Help - Search - Members - Calendar
Full Version: New deadly strain of 'Advanced Virus Removal'
Malwarebytes Forum > Computer Help > Malware Removal - HijackThis Logs
bayou3034
Oct 24 2009, 02:17 AM
Hi,

I am screwed. This virus is making my life miserable. I am forced to post a new topic aftyer trying all the methods in last two days. This is what is happening

a) Cannot run computer in safe mode
- If I try to run in safe mode, then I run into blue screen at 1394bus.sys. Earlier I was getting blue screen at MUP.sys, but I diabled that and now I am getting blue screen at this new driver

cool.gif Cannot access task manager, regedit, explorere etc
- So cannot manually kill a process or modify registry.

c) Combo fix, Hijackthis & MBAM do not run
- I tried all tricks, say renaming them to winlogon but still they would run for a second and then disappear.

Any help is greatly appreciated.

Thanks
bayou3034
Oct 25 2009, 12:58 AM
Hi,

I was able to run OTL tool. Here is the log

OTL logfile created on: 10/24/2009 7:15:23 PM - Run 3
OTL by OldTimer - Version 3.0.22.1 Folder = E:\
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 545.06 Mb Available Physical Memory | 53.73% Memory free
2.39 Gb Paging File | 2.01 Gb Available in Paging File | 84.40% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.83 Gb Total Space | 13.03 Gb Free Space | 19.21% Space Free | Partition Type: NTFS
Drive D: | 2.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1.94 Gb Total Space | 1.81 Gb Free Space | 93.72% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded


Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Google\Google Talk\googletalk.exe (Google)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe ()
PRC - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe ()
PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\svchost.exe ()
PRC - C:\WINDOWS\svchust.exe ()
PRC - C:\WINDOWS\System32\bcmwltry.exe (Dell Inc.)
PRC - C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\WINDOWS\System32\FastNetSrv.exe (Netopsystems AG)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\WLTRAY.exe (Dell Inc.)
PRC - C:\WINDOWS\System32\WLTRYSVC.EXE ()
PRC - E:\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (6to4 [Auto | Running]) -- C:\WINDOWS\System32\6to4v32.dll ()
SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (BtwSrv [Auto | Stopped]) -- C:\WINDOWS\System32\BtwSrv.dll (FTD2XX Software Technology)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CLTNetCnService [Auto | Stopped]) -- File not found
SRV - (CVPND [Auto | Running]) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (fastnetsrv [Auto | Running]) -- C:\WINDOWS\System32\FastNetSrv.exe (Netopsystems AG)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gupdate1ca4a7cbd643d86 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (Ias [Auto | Running]) -- C:\WINDOWS\System32\Iasex.dll ()
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice Ex [Auto | Stopped]) -- File not found
SRV - (LiveUpdate Notice Service [Disabled | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (LVPrcSrv [Auto | Running]) -- c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVSrvLauncher [Auto | Stopped]) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (MSCSPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (Net_Login [Auto | Running]) -- C:\WINDOWS\svchust.exe ()
SRV - (NetLogin [Auto | Running]) -- C:\WINDOWS\svchost.exe ()
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PACSPTISVR [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SfCtlCom [Auto | Stop_Pending]) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV - (SPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (SSScsiSV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (TMBMServer [Auto | Stopped]) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - (tmproxy [On_Demand | Stopped]) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV - (wltrysvc [Auto | Running]) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (61883 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\61883.sys (Microsoft Corporation)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (Avc [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\avc.sys (Microsoft Corporation)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (CVirtA [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\CVirtA.sys (Cisco Systems, Inc.)
DRV - (CVPNDRVA [Auto | Running]) -- C:\WINDOWS\System32\Drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (daqdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\daqdrv.sys ()
DRV - (DNE [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\System32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (DSproct [On_Demand | Stopped]) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (FilterService [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys (Logitech Inc.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (is-KCTTGdrv [System | Running]) -- C:\WINDOWS\System32\DRIVERS\36298362.sys (Kaspersky Lab)
DRV - (is-PD3FUdrv [System | Running]) -- C:\WINDOWS\System32\DRIVERS\49434075.sys (Kaspersky Lab)
DRV - (Lvckap [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\LVcKap.sys ()
DRV - (lvmvdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\LVMVDrv.sys (Logitech Inc.)
DRV - (lvpopflt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys ()
DRV - (LVPrcMon [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\LVPrcMon.sys ()
DRV - (LVUSBSta [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVUVC [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lvuvc.sys (Logitech Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (MSDV [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\msdv.sys (Microsoft Corporation)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci [System | Running]) -- C:\WINDOWS\System32\DRIVERS\omci.sys (Dell Inc)
DRV - (pcouffin [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (rimmptsk [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\rixdptsk.sys (REDC)
DRV - (SDDMI2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DDMI2.sys (Gteko Ltd.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\System32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tmactmon [Auto | Stopped]) -- C:\WINDOWS\System32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tmevtmgr [Auto | Stopped]) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (tmpreflt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\tmpreflt.sys (Trend Micro Inc.)
DRV - (tmtdi [System | Running]) -- C:\WINDOWS\System32\DRIVERS\tmtdi.sys (Trend Micro Inc.)
DRV - (tmxpflt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\tmxpflt.sys (Trend Micro Inc.)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (vsapint [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\vsapint.sys (Trend Micro Inc.)
DRV - (vsdatant [On_Demand | Stopped]) -- C:\WINDOWS\System32\vsdatant.sys (Zone Labs LLC)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)
MOD - C:\WINDOWS\igaxozoq.dll ()
MOD - C:\WINDOWS\System32\mslbui.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll (Microsoft Corporation)
MOD - E:\OTL.exe (OldTimer Tools)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2061028
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2061028

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 06:40:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{D8ECB74C-BD9A-4F82-98EF-43FF7F0309B8}: C:\Documents and Settings\SC Chandra\Local Settings\Application Data\{D8ECB74C-BD9A-4F82-98EF-43FF7F0309B8} [2009/10/21 10:37:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{0A6FE76A-D417-4807-ACFB-44597089877B}: C:\Documents and Settings\SC1 Raj\Local Settings\Application Data\{0A6FE76A-D417-4807-ACFB-44597089877B}\ [2009/10/21 10:41:21 | 00,000,000 | ---D | M]


O1 HOSTS File: (635 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (mscorewr) - {00009E9F-DDD7-AA59-AA7D-AA4B7D6BE000} - C:\WINDOWS\System32\mscorewr.dll (Macrovision Corporation)
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (no name) - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [csrs32] C:\WINDOWS\System32\csrs32.exe ()
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1252214178\ee\AOLSoftware.exe (AOL LLC)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [lsdefrag] C:\Documents and Settings\SC Chandra\Local Settings\temp\oawnsrmcxe.tmp ()
O4 - HKLM..\Run: [net] C:\WINDOWS\System32\net.net (Privat)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Sdurasaxo] C:\WINDOWS\igaxozoq.DLL ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [ter8m] C:\WINDOWS\System32\msxm192z.DLL (USA)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [winupdate.exe] C:\WINDOWS\System32\winupdate.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] C:\DOCUME~1\SCC~1\LOCALS~1\Temp\obmijgxn.exe File not found
O4 - HKCU..\Run: [Advanced Virus Remover] C:\Program Files\AdvancedVirusRemover\PAVRM.exe File not found
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.1\AOL.EXE File not found
O4 - HKCU..\Run: [AV Care] C:\Program Files\AV Care\AVCare.exe File not found
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe ()
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [hsf7husjnfg98gi498aejhiugjkdg4] C:\DOCUME~1\SCC~1\LOCALS~1\Temp\obmijgxn.exe File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PopRock] C:\DOCUME~1\SCC~1\LOCALS~1\Temp\b.exe File not found
O4 - HKCU..\Run: [Security Center] C:\WINDOWS\sc.exe ()
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\HOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O4 - Startup: C:\Documents and Settings\SC Chandra\Start Menu\Programs\Startup\is-KCTTG.lnk = C:\Documents and Settings\SC Chandra\Desktop\Virus Removal Tool\is-KCTTG\startup.exe ()
O4 - Startup: C:\Documents and Settings\SC Chandra\Start Menu\Programs\Startup\is-PD3FU.lnk = C:\Documents and Settings\SC Chandra\Desktop\Virus Removal Tool1\is-PD3FU\startup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\winhelper.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\winhelper.dll ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/31.32/uploader2.cab (UploadListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\drivers\smss.exe) - C:\WINDOWS\System32\drivers\smss.exe File not found
O20 - HKCU Winlogon: Shell - (C:\Program) - File not found
O20 - HKCU Winlogon: Shell - (Files\Privacy) - File not found
O20 - HKCU Winlogon: Shell - (center\pc.exe) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\avcenter.exe: Debugger - C:\WINDOWS\system32\ahui.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgaurd.exe: Debugger - C:\WINDOWS\system32\ahui.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgnt.exe: Debugger - C:\WINDOWS\system32\ahui.exe (Microsoft Corporation)
O27 - HKLM IFEO\avp.exe: Debugger - C:\WINDOWS\system32\ahui.exe (Microsoft Corporation)
O27 - HKLM IFEO\egui.exe: Debugger - C:\WINDOWS\system32\ahui.exe (Microsoft Corporation)
O27 - HKLM IFEO\ekrn.exe: Debugger - C:\WINDOWS\system32\ahui.exe (Microsoft Corporation)
O27 - HKLM IFEO\sched.exe: Debugger - C:\WINDOWS\system32\ahui.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/10 06:00:00 | 00,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2009/10/23 20:14:24 | 00,000,027 | ---- | M] () - E:\AUTORUN.INF -- [ FAT ]
O33 - MountPoints2\{11480aa3-6904-11db-9651-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{11480aa3-6904-11db-9651-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{11480aa3-6904-11db-9651-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe -- [2004/08/10 06:00:00 | 01,314,816 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{2a51b734-df70-11dd-97a3-0015c5b999b5}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{7c4956d6-5ce0-11dd-974a-0015c5b999b5}\Shell - "" = AutoRun
O33 - MountPoints2\{7c4956d6-5ce0-11dd-974a-0015c5b999b5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7c4956d6-5ce0-11dd-974a-0015c5b999b5}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9252ae2c-8b63-11dc-96a4-0015c5b999b5}\Shell\AutoRun\command - "" = E:\EHSCHED.EXE -- [2008/04/13 19:12:38 | 00,046,080 | -H-- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (MACHINE) - File not found
O34 - HKLM BootExecute: (BootExecut) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/10/21 10:37:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SC Chandra\Local Settings\Application Data\{D8ECB74C-BD9A-4F82-98EF-43FF7F0309B8}
[2009/10/13 18:28:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SC Chandra\Local Settings\Application Data\Temp
[1 C:\Documents and Settings\SC Chandra\My Documents\*.tmp files]
[107 C:\Documents and Settings\SC Chandra\Desktop\*.tmp files]
[2009/10/11 09:10:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/10/21 10:32:03 | 00,000,000 | ---D | C] -- C:\Program Files\AV Care
[2009/10/21 16:10:32 | 00,000,000 | ---D | C] -- C:\Program Files\C_Cleaner
[2009/10/23 21:02:24 | 00,000,000 | ---D | C] -- C:\Program Files\MA
[2009/10/22 22:37:11 | 00,000,000 | ---D | C] -- C:\Program Files\Malware_2
[2009/10/21 10:36:51 | 00,000,000 | ---D | C] -- C:\Program Files\Protection System
[2009/10/11 09:10:33 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/10/23 21:11:44 | 00,148,496 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\49434075.sys
[2009/10/23 21:11:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SC Chandra\Desktop\Virus Removal Tool1
[2009/10/23 21:02:33 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/23 21:02:30 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/23 20:29:45 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/10/23 20:29:34 | 00,408,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF18310.exe
[2009/10/23 20:18:07 | 00,148,496 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\36298362.sys
[2009/10/23 20:18:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SC Chandra\Desktop\Virus Removal Tool
[2009/10/22 22:26:54 | 00,408,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf
[2009/10/22 22:07:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\SDFix
[2009/10/22 22:06:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\sdfix_dir
[2009/10/22 21:23:46 | 00,408,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF4982.exe
[2009/10/22 20:17:40 | 00,065,536 | ---- | C] (USA) -- C:\WINDOWS\System32\msxm192z.dll
[2009/10/21 12:14:22 | 00,110,592 | ---- | C] (Macrovision Corporation) -- C:\WINDOWS\System32\mscorewr.dll
[2009/10/21 11:52:45 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/21 11:24:22 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/10/21 11:09:17 | 00,102,688 | ---- | C] (RCFXnww) -- C:\WINDOWS\9129837.exe
[2009/10/21 10:35:37 | 00,149,504 | ---- | C] (MainConcept CO,.@ FileDescription) -- C:\WINDOWS\sv2.exe
[2009/10/21 10:32:10 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winupdate.exe
[2009/10/21 10:13:13 | 00,037,376 | ---- | C] (Privat) -- C:\WINDOWS\System32\net.net
[2009/10/11 09:14:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SC Chandra\My Documents\Downloads
[2009/10/02 10:00:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SC Chandra\Desktop\New Folder
[2008/12/19 23:04:38 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\SC Chandra\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[74 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\SC Chandra\My Documents\*.tmp files]
[107 C:\Documents and Settings\SC Chandra\Desktop\*.tmp files]
[2009/10/24 19:14:02 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/24 19:13:59 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/24 19:13:56 | 00,000,300 | -H-- | M] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/10/24 19:13:56 | 00,000,256 | -H-- | M] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/10/24 19:13:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/24 19:13:21 | 00,000,000 | ---- | M] () -- C:\WINDOWS\win32k.sys
[2009/10/24 19:13:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/24 19:13:18 | 10,637,14816 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/24 18:50:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Qdazirikiji.bin
[2009/10/24 18:27:05 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/24 07:24:46 | 01,832,992 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/10/24 07:20:50 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\21726.exe
[2009/10/24 07:00:50 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5447.exe
[2009/10/24 06:40:50 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19895.exe
[2009/10/24 06:20:50 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19718.exe
[2009/10/24 06:00:50 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18716.exe
[2009/10/24 05:40:50 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\17421.exe
[2009/10/24 05:20:50 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\12382.exe
[2009/10/24 05:00:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\292.exe
[2009/10/24 04:40:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\153.exe
[2009/10/24 04:20:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\3902.exe
[2009/10/24 04:00:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\14604.exe
[2009/10/24 03:40:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\32391.exe
[2009/10/24 03:20:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5436.exe
[2009/10/24 03:00:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\4827.exe
[2009/10/24 02:40:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11942.exe
[2009/10/24 02:20:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\2995.exe
[2009/10/24 02:00:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\491.exe
[2009/10/24 01:40:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9961.exe
[2009/10/24 01:20:48 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe
[2009/10/24 01:00:48 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
[2009/10/24 00:40:48 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
[2009/10/24 00:20:48 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
[2009/10/24 00:00:48 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
[2009/10/23 23:40:48 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
[2009/10/23 23:20:48 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
[2009/10/23 23:00:48 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
[2009/10/23 22:40:48 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2009/10/23 22:20:48 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2009/10/23 22:00:48 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2009/10/23 21:40:47 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2009/10/23 21:20:47 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2009/10/23 21:12:09 | 00,001,919 | ---- | M] () -- C:\Documents and Settings\SC Chandra\Start Menu\Programs\Startup\is-PD3FU.lnk
[2009/10/23 21:02:36 | 00,000,570 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/23 21:00:47 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\AVR09.exe
[2009/10/23 21:00:47 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2009/10/23 21:00:26 | 00,000,831 | ---- | M] () -- C:\WINDOWS\System32\critical_warning.html
[2009/10/23 20:50:28 | 00,001,412 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/10/23 20:28:17 | 00,408,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf
[2009/10/23 20:28:17 | 00,408,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF18310.exe
[2009/10/23 20:18:56 | 00,001,910 | ---- | M] () -- C:\Documents and Settings\SC Chandra\Start Menu\Programs\Startup\is-KCTTG.lnk
[2009/10/23 20:15:30 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/10/23 19:17:28 | 00,383,488 | ---- | M] () -- C:\WINDOWS\sc.exe
[2009/10/23 19:09:40 | 00,133,632 | ---- | M] () -- C:\WINDOWS\SC.INS
[2009/10/23 12:36:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28703.exe
[2009/10/23 12:16:39 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9894.exe
[2009/10/23 11:56:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\17035.exe
[2009/10/23 11:36:04 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26299.exe
[2009/10/23 11:15:47 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\25667.exe
[2009/10/23 10:55:29 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19912.exe
[2009/10/23 10:35:12 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\1869.exe
[2009/10/23 10:14:54 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11538.exe
[2009/10/23 09:54:37 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\14771.exe
[2009/10/22 22:55:20 | 00,172,032 | ---- | M] () -- C:\WINDOWS\isvchost.exe
[2009/10/22 22:25:30 | 00,149,504 | ---- | M] (MainConcept CO,.@ FileDescription) -- C:\WINDOWS\sv2.exe
[2009/10/22 22:24:11 | 01,168,384 | ---- | M] () -- C:\WINDOWS\svchust.exe
[2009/10/22 22:22:51 | 01,168,384 | ---- | M] () -- C:\WINDOWS\svchost.exe
[2009/10/22 22:20:59 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Ryikigiha.dat
[2009/10/22 21:02:21 | 00,408,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF4982.exe
[2009/10/22 20:19:51 | 00,000,108 | ---- | M] () -- C:\WINDOWS\System32\207656.BAT
[2009/10/22 20:18:06 | 00,065,536 | ---- | M] (USA) -- C:\WINDOWS\System32\msxm192z.dll
[2009/10/21 16:59:04 | 00,040,960 | ---- | M] () -- C:\WINDOWS\sv3.exe
[2009/10/21 16:57:42 | 00,102,688 | ---- | M] (RCFXnww) -- C:\WINDOWS\9129837.exe
[2009/10/21 16:10:34 | 00,001,557 | ---- | M] () -- C:\Documents and Settings\SC Chandra\Desktop\CCleaner.lnk
[2009/10/21 15:57:52 | 00,130,048 | ---- | M] () -- C:\Documents and Settings\SC Chandra\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/21 15:26:37 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/10/21 12:14:44 | 00,110,592 | ---- | M] (Macrovision Corporation) -- C:\WINDOWS\System32\mscorewr.dll
[2009/10/21 11:50:44 | 00,095,232 | ---- | M] () -- C:\WINDOWS\System32\LuxBegc6ZH.dll
[2009/10/21 10:35:59 | 00,000,152 | ---- | M] () -- C:\WINDOWS\System32\api.reg
[2009/10/21 10:35:51 | 00,040,960 | ---- | M] () -- C:\WINDOWS\System32\csrs32.exe
[2009/10/21 10:32:24 | 00,022,528 | ---- | M] () -- C:\WINDOWS\System32\winhelper.dll
[2009/10/21 10:32:04 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winupdate.exe
[2009/10/21 10:13:13 | 00,037,376 | ---- | M] (Privat) -- C:\WINDOWS\System32\net.net
[2009/10/20 23:43:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/19 21:09:24 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\SC Chandra\Desktop\Employment Certifcate.doc
[2009/10/19 21:08:16 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\SC Chandra\Desktop\Employment Certifcate SC.doc
[2009/10/15 07:19:40 | 00,508,318 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/15 07:19:40 | 00,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/15 07:19:40 | 00,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/15 07:08:36 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/13 18:30:59 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/10/11 10:41:21 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/10/03 10:29:50 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\SC Chandra\Desktop\car details.xls
[2009/10/02 13:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/01 13:10:27 | 00,167,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/29 21:12:19 | 00,036,408 | ---- | M] () -- C:\Documents and Settings\SC Chandra\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/27 09:41:44 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\SC Chandra\Desktop\Jimmy_EBX.doc

========== Files - No Company Name ==========
[2099/01/01 12:00:00 | 00,011,168 | -H-- | C] () -- C:\WINDOWS\System32\refogoba
[2009/10/23 21:12:09 | 00,001,919 | ---- | C] () -- C:\Documents and Settings\SC Chandra\Start Menu\Programs\Startup\is-PD3FU.lnk
[2009/10/23 21:02:36 | 00,000,570 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/23 20:39:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\AVR09.exe
[2009/10/23 20:18:56 | 00,001,910 | ---- | C] () -- C:\Documents and Settings\SC Chandra\Start Menu\Programs\Startup\is-KCTTG.lnk
[2009/10/23 20:18:39 | 01,832,992 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/10/23 20:18:39 | 00,001,412 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/10/23 19:36:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2009/10/23 19:09:11 | 00,000,831 | ---- | C] () -- C:\WINDOWS\System32\critical_warning.html
[2009/10/23 12:36:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\28703.exe
[2009/10/23 12:16:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\9894.exe
[2009/10/23 11:56:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\17035.exe
[2009/10/23 11:36:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26299.exe
[2009/10/23 11:15:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\25667.exe
[2009/10/23 10:55:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19912.exe
[2009/10/23 10:35:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\1869.exe
[2009/10/23 10:14:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11538.exe
[2009/10/23 09:54:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\14771.exe
[2009/10/22 20:19:51 | 00,000,108 | ---- | C] () -- C:\WINDOWS\System32\207656.BAT
[2009/10/22 03:16:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\21726.exe
[2009/10/22 02:56:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5447.exe
[2009/10/22 02:36:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19895.exe
[2009/10/22 02:16:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19718.exe
[2009/10/22 01:56:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18716.exe
[2009/10/22 01:36:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\17421.exe
[2009/10/22 01:16:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\12382.exe
[2009/10/22 00:56:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\292.exe
[2009/10/22 00:36:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\153.exe
[2009/10/22 00:16:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\3902.exe
[2009/10/21 23:56:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\14604.exe
[2009/10/21 23:36:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\32391.exe
[2009/10/21 23:16:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5436.exe
[2009/10/21 22:56:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\4827.exe
[2009/10/21 22:35:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11942.exe
[2009/10/21 22:15:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\2995.exe
[2009/10/21 21:55:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\491.exe
[2009/10/21 21:35:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\9961.exe
[2009/10/21 21:15:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\16827.exe
[2009/10/21 20:55:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe
[2009/10/21 20:35:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\28145.exe
[2009/10/21 20:15:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe
[2009/10/21 19:55:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe
[2009/10/21 17:41:45 | 00,383,488 | ---- | C] () -- C:\WINDOWS\sc.exe
[2009/10/21 16:05:53 | 00,001,557 | ---- | C] () -- C:\Documents and Settings\SC Chandra\Desktop\CCleaner.lnk
[2009/10/21 15:42:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe
[2009/10/21 15:26:37 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/10/21 15:22:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe
[2009/10/21 15:02:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe
[2009/10/21 14:42:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2009/10/21 14:22:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2009/10/21 14:02:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2009/10/21 13:42:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2009/10/21 13:22:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2009/10/21 11:50:43 | 00,095,232 | ---- | C] () -- C:\WINDOWS\System32\LuxBegc6ZH.dll
[2009/10/21 11:42:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\win32k.sys
[2009/10/21 10:37:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Qdazirikiji.bin
[2009/10/21 10:37:15 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Ryikigiha.dat
[2009/10/21 10:36:51 | 00,133,632 | ---- | C] () -- C:\WINDOWS\SC.INS
[2009/10/21 10:35:59 | 00,000,152 | ---- | C] () -- C:\WINDOWS\System32\api.reg
[2009/10/21 10:35:50 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\csrs32.exe
[2009/10/21 10:35:50 | 00,040,960 | ---- | C] () -- C:\WINDOWS\sv3.exe
[2009/10/21 10:34:09 | 01,168,384 | ---- | C] () -- C:\WINDOWS\svchust.exe
[2009/10/21 10:33:47 | 01,168,384 | ---- | C] () -- C:\WINDOWS\svchost.exe
[2009/10/21 10:33:13 | 00,172,032 | ---- | C] () -- C:\WINDOWS\isvchost.exe
[2009/10/21 10:32:22 | 00,022,528 | ---- | C] () -- C:\WINDOWS\System32\winhelper.dll
[2009/10/21 10:13:49 | 00,000,256 | -H-- | C] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/10/21 10:13:37 | 00,000,300 | -H-- | C] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/10/19 21:08:15 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\SC Chandra\Desktop\Employment Certifcate SC.doc
[2009/10/11 09:22:30 | 00,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/11 09:22:29 | 00,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/11 09:14:05 | 00,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/10/03 10:29:50 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\SC Chandra\Desktop\car details.xls
[2009/09/27 09:25:01 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\SC Chandra\Desktop\Jimmy_EBX.doc
[2009/07/16 09:08:09 | 00,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/12/19 23:04:50 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\SC Chandra\Application Data\pcouffin.log
[2008/12/19 23:04:38 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\SC Chandra\Application Data\inst.exe
[2008/12/19 23:04:38 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\SC Chandra\Application Data\pcouffin.cat
[2008/12/19 23:04:38 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\SC Chandra\Application Data\pcouffin.inf
[2008/09/26 17:32:41 | 00,050,127 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/06/29 23:01:13 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2008/06/29 23:01:13 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2008/06/29 23:01:13 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2008/06/29 23:01:13 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2008/03/29 13:19:53 | 00,002,942 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2007/10/26 15:28:18 | 00,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/10/26 15:28:04 | 00,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/10/07 20:29:33 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/10/07 20:29:26 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/10/07 20:29:26 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/08/20 19:26:52 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/08/20 19:26:52 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/08/15 17:33:14 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/08/15 17:30:26 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/08/03 23:44:58 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2007/05/17 14:58:10 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/04/17 21:35:10 | 00,001,364 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/06 17:45:04 | 00,025,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/02/06 17:42:40 | 01,691,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2006/11/22 23:38:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/11/05 14:30:25 | 00,130,048 | ---- | C] () -- C:\Documents and Settings\SC Chandra\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/04 21:30:14 | 00,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2006/10/31 13:16:36 | 00,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/10/31 13:16:36 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\D8E8B76D62.sys
[2006/10/31 12:56:10 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/10/31 12:45:40 | 00,036,408 | ---- | C] () -- C:\Documents and Settings\SC Chandra\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/10/31 12:43:16 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\SC Chandra\Application Data\desktop.ini
[2006/10/31 12:43:14 | 02,109,966 | -H-- | C] () -- C:\Documents and Settings\SC Chandra\Local Settings\Application Data\IconCache.db
[2006/10/31 12:43:14 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\SC Chandra\Local Settings\Application Data\fusioncache.dat
[2006/10/28 14:45:30 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/28 14:30:43 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/28 14:27:09 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/28 13:53:50 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/10/28 13:53:38 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/10/28 13:53:34 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/10/28 13:53:28 | 00,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/12/09 16:37:42 | 00,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2005/08/16 04:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:24 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/08/16 04:18:43 | 00,000,708 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/16 04:18:42 | 00,163,840 | ---- | C] () -- C:\WINDOWS\igaxozoq.dll
[2005/08/16 04:18:41 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/16 04:18:23 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\Nwsapv32.dll
[2005/08/16 04:18:23 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\NWCWov32.dll
[2005/08/16 04:18:23 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\Irmonv32.dll
[2005/08/16 04:18:23 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\Ipripv32.dll
[2005/08/16 04:18:23 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\6to4v32.dll
[2005/08/16 04:18:23 | 00,002,304 | ---- | C] () -- C:\WINDOWS\System32\daqdrv.sys
[2005/08/16 04:18:16 | 00,061,952 | ---- | C] () -- C:\WINDOWS\System32\eventlog.dll
[2005/08/05 14:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/09 17:04:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/17 20:00:00 | 00,073,728 | -H-- | C] () -- C:\WINDOWS\System32\Iasex.dll
[2004/08/10 05:00:00 | 00,000,010 | ---- | C] () -- C:\WINDOWS\System32\FInstall.sys
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/27 14:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
< End of report >

Extras.Log
------
OTL Extras logfile created on: 10/24/2009 6:50:46 PM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = E:\
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 542.67 Mb Available Physical Memory | 53.50% Memory free
2.39 Gb Paging File | 2.01 Gb Available in Paging File | 84.14% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.83 Gb Total Space | 13.05 Gb Free Space | 19.23% Space Free | Partition Type: NTFS
Drive D: | 2.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1.94 Gb Total Space | 1.82 Gb Free Space | 93.90% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded


Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE ()

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome ()
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 ()
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome ()
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 ()
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" ()

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- ()
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\Explorer.EXE:*:enabled:@shell32.dll,-1 -- (Microsoft Corporation)
"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe:*:Disabled:GoogleToolbarNotifier -- (Google Inc.)
"C:\WINDOWS\system32\igfxsrvc.exe" = C:\WINDOWS\system32\igfxsrvc.exe:*:Disabled:igfxsrvc Module -- (Intel Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()
"C:\Program Files\Common Files\AOL\acs\AOLDial.exe" = C:\Program Files\Common Files\AOL\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)
"C:\Program Files\Common Files\AOL\acs\AOLacsd.exe" = C:\Program Files\Common Files\AOL\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1252214178\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1252214178\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- ()
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Documents and Settings\SC Chandra\Local Settings\temp\VRTD4.tmp" = C:\Documents and Settings\SC Chandra\Local Settings\temp\VRTD4.tmp:*:Enabled:installer -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"{3846E811-639D-4DE1-844B-30491C0A6C0C}" = Dell Support 3.2
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5F0C7588-DC73-4465-8BAB-21813C1EC047}" = PDF Manual NW-E000 Series
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro AntiVirus
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D2370AC-D8E6-4996-986A-19824F8A167C}" = Logitech QuickCam
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}" = Trend Micro AntiVirus
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AV Care" = AV Care
"BitTorrent" = BitTorrent 5.0.7
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.2.0
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"Google Chrome" = Google Chrome
"HandBrake" = HandBrake 0.9.3
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"InterActual Player" = InterActual Player
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.4.5 Standard
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"net" = Advertisement Service
"OpenMG HotFix4.5-06-05-10-01" = OpenMG Limited Patch 4.5-06-05-12-01
"Picasa 3" = Picasa 3
"QcDrv" = Logitech® Camera Driver
"RealPlayer 6.0" = RealPlayer Basic
"SopCast" = SopCast 3.0.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.5.2.60
"TVUPlayer" = TVUPlayer 2.3.6.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.8a
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/24/2009 7:43:38 PM | Computer Name = SC1PC | Source = Application Error | ID = 1000
Description = Faulting application logonui.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x006302e1.

Error - 10/24/2009 7:43:44 PM | Computer Name = SC1PC | Source = Application Error | ID = 1000
Description = Faulting application logonui.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x006302e1.

Error - 10/24/2009 7:43:51 PM | Computer Name = SC1PC | Source = Application Error | ID = 1000
Description = Faulting application logonui.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x006302e1.

Error - 10/24/2009 7:43:57 PM | Computer Name = SC1PC | Source = Application Error | ID = 1000
Description = Faulting application logonui.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x006302e1.

Error - 10/24/2009 7:44:03 PM | Computer Name = SC1PC | Source = Application Error | ID = 1000
Description = Faulting application logonui.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x006302e1.

Error - 10/24/2009 7:44:10 PM | Computer Name = SC1PC | Source = Application Error | ID = 1000
Description = Faulting application logonui.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x006302e1.

Error - 10/24/2009 7:44:24 PM | Computer Name = SC1PC | Source = Application Error | ID = 1000
Description = Faulting application mpnotify.exe, version 5.1.2600.0, faulting module
unknown, version 0.0.0.0, fault address 0x004002e1.

Error - 10/24/2009 7:44:38 PM | Computer Name = SC1PC | Source = Application Error | ID = 1000
Description = Faulting application userinit.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x008f02e1.

Error - 10/24/2009 7:46:27 PM | Computer Name = SC1PC | Source = Application Error | ID = 1000
Description = Faulting application taskmgr.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x009302e1.

Error - 10/24/2009 7:49:19 PM | Computer Name = SC1PC | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

[ System Events ]
Error - 10/23/2009 8:22:16 PM | Computer Name = SC1PC | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}.
The
error: "%5" Happened while starting this command: "C:\Program Files\Internet Explorer\iexplore.exe"
-Embedding

Error - 10/23/2009 8:23:23 PM | Computer Name = SC1PC | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}.
The
error: "%5" Happened while starting this command: "C:\Program Files\Internet Explorer\iexplore.exe"
-Embedding

Error - 10/23/2009 8:23:23 PM | Computer Name = SC1PC | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}.
The
error: "%5" Happened while starting this command: "C:\Program Files\Internet Explorer\iexplore.exe"
-Embedding

Error - 10/23/2009 8:33:08 PM | Computer Name = SC1PC | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 10/23/2009 9:03:25 PM | Computer Name = SC1PC | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 10/23/2009 9:14:30 PM | Computer Name = SC1PC | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 10/23/2009 9:37:23 PM | Computer Name = SC1PC | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 10/23/2009 9:51:43 PM | Computer Name = SC1PC | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 10/23/2009 9:59:43 PM | Computer Name = SC1PC | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 10/24/2009 1:01:38 PM | Computer Name = SC1PC | Source = SRService | ID = 104
Description = The System Restore initialization process failed.


< End of report >
------------------------------------
Any suggestions is appreciated
bayou3034
Oct 25 2009, 01:03 AM
Also I tried running RootRepeal but it ran for a while and just disappeared after a few secs...
bayou3034
Oct 25 2009, 01:52 AM
OK. Was able to run RootRepeal after many attempts
The report
-----------------------
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/24 20:23
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA05C000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A3B000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA85DC000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\32788r22fwjfw.0.tmp\hidec.exe
Status: Allocation size mismatch (API: 24576, Raw: 4096)

Path: C:\WINDOWS\System Volume Information\System Volume Information
Status: Locked to the Windows API!

Path: c:\windows\$ntuninstallkb955839$\tzchange.exe
Status: Allocation size mismatch (API: 57344, Raw: 40960)

Path: C:\WINDOWS\Config\Config
Status: Locked to the Windows API!

Path: C:\WINDOWS\Connection Wizard\Connection Wizard
Status: Locked to the Windows API!

Path: c:\windows\downloaded program files\dwusplay.exe
Status: Allocation size mismatch (API: 217088, Raw: 196608)

Path: c:\windows\ehome\registermceapp.exe
Status: Allocation size mismatch (API: 98304, Raw: 77824)

Path: c:\windows\ehome\xboxmce05lite.exe
Status: Allocation size mismatch (API: 21712896, Raw: 21692416)

Path: c:\windows\ehome\ehexthost.exe
Status: Allocation size mismatch (API: 126976, Raw: 106496)

Path: c:\windows\ehome\ehmcxins.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\windows\ehome\mcrmgr.exe
Status: Allocation size mismatch (API: 155648, Raw: 135168)

Path: c:\windows\ehome\medctrro.exe
Status: Allocation size mismatch (API: 86016, Raw: 65536)

Path: C:\WINDOWS\occache\occache
Status: Locked to the Windows API!

Path: c:\windows\mui\muisetup.exe
Status: Allocation size mismatch (API: 110592, Raw: 94208)

Path: C:\WINDOWS\$hf_mig$\{29F8DDC1-9487-49b8-B27E-3E0C3C1298FF}
Status: Locked to the Windows API!

Path: c:\windows\$ntuninstallkb908246$\ehtray.exe
Status: Allocation size mismatch (API: 69632, Raw: 49152)

Path: c:\windows\$ntuninstallkb913800$\uwdf.exe
Status: Allocation size mismatch (API: 36864, Raw: 32768)

Path: c:\windows\$ntuninstallkb920213$\agentsvr.exe
Status: Allocation size mismatch (API: 188416, Raw: 172032)

Path: c:\windows\$ntuninstallkb970653-v3$\tzchange.exe
Status: Allocation size mismatch (API: 61440, Raw: 40960)

Path: c:\windows\$ntuninstallwmfdist11$\uwdf.exe
Status: Allocation size mismatch (API: 36864, Raw: 32768)

Path: c:\windows\$ntuninstallwmp11$\unregmp2.exe
Status: Allocation size mismatch (API: 122880, Raw: 102400)

Path: c:\windows\$ntuninstallwmp11$\wmlaunch.exe
Status: Allocation size mismatch (API: 86016, Raw: 73728)

Path: c:\windows\$ntuninstallkb900325$\ehmsas.exe
Status: Allocation size mismatch (API: 65536, Raw: 49152)

Path: c:\windows\$ntuninstallkb900325$\ehrec.exe
Status: Allocation size mismatch (API: 102400, Raw: 81920)

Path: c:\windows\$ntuninstallkb900325$\ehrecvr.exe
Status: Allocation size mismatch (API: 217088, Raw: 196608)

Path: c:\windows\$ntuninstallkb900325$\ehsched.exe
Status: Allocation size mismatch (API: 122880, Raw: 106496)

Path: c:\windows\$ntuninstallkb900325$\ehshell.exe
Status: Allocation size mismatch (API: 2904064, Raw: 2883584)

Path: c:\windows\$ntuninstallkb900325$\ehtray.exe
Status: Allocation size mismatch (API: 81920, Raw: 61440)

Path: c:\windows\$ntuninstallkb900325$\mcrmgr.exe
Status: Allocation size mismatch (API: 155648, Raw: 135168)

Path: c:\windows\$ntuninstallkb900325$\medctrro.exe
Status: Allocation size mismatch (API: 86016, Raw: 65536)

Path: c:\windows\$ntuninstallkb900325$\sbeserver.exe
Status: Allocation size mismatch (API: 475136, Raw: 454656)

Path: c:\windows\$ntuninstallkb900325$\sonicmmburnengine.exe
Status: Allocation size mismatch (API: 409600, Raw: 389120)

Path: c:\windows\$ntuninstallkb930494$\togac.exe
Status: Allocation size mismatch (API: 73728, Raw: 61440)

Path: c:\windows\$ntuninstallkb933360$\tzchange.exe
Status: Allocation size mismatch (API: 57344, Raw: 40960)

Path: C:\WINDOWS\aolshare\aolshare
Status: Locked to the Windows API!

Path: C:\WINDOWS\Minidump\Minidump
Status: Locked to the Windows API!

Path: c:\windows\msagent\agentsvr.exe
Status: Allocation size mismatch (API: 278528, Raw: 258048)

Path: c:\windows\$ntuninstallkb938828$\explorer.exe
Status: Allocation size mismatch (API: 618496, Raw: 610304)

Path: c:\windows\$ntuninstallkb939683$\unregmp2.exe
Status: Allocation size mismatch (API: 172032, Raw: 159744)

Path: c:\windows\$ntuninstallkb942763$\tzchange.exe
Status: Allocation size mismatch (API: 57344, Raw: 40960)

Path: c:\windows\$ntservicepackuninstall$\accwiz.exe
Status: Allocation size mismatch (API: 98304, Raw: 86016)

Path: c:\windows\$ntservicepackuninstall$\utilman.exe
Status: Allocation size mismatch (API: 40960, Raw: 32768)

Path: c:\windows\$ntservicepackuninstall$\ss3dfo.scr
Status: Allocation size mismatch (API: 495616, Raw: 487424)

Path: c:\windows\$ntservicepackuninstall$\ssflwbox.scr
Status: Allocation size mismatch (API: 258048, Raw: 233472)

Path: c:\windows\$ntservicepackuninstall$\ssmypics.scr
Status: Allocation size mismatch (API: 36864, Raw: 32768)

Path: c:\windows\$ntservicepackuninstall$\rdpclip.exe
Status: Allocation size mismatch (API: 61440, Raw: 40960)

Path: c:\windows\$ntservicepackuninstall$\msimn.exe
Status: Allocation size mismatch (API: 49152, Raw: 32768)

Path: c:\windows\$ntservicepackuninstall$\msmsgs.exe
Status: Allocation size mismatch (API: 1175552, Raw: 1163264)

Path: c:\windows\$ntservicepackuninstall$\cleanmgr.exe
Status: Allocation size mismatch (API: 61440, Raw: 40960)

Path: c:\windows\$ntservicepackuninstall$\cmd.exe
Status: Allocation size mismatch (API: 196608, Raw: 176128)

Path: c:\windows\$ntservicepackuninstall$\cmdl32.exe
Status: Allocation size mismatch (API: 40960, Raw: 36864)

Path: c:\windows\$ntservicepackuninstall$\cmstp.exe
Status: Allocation size mismatch (API: 61440, Raw: 40960)

Path: c:\windows\$ntservicepackuninstall$\logman.exe
Status: Allocation size mismatch (API: 53248, Raw: 36864)

Path: c:\windows\$ntservicepackuninstall$\logonui.exe
Status: Allocation size mismatch (API: 266240, Raw: 253952)

Path: c:\windows\$ntservicepackuninstall$\wmiadap.exe
Status: Allocation size mismatch (API: 151552, Raw: 126976)

Path: c:\windows\$ntservicepackuninstall$\wmiapsrv.exe
Status: Allocation size mismatch (API: 102400, Raw: 81920)

Path: c:\windows\$ntservicepackuninstall$\wextract.exe
Status: Allocation size mismatch (API: 69632, Raw: 45056)

Path: c:\windows\$ntservicepackuninstall$\wab.exe
Status: Allocation size mismatch (API: 32768, Raw: 28672)

Path: c:\windows\$ntservicepackuninstall$\tlntadmn.exe
Status: Allocation size mismatch (API: 57344, Raw: 36864)

Path: c:\windows\$ntservicepackuninstall$\togac.exe
Status: Allocation size mismatch (API: 57344, Raw: 40960)

Path: c:\windows\$ntservicepackuninstall$\tracerpt.exe
Status: Allocation size mismatch (API: 163840, Raw: 143360)

Path: c:\windows\$ntservicepackuninstall$\tzchange.exe
Status: Allocation size mismatch (API: 61440, Raw: 40960)

Path: c:\windows\$ntservicepackuninstall$\setregni.exe
Status: Allocation size mismatch (API: 53248, Raw: 36864)

Path: c:\windows\$ntservicepackuninstall$\spoolsv.exe
Status: Allocation size mismatch (API: 49152, Raw: 32768)

Path: c:\windows\$ntservicepackuninstall$\schtasks.exe
Status: Allocation size mismatch (API: 81920, Raw: 69632)

Path: c:\windows\$ntservicepackuninstall$\rstrui.exe
Status: Allocation size mismatch (API: 233472, Raw: 221184)

Path: c:\windows\$ntservicepackuninstall$\oobebaln.exe
Status: Allocation size mismatch (API: 40960, Raw: 32768)

Path: c:\windows\$ntservicepackuninstall$\packager.exe
Status: Allocation size mismatch (API: 57344, Raw: 40960)

Path: c:\windows\$ntservicepackuninstall$\rasphone.exe
Status: Allocation size mismatch (API: 53248, Raw: 36864)

Path: c:\windows\$ntservicepackuninstall$\powercfg.exe
Status: Allocation size mismatch (API: 40960, Raw: 32768)

Path: c:\windows\$ntservicepackuninstall$\proquota.exe
Status: Allocation size mismatch (API: 45056, Raw: 36864)

Path: c:\windows\$ntservicepackuninstall$\oemig50.exe
Status: Allocation size mismatch (API: 57344, Raw: 40960)

Path: c:\windows\$ntservicepackuninstall$\net1.exe
Status: Allocation size mismatch (API: 106496, Raw: 90112)

Path: c:\windows\$ntservicepackuninstall$\reg.exe
Status: Allocation size mismatch (API: 36864, Raw: 28672)

Path: c:\windows\$ntservicepackuninstall$\mplay32.exe
Status: Allocation size mismatch (API: 98304, Raw: 81920)

Path: c:\windows\$ntservicepackuninstall$\ipconfig.exe
Status: Allocation size mismatch (API: 45056, Raw: 32768)

Path: c:\windows\$ntservicepackuninstall$\ipv6.exe
Status: Allocation size mismatch (API: 53248, Raw: 40960)

Path: c:\windows\$ntservicepackuninstall$\dwwin.exe
Status: Allocation size mismatch (API: 139264, Raw: 131072)

Path: c:\windows\$ntservicepackuninstall$\dxdiag.exe
Status: Allocation size mismatch (API: 655360, Raw: 643072)

Path: c:\windows\$ntservicepackuninstall$\gacutil.exe
Status: Allocation size mismatch (API: 57344, Raw: 36864)

Path: c:\windows\$ntservicepackuninstall$\getmac.exe
Status: Allocation size mismatch (API: 49152, Raw: 36864)

Path: c:\windows\$ntservicepackuninstall$\gpresult.exe
Status: Allocation size mismatch (API: 81920, Raw: 69632)

Path: c:\windows\$ntservicepackuninstall$\fsquirt.exe
Status: Allocation size mismatch (API: 94208, Raw: 73728)

Path: c:\windows\$ntservicepackuninstall$\eudcedit.exe
Status: Allocation size mismatch (API: 147456, Raw: 126976)

Path: c:\windows\$ntservicepackuninstall$\eventcreate.exe
Status: Allocation size mismatch (API: 28672, Raw: 20480)

Path: c:\windows\$ntservicepackuninstall$\explorer.exe
Status: Allocation size mismatch (API: 614400, Raw: 606208)

Path: c:\windows\$ntservicepackuninstall$\driverquery.exe
Status: Allocation size mismatch (API: 53248, Raw: 36864)

Path: c:\windows\$ntservicepackuninstall$\cipher.exe
Status: Allocation size mismatch (API: 45056, Raw: 32768)

Path: c:\windows\$ntservicepackuninstall$\agentsvr.exe
Status: Allocation size mismatch (API: 188416, Raw: 172032)

Path: c:\windows\$ntservicepackuninstall$\narrator.exe
Status: Allocation size mismatch (API: 49152, Raw: 36864)

Path: c:\windows\$ntservicepackuninstall$\wbemtest.exe
Status: Allocation size mismatch (API: 81920, Raw: 73728)

Path: c:\windows\$ntservicepackuninstall$\iexpress.exe
Status: Allocation size mismatch (API: 81920, Raw: 73728)

Path: c:\windows\$ntservicepackuninstall$\conf.exe
Status: Allocation size mismatch (API: 528384, Raw: 520192)

Path: c:\windows\$ntservicepackuninstall$\helpctr.exe
Status: Allocation size mismatch (API: 491520, Raw: 487424)

Path: c:\windows\$ntservicepackuninstall$\mqtgsvc.exe
Status: Allocation size mismatch (API: 81920, Raw: 73728)

Path: c:\windows\$ntservicepackuninstall$\wscript.exe
Status: Allocation size mismatch (API: 73728, Raw: 65536)

Path: c:\windows\$ntuninstallkb951072-v2$\tzchange.exe
Status: Allocation size mismatch (API: 57344, Raw: 40960)

Path: c:\dell\utilities\dsr\dsrirremv2.exe
Status: Allocation size mismatch (API: 282624, Raw: 262144)

Path: c:\drivers\audio\onboard\stacsv.exe
Status: Allocation size mismatch (API: 102400, Raw: 81920)

Path: c:\drivers\audio\onboard\stsystra.exe
Status: Allocation size mismatch (API: 303104, Raw: 282624)

Path: c:\drivers\audio\onboard\suhlp.exe
Status: Allocation size mismatch (API: 49152, Raw: 28672)

Path: c:\drivers\audio\onboard\suhlp64.exe
Status: Allocation size mismatch (API: 57344, Raw: 36864)

Path: c:\drivers\modem\onboard\hxfsetup.exe
Status: Allocation size mismatch (API: 598016, Raw: 577536)

Path: c:\drivers\modem\onboard\kb835221.exe
Status: Allocation size mismatch (API: 81920, Raw: 65536)

Path: c:\drivers\video\onboard\igfxsrvc.exe
Status: Allocation size mismatch (API: 180224, Raw: 159744)

Path: c:\drivers\video\onboard\igfxtray.exe
Status: Allocation size mismatch (API: 118784, Raw: 98304)

Path: c:\drivers\video\onboard\igfxzoom.exe
Status: Allocation size mismatch (API: 135168, Raw: 114688)

Path: c:\drivers\video\onboard\hkcmd.exe
Status: Allocation size mismatch (API: 98304, Raw: 77824)

Path: c:\drivers\video\onboard\ialmudlg.exe
Status: Allocation size mismatch (API: 135168, Raw: 114688)

Path: c:\drivers\video\onboard\igfxcfg.exe
Status: Allocation size mismatch (API: 471040, Raw: 450560)

Path: c:\drivers\video\onboard\igfxext.exe
Status: Allocation size mismatch (API: 114688, Raw: 94208)

Path: c:\drivers\video\onboard\igfxpers.exe
Status: Allocation size mismatch (API: 139264, Raw: 118784)

Path: c:\program files\quicktime\qtsystem\exportcontroller.exe
Status: Allocation size mismatch (API: 192512, Raw: 172032)

Path: c:\program files\quicktime\qtsystem\quicktimeupdatehelper.exe
Status: Allocation size mismatch (API: 180224, Raw: 159744)

Path: c:\program files\sonic\dla\dlaunin.exe
Status: Allocation size mismatch (API: 61440, Raw: 45056)

Path: c:\program files\sonic\mydvd\mydvd.exe
Status: Allocation size mismatch (API: 17739776, Raw: 17719296)

Path: c:\program files\sonic\mydvd\mydvdreg.exe
Status: Allocation size mismatch (API: 73728, Raw: 53248)

Path: c:\program files\sony\personal audio driver\copyinf.exe
Status: Allocation size mismatch (API: 53248, Raw: 28672)

Path: c:\program files\sony\personal audio driver\unusb.exe
Status: Allocation size mismatch (API: 204800, Raw: 184320)

Path: c:\program files\sony\sonicstage\appreg.exe
Status: Allocation size mismatch (API: 131072, Raw: 110592)

Path: c:\program files\sony\sonicstage\jetcomp.exe
Status: Allocation size mismatch (API: 86016, Raw: 65536)

Path: c:\program files\sony\sonicstage\omg1to2.exe
Status: Allocation size mismatch (API: 208896, Raw: 188416)

Path: c:\program files\sony\sonicstage\omg2oma.exe
Status: Allocation size mismatch (API: 385024, Raw: 364544)

Path: c:\program files\sony\sony network walkman (e)\copyinf.exe
Status: Allocation size mismatch (API: 53248, Raw: 28672)

Path: c:\program files\sony corporation\network walkman(ev) driver\copyinf.exe
Status: Allocation size mismatch (API: 53248, Raw: 28672)

Path: c:\program files\broadcom\bacs\bacs.exe
Status: Allocation size mismatch (API: 1617920, Raw: 1597440)

Path: c:\program files\broadcom\bacs\bacstray.exe
Status: Allocation size mismatch (API: 139264, Raw: 118784)

Path: c:\program files\cisco systems\vpn client\cisco_cert_mgr.exe
Status: Allocation size mismatch (API: 1048576, Raw: 1032192)

Path: c:\program files\common files\aol\uninstaller.exe
Status: Allocation size mismatch (API: 585728, Raw: 565248)

Path: c:\program files\common files\aolshare\aolreset.exe
Status: Allocation size mismatch (API: 45056, Raw: 24576)

Path: c:\program files\common files\logitech\srvlnch.exe
Status: Allocation size mismatch (API: 102400, Raw: 81920)

Path: c:\program files\conexant\cnxt_modem_hdaudio_ven_14f1&dev_2bfa&subsys_14f100c3\hxfsetup.exe
Status: Allocation size mismatch (API: 598016, Raw: 577536)

Path: c:\program files\internet explorer\connection wizard\icwconn2.exe
Status: Allocation size mismatch (API: 106496, Raw: 86016)

Path: c:\program files\internet explorer\connection wizard\icwrmind.exe
Status: Allocation size mismatch (API: 45056, Raw: 24576)

Path: c:\program files\internet explorer\connection wizard\icwtutor.exe
Status: Allocation size mismatch (API: 94208, Raw: 73728)

Path: c:\program files\internet explorer\connection wizard\inetwiz.exe
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\program files\internet explorer\connection wizard\isignup.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\program files\k-lite codec pack\media player classic\mplayerc.exe
Status: Allocation size mismatch (API: 4321280, Raw: 4300800)

Path: c:\program files\tomtom home 2\xulrunner\regxpcom.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\program files\tomtom home 2\xulrunner\shlibsign.exe
Status: Allocation size mismatch (API: 69632, Raw: 49152)

Path: c:\program files\tomtom home 2\xulrunner\xpcshell.exe
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\program files\viewpoint\viewpoint experience technology\mtsaxinstaller.exe
Status: Allocation size mismatch (API: 81920, Raw: 61440)

Path: c:\program files\yahoo!\messenger\unwise.exe
Status: Allocation size mismatch (API: 176128, Raw: 155648)

Path: c:\program files\installshield installation information\{067d27ff-720f-421f-80e9-cf724dc5e072}\setup.exe
Status: Allocation size mismatch (API: 77824, Raw: 57344)

Path: c:\program files\installshield installation information\{23be930b-6ac4-4d0d-b5c3-03062a2bf2a3}\shutdown.exe
Status: Allocation size mismatch (API: 57344, Raw: 36864)

Path: c:\program files\installshield installation information\{3633ba28-67ce-4ac8-a677-3406ca84c3d8}\shutdown.exe
Status: Allocation size mismatch (API: 57344, Raw: 36864)

Path: c:\program files\installshield installation information\{88e5fcb8-5f25-11d5-b16f-0800460222f0}\setup.exe
Status: Allocation size mismatch (API: 188416, Raw: 172032)

Path: c:\program files\installshield installation information\{cc93d1aa-b881-489a-8d7e-c2dbc1e6f350}\setup.exe
Status: Allocation size mismatch (API: 188416, Raw: 172032)

Path: c:\program files\installshield installation information\{d76298c2-e532-4a11-bcff-76f3f19da84d}\setup.exe
Status: Allocation size mismatch (API: 188416, Raw: 167936)

Path: c:\program files\installshield installation information\{e646dcf0-5a68-11d5-b229-002078017fbf}\setup.exe
Status: Allocation size mismatch (API: 188416, Raw: 172032)

Path: c:\program files\synaptics\syntp\instnt.exe
Status: Allocation size mismatch (API: 102400, Raw: 81920)

Path: c:\program files\synaptics\syntp\syntplpr.exe
Status: Allocation size mismatch (API: 102400, Raw: 86016)

Path: c:\program files\synaptics\syntp\tutorial.exe
Status: Allocation size mismatch (API: 241664, Raw: 221184)

Path: c:\program files\msn gaming zone\windows\zclientm.exe
Status: Allocation size mismatch (API: 57344, Raw: 40960)

Path: c:\program files\dell\dell wireless wlan card\bcmwls32.exe
Status: Allocation size mismatch (API: 143360, Raw: 122880)

Path: c:\program files\dell\dell wireless wlan card\bcmwlu00.exe
Status: Allocation size mismatch (API: 274432, Raw: 253952)

Path: c:\program files\dell\mediadirect\bgdismount.exe
Status: Allocation size mismatch (API: 81920, Raw: 61440)

Path: c:\program files\dell\mediadirect\cllauncher.exe
Status: Allocation size mismatch (API: 126976, Raw: 106496)

Path: c:\program files\dell\mediadirect\md2fixer.exe
Status: Allocation size mismatch (API: 90112, Raw: 57344)

Path: c:\program files\dell support\gtcoach\adpbrowser.exe
Status: Allocation size mismatch (API: 147456, Raw: 126976)

Path: c:\program files\dell support\gtcoach\deldelay.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\program files\dell support\gtcoach\delfolder.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\program files\dell support\gtcoach\doshutdown.exe
Status: Allocation size mismatch (API: 24576, Raw: 8192)

Path: c:\program files\dell support\gtcoach\gtny.exe
Status: Allocation size mismatch (API: 286720, Raw: 266240)

Path: c:\program files\dell support\gtcoach\setspath.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\program files\dell support\gtcoach\tranplug.exe
Status: Allocation size mismatch (API: 69632, Raw: 49152)

Path: c:\program files\dvdfab 5\options\dvdfabmobile.exe
Status: Allocation size mismatch (API: 487424, Raw: 462848)

Path: c:\windows\system32\usmt\migload.exe
Status: Allocation size mismatch (API: 126976, Raw: 106496)

Path: c:\windows\system32\usmt\migwiza.exe
Status: Allocation size mismatch (API: 262144, Raw: 241664)

Path: c:\windows\system32\usmt\migwiz_a.exe
Status: Allocation size mismatch (API: 258048, Raw: 237568)

Path: c:\windows\system32\npp\nppagent.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\windows\system32\restore\srdiag.exe
Status: Allocation size mismatch (API: 69632, Raw: 49152)

Path: c:\windows\system32\wbem\mofcomp.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\windows\system32\wbem\scrcons.exe
Status: Allocation size mismatch (API: 57344, Raw: 36864)

Path: c:\windows\system32\wbem\wbemtest.exe
Status: Allocation size mismatch (API: 139264, Raw: 118784)

Path: c:\windows\system32\wbem\winmgmt.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\windows\system32\wbem\wmiadap.exe
Status: Allocation size mismatch (API: 217088, Raw: 196608)

Path: c:\windows\system32\wbem\wmic.exe
Status: Allocation size mismatch (API: 380928, Raw: 360448)

Path: c:\windows\system32\wbem\unsecapp.exe
Status: Allocation size mismatch (API: 36864, Raw: 20480)

Path: c:\windows\system32\drivers\fidbox.dat
Status: Size mismatch (API: 2678816, Raw: 2676768)

Path: c:\windows\system32\com\comrepl.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\windows\system32\com\comrereg.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\windows\system32\oobe\msoobe.exe
Status: Allocation size mismatch (API: 49152, Raw: 32768)

Path: c:\windows\system32\oobe\oobebaln.exe
Status: Allocation size mismatch (API: 73728, Raw: 53248)

Path: c:\windows\system32\urttemp\regtlib.exe
Status: Allocation size mismatch (API: 69632, Raw: 49152)

Path: c:\windows\system32\dla\tfswcmd.exe
Status: Allocation size mismatch (API: 278528, Raw: 262144)

Path: C:\WINDOWS\Temp\WPDNSE\WPDNSE
Status: Locked to the Windows API!

Path: C:\WINDOWS\Temp\Google Toolbar\Google Toolbar
Status: Locked to the Windows API!

Path: c:\windows\twain_32\logivid\hvideos2.exe
Status: Allocation size mismatch (API: 266240, Raw: 245760)

Path: c:\windows\twain_32\logivid\instexec.exe
Status: Allocation size mismatch (API: 266240, Raw: 249856)

Path: C:\WINDOWS\CSC\d1\d1
Status: Locked to the Windows API!

Path: C:\WINDOWS\CSC\d2\d2
Status: Locked to the Windows API!

Path: C:\WINDOWS\CSC\d3\d3
Status: Locked to the Windows API!

Path: C:\WINDOWS\CSC\d4\d4
Status: Locked to the Windows API!

Path: C:\WINDOWS\CSC\d5\d5
Status: Locked to the Windows API!

Path: C:\WINDOWS\CSC\d6\d6
Status: Locked to the Windows API!

Path: C:\WINDOWS\CSC\d7\d7
Status: Locked to the Windows API!

Path: C:\WINDOWS\CSC\d8\d8
Status: Locked to the Windows API!

Path: c:\windows\ehome\ehhelp\tenfoothelp.exe
Status: Allocation size mismatch (API: 1044480, Raw: 1024000)

Path: c:\windows\ehome\ehhelp1\tenfoothelp.exe
Status: Allocation size mismatch (API: 1044480, Raw: 1024000)

Path: c:\windows\ehome\drm\lgstub.exe
Status: Allocation size mismatch (API: 45056, Raw: 24576)

Path: c:\windows\ehome\drm\licgen.exe
Status: Allocation size mismatch (API: 270336, Raw: 249856)

Path: c:\windows\ehome\createdisc\sonicmmburnengine.exe
Status: Allocation size mismatch (API: 471040, Raw: 450560)

Path: c:\windows\ehome\createdisc\pxhpinst.exe
Status: Allocation size mismatch (API: 77824, Raw: 57344)

Path: c:\windows\ehome\createdisc\pxshare.exe
Status: Allocation size mismatch (API: 90112, Raw: 69632)

Path: c:\windows\ehome\createdisc\sbeserver.exe
Status: Allocation size mismatch (API: 528384, Raw: 507904)

Path: c:\windows\erdnt\hiv-backup\erdnt.exe
Status: Allocation size mismatch (API: 188416, Raw: 163840)

Path: c:\windows\erdnt\subs\erdnt.exe
Status: Allocation size mismatch (API: 188416, Raw: 163840)

Path: c:\windows\sdfix\apps\psservice.exe
Status: Allocation size mismatch (API: 81920, Raw: 61440)

Path: c:\windows\sdfix\apps\cghtme.exe
Status: Allocation size mismatch (API: 172032, Raw: 147456)

Path: c:\windows\sdfix\apps\cliptext.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\windows\sdfix\apps\csweg.exe
Status: Allocation size mismatch (API: 303104, Raw: 278528)

Path: c:\windows\sdfix\apps\download.exe
Status: Allocation size mismatch (API: 81920, Raw: 61440)

Path: c:\windows\sdfix\apps\erunt.exe
Status: Allocation size mismatch (API: 184320, Raw: 159744)

Path: c:\windows\sdfix\apps\fixpath.exe
Status: Allocation size mismatch (API: 49152, Raw: 28672)

Path: c:\windows\sdfix\apps\grep.exe
Status: Allocation size mismatch (API: 102400, Raw: 81920)

Path: c:\windows\sdfix\apps\isadmin.exe
Status: Allocation size mismatch (API: 53248, Raw: 36864)

Path: c:\windows\sdfix\apps\ls.exe
Status: Allocation size mismatch (API: 69632, Raw: 49152)

Path: c:\windows\sdfix\apps\md5file.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\windows\sdfix\apps\moveex.exe
Status: Allocation size mismatch (API: 61440, Raw: 40960)

Path: c:\windows\sdfix\apps\process.exe
Status: Allocation size mismatch (API: 73728, Raw: 53248)

Path: c:\windows\sdfix\apps\procs.exe
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\windows\sdfix\apps\restartit!.exe
Status: Allocation size mismatch (API: 32768, Raw: 8192)

Path: c:\windows\sdfix\apps\sc.exe
Status: Allocation size mismatch (API: 53248, Raw: 32768)

Path: c:\windows\sdfix\apps\sed.exe
Status: Allocation size mismatch (API: 118784, Raw: 102400)

Path: c:\windows\sdfix\apps\sf.exe
Status: Allocation size mismatch (API: 69632, Raw: 49152)

Path: c:\windows\sdfix\apps\shutdown.exe
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\windows\sdfix\apps\swreg.exe
Status: Allocation size mismatch (API: 303104, Raw: 278528)

Path: c:\windows\sdfix\apps\swsc.exe
Status: Allocation size mismatch (API: 65536, Raw: 40960)

Path: c:\windows\sdfix\apps\unrar.exe
Status: Allocation size mismatch (API: 229376, Raw: 204800)

Path: c:\windows\sdfix\apps\unzip.exe
Status: Allocation size mismatch (API: 266240, Raw: 167936)

Path: c:\windows\sdfix\apps\vfind.exe
Status: Allocation size mismatch (API: 73728, Raw: 49152)

Path: c:\windows\sdfix\apps\winmsg.exe
Status: Allocation size mismatch (API: 61440, Raw: 45056)

Path: c:\windows\sdfix\apps\zip.exe
Status: Allocation size mismatch (API: 462848, Raw: 126976)

Path: c:\windows\sdfix_dir\sdfix\catchme.exe
Status: Allocation size mismatch (API: 172032, Raw: 147456)

Path: C:\WINDOWS\security\logs\logs
Status: Locked to the Windows API!

Path: c:\windows\security\templates\secureup.exe
Status: Allocation size mismatch (API: 65536, Raw: 45056)

Path: c:\windows\servicepackfiles\i386\accwiz.exe
Status: Allocation size mismatch (API: 204800, Raw: 184320)

Path: c:\windows\servicepackfiles\i386\actmovie.exe
Status: Allocation size mismatch (API: 24576, Raw: 4096)

Path: c:\windows\servicepackfiles\i386\ngen.exe
Status: Allocation size mismatch (API: 167936, Raw: 147456)

Path: c:\windows\servicepackfiles\i386\hscupd.exe
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\windows\servicepackfiles\i386\smbinst.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\windows\servicepackfiles\i386\smi2smir.exe
Status: Allocation size mismatch (API: 258048, Raw: 237568)

Path: c:\windows\servicepackfiles\i386\smlogsvc.exe
Status: Allocation size mismatch (API: 110592, Raw: 90112)

Path: c:\windows\servicepackfiles\i386\sndrec32.exe
Status: Allocation size mismatch (API: 151552, Raw: 135168)

Path: c:\windows\servicepackfiles\i386\snmp.exe
Status: Allocation size mismatch (API: 53248, Raw: 36864)

Path: c:\windows\servicepackfiles\i386\snmptrap.exe
Status: Allocation size mismatch (API: 28672, Raw: 12288)

Path: c:\windows\servicepackfiles\i386\sort.exe
Status: Allocation size mismatch (API: 45056, Raw: 24576)

Path: c:\windows\servicepackfiles\i386\migregdb.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\windows\servicepackfiles\i386\migwiz.exe
Status: Allocation size mismatch (API: 266240, Raw: 245760)

Path: c:\windows\servicepackfiles\i386\migwiza.exe
Status: Allocation size mismatch (API: 262144, Raw: 241664)

Path: c:\windows\servicepackfiles\i386\mmc.exe
Status: Allocation size mismatch (API: 1437696, Raw: 1417216)

Path: c:\windows\servicepackfiles\i386\dfrgfat.exe
Status: Allocation size mismatch (API: 106496, Raw: 86016)

Path: c:\windows\servicepackfiles\i386\dfrgntfs.exe
Status: Allocation size mismatch (API: 126976, Raw: 106496)

Path: c:\windows\servicepackfiles\i386\dialer.exe
Status: Allocation size mismatch (API: 561152, Raw: 540672)

Path: c:\windows\servicepackfiles\i386\cacls.exe
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\windows\servicepackfiles\i386\clipbrd.exe
Status: Allocation size mismatch (API: 122880, Raw: 106496)

Path: c:\windows\servicepackfiles\i386\diantz.exe
Status: Allocation size mismatch (API: 110592, Raw: 90112)

Path: c:\windows\servicepackfiles\i386\fpcount.exe
Status: Allocation size mismatch (API: 208896, Raw: 192512)

Path: c:\windows\servicepackfiles\i386\wab.exe
Status: Allocation size mismatch (API: 69632, Raw: 49Hidden Services
-------------------
Service Name: TDSSserv.sys
Image Path: C:\WINDOWS\system32\drivers\TDSSxxou.sys

==EOF==
--------------------------
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.