with this virus taking over my computer, i cannot even view my entire screen. the pop ups are everywhere. can't open my antivirus software or the task manager. after some research and someone's advice here in this forum, tried to fix it with smitfraudfix and malwarebytes' antimalware. no luck yet. this virus is so annoying. i cannot stand the websites it automatically opens: adult sites and some website asking me to buy antivirus. i feel helpless. how can i save my computer??
reading through another post, i found OTL.exe and did the run scan. here's my otl.txl notepad:
OTL logfile created on: 2/4/2010 10:08:06 AM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Ratnesh.HOME\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,022.00 Mb Total Physical Memory | 835.00 Mb Available Physical Memory | 82.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 60.80 Gb Total Space | 37.14 Gb Free Space | 61.08% Space Free | Partition Type: NTFS
Drive D: | 12.70 Gb Total Space | 0.88 Gb Free Space | 6.96% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HOME
Current User Name: Ratnesh
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/02/04 10:05:25 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ratnesh.HOME\Desktop\OTL.exe
PRC - [2004/08/10 10:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010/02/04 10:05:25 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ratnesh.HOME\Desktop\OTL.exe
MOD - [2004/08/10 10:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/02/19 15:10:54 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2009/02/19 15:09:53 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2005/12/22 02:06:58 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2005/11/15 17:23:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/11/10 17:45:00 | 000,389,120 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/06/23 18:27:30 | 000,124,608 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/06/23 18:27:28 | 001,715,904 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/06/23 18:27:18 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/06/02 09:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/06/02 09:21:46 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/06/02 09:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/04/22 12:03:28 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/30 21:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2004/10/22 05:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/07/15 11:49:26 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
========== Driver Services (SafeList) ==========
DRV - [2009/11/16 10:11:12 | 001,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100201.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/11/16 10:11:12 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/11/16 10:11:12 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100201.009\NAVENG.SYS -- (NAVENG)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2005/11/28 04:35:38 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/11/10 17:51:00 | 001,396,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/09/30 06:11:00 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/09/20 05:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/08/22 04:06:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/08/22 04:06:00 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/22 04:06:00 | 000,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/08/18 03:22:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/08/02 05:00:00 | 000,349,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/08/02 04:58:00 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/06/19 15:33:18 | 000,190,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/05/13 19:50:10 | 000,123,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/05/05 12:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/05/05 12:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/04/25 04:03:00 | 000,020,640 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/04/22 12:03:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/04/22 12:03:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/03/30 21:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/03/09 17:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/02/04 19:14:32 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/02/04 19:14:30 | 000,324,232 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/08/10 10:00:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/08/10 10:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/03/16 23:04:00 | 000,013,059 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2001/08/17 23:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://cnn.com/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/06 12:33:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 12:32:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2009/12/13 03:58:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2009/12/13 03:58:48 | 000,000,000 | ---D | M]
[2009/11/26 13:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ratnesh.HOME\Application Data\Mozilla\Extensions
[2009/11/26 13:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ratnesh.HOME\Application Data\Mozilla\Firefox\Profiles\txmfanf5.default\extensions
[2009/06/03 07:44:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/02/04 03:51:03 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [igvksyrv] C:\Documents and Settings\Ratnesh.HOME\Local Settings\Application Data\arucmt\gdlasftav.exe ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [igvksyrv] C:\Documents and Settings\Ratnesh.HOME\Local Settings\Application Data\arucmt\gdlasftav.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec script Runner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 68.87.75.198 68.87.64.150
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Blue Lounge.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Blue Lounge.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/28 03:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 19:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/02/04 10:07:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/02/04 10:05:09 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ratnesh.HOME\Desktop\OTL.exe
[2010/02/04 04:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ratnesh.HOME\Application Data\Malwarebytes
[2010/02/04 04:16:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/04 04:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/04 04:16:28 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/04 04:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/04 04:15:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/02/04 04:05:02 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ratnesh.HOME\Desktop\mbam-setup.exe
[2010/02/04 02:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ratnesh.HOME\Desktop\SmitfraudFix
[2010/02/04 01:40:03 | 002,829,864 | ---- | C] (Sammsoft ) -- C:\Documents and Settings\Ratnesh.HOME\Desktop\AROTrial_bt.exe
[2010/02/02 12:39:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ratnesh.HOME\Application Data\AVG8
[2010/02/02 12:36:39 | 000,891,192 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Ratnesh.HOME\Desktop\avg_avwt_stb_en_9_40_free(2).exe
[2010/02/02 12:36:08 | 000,891,192 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Ratnesh.HOME\Desktop\avg_avwt_stb_en_9_40_free.exe
[2010/02/02 11:20:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/02/02 07:46:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ratnesh.HOME\Local Settings\Application Data\arucmt
[2010/01/21 03:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ratnesh.HOME\Local Settings\Application Data\QuickPlay
[2010/01/18 11:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ratnesh.HOME\Local Settings\Application Data\Symantec
[2010/01/18 11:47:53 | 000,123,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/01/18 11:47:53 | 000,091,856 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/01/18 09:39:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
[2010/01/13 07:44:51 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2006/04/13 07:43:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/04/13 07:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/04/13 07:43:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/04/13 07:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/09/24 02:49:16 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/02/04 10:07:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/04 10:06:20 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Ratnesh.HOME\NTUSER.DAT
[2010/02/04 10:06:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/04 10:06:13 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Ratnesh.HOME\ntuser.ini
[2010/02/04 10:06:05 | 004,848,390 | -H-- | M] () -- C:\Documents and Settings\Ratnesh.HOME\Local Settings\Application Data\IconCache.db
[2010/02/04 10:05:25 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ratnesh.HOME\Desktop\OTL.exe
[2010/02/04 09:29:42 | 000,001,082 | -HS- | M] () -- C:\hpqp.ini
[2010/02/04 09:29:38 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2010/02/04 09:09:51 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/04 04:07:28 | 007,520,288 | ---- | M] () -- C:\Documents and Settings\Ratnesh.HOME\Desktop\SUPERAntiSpyware.exe
[2010/02/04 04:05:38 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ratnesh.HOME\Desktop\mbam-setup.exe
[2010/02/04 03:51:04 | 000,002,760 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/02/04 01:40:31 | 002,829,864 | ---- | M] (Sammsoft ) -- C:\Documents and Settings\Ratnesh.HOME\Desktop\AROTrial_bt.exe
[2010/02/04 01:35:04 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\Ratnesh.HOME\Desktop\SmitfraudFix.exe
[2010/02/04 01:35:01 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\Ratnesh.HOME\Desktop\SmitfraudFix(2).exe
[2010/02/04 01:34:51 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\Ratnesh.HOME\Desktop\SmitfraudFix(3).exe
[2010/02/04 01:34:50 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\Ratnesh.HOME\Desktop\SmitfraudFix(4).exe
[2010/02/04 01:04:35 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/02 12:36:37 | 000,891,192 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Ratnesh.HOME\Desktop\avg_avwt_stb_en_9_40_free(2).exe
[2010/02/02 12:36:36 | 000,891,192 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Ratnesh.HOME\Desktop\avg_avwt_stb_en_9_40_free.exe
[2010/02/02 10:54:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\vpc32.INI
[2010/01/22 03:00:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/22 01:43:18 | 000,000,140 | ---- | M] () -- C:\Documents and Settings\Ratnesh.HOME\Application Data\wklnhst.dat
[2010/01/18 11:48:00 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\Ratnesh.HOME\Desktop\Symantec AntiVirus.lnk
[2010/01/18 09:45:32 | 000,047,848 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/02/04 04:16:41 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/04 04:06:50 | 007,520,288 | ---- | C] () -- C:\Documents and Settings\Ratnesh.HOME\Desktop\SUPERAntiSpyware.exe
[2010/02/04 02:15:19 | 000,002,760 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/02/04 01:35:56 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\Ratnesh.HOME\Desktop\SmitfraudFix(4).exe
[2010/02/04 01:35:53 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\Ratnesh.HOME\Desktop\SmitfraudFix(3).exe
[2010/02/04 01:35:49 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\Ratnesh.HOME\Desktop\SmitfraudFix(2).exe
[2010/02/04 01:35:13 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\Ratnesh.HOME\Desktop\SmitfraudFix.exe
[2010/02/02 10:54:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/02/02 10:52:46 | 000,000,039 | ---- | C] () -- C:\XP_TV.ini
[2010/01/18 09:37:33 | 000,047,848 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2009/12/14 03:26:32 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\Ratnesh.HOME\Application Data\wklnhst.dat
[2009/11/28 09:05:36 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Ratnesh.HOME\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/26 15:06:37 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Ratnesh.HOME\Local Settings\Application Data\fusioncache.dat
[2009/11/26 13:22:01 | 000,682,178 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuInstall.LiveUpdate
[2006/04/13 08:44:10 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/04/13 08:42:18 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/04/13 08:25:04 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/04/13 08:06:36 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/04/13 07:59:36 | 000,000,373 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/12/02 05:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/17 12:39:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/17 12:21:06 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/06 00:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/10 10:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/01/13 14:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
< End of report >
please help. i feel lost and helpless. thanks.
reading through another post, i found OTL.exe and did the run scan. here's my otl.txl notepad:
OTL logfile created on: 2/4/2010 10:08:06 AM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Ratnesh.HOME\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,022.00 Mb Total Physical Memory | 835.00 Mb Available Physical Memory | 82.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 60.80 Gb Total Space | 37.14 Gb Free Space | 61.08% Space Free | Partition Type: NTFS
Drive D: | 12.70 Gb Total Space | 0.88 Gb Free Space | 6.96% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HOME
Current User Name: Ratnesh
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/02/04 10:05:25 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ratnesh.HOME\Desktop\OTL.exe
PRC - [2004/08/10 10:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010/02/04 10:05:25 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ratnesh.HOME\Desktop\OTL.exe
MOD - [2004/08/10 10:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/02/19 15:10:54 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2009/02/19 15:09:53 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2005/12/22 02:06:58 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2005/11/15 17:23:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/11/10 17:45:00 | 000,389,120 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/06/23 18:27:30 | 000,124,608 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/06/23 18:27:28 | 001,715,904 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/06/23 18:27:18 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/06/02 09:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/06/02 09:21:46 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/06/02 09:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/04/22 12:03:28 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/30 21:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2004/10/22 05:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/07/15 11:49:26 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
========== Driver Services (SafeList) ==========
DRV - [2009/11/16 10:11:12 | 001,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100201.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/11/16 10:11:12 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/11/16 10:11:12 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100201.009\NAVENG.SYS -- (NAVENG)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2005/11/28 04:35:38 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/11/10 17:51:00 | 001,396,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/09/30 06:11:00 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/09/20 05:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/08/22 04:06:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/08/22 04:06:00 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/22 04:06:00 | 000,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/08/18 03:22:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/08/02 05:00:00 | 000,349,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/08/02 04:58:00 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/06/19 15:33:18 | 000,190,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/05/13 19:50:10 | 000,123,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/05/05 12:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/05/05 12:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/04/25 04:03:00 | 000,020,640 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/04/22 12:03:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/04/22 12:03:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/03/30 21:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/03/09 17:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/02/04 19:14:32 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/02/04 19:14:30 | 000,324,232 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/08/10 10:00:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/08/10 10:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/03/16 23:04:00 | 000,013,059 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2001/08/17 23:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://cnn.com/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/06 12:33:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 12:32:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2009/12/13 03:58:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2009/12/13 03:58:48 | 000,000,000 | ---D | M]
[2009/11/26 13:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ratnesh.HOME\Application Data\Mozilla\Extensions
[2009/11/26 13:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ratnesh.HOME\Application Data\Mozilla\Firefox\Profiles\txmfanf5.default\extensions
[2009/06/03 07:44:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/02/04 03:51:03 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [igvksyrv] C:\Documents and Settings\Ratnesh.HOME\Local Settings\Application Data\arucmt\gdlasftav.exe ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [igvksyrv] C:\Documents and Settings\Ratnesh.HOME\Local Settings\Application Data\arucmt\gdlasftav.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec script Runner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 68.87.75.198 68.87.64.150
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Blue Lounge.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Blue Lounge.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/28 03:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 19:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/02/04 10:07:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/02/04 10:05:09 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ratnesh.HOME\Desktop\OTL.exe
[2010/02/04 04:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ratnesh.HOME\Application Data\Malwarebytes
[2010/02/04 04:16:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/04 04:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/04 04:16:28 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/04 04:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/04 04:15:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/02/04 04:05:02 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ratnesh.HOME\Desktop\mbam-setup.exe
[2010/02/04 02:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ratnesh.HOME\Desktop\SmitfraudFix
[2010/02/04 01:40:03 | 002,829,864 | ---- | C] (Sammsoft ) -- C:\Documents and Settings\Ratnesh.HOME\Desktop\AROTrial_bt.exe
[2010/02/02 12:39:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ratnesh.HOME\Application Data\AVG8
[2010/02/02 12:36:39 | 000,891,192 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Ratnesh.HOME\Desktop\avg_avwt_stb_en_9_40_free(2).exe
[2010/02/02 12:36:08 | 000,891,192 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Ratnesh.HOME\Desktop\avg_avwt_stb_en_9_40_free.exe
[2010/02/02 11:20:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/02/02 07:46:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ratnesh.HOME\Local Settings\Application Data\arucmt
[2010/01/21 03:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ratnesh.HOME\Local Settings\Application Data\QuickPlay
[2010/01/18 11:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ratnesh.HOME\Local Settings\Application Data\Symantec
[2010/01/18 11:47:53 | 000,123,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/01/18 11:47:53 | 000,091,856 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/01/18 09:39:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
[2010/01/13 07:44:51 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2006/04/13 07:43:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/04/13 07:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/04/13 07:43:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/04/13 07:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/09/24 02:49:16 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/02/04 10:07:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/04 10:06:20 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Ratnesh.HOME\NTUSER.DAT
[2010/02/04 10:06:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/04 10:06:13 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Ratnesh.HOME\ntuser.ini
[2010/02/04 10:06:05 | 004,848,390 | -H-- | M] () -- C:\Documents and Settings\Ratnesh.HOME\Local Settings\Application Data\IconCache.db
[2010/02/04 10:05:25 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ratnesh.HOME\Desktop\OTL.exe
[2010/02/04 09:29:42 | 000,001,082 | -HS- | M] () -- C:\hpqp.ini
[2010/02/04 09:29:38 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2010/02/04 09:09:51 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/04 04:07:28 | 007,520,288 | ---- | M] () -- C:\Documents and Settings\Ratnesh.HOME\Desktop\SUPERAntiSpyware.exe
[2010/02/04 04:05:38 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ratnesh.HOME\Desktop\mbam-setup.exe
[2010/02/04 03:51:04 | 000,002,760 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/02/04 01:40:31 | 002,829,864 | ---- | M] (Sammsoft ) -- C:\Documents and Settings\Ratnesh.HOME\Desktop\AROTrial_bt.exe
[2010/02/04 01:35:04 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\Ratnesh.HOME\Desktop\SmitfraudFix.exe
[2010/02/04 01:35:01 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\Ratnesh.HOME\Desktop\SmitfraudFix(2).exe
[2010/02/04 01:34:51 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\Ratnesh.HOME\Desktop\SmitfraudFix(3).exe
[2010/02/04 01:34:50 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\Ratnesh.HOME\Desktop\SmitfraudFix(4).exe
[2010/02/04 01:04:35 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/02 12:36:37 | 000,891,192 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Ratnesh.HOME\Desktop\avg_avwt_stb_en_9_40_free(2).exe
[2010/02/02 12:36:36 | 000,891,192 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Ratnesh.HOME\Desktop\avg_avwt_stb_en_9_40_free.exe
[2010/02/02 10:54:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\vpc32.INI
[2010/01/22 03:00:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/22 01:43:18 | 000,000,140 | ---- | M] () -- C:\Documents and Settings\Ratnesh.HOME\Application Data\wklnhst.dat
[2010/01/18 11:48:00 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\Ratnesh.HOME\Desktop\Symantec AntiVirus.lnk
[2010/01/18 09:45:32 | 000,047,848 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/02/04 04:16:41 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/04 04:06:50 | 007,520,288 | ---- | C] () -- C:\Documents and Settings\Ratnesh.HOME\Desktop\SUPERAntiSpyware.exe
[2010/02/04 02:15:19 | 000,002,760 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/02/04 01:35:56 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\Ratnesh.HOME\Desktop\SmitfraudFix(4).exe
[2010/02/04 01:35:53 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\Ratnesh.HOME\Desktop\SmitfraudFix(3).exe
[2010/02/04 01:35:49 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\Ratnesh.HOME\Desktop\SmitfraudFix(2).exe
[2010/02/04 01:35:13 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\Ratnesh.HOME\Desktop\SmitfraudFix.exe
[2010/02/02 10:54:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/02/02 10:52:46 | 000,000,039 | ---- | C] () -- C:\XP_TV.ini
[2010/01/18 09:37:33 | 000,047,848 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2009/12/14 03:26:32 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\Ratnesh.HOME\Application Data\wklnhst.dat
[2009/11/28 09:05:36 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Ratnesh.HOME\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/26 15:06:37 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Ratnesh.HOME\Local Settings\Application Data\fusioncache.dat
[2009/11/26 13:22:01 | 000,682,178 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuInstall.LiveUpdate
[2006/04/13 08:44:10 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/04/13 08:42:18 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/04/13 08:25:04 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/04/13 08:06:36 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/04/13 07:59:36 | 000,000,373 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/12/02 05:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/17 12:39:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/17 12:21:06 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/06 00:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/10 10:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/01/13 14:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
< End of report >
please help. i feel lost and helpless. thanks.