mbam problem

all of a sudden i started nitecing that computer is running slow not too much but slower than it should be so tried to run mbam but keep gettin msg mbam.exe not found or cannot run tried to reinstall but not working than tried to install avg just to see what happens but it is not getting isntalled so please help

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Here is the log from combofix
ComboFix 10-03-29.02 - Amit 03/29/2010 18:55:34.9.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1519 [GMT -5:00]
Running from: c:\documents and settings\Amit\My Documents\ComboFx.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-30 )))))))))))))))))))))))))))))))
.

2010-03-28 23:27 . 2010-03-28 23:27 -------- d-sh--w- c:\documents and settings\Darshana\IETldCache
2010-03-28 23:20 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-28 23:20 . 2010-03-28 23:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-28 23:20 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 22:58 . 2010-03-28 23:13 -------- d-----w- C:\ComboFx
2010-03-28 22:42 . 2010-03-28 22:42 -------- d-----w- c:\documents and settings\Amit\Application Data\AVG8
2010-03-27 14:14 . 2010-03-27 14:16 20846064 ----a-w- c:\documents and settings\Amit\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-03-20 22:04 . 2010-03-20 22:04 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-20 21:38 . 2010-03-20 21:38 -------- d-----w- c:\program files\Western Digital Corporation
2010-03-17 00:15 . 2010-03-17 00:15 8405312 ----a-w- c:\documents and settings\Amit\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-17 00:14 . 2010-03-17 00:14 149000 ----a-w- c:\documents and settings\Amit\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-17 00:13 . 2010-03-17 00:14 10309448 ----a-w- c:\documents and settings\Amit\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-17 00:12 . 2010-03-17 00:12 283280 ----a-w- c:\documents and settings\Amit\Application Data\Real\Update\setup3.10\carb\CarboniteSetupLiteRealPreinstaller.exe
2010-03-17 00:12 . 2010-03-17 00:12 181768 ----a-w- c:\documents and settings\Amit\Application Data\Real\Update\setup3.10\carb\LaunchHelper.exe
2010-03-17 00:12 . 2010-03-17 00:12 79368 ----a-w- c:\documents and settings\Amit\Application Data\Real\Update\setup3.10\RUP\vista.exe
2010-03-17 00:12 . 2010-03-17 00:12 52288 ----a-w- c:\documents and settings\Amit\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-17 00:12 . 2010-03-17 00:12 64000 ----a-w- c:\documents and settings\Amit\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-17 00:12 . 2010-03-17 00:12 50688 ----a-w- c:\documents and settings\Amit\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-17 00:12 . 2010-03-17 00:12 49152 ----a-w- c:\documents and settings\Amit\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-17 00:12 . 2010-03-17 00:12 118784 ----a-w- c:\documents and settings\Amit\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-16 00:23 . 2010-03-27 14:17 439816 ----a-w- c:\documents and settings\Amit\Application Data\Real\Update\setup3.10\setup.exe
2010-03-11 02:33 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-05 19:21 . 2010-03-05 19:21 -------- d-----w- c:\program files\Seagate
2010-03-05 19:20 . 2010-03-05 19:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-28 02:36 . 2010-02-28 02:41 -------- d-----w- c:\documents and settings\Amit\Application Data\ImgBurn
2010-02-28 02:34 . 2010-02-28 02:34 -------- d-----w- c:\program files\ImgBurn

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-29 08:01 . 2008-10-03 04:25 -------- d-----w- c:\program files\IDrive
2010-03-29 00:45 . 2006-04-08 21:19 -------- d-----w- c:\documents and settings\Amit\Application Data\Azureus
2010-03-24 00:20 . 2005-03-04 17:06 -------- d-----w- c:\program files\Dell AIO Printer A920
2010-03-21 03:01 . 2010-01-30 21:23 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-03-21 01:15 . 2009-11-28 16:33 -------- d-----w- c:\documents and settings\Amit\Application Data\Skype
2010-03-21 00:28 . 2009-11-28 16:38 -------- d-----w- c:\documents and settings\Amit\Application Data\skypePM
2010-03-20 22:18 . 2009-07-28 14:33 -------- d-----w- c:\program files\iTunes
2010-03-20 22:17 . 2006-08-18 19:05 -------- d-----w- c:\program files\iPod
2010-03-20 22:17 . 2007-11-02 22:43 -------- d-----w- c:\program files\Common Files\Apple
2010-03-20 18:16 . 2007-09-12 17:34 -------- d-----w- c:\program files\PaRav
2010-03-14 20:29 . 2006-12-25 04:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-19 20:45 . 2009-05-23 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-02-15 04:18 . 2010-02-15 02:55 -------- d-----w- c:\program files\ffdshow
2010-02-15 04:18 . 2010-02-15 02:55 -------- d-----w- c:\program files\AviSynth 2.5
2010-02-15 04:17 . 2010-02-15 04:17 -------- d-----w- c:\program files\Common Files\SourceTec
2010-02-15 04:17 . 2010-02-15 04:17 -------- d-----w- c:\program files\SourceTec
2010-02-15 03:48 . 2007-06-19 02:05 -------- d-----w- c:\documents and settings\Amit\Application Data\Vso
2010-02-15 03:47 . 2007-06-19 02:05 47360 -c--a-w- c:\documents and settings\Amit\Application Data\pcouffin.sys
2010-02-15 03:47 . 2007-06-19 02:05 47360 -c--a-w- c:\documents and settings\Amit\Application Data\pcouffin.sys
2010-02-15 03:47 . 2006-04-05 02:25 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-02-15 03:47 . 2010-02-15 03:47 -------- d-----w- c:\program files\DVDFab 6
2010-02-15 03:01 . 2005-08-28 03:28 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-02-15 02:55 . 2010-02-15 02:55 -------- d-----w- c:\program files\Haali
2010-02-11 18:53 . 2010-01-29 22:34 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-11 18:53 . 2010-01-29 22:34 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-11 18:42 . 2010-01-29 22:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-11 18:42 . 2010-01-29 22:35 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-11 18:39 . 2010-01-29 22:35 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-11 18:38 . 2010-01-29 22:35 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-11 18:38 . 2010-01-29 22:35 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-11 18:38 . 2010-01-29 22:35 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-11 18:38 . 2010-01-29 22:35 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-10 02:40 . 2010-02-07 21:04 -------- d-----w- c:\documents and settings\Amit\Application Data\Malwarebytes
2010-02-10 02:40 . 2010-02-07 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-30 22:01 . 2010-01-30 22:01 55192 ----a-w- c:\documents and settings\Amit\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-29 22:57 . 2004-12-09 06:40 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2010-01-29 22:34 . 2010-01-29 22:34 -------- d-----w- c:\program files\Alwil Software
2010-01-29 22:34 . 2010-01-29 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-01-29 21:01 . 2010-01-29 21:01 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100129.006\CCERASER.DLL
2010-01-29 21:01 . 2010-01-29 21:01 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100129.006\ECMSVR32.DLL
2010-01-29 20:25 . 2010-01-29 20:25 -------- d-----w- c:\program files\Windows Sidebar
2009-12-31 16:50 . 2004-08-04 11:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2008-10-29 23:25 . 2008-10-29 23:25 13706 -c--a-w- c:\program files\Common Files\vasosicuv.scr
2007-03-09 14:37 . 2007-03-09 14:37 57792 -c--a-w- c:\program files\MC
2006-07-01 12:46 . 2006-07-01 12:46 73 -c--a-w- c:\program files\cdboot.phx
2006-07-01 12:46 . 2006-07-01 12:46 389 -c--a-w- c:\program files\proginfo.txt
2006-07-01 12:46 . 2006-07-01 12:46 167936 -c--a-w- c:\program files\diskinst.exe
2006-07-01 12:46 . 2006-07-01 12:46 113 -c--a-w- c:\program files\instruct.ini
1601-01-01 00:03 . 1601-01-01 00:03 71168 --sha-w- c:\windows\SYSTEM32\nunupofa.dll
1601-01-01 00:03 . 1601-01-01 00:03 71168 --sha-w- c:\windows\SYSTEM32\zasulege.dll
2009-11-01 16:54 . 2009-10-31 16:22 45223968 --sha-w- c:\windows\SYSTEM32\DRIVERS\fidbox.dat
.

((((((((((((((((((((((((((((( SnapShot_2010-02-12_17.11.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-30 00:03 . 2010-03-30 00:03 40960 c:\windows\temp\rtdrvmon.exe
+ 2010-03-30 00:03 . 2010-03-30 00:03 16384 c:\windows\temp\Perflib_Perfdata_308.dat
- 2007-01-29 08:58 . 2009-10-28 15:07 46080 c:\windows\SYSTEM32\tzchange.exe
+ 2007-01-29 08:58 . 2010-01-23 08:11 46080 c:\windows\SYSTEM32\tzchange.exe
- 2009-12-09 02:50 . 2009-05-26 11:40 17272 c:\windows\SYSTEM32\spmsg.dll
+ 2009-12-09 02:50 . 2008-07-08 13:02 17272 c:\windows\SYSTEM32\spmsg.dll
+ 2010-02-15 02:55 . 2008-06-09 04:58 60273 c:\windows\SYSTEM32\pthreadGC2.dll
+ 2004-12-09 06:24 . 2010-03-14 17:02 75726 c:\windows\SYSTEM32\PERFC009.DAT
- 2004-12-09 06:24 . 2009-12-10 01:31 75726 c:\windows\SYSTEM32\PERFC009.DAT
- 2008-08-22 12:33 . 2009-12-20 02:57 84507 c:\windows\SYSTEM32\Macromed\Flash\uninstall_activeX.exe
+ 2008-08-22 12:33 . 2010-03-17 00:17 84507 c:\windows\SYSTEM32\Macromed\Flash\uninstall_activeX.exe
+ 2010-02-15 02:55 . 2008-12-08 18:53 57344 c:\windows\SYSTEM32\ff_vfw.dll
+ 2007-04-25 11:20 . 2007-04-25 11:20 62592 c:\windows\SYSTEM32\DLLCACHE\cdrom.sys
+ 2004-12-17 11:33 . 2010-03-28 13:31 98304 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-12-17 11:33 . 2009-12-10 01:27 98304 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-12-17 11:33 . 2009-12-10 01:27 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-12-17 11:33 . 2010-03-28 13:31 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-03-05 19:22 . 2010-03-05 19:22 11264 c:\windows\Installer\{98613C99-1399-416C-A07C-1EE1C585D872}\Icon98613C992.exe
- 2005-06-15 22:04 . 2010-02-10 03:55 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2005-06-15 22:04 . 2010-03-11 03:21 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2005-06-15 22:04 . 2010-02-10 03:55 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2005-06-15 22:04 . 2010-03-11 03:21 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2005-06-15 22:04 . 2010-03-11 03:21 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2005-06-15 22:04 . 2010-02-10 03:55 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2005-06-15 22:04 . 2010-03-11 03:21 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2005-06-15 22:04 . 2010-02-10 03:55 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2005-06-15 22:04 . 2010-02-10 03:55 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2005-06-15 22:04 . 2010-03-11 03:21 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2005-06-15 22:04 . 2010-03-11 03:21 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2005-06-15 22:04 . 2010-02-10 03:55 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2005-06-15 22:04 . 2010-02-10 03:55 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2005-06-15 22:04 . 2010-03-11 03:21 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2010-02-26 18:54 . 2009-10-28 15:07 46080 c:\windows\$NtUninstallKB979306$\tzchange.exe
+ 2010-02-26 18:54 . 2010-01-23 10:40 16896 c:\windows\$NtUninstallKB979306$\spuninst\tzchange.dll
+ 2010-02-26 18:59 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB976662-IE8\update\spcustom.dll
+ 2010-02-26 18:59 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB976662-IE8\spmsg.dll
+ 2005-06-15 22:04 . 2010-03-11 03:21 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2005-06-15 22:04 . 2010-02-10 03:55 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2005-06-15 22:04 . 2010-02-10 03:55 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2005-06-15 22:04 . 2010-03-11 03:21 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2005-06-15 22:04 . 2010-02-10 03:55 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2005-06-15 22:04 . 2010-03-11 03:21 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2004-12-09 06:24 . 2010-03-14 17:02 451968 c:\windows\SYSTEM32\PERFH009.DAT
- 2004-12-09 06:24 . 2009-12-10 01:31 451968 c:\windows\SYSTEM32\PERFH009.DAT
+ 2010-01-27 00:58 . 2010-01-27 00:58 256280 c:\windows\SYSTEM32\Macromed\Flash\FlashUtil10e.exe
+ 2004-08-04 11:00 . 2009-12-09 05:53 726528 c:\windows\SYSTEM32\jscript.dll
- 2004-08-04 11:00 . 2009-06-22 06:44 726528 c:\windows\SYSTEM32\jscript.dll
+ 2008-10-30 22:37 . 2008-10-30 22:37 922112 c:\windows\SYSTEM32\imapi2fs.dll
+ 2008-10-30 22:37 . 2008-10-30 22:37 426496 c:\windows\SYSTEM32\imapi2.dll
+ 2008-05-09 10:53 . 2009-12-09 05:53 726528 c:\windows\SYSTEM32\DLLCACHE\jscript.dll
- 2008-05-09 10:53 . 2009-06-22 06:44 726528 c:\windows\SYSTEM32\DLLCACHE\jscript.dll
+ 2008-10-30 22:37 . 2008-10-30 22:37 922112 c:\windows\SYSTEM32\DLLCACHE\imapi2fs.dll
+ 2008-10-30 22:37 . 2008-10-30 22:37 426496 c:\windows\SYSTEM32\DLLCACHE\imapi2.dll
+ 2004-05-26 12:37 . 2004-05-26 12:37 719872 c:\windows\SYSTEM32\devil.dll
+ 2008-12-21 21:46 . 2008-12-21 21:46 351744 c:\windows\SYSTEM32\avisynth.dll
+ 2010-03-05 19:22 . 2010-03-05 19:22 584704 c:\windows\Installer\d9fcc6.msi
+ 2010-03-20 21:38 . 2010-03-20 21:38 200192 c:\windows\Installer\1636526.msi
- 2005-06-15 22:04 . 2010-02-10 03:55 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2005-06-15 22:04 . 2010-03-11 03:21 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2005-06-15 22:04 . 2010-02-10 03:55 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2005-06-15 22:04 . 2010-03-11 03:21 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2010-03-20 22:19 . 2010-03-20 22:19 102400 c:\windows\Installer\{81063354-9060-42B2-A000-1EBE96778AA9}\iTunesIco.exe
+ 2010-02-26 18:59 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2010-02-26 18:59 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-02-26 18:59 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2010-02-26 18:54 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979306$\spuninst\updspapi.dll
+ 2010-02-26 18:54 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB979306$\spuninst\spuninst.exe
+ 2010-02-15 02:57 . 2008-07-09 17:32 379184 c:\windows\$NtUninstallKB952011$\spuninst\updspapi.dll
+ 2010-02-15 02:57 . 2008-07-09 17:32 221488 c:\windows\$NtUninstallKB952011$\spuninst\spuninst.exe
+ 2010-02-26 18:59 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB976662-IE8\update\updspapi.dll
+ 2010-02-26 18:59 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB976662-IE8\update\update.exe
+ 2010-02-26 18:59 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB976662-IE8\spuninst.exe
+ 2010-02-26 16:09 . 2009-12-09 05:51 726528 c:\windows\$hf_mig$\KB976662-IE8\SP3QFE\jscript.dll
+ 2010-02-15 04:17 . 2009-08-17 15:54 1184984 c:\windows\SYSTEM32\wvc1dmod.dll
+ 2005-06-09 20:50 . 2010-03-28 22:42 5148540 c:\windows\SYSTEM32\Restore\rstrlog.dat
+ 2010-03-20 22:19 . 2010-03-20 22:19 4449280 c:\windows\Installer\180a61a.msi
+ 2010-01-28 12:17 . 2010-01-28 12:17 17510400 c:\windows\Installer\dda47d.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c79fc4a-256b-424a-9362-2bcb36b93b7b}]
1601-01-01 00:03 71168 --sha-w- c:\windows\SYSTEM32\zasulege.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-26 185896]
"VX3000"="c:\windows\vVX3000.exe" [2009-07-24 762208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"penekelasu"="hatutiza.dll" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Amit\Start Menu\Programs\Startup\
avast.lnk - c:\program files\Alwil Software\Avast5\AvastUI.exe [2010-1-29 2756488]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-12-9 24576]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
path=
backup=
backupExtension=Common Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^802.11b+g USB Wireless LAN Utility.lnk]
backup=c:\windows\pss\802.11b+g USB Wireless LAN Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
backupExtension=Common Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
backupExtension=Common Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Amit^Start Menu^Programs^Startup^IDrive Tray.lnk]
backup=c:\windows\pss\IDrive Tray.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2008-04-23 07:08 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2009-02-03 13:22 1004544 ----a-w- c:\program files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
2004-04-15 08:32 270336 ----a-w- c:\program files\Dell AIO Printer A920\dlbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 23:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2009-07-24 21:05 118640 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 16:50 155648 ----a-w- c:\windows\SYSTEM32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2008-08-08 05:03 524288 ----a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 19:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2009-07-24 21:05 762208 ----a-w- c:\windows\vVX3000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\kdx\\KHost.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IDrive\\IDriveEClassic.exe"=
"c:\\Program Files\\IDrive\\IDriveETray.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\WLAN\\802.11b+g USB WLAN\\ZDWlan.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\SYSTEM32\\hkcmd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"14238:TCP"= 14238:TCP:darshmeet
"1755:TCP"= 1755:TCP:windows media player

R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [1/29/2010 5:35 PM 162512]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [11/13/2009 9:12 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [11/13/2009 9:13 PM 234888]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [1/29/2010 5:35 PM 19024]
R2 IDriveE Service;IDriveE Service;c:\program files\IDrive\IDriveE Service.exe [10/2/2008 11:25 PM 136656]
R2 IDrivePlugin;IDrivePlugin;c:\program files\IDrive\IDriveWebM.exe [10/2/2008 11:25 PM 58832]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 WLAN(WLAN);802.11b+g USB Wireless LAN Adapter Driver(WLAN);c:\windows\SYSTEM32\DRIVERS\ZD1211U.sys [6/5/2005 6:18 PM 258560]
S3 ZD1201U;ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB);c:\windows\system32\DRIVERS\zd1201u.sys --> c:\windows\system32\DRIVERS\zd1201u.sys [?]
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;c:\windows\SYSTEM32\ZDBRGSYS.sys [6/5/2005 6:18 PM 19200]
S3 ZDNDIS5;ZDNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\ZDNDIS5.SYS --> c:\windows\system32\ZDNDIS5.SYS [?]
.
Contents of the 'Scheduled Tasks' folder

2009-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-02-15 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\DEFRAG.EXE [2004-08-04 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.google.com
mSearch Bar =
uInternet Connection Wizard,ShellNext = hxxp://start.earthlink.net/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
TCP: {6876C54C-08AF-4D30-8DB2-CA7CBADD2463} = 192.168.1.254,192.168.2.254
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-29 19:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3018035710-715601661-13499995-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2452)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-03-29 19:44:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-30 00:43
ComboFix2.txt 2010-03-28 23:13

Pre-Run: 133,024,346,112 bytes free
Post-Run: 133,304,475,648 bytes free

- - End Of File - - 51EB7D30B5C4B9D6D136938477903390

P2P
I see you are running Ares and Vuze. I suggest to read the following, and then decided whether you want to keep it or not: http://www.helpmyos.com/learn-security-f40/p2p-programs-t1102.htm

Ask Toolbar
I also recommend to uninstall Ask Toolbar, because of its bad reputation and potential adware.

ComboFix Script

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the box below into it:
  

  killall:: File:: c:\windows\SYSTEM32\nunupofa.dll c:\windows\SYSTEM32\zasulege.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c79fc4a-256b-424a-9362-2bcb36b93b7b}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "penekelasu"=- DDS:: uInternet Settings,ProxyServer = http=127.0.0.1:5555 Rootkit:: Reboot::

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

Thanx for the tip about p2p but i need the 1 i have n i exactly know where this bad 1 got in from so i m doing it very carefully n slowly, i was clickin a file link n all of a sudden a pop-up came in, so by mistake hit on it n thats how got infected i m also very carefull about unwanted toolbars i thought i deleted askbar but i guess i was not gone 100% but took care of that too
below is the copy paste from combofix
ComboFix 10-03-29.02 - Amit 03/29/2010 21:54:31.10.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1528 [GMT -5:00]
Running from: c:\documents and settings\Amit\My Documents\ComboFx.exe
Command switches used :: c:\documents and settings\Amit\My Documents\CFscript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\SYSTEM32\nunupofa.dll"
"c:\windows\SYSTEM32\zasulege.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\SYSTEM32\nunupofa.dll
c:\windows\SYSTEM32\zasulege.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-30 )))))))))))))))))))))))))))))))
.

2010-03-29 23:54 . 2010-03-30 00:44 -------- d-----w- C:\ComboFx25596C
2010-03-28 23:27 . 2010-03-28 23:27 -------- d-sh--w- c:\documents and settings\Darshana\IETldCache
2010-03-28 23:20 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-28 23:20 . 2010-03-28 23:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-28 23:20 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 22:58 . 2010-03-28 23:13 -------- d-----w- C:\ComboFx
2010-03-28 22:42 . 2010-03-28 22:42 -------- d-----w- c:\documents and settings\Amit\Application Data\AVG8
2010-03-27 14:14 . 2010-03-27 14:16 20846064 ----a-w- c:\documents and settings\Amit\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-03-20 22:04 . 2010-03-20 22:04 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-20 21:38 . 2010-03-20 21:38 -------- d-----w- c:\program files\Western Digital Corporation
2010-03-17 00:15 . 2010-03-17 00:15 8405312 ----a-w- c:\documents and settings\Amit\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-17 00:14 . 2010-03-17 00:14 149000 ----a-w- c:\documents and settings\Amit\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-17 00:13 . 2010-03-17 00:14 10309448 ----a-w- c:\documents and settings\Amit\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-17 00:12 . 2010-03-17 00:12 283280 ----a-w- c:\documents and settings\Amit\Application Data\Real\Update\setup3.10\carb\CarboniteSetupLiteRealPreinstaller.exe
2010-03-17 00:12 . 2010-03-17 00:12 181768 ----a-w- c:\documents and settings\Amit\Application Data\Real\Update\setup3.10\carb\LaunchHelper.exe
2010-03-17 00:12 . 2010-03-17 00:12 79368 ----a-w- c:\documents and settings\Amit\Application Data\Real\Update\setup3.10\RUP\vista.exe
2010-03-17 00:12 . 2010-03-17 00:12 52288 ----a-w- c:\documents and settings\Amit\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-17 00:12 . 2010-03-17 00:12 64000 ----a-w- c:\documents and settings\Amit\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-17 00:12 . 2010-03-17 00:12 50688 ----a-w- c:\documents and settings\Amit\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-17 00:12 . 2010-03-17 00:12 49152 ----a-w- c:\documents and settings\Amit\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-17 00:12 . 2010-03-17 00:12 118784 ----a-w- c:\documents and settings\Amit\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-16 00:23 . 2010-03-27 14:17 439816 ----a-w- c:\documents and settings\Amit\Application Data\Real\Update\setup3.10\setup.exe
2010-03-11 02:33 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-05 19:21 . 2010-03-05 19:21 -------- d-----w- c:\program files\Seagate
2010-03-05 19:20 . 2010-03-05 19:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-29 08:01 . 2008-10-03 04:25 -------- d-----w- c:\program files\IDrive
2010-03-29 00:45 . 2006-04-08 21:19 -------- d-----w- c:\documents and settings\Amit\Application Data\Azureus
2010-03-24 00:20 . 2005-03-04 17:06 -------- d-----w- c:\program files\Dell AIO Printer A920
2010-03-21 03:01 . 2010-01-30 21:23 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-03-21 01:15 . 2009-11-28 16:33 -------- d-----w- c:\documents and settings\Amit\Application Data\Skype
2010-03-21 00:28 . 2009-11-28 16:38 -------- d-----w- c:\documents and settings\Amit\Application Data\skypePM
2010-03-20 22:18 . 2009-07-28 14:33 -------- d-----w- c:\program files\iTunes
2010-03-20 22:17 . 2006-08-18 19:05 -------- d-----w- c:\program files\iPod
2010-03-20 22:17 . 2007-11-02 22:43 -------- d-----w- c:\program files\Common Files\Apple
2010-03-20 18:16 . 2007-09-12 17:34 -------- d-----w- c:\program files\PaRav
2010-03-14 20:29 . 2006-12-25 04:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-28 02:41 . 2010-02-28 02:36 -------- d-----w- c:\documents and settings\Amit\Application Data\ImgBurn
2010-02-28 02:34 . 2010-02-28 02:34 -------- d-----w- c:\program files\ImgBurn
2010-02-19 20:45 . 2009-05-23 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-02-15 04:18 . 2010-02-15 02:55 -------- d-----w- c:\program files\ffdshow
2010-02-15 04:18 . 2010-02-15 02:55 -------- d-----w- c:\program files\AviSynth 2.5
2010-02-15 04:17 . 2010-02-15 04:17 -------- d-----w- c:\program files\Common Files\SourceTec
2010-02-15 04:17 . 2010-02-15 04:17 -------- d-----w- c:\program files\SourceTec
2010-02-15 03:48 . 2007-06-19 02:05 -------- d-----w- c:\documents and settings\Amit\Application Data\Vso
2010-02-15 03:47 . 2007-06-19 02:05 47360 -c--a-w- c:\documents and settings\Amit\Application Data\pcouffin.sys
2010-02-15 03:47 . 2007-06-19 02:05 47360 -c--a-w- c:\documents and settings\Amit\Application Data\pcouffin.sys
2010-02-15 03:47 . 2006-04-05 02:25 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-02-15 03:47 . 2010-02-15 03:47 -------- d-----w- c:\program files\DVDFab 6
2010-02-15 03:01 . 2005-08-28 03:28 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-02-15 02:55 . 2010-02-15 02:55 -------- d-----w- c:\program files\Haali
2010-02-11 18:53 . 2010-01-29 22:34 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-11 18:53 . 2010-01-29 22:34 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-11 18:42 . 2010-01-29 22:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-11 18:42 . 2010-01-29 22:35 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-11 18:39 . 2010-01-29 22:35 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-11 18:38 . 2010-01-29 22:35 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-11 18:38 . 2010-01-29 22:35 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-11 18:38 . 2010-01-29 22:35 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-11 18:38 . 2010-01-29 22:35 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-10 02:40 . 2010-02-07 21:04 -------- d-----w- c:\documents and settings\Amit\Application Data\Malwarebytes
2010-02-10 02:40 . 2010-02-07 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-30 22:01 . 2010-01-30 22:01 55192 ----a-w- c:\documents and settings\Amit\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-29 22:57 . 2004-12-09 06:40 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2010-01-29 22:34 . 2010-01-29 22:34 -------- d-----w- c:\program files\Alwil Software
2010-01-29 22:34 . 2010-01-29 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-01-29 21:01 . 2010-01-29 21:01 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100129.006\CCERASER.DLL
2010-01-29 21:01 . 2010-01-29 21:01 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100129.006\ECMSVR32.DLL
2010-01-29 20:25 . 2010-01-29 20:25 -------- d-----w- c:\program files\Windows Sidebar
2009-12-31 16:50 . 2004-08-04 11:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2008-10-29 23:25 . 2008-10-29 23:25 13706 -c--a-w- c:\program files\Common Files\vasosicuv.scr
2007-03-09 14:37 . 2007-03-09 14:37 57792 -c--a-w- c:\program files\MC
2006-07-01 12:46 . 2006-07-01 12:46 73 -c--a-w- c:\program files\cdboot.phx
2006-07-01 12:46 . 2006-07-01 12:46 389 -c--a-w- c:\program files\proginfo.txt
2006-07-01 12:46 . 2006-07-01 12:46 167936 -c--a-w- c:\program files\diskinst.exe
2006-07-01 12:46 . 2006-07-01 12:46 113 -c--a-w- c:\program files\instruct.ini
2009-11-01 16:54 . 2009-10-31 16:22 45223968 --sha-w- c:\windows\SYSTEM32\DRIVERS\fidbox.dat
.

((((((((((((((((((((((((((((( SnapShot_2010-03-30_00.39.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-30 03:01 . 2010-03-30 03:01 40960 c:\windows\temp\rtdrvmon.exe
- 2010-03-30 00:03 . 2010-03-30 00:03 40960 c:\windows\temp\rtdrvmon.exe
+ 2010-03-30 03:01 . 2010-03-30 03:01 16384 c:\windows\temp\Perflib_Perfdata_244.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-26 185896]
"VX3000"="c:\windows\vVX3000.exe" [2009-07-24 762208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Amit\Start Menu\Programs\Startup\
avast.lnk - c:\program files\Alwil Software\Avast5\AvastUI.exe [2010-1-29 2756488]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-12-9 24576]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
path=
backup=
backupExtension=Common Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^802.11b+g USB Wireless LAN Utility.lnk]
backup=c:\windows\pss\802.11b+g USB Wireless LAN Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
backupExtension=Common Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
backupExtension=Common Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Amit^Start Menu^Programs^Startup^IDrive Tray.lnk]
backup=c:\windows\pss\IDrive Tray.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2008-04-23 07:08 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2009-02-03 13:22 1004544 ----a-w- c:\program files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
2004-04-15 08:32 270336 ----a-w- c:\program files\Dell AIO Printer A920\dlbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 23:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2009-07-24 21:05 118640 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 16:50 155648 ----a-w- c:\windows\SYSTEM32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2008-08-08 05:03 524288 ----a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 19:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2009-07-24 21:05 762208 ----a-w- c:\windows\vVX3000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\kdx\\KHost.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IDrive\\IDriveEClassic.exe"=
"c:\\Program Files\\IDrive\\IDriveETray.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\WLAN\\802.11b+g USB WLAN\\ZDWlan.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\SYSTEM32\\hkcmd.exe"=
"c:\\Program Files\\Alwil Software\\Avast5\\AvastUI.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"14238:TCP"= 14238:TCP:darshmeet
"1755:TCP"= 1755:TCP:windows media player

R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [1/29/2010 5:35 PM 162512]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [1/29/2010 5:35 PM 19024]
R2 IDriveE Service;IDriveE Service;c:\program files\IDrive\IDriveE Service.exe [10/2/2008 11:25 PM 136656]
R2 IDrivePlugin;IDrivePlugin;c:\program files\IDrive\IDriveWebM.exe [10/2/2008 11:25 PM 58832]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 WLAN(WLAN);802.11b+g USB Wireless LAN Adapter Driver(WLAN);c:\windows\SYSTEM32\DRIVERS\ZD1211U.sys [6/5/2005 6:18 PM 258560]
S3 ZD1201U;ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB);c:\windows\system32\DRIVERS\zd1201u.sys --> c:\windows\system32\DRIVERS\zd1201u.sys [?]
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;c:\windows\SYSTEM32\ZDBRGSYS.sys [6/5/2005 6:18 PM 19200]
S3 ZDNDIS5;ZDNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\ZDNDIS5.SYS --> c:\windows\system32\ZDNDIS5.SYS [?]
.
Contents of the 'Scheduled Tasks' folder

2009-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-02-15 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\DEFRAG.EXE [2004-08-04 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.google.com
mSearch Bar =
uInternet Connection Wizard,ShellNext = hxxp://start.earthlink.net/
uInternet Settings,ProxyOverride =
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
TCP: {6876C54C-08AF-4D30-8DB2-CA7CBADD2463} = 192.168.1.254,192.168.2.254
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3018035710-715601661-13499995-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3348)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-03-29 22:05:42 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-30 03:05
ComboFix2.txt 2010-03-30 00:44
ComboFix3.txt 2010-03-28 23:13

Pre-Run: 132,615,516,160 bytes free
Post-Run: 132,636,561,408 bytes free

- - End Of File - - B26FB1191E2E27683CB027ADF2823DF9

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in
  
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  /md5start
  %SYSTEMDRIVE%\*.exe
  %systemroot%\system32\eventlog.dll
  %systemroot%\system32\scecli.dll
  %systemroot%\netlogon.dll
  %systemroot%\system32\cngaudit.dll
  %systemroot%\system32\sceclt.dll
  %systemroot%\ntelogon.dll
  %systemroot%\system32\logevent.dll
  %systemroot%\system32\drivers\iaStor.sys
  %systemroot%\System32\drivers\nvstor.sys
  %systemroot%\system32\drivers\atapi.sys
  /md5stop
  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time
    
  
  

log from otl.txt

OTL logfile created on: 3/29/2010 10:37:08 PM - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Amit\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.21 Gb Total Space | 123.29 Gb Free Space | 84.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 258.88 Gb Free Space | 55.58% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 212.52 Gb Free Space | 45.63% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DARSHMEET
Current User Name: Amit
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/28 20:16:07 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amit\Desktop\OTL.exe
PRC - [2010/02/11 13:53:42 | 002,756,488 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/02/03 08:22:18 | 001,004,544 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\Ares.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/30 18:36:08 | 000,136,656 | ---- | M] (Pro Softnet Corporation) -- C:\Program Files\IDrive\IDriveE Service.exe
PRC - [2008/07/01 18:52:22 | 000,058,832 | ---- | M] ( Pro-Softnet) -- C:\Program Files\IDrive\IDriveWebM.exe
PRC - [2008/05/26 10:08:26 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/09/15 02:01:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2003/10/29 03:06:00 | 000,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe


========== Modules (SafeList) ==========

MOD - [2010/03/28 20:16:07 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amit\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (SQLAgent$SONY_MEDIAMGR)
SRV - File not found [On_Demand | Stopped] -- -- (MSSQL$SONY_MEDIAMGR)
SRV - File not found [Auto | Stopped] -- -- (KService)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - File not found [Auto | Stopped] -- -- (AOL ACS)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/30 18:36:08 | 000,136,656 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\Program Files\IDrive\IDriveE Service.exe -- (IDriveE Service)
SRV - [2008/07/01 18:52:22 | 000,058,832 | ---- | M] ( Pro-Softnet) [Auto | Running] -- C:\Program Files\IDrive\IDriveWebM.exe -- (IDrivePlugin)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydsl/*http://www.yahoo.com/search/ie.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =



O1 HOSTS File: ([2010/03/29 22:01:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\Amit\Start Menu\Programs\Startup\avast.lnk = C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/12/19 21:57:59 | 000,000,000 | ---D | M]
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} http://www.imagestation.com/common/classes/BPImageEditor.cab?ver=1,1,0,32 (Pixami Image Editor Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} https://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://pc.mywebexpc.com/pc/mywebex/tool/syscheck/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} http://www.imagestation.com/common/classes/SonyISUpload.cab?v=1,0,0,37 (AxRUploadControl Object)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/mygarmin/m/GarminAxControl.CAB (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Amit\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Amit\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/27 09:35:19 | 000,000,000 | ---D | M] - F:\autorun -- [ NTFS ]
O32 - AutoRun File - [2010/03/19 17:07:18 | 000,000,000 | ---D | M] - G:\autorun -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2004/12/09 01:09:26 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^802.11b+g USB Wireless LAN Utility.lnk - C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^Amit^Start Menu^Programs^Startup^IDrive Tray.lnk - C:\Program Files\IDrive\IDriveEReg2ini.exe - (Pro Softnet Corp.)
MsConfig - StartUpReg: Acrobat Assistant 7.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: ares - hkey= - key= - C:\Program Files\Ares\Ares.exe (Ares Development Group)
MsConfig - StartUpReg: Dell AIO Printer A920 - hkey= - key= - C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe (Dell Computer Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LifeCam - hkey= - key= - C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: Samsung PanelMgr - hkey= - key= - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: VX3000 - hkey= - key= - C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: SymEFA.sys - FSFilter Activity Monitor
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: SymEFA.sys - FSFilter Activity Monitor
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {0430454D-47EA-11D6-AD58-00010333D0AD} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - Reg Error: Value error.
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - Reg Error: Value error.
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} - Reg Error: Value error.
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.8
ActiveX: {573B61E6-FE24-525A-63CF-197D11B7E9C7} - Microsoft Windows Media Player
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {924C1588-90C3-4910-B6CA-D57A1C0418FE} - Reg Error: Value error.
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Yahoo! Messenger
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: wave - C:\WINDOWS\System32\SERWVDRV.DLL (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

File not found -- C:\Documents and Settings\Amit\My Documents\CAUY77P4.
File not found -- C:\Documents and Settings\Amit\My Documents\CA43VRQW.
[2010/03/29 22:36:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/29 21:58:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/03/29 21:53:10 | 000,000,000 | ---D | C] -- C:\ComboFx12737C
[2010/03/29 18:54:39 | 000,000,000 | ---D | C] -- C:\ComboFx25596C
[2010/03/28 20:16:43 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Amit\Desktop\OTL.exe
[2010/03/28 18:40:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/28 18:40:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/28 18:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/28 18:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/28 18:20:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/28 18:20:01 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 18:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/28 17:58:01 | 000,000,000 | ---D | C] -- C:\ComboFx
[2010/03/28 17:42:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amit\Application Data\AVG8
[2010/03/23 19:08:44 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Amit\My Documents\My Data Sources
[2010/03/20 16:38:48 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital Corporation
[2009/10/26 22:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/10/26 22:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Threat Expert
[2007/11/09 09:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/06/18 21:05:32 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Amit\Application Data\pcouffin.sys
[2007/05/10 12:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2007/04/11 11:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2007/04/11 11:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
[2007/01/08 15:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2006/11/05 15:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2006/11/05 15:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2005/07/15 16:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2005/07/15 16:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2004/12/18 15:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

File not found -- C:\Documents and Settings\Amit\My Documents\CAUY77P4.
File not found -- C:\Documents and Settings\Amit\My Documents\CA43VRQW.
[2010/03/29 22:01:53 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/29 22:01:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/03/29 22:01:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/03/29 22:00:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/29 22:00:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/03/29 21:59:52 | 013,631,488 | ---- | M] () -- C:\Documents and Settings\Amit\ntuser.dat
[2010/03/29 21:59:49 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Amit\NTUSER.INI
[2010/03/29 21:58:34 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\seyuliru
[2010/03/29 18:53:20 | 003,905,917 | R--- | M] () -- C:\Documents and Settings\Amit\My Documents\ComboFx.exe
[2010/03/28 20:16:07 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amit\Desktop\OTL.exe
[2010/03/28 19:44:43 | 000,016,555 | ---- | M] () -- C:\Documents and Settings\Amit\My Documents\0A8A4F73B9AA7482C0F8352C4E3C2522C5D190D5.torrent
[2010/03/28 18:20:07 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/28 17:47:46 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/28 13:39:08 | 000,015,534 | ---- | M] () -- C:\Documents and Settings\Amit\My Documents\[Rp] Babbu Maan - Ekam(Son Of Soil)[Cleans Covers](By.ReshamMahal)[320-VBR] Mar.2k10.torrent
[2010/03/28 10:14:46 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Amit\My Documents\EEA54D46C171621BC9E9320F29D613B5F6605080.torrent
[2010/03/27 11:02:28 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Amit\My Documents\A list of songs for Dance.doc
[2010/03/23 19:06:58 | 000,084,992 | ---- | M] () -- C:\Documents and Settings\Amit\My Documents\Panchal, Amit - 2567B - 4G-730-0039-10.doc
[2010/03/20 22:01:58 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/03/20 20:15:28 | 003,781,926 | -H-- | M] () -- C:\Documents and Settings\Amit\Local Settings\Application Data\IconCache.db
[2010/03/20 20:08:48 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/03/20 20:08:02 | 000,000,130 | ---- | M] () -- C:\WINDOWS\cfplogvw.INI
[2010/03/20 16:29:00 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SeaTools for Windows.lnk
[2010/03/20 13:16:41 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\Amit\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/20 13:16:41 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/16 20:18:27 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\Amit\Start Menu\Programs\Startup\avast.lnk
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/28 19:44:41 | 000,016,555 | ---- | C] () -- C:\Documents and Settings\Amit\My Documents\0A8A4F73B9AA7482C0F8352C4E3C2522C5D190D5.torrent
[2010/03/28 18:20:07 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/28 13:39:19 | 000,015,534 | ---- | C] () -- C:\Documents and Settings\Amit\My Documents\[Rp] Babbu Maan - Ekam(Son Of Soil)[Cleans Covers](By.ReshamMahal)[320-VBR] Mar.2k10.torrent
[2010/03/28 10:14:45 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Amit\My Documents\EEA54D46C171621BC9E9320F29D613B5F6605080.torrent
[2010/03/27 11:02:30 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Amit\My Documents\A list of songs for Dance.doc
[2010/03/23 19:06:58 | 000,084,992 | ---- | C] () -- C:\Documents and Settings\Amit\My Documents\Panchal, Amit - 2567B - 4G-730-0039-10.doc
[2010/03/20 17:18:41 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/16 20:18:27 | 000,000,824 | ---- | C] () -- C:\Documents and Settings\Amit\Start Menu\Programs\Startup\avast.lnk
[2010/02/14 21:55:30 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/02/14 21:55:29 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/30 16:42:59 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2010/01/29 17:32:38 | 000,000,120 | ---- | C] () -- C:\WINDOWS\CIS_Setup_3.13.126709.581_XP_Vista_x32.INI
[2009/12/03 21:34:31 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/11/28 21:55:34 | 000,271,512 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/11/27 21:11:39 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2009/09/15 21:46:29 | 000,009,885 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/07/30 15:11:06 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/05/20 17:35:55 | 000,005,184 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2009/03/27 08:43:05 | 000,000,295 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2008/11/30 19:12:48 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\cl31cl3.dll
[2008/11/05 12:21:29 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/11/05 12:21:29 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/10/29 18:25:09 | 000,011,700 | ---- | C] () -- C:\Documents and Settings\Amit\Local Settings\Application Data\fyte.ban
[2008/10/29 18:25:08 | 000,017,723 | ---- | C] () -- C:\Documents and Settings\Amit\Local Settings\Application Data\zosyqi._sy
[2008/10/29 18:25:08 | 000,014,156 | ---- | C] () -- C:\Documents and Settings\Amit\Application Data\utofiv.dll
[2008/10/29 18:25:08 | 000,014,092 | ---- | C] () -- C:\Documents and Settings\Amit\Local Settings\Application Data\puxytaqaj.exe
[2008/10/29 18:25:08 | 000,013,706 | ---- | C] () -- C:\Program Files\Common Files\vasosicuv.scr
[2008/10/29 18:25:08 | 000,012,515 | ---- | C] () -- C:\Documents and Settings\Amit\Application Data\xonemo.db
[2008/10/29 18:25:08 | 000,011,886 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\itihelymy.com
[2008/10/02 23:25:09 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2008/01/11 17:57:24 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\Amit\Local Settings\Application Data\is_downloader.txt
[2007/06/18 21:05:34 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Amit\Application Data\pcouffin.log
[2007/06/18 21:05:32 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Amit\Application Data\pcouffin.cat
[2007/06/18 21:05:32 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Amit\Application Data\pcouffin.inf
[2007/03/09 09:37:48 | 000,057,792 | ---- | C] () -- C:\Program Files\MC
[2007/02/13 22:57:08 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\Amit\Application Data\.zreglib
[2007/01/18 23:08:14 | 000,000,080 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2006/10/12 20:51:44 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/07/18 21:48:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/07/01 07:46:58 | 000,167,936 | ---- | C] () -- C:\Program Files\diskinst.exe
[2006/07/01 07:46:58 | 000,000,389 | ---- | C] () -- C:\Program Files\proginfo.txt
[2006/07/01 07:46:58 | 000,000,113 | ---- | C] () -- C:\Program Files\instruct.ini
[2006/07/01 07:46:58 | 000,000,073 | ---- | C] () -- C:\Program Files\cdboot.phx
[2006/04/22 15:40:18 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/02/02 08:39:08 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2005/12/21 21:10:27 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\tvqenc.dll
[2005/12/21 21:10:26 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2005/12/10 20:12:11 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2005/12/09 17:48:40 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/09/25 11:16:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MusicEditor.INI
[2005/07/07 12:24:27 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\Amit\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/06/25 13:02:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AudStu.INI
[2005/06/25 12:57:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\netMedic.INI
[2005/06/25 12:48:34 | 000,012,499 | ---- | C] () -- C:\WINDOWS\System32\EONSYSREV_1.DLL
[2005/06/23 20:39:04 | 000,000,024 | ---- | C] () -- C:\WINDOWS\magix.ini
[2005/06/21 20:05:47 | 000,000,210 | ---- | C] () -- C:\WINDOWS\CleaningLab.INI
[2005/06/21 18:02:31 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2005/06/21 18:00:14 | 000,000,919 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2005/06/15 17:04:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/13 20:16:08 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/06/05 18:18:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2005/03/04 12:54:02 | 000,000,049 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/03/04 12:07:46 | 000,000,456 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/12/19 19:41:10 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Amit\Application Data\PFP120JPR.{PB
[2004/12/19 19:41:10 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Amit\Application Data\PFP120JCM.{PB
[2004/12/17 18:44:47 | 000,001,233 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/12/09 01:42:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/09 01:37:34 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/12/09 01:11:28 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 23:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/01/07 16:15:26 | 000,000,255 | ---- | C] () -- C:\WINDOWS\System32\dlbkcoin.ini
[2002/11/13 14:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbkvs.dll
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2009/08/21 09:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3F
[2010/01/29 17:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/08/29 19:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/09/15 21:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2006/05/01 09:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/11/28 21:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2006/08/26 20:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/03/14 15:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/06/20 16:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2008/10/06 18:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/11/29 13:52:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{3689B77C-90FA-4663-91AB-5AB34383CD81}
[2009/11/28 21:33:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{442B6EC3-77A0-4817-825F-67F47D7A2E54}
[2009/10/20 20:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/14 11:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/03/20 07:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2005/07/13 21:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amit\Application Data\.ABC 3.01
[2009/11/21 23:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amit\Application Data\.BitTornado
[2009/12/04 10:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amit\Application Data\Auslogics
[2010/03/28 19:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amit\Application Data\Azureus
[2008/12/18 12:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amit\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2006/05/01 09:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amit\Application Data\HotSync
[2010/02/27 21:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amit\Application Data\ImgBurn
[2004/12/17 17:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amit\Application Data\Leadertech
[2010/01/10 21:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amit\Application Data\Mp3tag
[2007/04/11 17:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amit\Application Data\MSNInstaller
[2007/04/11 18:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amit\Application Data\Musicmatch
[2006/08/19 21:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amit\Application Data\NetMedia Providers
[2005/06/16 07:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amit\Application Data\ParkerVision
[2006/08/19 21:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amit\Application Data\Publish Providers
[2009/10/03 10:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amit\Application Data\Sony
[2009/12/04 13:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amit\Application Data\TweakNow PowerPack 2009
[2006/04/04 20:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amit\Application Data\Video DVD Maker FREE
[2010/02/14 22:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amit\Application Data\Vso
[2010/02/15 02:00:00 | 000,000,262 | -H-- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job

========== Purity Check ==========



========== Custom Scans ==========



< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 300 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D6E5D55
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EFB0FE0
< End of report >

i didnt get any extra.txt log ?

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

bellow is the copyy paste of eset log i didnt get any popup notepad log but i did copy from list at end of scan and i asked the software to delete from qurantine list

C:\Documents and Settings\Amit\My Documents\Acid Pro 6.0 + Keygen\keygen.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined
C:\Documents and Settings\Amit\My Documents\Setup files\freeripmp3.exe a variant of Win32/Adware.ADON application deleted - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\hatutiza.dll.vir a variant of Win32/Kryptik.DCP trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\nunupofa.dll.vir a variant of Win32/Kryptik.DCP trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sofodowi.dll.vir a variant of Win32/Kryptik.DCP trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\zasulege.dll.vir a variant of Win32/Kryptik.DCP trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP92\A0037694.dll a variant of Win32/Kryptik.DCP trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP92\A0037695.dll a variant of Win32/Kryptik.DCP trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP93\A0038096.dll a variant of Win32/Kryptik.DCP trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP93\A0038099.dll a variant of Win32/Kryptik.DCP trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0038481.dll a variant of Win32/Kryptik.DCP trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0038484.dll a variant of Win32/Kryptik.DCP trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0039209.dll a variant of Win32/Kryptik.DCP trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0039210.dll a variant of Win32/Kryptik.DCP trojan cleaned by deleting - quarantined

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
  
• Click CREATE

You now have a clean restore point, to get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
  
• Click OK
  
• The System will do some calculation and the display a dialogue box with TABS
  
• Select the More Options Tab.
  
• At the bottom will be a system restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done
  

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

here is the final log

Results of screen317's Security Check version 0.99.2
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Advanced Disk Cleaner
Java(TM) 6 Update 17
Out of date Java installed!
Adobe Flash Player 10
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

---

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

• Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  
• Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  
• PC Tools Firewall Plus: free and excellent firewall.

AntiSpyware

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

See this page for more info about malware and prevention.

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

Thanx for all the tips i have removed old java and got the new 1. About the firewall and aniviruses or adware malware etc is ok if i use avast or avg (both free versions) i have mbam i had comodo but its seemed too complicated unless u suggest to get reed of avast and avg and just go with comodo please reply as a second opinion. i dont go crazy with surffing so i dont run across many bad situations i m a DJ so sometimes customers ask for certain songs n thats when i have to surf around to look for those songs THANX

Go with Avast for antivirus. Not AVG.

For a firewall, go with Online Armor. Tallemu.com

thanx again i guess we r done here so u can close this thread

ok