\system32\vtUnnMFv ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\mandeep\applic~1\mozilla\firefox\profiles\djvoi36x.default\ FF - component: c:\program files\mozilla firefox\components\FFComm.dll FF - plugin: c:\documents and settings\mandeep\application data\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); ============= SERVICES / DRIVERS =============== R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-22 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 67656] R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-10-29 607576] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-10-4 54752] R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-7-14 13824] R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-7-14 13696] R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112] S2 gupdate1ca5109915e350a;Google Update Service (gupdate1ca5109915e350a);c:\program files\google\update\GoogleUpdate.exe [2009-10-19 133104] S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2008-7-17 118784] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864] S3 mbr;mbr;\??\c:\docume~1\mandeep\locals~1\temp\mbr.sys --> c:\docume~1\mandeep\locals~1\temp\mbr.sys [?] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2006-10-17 35072] S3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [2007-10-25 616064] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 12872] S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2006-4-5 223128] =============== Created Last 30 ================ 2010-09-03 21:18:25 20 ----a-w- c:\documents and settings\mandeep\defogger_reenable 2010-08-31 01:40:11 0 d--h--w- c:\windows\PIF 2010-08-16 19:58:34 0 d-----w- c:\program files\Trend Micro ==================== Find3M ==================== 2010-08-19 02:39:39 81984 ----a-w- c:\windows\system32\bdod.bin 2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll 2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll 2010-06-24 16:51:58 11077120 ----a-w- c:\windows\system32\dllcache\ieframe.dll 2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll 2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2010-06-24 12:22:02 1210368 ----a-w- c:\windows\system32\dllcache\urlmon.dll 2010-06-24 12:22:01 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll 2010-06-24 12:22:01 5951488 ----a-w- c:\windows\system32\dllcache\mshtml.dll 2010-06-24 12:22:01 206848 ----a-w- c:\windows\system32\dllcache\occache.dll 2010-06-24 12:21:59 599040 ----a-w- c:\windows\system32\dllcache\msfeeds.dll 2010-06-24 12:21:59 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-06-24 12:21:59 25600 ----a-w- c:\windows\system32\dllcache\jsproxy.dll 2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll 2010-06-24 12:21:58 1986560 ----a-w- c:\windows\system32\dllcache\iertutil.dll 2010-06-24 12:21:58 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll 2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-24 12:21:55 387584 ----a-w- c:\windows\system32\dllcache\iedkcs32.dll 2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys 2010-06-23 12:08:09 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe 2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys 2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll 2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll 2006-11-20 09:01:08 163840 ----a-w- c:\program files\common files\AMCap.exe 2005-10-27 00:14:05 184565 --sha-r- c:\windows\system32\patcher.exe 2010-05-18 21:50:36 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat 2009-06-24 22:31:09 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat 2009-06-24 22:31:09 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009062420090625\index.dat 2010-05-18 21:50:36 98304 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat 2009-06-24 22:31:09 32768 --sha-w- c:\windows\system32\config\systemprofile\privacie\index.dat ============= FINISH: 22:36:03.37 =============== Attach.rar

Hi. So my computer has got to the point were it's ridiculously unresponsive. I mean I can;t even stream videos without having google chrome giving me a few unresponsive page warnings before actually having a video begin. My computer is now about 6 or 7 years old so this build up of malware that I beleive to have been built up, is due to neglect from myself and others who have been using it. I want to get my computer running smoothly again so I was hoping someone could instruct me how to remove the malware infecting it. I'm running windows XP. I've pasted a HT log below if it's any use. Any help or guidance would be really appreciated. Thanks Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:59:56, on 16/08/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\localsys64.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.nationalexpress.com/coach/index.cfm?utm_source=Google&utm_medium=ppc" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing) O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing) O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\Mandeep\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU) O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab46783.cab O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/ht...ALStreaming.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} - http://imlive.com/chatsource/ImlCID.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} - http://67.15.101.3/g_bin/eng/snooker_2_0_0_28.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Update Service (gupdate1ca5109915e350a) (gupdate1ca5109915e350a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel

I ran avenger twice, the first time I couldn't find the log file at it's location. Here's the link to the Virus Total report: http://www.virustotal.com/analisis/3131764...7b3a-1273558760 The system is running smoothly I guess. I have very little free Hard drive space so its kinda hard to judge if it's responsive or not, but it's at least as responsive as it was before I had the problems. avenger.txt report: Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: could not open driver "1025c" Disablement of driver "1025c" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\1025c" not found! Deletion of driver "1025c" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\1025c.sys" not found! Deletion of file "C:\WINDOWS\system32\1025c.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: folder "C:\Documents and Settings\Mandeep\Application Data\BitTorrent" not found! Deletion of folder "C:\Documents and Settings\Mandeep\Application Data\BitTorrent" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Folder "C:\recycler" deleted successfully. Folder "D:\recycler" deleted successfully. Error: could not open folder "e:\recycler" Deletion of folder "e:\recycler" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open folder "f:\recycler" Deletion of folder "f:\recycler" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open folder "g:\recycler" Deletion of folder "g:\recycler" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open folder "h:\recycler" Deletion of folder "h:\recycler" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. mbam log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4247 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 28/06/2010 13:22:33 mbam-log-2010-06-28 (13-22-33).txt Scan type: Full scan (C:\|D:\|E:\|) Objects scanned: 362282 Time elapsed: 2 hour(s), 56 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Qoobox\Quarantine\C\WINDOWS\system32\algo.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0012212.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0006907.exe (Trojan.Zapchast) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0006910.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0008673.dll (Patched.UxTheme) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0008800.dll (Patched.UxTheme) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0009996.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0010020.exe (Trojan.Zapchast) -> Quarantined and deleted successfully.

Sorry for the late reply, the Kaspersky scan took FOREVER! All the steps were completed without any problem. Here's the two reports Kaspersky report: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Sunday, June 27, 2010 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Saturday, June 26, 2010 11:16:51 Records in database: 4292034 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Objects scanned: 245747 Threats found: 4 Infected objects found: 56 Suspicious objects found: 0 Scan duration: 09:15:41 File name / Threat / Threats count C:\Documents and Settings\Mandeep\Desktop\daemon409-x86.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\mouclass.sys.vir Infected: Rootkit.Win32.TDSS.ap 1 C:\WINDOWS\system32\1025c.sys Infected: Packed.Win32.Krap.ao 29 C:\WINDOWS\system32\1025c.sys Infected: Trojan-Spy.Win32.Zbot.akle 25 Selected area has been scanned. OTL.txt report: OTL logfile created on: 27/06/2010 02:33:34 - Run 3 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Mandeep\Desktop\Malware Removers Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1,015.00 Mb Total Physical Memory | 523.00 Mb Available Physical Memory | 52.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 62.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 52.68 Gb Total Space | 0.88 Gb Free Space | 1.67% Space Free | Partition Type: NTFS Drive D: | 18.61 Gb Total Space | 3.72 Gb Free Space | 20.01% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MANDEEP Current User Name: Mandeep Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/06/26 16:27:43 | 000,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\Mandeep\Local Settings\temp\jkos-Mandeep\binaries\ScanningProcess.exe PRC - [2010/06/26 02:28:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe PRC - [2010/06/19 19:26:35 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mandeep\Desktop\Malware Removers\OTL.com PRC - [2010/06/03 01:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2009/11/12 17:31:00 | 000,782,336 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe PRC - [2009/11/12 17:30:59 | 001,638,240 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe PRC - [2009/10/08 15:47:09 | 000,413,696 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2008/04/14 01:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/02/19 19:58:30 | 000,083,504 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe PRC - [2006/09/15 11:03:40 | 000,822,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe PRC - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe PRC - [2005/12/07 16:05:34 | 002,066,072 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe PRC - [2005/12/07 16:05:12 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe PRC - [2004/12/13 15:30:10 | 000,165,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe PRC - [2004/12/13 15:30:04 | 000,198,256 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe PRC - [2004/09/07 16:12:32 | 000,225,353 | ---- | M] (Intel

Right, I managed to compete all four steps exactly, without any problem. The system feels more responsive after having used ATF cleaner. Here's the log file produced from combofix: ComboFix 10-06-23.05 - Mandeep 24/06/2010 16:13:44.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.555 [GMT 1:00] Running from: c:\documents and settings\Mandeep\Desktop\Combo-Fix.exe AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\default.temp c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\firmware.inf c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\ip3picfile.temp c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\ip3Wmapic.temp c:\documents and settings\Mandeep\Application Data\B35B96C3ACD64E6EB5F551E6A34571AD c:\documents and settings\Mandeep\Application Data\B35B96C3ACD64E6EB5F551E6A34571AD\enemies-names.txt c:\documents and settings\Mandeep\Start Menu\Programs\Antimalware Doctor c:\documents and settings\Mandeep\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk c:\documents and settings\Mandeep\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk c:\program files\WinPCap c:\program files\WinPCap\daemon_mgm.exe c:\program files\WinPCap\INSTALL.LOG c:\program files\WinPCap\npf_mgm.exe c:\program files\WinPCap\rpcapd.exe c:\program files\WinPCap\Uninstall.exe C:\test.txt c:\windows\system32\2387118637.dat c:\windows\system32\algo.exe c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\wpcap.dll c:\windows\xpsp1hfm.log Infected copy of c:\windows\system32\drivers\mouclass.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IPRIP -------\Legacy_NPF -------\Legacy_P2PSVCDHCP -------\Legacy_SWPRVNTMSSVC -------\Service_Iprip -------\Service_NPF -------\Service_p2psvcDhcp -------\Service_SwPrvNtmsSvc ((((((((((((((((((((((((( Files Created from 2010-05-24 to 2010-06-24 ))))))))))))))))))))))))))))))) . 2010-06-23 13:16 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll 2010-06-23 13:16 . 2001-08-17 21:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll 2010-06-23 13:16 . 2008-04-14 00:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll 2010-06-23 13:16 . 2001-08-17 21:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe 2010-06-23 13:16 . 2001-08-17 21:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe 2010-06-23 13:16 . 2001-08-17 21:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe 2010-06-23 13:16 . 2001-08-17 11:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys 2010-06-23 13:16 . 2004-08-03 21:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys 2010-06-23 13:16 . 2004-08-03 21:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys 2010-06-23 13:16 . 2008-04-14 00:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll 2010-06-23 13:15 . 2008-04-13 18:36 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys 2010-06-23 13:15 . 2004-08-03 21:31 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys 2010-06-23 13:15 . 2001-08-17 11:12 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys 2010-06-23 13:15 . 2001-08-17 12:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys 2010-06-23 13:13 . 2001-08-17 12:28 64605 ----a-w- c:\windows\system32\dllcache\vvoice.sys 2010-06-23 13:13 . 2001-08-17 12:28 397502 ----a-w- c:\windows\system32\dllcache\vpctcom.sys 2010-06-23 13:13 . 2001-08-17 12:28 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys 2010-06-23 13:13 . 2001-08-17 11:14 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys 2010-06-23 13:13 . 2001-08-17 12:49 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys 2010-06-23 13:13 . 2001-08-17 12:28 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys 2010-06-23 13:13 . 2001-08-17 12:28 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys 2010-06-23 13:13 . 2001-08-17 12:28 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys 2010-06-23 13:13 . 2001-08-17 12:28 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys 2010-06-23 13:13 . 2001-08-17 12:28 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys 2010-06-23 13:11 . 2001-08-17 21:36 47616 ----a-w- c:\windows\system32\dllcache\umaxcam.dll 2010-06-23 13:11 . 2001-08-17 21:36 211968 ----a-w- c:\windows\system32\dllcache\um54scan.dll 2010-06-23 13:11 . 2001-08-17 21:36 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll 2010-06-23 13:11 . 2001-08-17 12:48 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys 2010-06-23 13:11 . 2004-08-04 04:00 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe 2010-06-23 13:11 . 2001-08-17 11:51 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys 2010-06-23 13:11 . 2001-08-17 21:36 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll 2010-06-23 13:11 . 2001-08-17 11:51 159232 ----a-w- c:\windows\system32\dllcache\tridkbm.sys 2010-06-23 13:11 . 2001-08-17 13:56 440576 ----a-w- c:\windows\system32\dllcache\tridkb.dll 2010-06-23 13:11 . 2001-08-17 11:51 222336 ----a-w- c:\windows\system32\dllcache\trid3dm.sys 2010-06-23 13:11 . 2001-08-17 13:56 315520 ----a-w- c:\windows\system32\dllcache\trid3d.dll 2010-06-23 13:11 . 2001-08-17 11:12 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys 2010-06-23 13:11 . 2001-08-17 21:35 42496 ----a-w- c:\windows\system32\dllcache\tp4res.dll 2010-06-23 13:10 . 2008-04-14 00:12 82944 ----a-w- c:\windows\system32\dllcache\tp4mon.exe 2010-06-23 13:10 . 2001-08-17 21:36 31744 ----a-w- c:\windows\system32\dllcache\tp4.dll 2010-06-23 13:10 . 2001-08-17 13:02 230912 ----a-w- c:\windows\system32\dllcache\tosdvd03.sys 2010-06-23 13:10 . 2001-08-17 13:01 241664 ----a-w- c:\windows\system32\dllcache\tosdvd02.sys 2010-06-23 13:10 . 2001-08-17 11:10 28232 ----a-w- c:\windows\system32\dllcache\tos4mo.sys 2010-06-23 13:09 . 2001-08-17 11:14 123995 ----a-w- c:\windows\system32\dllcache\tjisdn.sys 2010-06-23 13:09 . 2004-08-04 04:00 185344 ----a-w- c:\windows\system32\dllcache\thawbrkr.dll 2010-06-23 13:09 . 2001-08-17 11:51 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys 2010-06-23 13:09 . 2001-08-17 13:56 81408 ----a-w- c:\windows\system32\dllcache\tgiul50.dll 2010-06-23 13:09 . 2008-04-13 18:40 149376 ----a-w- c:\windows\system32\dllcache\tffsport.sys 2010-06-23 13:09 . 2004-08-04 04:00 19464 ----a-w- c:\windows\system32\dllcache\tdspx.sys 2010-06-23 13:09 . 2001-08-17 11:13 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys 2010-06-23 13:09 . 2001-08-17 11:13 37961 ----a-w- c:\windows\system32\dllcache\tdk100b.sys 2010-06-23 13:09 . 2004-08-04 04:00 21896 ----a-w- c:\windows\system32\dllcache\tdipx.sys 2010-06-23 13:09 . 2004-08-04 04:00 13192 ----a-w- c:\windows\system32\dllcache\tdasync.sys 2010-06-23 13:08 . 2001-08-17 12:49 30464 ----a-w- c:\windows\system32\dllcache\tbatm155.sys 2010-06-23 13:08 . 2001-08-17 12:52 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys 2010-06-23 13:08 . 2001-08-17 11:50 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys 2010-06-23 13:08 . 2001-08-17 13:56 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll 2010-06-23 13:08 . 2001-08-17 21:36 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll 2010-06-23 13:08 . 2001-08-17 12:50 103936 ----a-w- c:\windows\system32\dllcache\sx.sys 2010-06-23 13:08 . 2001-08-17 13:02 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys 2010-06-23 13:07 . 2001-08-17 21:36 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll 2010-06-23 13:07 . 2001-08-17 21:36 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll 2010-06-23 13:07 . 2001-08-17 21:36 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll 2010-06-23 13:07 . 2001-08-17 21:36 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll 2010-06-23 13:07 . 2001-08-17 21:36 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll 2010-06-23 13:07 . 2001-08-17 21:36 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll 2010-06-23 13:07 . 2001-08-17 11:18 285760 ----a-w- c:\windows\system32\dllcache\stlnata.sys 2010-06-23 13:07 . 2001-08-17 12:51 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys 2010-06-23 13:06 . 2001-08-17 11:11 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys 2010-06-23 13:06 . 2001-08-17 21:36 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll 2010-06-23 13:06 . 2004-08-04 04:00 101376 ----a-w- c:\windows\system32\dllcache\srusbusd.dll 2010-06-23 13:06 . 2001-08-17 21:36 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll 2010-06-23 13:06 . 2001-08-17 12:51 61824 ----a-w- c:\windows\system32\dllcache\speed.sys 2010-06-23 13:06 . 2001-08-17 21:36 106584 ----a-w- c:\windows\system32\dllcache\spdports.dll 2010-06-23 13:06 . 2001-08-17 12:56 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys 2010-06-23 13:05 . 2001-08-17 11:51 37040 ----a-w- c:\windows\system32\dllcache\sonypi.sys 2010-06-23 13:05 . 2001-08-17 21:36 114688 ----a-w- c:\windows\system32\dllcache\sonypi.dll 2010-06-23 13:05 . 2001-08-17 11:51 20752 ----a-w- c:\windows\system32\dllcache\sonync.sys 2010-06-23 13:05 . 2001-08-17 12:53 9600 ----a-w- c:\windows\system32\dllcache\sonymc.sys 2010-06-23 13:05 . 2008-04-13 18:40 7552 ----a-w- c:\windows\system32\dllcache\sonyait.sys 2010-06-23 13:05 . 2004-08-04 04:00 143422 ----a-w- c:\windows\system32\dllcache\softkey.dll 2010-06-23 13:05 . 2001-08-17 12:53 7040 ----a-w- c:\windows\system32\dllcache\snyaitmc.sys 2010-06-23 13:05 . 2001-08-17 21:36 7168 ----a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll 2010-06-23 13:05 . 2001-08-17 21:36 12288 ----a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll 2010-06-23 13:05 . 2001-08-17 11:51 58368 ----a-w- c:\windows\system32\dllcache\smiminib.sys 2010-06-23 13:04 . 2001-08-17 13:56 147200 ----a-w- c:\windows\system32\dllcache\smidispb.dll 2010-06-23 13:04 . 2001-08-17 11:12 25034 ----a-w- c:\windows\system32\dllcache\smcpwr2n.sys 2010-06-23 13:04 . 2001-08-17 11:10 35913 ----a-w- c:\windows\system32\dllcache\smcirda.sys 2010-06-23 13:04 . 2001-08-17 11:12 24576 ----a-w- c:\windows\system32\dllcache\smc8000n.sys 2010-06-23 13:04 . 2001-08-17 12:57 6784 ----a-w- c:\windows\system32\dllcache\smbhc.sys 2010-06-23 13:04 . 2008-04-13 18:36 6912 ----a-w- c:\windows\system32\dllcache\smbclass.sys 2010-06-23 13:04 . 2008-04-13 18:36 16000 ----a-w- c:\windows\system32\dllcache\smbbatt.sys 2010-06-23 13:04 . 2004-08-04 04:00 31744 ----a-w- c:\windows\system32\dllcache\smb6w.dll 2010-06-23 13:04 . 2001-08-17 21:36 45568 ----a-w- c:\windows\system32\dllcache\smb3w.dll 2010-06-23 13:04 . 2004-08-04 04:00 31744 ----a-w- c:\windows\system32\dllcache\sma3w.dll 2010-06-23 13:04 . 2001-08-17 21:36 33792 ----a-w- c:\windows\system32\dllcache\smb0w.dll 2010-06-23 13:02 . 2001-08-17 11:50 50432 ----a-w- c:\windows\system32\dllcache\sisv.sys 2010-06-23 13:02 . 2004-08-03 21:31 32768 ----a-w- c:\windows\system32\dllcache\sisnic.sys 2010-06-23 13:02 . 2001-08-17 21:36 238592 ----a-w- c:\windows\system32\dllcache\sisgrv.dll 2010-06-23 13:02 . 2001-08-17 11:50 104064 ----a-w- c:\windows\system32\dllcache\sisgrp.sys 2010-06-23 13:02 . 2001-08-17 13:56 150144 ----a-w- c:\windows\system32\dllcache\sis6306v.dll 2010-06-23 13:02 . 2001-08-17 11:50 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys 2010-06-23 13:02 . 2001-08-17 13:56 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll 2010-06-23 13:02 . 2001-08-17 11:50 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys 2010-06-23 13:01 . 2001-07-21 13:29 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys 2010-06-23 13:01 . 2001-07-21 13:29 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys 2010-06-23 13:01 . 2001-08-17 11:51 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys 2010-06-23 13:01 . 2001-08-17 21:36 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll 2010-06-23 13:01 . 2001-08-17 11:19 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys 2010-06-23 12:59 . 2001-08-17 13:56 245632 ----a-w- c:\windows\system32\dllcache\s3savmx.dll 2010-06-23 12:58 . 2004-08-03 21:31 20992 ----a-w- c:\windows\system32\dllcache\rtl8139.sys 2010-06-23 12:58 . 2001-08-17 11:12 19017 ----a-w- c:\windows\system32\dllcache\rtl8029.sys 2010-06-23 12:58 . 2001-08-17 11:19 30720 ----a-w- c:\windows\system32\dllcache\rthwcls.sys 2010-06-23 12:58 . 2001-08-17 21:36 9216 ----a-w- c:\windows\system32\dllcache\rsmgrstr.dll 2010-06-23 12:58 . 2001-08-17 11:19 3840 ----a-w- c:\windows\system32\dllcache\rpfun.sys 2010-06-23 12:58 . 2008-04-13 18:40 79104 ----a-w- c:\windows\system32\dllcache\rocket.sys 2010-06-23 12:58 . 2001-08-17 11:12 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys 2010-06-23 12:58 . 2001-08-17 21:36 86097 ----a-w- c:\windows\system32\dllcache\reslog32.dll 2010-06-23 12:58 . 2001-08-17 21:36 23040 ----a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe 2010-06-23 12:58 . 2004-08-04 04:00 14848 ----a-w- c:\windows\system32\dllcache\register.exe 2010-06-23 12:58 . 2001-08-17 12:51 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys 2010-06-23 12:58 . 2001-08-17 12:28 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys 2010-06-23 12:56 . 2001-08-17 12:53 17792 ----a-w- c:\windows\system32\dllcache\ppa.sys 2010-06-23 12:56 . 2008-04-13 18:40 8832 ----a-w- c:\windows\system32\dllcache\powerfil.sys 2010-06-23 12:56 . 2001-08-17 12:53 7168 ----a-w- c:\windows\system32\dllcache\pnrmc.sys 2010-06-23 12:56 . 2004-08-04 04:00 131584 ----a-w- c:\windows\system32\dllcache\pmxviceo.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-24 15:08 . 2009-06-04 21:31 81984 ----a-w- c:\windows\system32\bdod.bin 2010-06-19 15:05 . 2009-03-14 11:31 -------- d-----w- c:\documents and settings\Mandeep\Application Data\WinEdt 2010-06-19 00:46 . 2007-08-24 00:15 -------- d-----w- c:\program files\Full Tilt Poker 2010-06-19 00:46 . 2006-09-15 10:12 -------- d-----w- c:\program files\Google 2010-06-19 00:46 . 2006-09-15 10:00 -------- d-----w- c:\program files\Dell 2010-06-19 00:45 . 2006-09-15 10:06 -------- d-----w- c:\program files\Common Files\aolshare 2010-06-19 00:45 . 2006-09-15 10:06 -------- d-----w- c:\program files\Common Files\AOL 2010-06-19 00:45 . 2009-01-26 21:25 -------- d-----w- c:\program files\BitLord 2010-06-19 00:45 . 2006-10-02 15:42 -------- d-----w- c:\program files\BitTorrent 2010-06-19 00:45 . 2006-09-27 23:49 -------- d-----w- c:\program files\Apple Software Update 2010-06-19 00:45 . 2006-09-15 10:06 -------- d-----w- c:\program files\AOL 9.0 2010-06-19 00:45 . 2006-09-24 02:11 -------- d-----w- c:\documents and settings\Mandeep\Application Data\AOL 2010-06-19 00:45 . 2006-09-15 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL 2010-06-19 00:29 . 2010-06-19 00:29 69 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C4D3ABC415F806D42BE76F6B145C177E.dll 2010-06-19 00:28 . 2010-06-19 00:28 74 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610003.dll 2010-06-19 00:28 . 2010-06-19 00:28 42 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D510006.dll 2010-06-19 00:28 . 2010-06-19 00:28 154 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7E577B2224C65CF4E801A9E52375DB49.dll 2010-06-19 00:28 . 2010-06-19 00:28 1152 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7D52C05A9E261154DA07E8D25A7EB9D7.dll 2010-06-19 00:28 . 2010-06-19 00:28 229 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_788E47A8F0F87104FA35BC4A2211AA5A.dll 2010-06-19 00:28 . 2010-06-19 00:28 255 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_745EB6B52E12AC942B2EA6F57450391B.dll 2010-06-19 00:28 . 2010-06-19 00:28 299 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7208564961F99054BB7D5AF95EC70332.dll 2010-06-19 00:28 . 2010-06-19 00:28 282 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_71A0906F7690A8A43B3C24A2B115D494.dll 2010-06-19 00:28 . 2010-06-19 00:28 137 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_70B83354632A0724A977BE4B1155715B.dll 2010-06-19 00:28 . 2010-06-19 00:28 152 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6E8A266FCD4F2A1409E1C8110F44DBCE.dll 2010-06-19 00:28 . 2010-06-19 00:28 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_69A5CA7BCB8CC1346B16720A7918FD8A.dll 2010-06-19 00:28 . 2010-06-19 00:28 682 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA73301B7447A9000000020.dll 2010-06-19 00:28 . 2010-06-19 00:27 88 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_65598CC98753DD844880406EE6EB4F10.dll 2010-06-14 18:46 . 2006-10-02 15:43 -------- d-----w- c:\documents and settings\Mandeep\Application Data\BitTorrent 2010-06-08 01:52 . 2009-07-19 01:10 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-06-08 01:52 . 2006-12-09 17:05 -------- d-----w- c:\program files\DivX 2010-05-28 17:35 . 2008-12-04 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Sports Interactive 2010-05-27 23:59 . 2006-12-09 17:48 -------- d-----w- c:\documents and settings\Mandeep\Application Data\DivX 2010-05-27 22:39 . 2007-06-01 12:38 -------- d-----w- c:\documents and settings\Mandeep\Application Data\Sports Interactive 2010-05-27 22:25 . 2007-06-01 12:25 -------- d-----w- c:\program files\Sports Interactive 2010-05-27 13:40 . 2009-04-01 15:20 -------- d-----w- c:\program files\TalkTalk 2010-05-26 21:20 . 2006-09-24 11:12 58136 -c--a-w- c:\documents and settings\Mandeep\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-26 17:40 . 2009-07-23 15:32 -------- d-----w- c:\documents and settings\Mandeep\Application Data\Spotify 2010-05-22 13:06 . 2007-12-07 00:19 -------- d-----w- c:\program files\Graboid 2010-05-22 12:52 . 2007-05-26 19:53 -------- d-----w- c:\program files\LimeWire 2010-05-05 19:13 . 2010-05-05 19:13 -------- d-----w- c:\program files\SopCast 2010-05-05 00:33 . 2010-05-05 00:33 -------- d-----w- c:\documents and settings\Mandeep\Application Data\Malwarebytes 2010-05-05 00:33 . 2010-05-05 00:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-05 00:33 . 2010-05-05 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-04-29 14:39 . 2010-05-05 00:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 14:39 . 2010-05-05 00:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-31 01:58 . 2009-07-19 01:12 133616 ------w- c:\windows\system32\pxafs.dll 2010-03-31 01:58 . 2006-12-09 17:05 125424 -c----w- c:\windows\system32\pxinsi64.exe 2010-03-31 01:58 . 2006-12-09 17:05 123888 -c----w- c:\windows\system32\pxcpyi64.exe 2010-03-31 01:58 . 2005-04-25 01:03 44944 ----a-w- c:\windows\system32\drivers\pxhelp20.sys 2009-11-12 16:31 . 2008-10-30 16:34 65536 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll 2009-01-19 16:12 . 2006-09-24 22:13 56 --sh--r- c:\windows\system32\5F2BD593F5.sys 2008-03-01 00:13 . 2006-09-24 22:15 88 --sh--r- c:\windows\system32\F593D52B5F.sys 2009-01-19 16:12 . 2006-09-24 22:12 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-11-12 782336] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-06-04 69632] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 15:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk backup=c:\windows\pss\AOL Companion.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Scroll-In-Mouse V2.0.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Scroll-In-Mouse V2.0.lnk backup=c:\windows\pss\Scroll-In-Mouse V2.0.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-06-06 22:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] 2007-07-02 10:27 219520 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection] 2004-03-19 13:17 78960 -c--a-w- c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] 2006-09-30 02:00 43520 ----a-w- c:\program files\BitTorrent\bittorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] 2004-12-13 14:30 58992 -c--a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] 2007-04-03 22:29 165784 ----a-w- c:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] 2006-07-16 20:29 389120 ----a-w- c:\program files\Dell Support\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] 2005-09-08 04:20 122940 -c--a-w- c:\windows\system32\DLA\DLACTRLW.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] 2005-11-01 02:12 94208 -c--a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] 2005-10-14 19:46 77824 -c--a-w- c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] 2005-10-14 19:50 114688 -c--a-w- c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] 2005-10-14 19:49 94208 -c--a-w- c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless] 2004-10-30 13:59 385024 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2006-03-20 17:34 213936 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2006-03-20 17:34 213936 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2006-03-20 17:34 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2006-10-30 09:36 256576 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold] 2003-09-10 01:24 20480 -c----w- c:\program files\NetWaiting\netwaiting.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe] 2005-07-12 18:05 1117184 -c--a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\none] 2010-02-19 00:29 57 ----a-w- c:\AUTOEXEC.BAT [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0] 2005-12-07 15:05 1537696 -c--a-w- c:\program files\Norton Ghost\Agent\GhostTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2006-10-25 18:58 282624 -c--a-w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] 2007-02-15 19:49 208941 ----a-w- c:\program files\Real\RealPlayer\realplay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] 2006-03-24 22:30 282624 -c--a-w- c:\windows\stsystra.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics] 2004-01-26 11:38 866816 ----a-w- c:\program files\Thomson\SpeedTouch USB\dragdiag.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-09-25 01:11 132496 -c--a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2006-03-08 17:48 761947 -c--a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2007-02-15 19:49 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UltraMon] 2006-10-12 20:27 304640 ----a-w- c:\program files\UltraMon\UltraMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] 2006-03-30 15:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "matlabserver"=2 (0x2) "iPod Service"=3 (0x3) "SBAMSvc"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AOL 9.0\\waol.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "7329:TCP"= 7329:TCP:ppLive "8615:UDP"= 8615:UDP:ppLive "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping "3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656] R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [24/09/2006 21:22 11776] R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [18/09/2008 11:09 111112] R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [24/09/2006 21:23 3584] S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [17/07/2008 12:06 118784] S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02/10/2006 16:23 685816] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc . Contents of the 'Scheduled Tasks' folder 2010-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 16:13] 2010-06-09 c:\windows\Tasks\Install_NSS.job - c:\program files\DivX\Symantec\scstubinstaller.exe [2010-03-08 18:00] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://forums.malwarebytes.org/index.php?showtopic=54605 uInternet Connection Wizard,ShellNext = iexplore FF - ProfilePath - c:\documents and settings\Mandeep\Application Data\Mozilla\Firefox\Profiles\0g3bkiue.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/ FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\documents and settings\Mandeep\Application Data\Mozilla\Firefox\Profiles\0g3bkiue.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Veetle\Player\npvlc.dll FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-4oD - c:\program files\Kontiki\KHost.exe MSConfigStartUp-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe MSConfigStartUp-DownloadAccelerator - c:\program files\DAP\DAP.EXE MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe MSConfigStartUp-gotnewupdate000 - c:\documents and settings\Mandeep\Application Data\B35B96C3ACD64E6EB5F551E6A34571AD\gotnewupdate000.exe MSConfigStartUp-kdx - c:\program files\Kontiki\KHost.exe MSConfigStartUp-McAfeeUpdaterUI - c:\program files\Network Associates\Common Framework\UpdaterUI.exe MSConfigStartUp-Monitor - c:\windows\PixArt\PAC207\Monitor.exe MSConfigStartUp-MSKAGENTEXE - c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe MSConfigStartUp-Network Associates Error Reporting Service - c:\program files\Common Files\Network Associates\TalkBack\tbmon.exe MSConfigStartUp-nonep - c:\windows\TEMP\5E.tmp MSConfigStartUp-PAC207_Monitor - c:\windows\PixArt\PAC207\Monitor.exe MSConfigStartUp-SBAMTray - c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe MSConfigStartUp-ShStatEXE - c:\program files\Network Associates\VirusScan\SHSTAT.EXE MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe MSConfigStartUp-TalkTalk - c:\program files\TalkTalk\bin\sprtcmd.exe MSConfigStartUp-Veoh - c:\program files\Veoh Networks\Veoh\VeohClient.exe AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-24 16:36 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{60778762-8BE2-5BE8-74B1F534DECE7DD7}\{033814D8-F5F0-69C3-B63A6822FA3F97AC}\{BB1878CD-9C66-F7AC-793F8981AF2E0354}*] "RA4KGUJC6T6LBNJRIDQ63C2L6C1"=hex:01,00,01,00,00,00,00,00,f7,8a,3d,85,55,45,07, 82,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6394A16B-F803-48C7-678A5F5C0D5AF33B}\{084FA269-25E9-EAF9-79282C5961DBAAF7}\{1F365BB6-4338-38B7-EE9F8ECE49C04569}*] "RA4KGUJC6T6LBNJRIDQ63C2L6C1"=hex:01,00,01,00,00,00,00,00,f7,8a,3d,85,55,45,07, 82,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1180) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\program files\Intel\Wireless\Bin\LgNotify.dll - - - - - - - > 'explorer.exe'(3836) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe c:\program files\Intel\Wireless\Bin\WLKeeper.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\windows\System32\GEARSec.exe c:\program files\Dell Network Assistant\hnm_svc.exe c:\program files\Dell\QuickSet\NICCONFIGSVC.exe c:\program files\Norton Ghost\Agent\VProSvc.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\tcpsvcs.exe c:\windows\System32\snmp.exe c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe c:\progra~1\Intel\Wireless\Bin\1XConfig.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2010-06-24 16:51:40 - machine was rebooted ComboFix-quarantined-files.txt 2010-06-24 15:51 Pre-Run: 2,278,608,896 bytes free Post-Run: 2,190,667,776 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8 - - End Of File - - 5E669A80D5E3EBEEC1C2E83C6B9D933A