Solved Task Manager does not appear

[Resolved] Task Manager does not appear

This is my friend's computer Dell Latitude with windows XP Pro. She must have run into some spyware or virus. Her task manager does not appear. She (and I) used several software such as anti-malware, super antispyware, adware etc. besides the regular antivurus check and cleaned up the computer. But still the task manager does not show when you click ctrl+alt+del.

I would appreciate some help regarding this problem.

P.S. I followed the instructions mentioned by you. I will supply all the log information which you required.

But first, I must say before the fourth time I ran the Malware Bytes software (my friend ran it once and I again did a full scan before -- both times we find malware and cleaned them), I tried to update the software and I got the following error message: "MBD.. ran into an error downloading an upload file...contact support." I scanned the computer anyway and found 26 malware, cleaned them (log is included below) and rebooted and lo and behold, this time the Task Manager appeared.

So that problem is resolved. I ran the Malware Bytes again and found 17 more malware and cleaned them.

But when I boot the computer this error message keeps coming up initially and when I open a software which says "Runtime C++, Runtime error. RTVScanner.exe. This applications requires the Runtime to terminate in an unusual way." I am unable to get rid of this error message. This started appearing after my friend used the Malware Bytes the first time

I also get from time to time this warning message: "Disk free space has dropped below the minimum threshold. Free up space on your hard disk drive by:
1. Backing up your data to a tape backup, ZIP or network drive.
2. Delete unused files.

If you are unsure which files are safe to move or delete, contact your Help Desk or consult your software manuals. "

Just so it might be helpful, I will include below all the information requested:

1) Malware Bytes latest log:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6172

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/25/2011 3:07:41 PM
mbam-log-2011-03-25 (15-07-41).txt

Scan type: Quick scan
Objects scanned: 168949
Time elapsed: 25 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 16
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OLT.exe (Security.Hijack) ->

Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\0 (Security.Hijack) -> Value: 0 ->

Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 (Security.Hijack) -> Value: 1 ->

Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\2 (Security.Hijack) -> Value: 2 ->

Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 (Security.Hijack) -> Value: 3 ->

Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 (Security.Hijack) -> Value: 4 ->

Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\5 (Security.Hijack) -> Value: 5 ->

Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\6 (Security.Hijack) -> Value: 6 ->

Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\7 (Security.Hijack) -> Value: 7 ->

Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\8 (Security.Hijack) -> Value: 8 ->

Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\9 (Security.Hijack) -> Value: 9 ->

Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\10 (Security.Hijack) -> Value: 10

-> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\11 (Security.Hijack) -> Value: 11

-> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\12 (Security.Hijack) -> Value: 12

-> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\13 (Security.Hijack) -> Value: 13

-> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\14 (Security.Hijack) -> Value: 14

-> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\15 (Security.Hijack) -> Value: 15

-> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

2) GMR

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-25 12:41:57
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK8026GAX rev.PA002D
Running: gmer.exe; Driver: C:\DOCUME~1\mtummala\LOCALS~1\Temp\fxdyypoc.sys


---- System - GMER 1.0.15 ----

SSDT 8A845390

ZwAlertResumeThread
SSDT 8A75E460

ZwAlertThread
SSDT 8AA8D3B8

ZwAllocateVirtualMemory
SSDT 8A93A990

ZwConnectPort
SSDT Lbd.sys (Boot Driver/Lavasoft AB)

ZwCreateKey [0xBA0F887E]
SSDT 8A7DD248

ZwCreateMutant
SSDT 8A923828

ZwCreateThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

ZwDeleteValueKey [0xA931A690]
SSDT 8A868340

ZwFreeVirtualMemory
SSDT 8A95E1D8

ZwImpersonateAnonymousToken
SSDT 8A8C7098

ZwImpersonateThread
SSDT 8A92B680

ZwMapViewOfSection
SSDT 8A83E2F8

ZwOpenEvent
SSDT 8AA0F5E0

ZwOpenProcessToken
SSDT 8A97E358

ZwOpenThreadToken
SSDT 8A9FA5A0

ZwQueryValueKey
SSDT 8A8710A8

ZwResumeThread
SSDT 8A8DB0B0

ZwSetContextThread
SSDT 8A97EB58

ZwSetInformationProcess
SSDT 8A7DCEC0

ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

ZwSetValueKey [0xA931A8E0]
SSDT 8AA0C3D0

ZwSuspendProcess
SSDT 8A8A4310

ZwSuspendThread
SSDT 8AA82B28

ZwTerminateProcess
SSDT 8A8CB7A0

ZwTerminateThread
SSDT 8AA0F508

ZwUnmapViewOfSection
SSDT 8AA8C790

ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\DRIVERS\gtipci21.sys

entry point in "init" section [0xB9C44A80]
init C:\WINDOWS\system32\DRIVERS\actrpcsc.sys

entry point in "init" section [0xBA5D02E0]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs

SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip

SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip

Lbd.sys (Boot Driver/Lavasoft AB)

Device

pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp

SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp

Lbd.sys (Boot Driver/Lavasoft AB)

Device

usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp

SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp

Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp

SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device

mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device

A732AD20

AttachedDevice

fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer

tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer

tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer

tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer

tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer

tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs

tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Files - GMER 1.0.15 ----

ADS C:\Our Documents\Courses\EC4430\Notes4430\Course

Materials\YaoYang_multimedia\VideoSamples\H263\YUVviewer.exe:Zone.Identifier 155648 bytes executable
ADS C:\Our Documents\Courses\EC4430\Notes4430\Course

Materials\YaoYang_multimedia\VideoSamples\MPEG4\YUVviewer.exe:Zone.Identifier 155648 bytes executable
ADS C:\Our Documents\Courses\EC4430\Notes4430\Course

Materials\YaoYang_multimedia\VideoSamples\Tools\mpeg420_yuv_converter.exe:Zone.Identifier 544858 bytes executable
ADS C:\Our Documents\Courses\EC4430\Notes4430\Course

Materials\YaoYang_multimedia\VideoSamples\Tools\PSNR.exe:Zone.Identifier 49152 bytes executable
ADS C:\Our Documents\Courses\EC4430\Notes4430\Course

Materials\YaoYang_multimedia\VideoSamples\Tools\truncate.exe:Zone.Identifier 46592 bytes executable
ADS C:\Our Documents\Courses\EC4430\Notes4430\Course

Materials\YaoYang_multimedia\VideoSamples\Tools\YUVmixer.exe:Zone.Identifier 540734 bytes executable
ADS C:\Our Documents\Courses\EC4430\Notes4430\Course

Materials\YaoYang_multimedia\VideoSamples\Tools\YUVviewer.exe:Zone.Identifier 155648 bytes executable
ADS C:\Our Documents\Courses\EC4430\Notes4430\Course

Materials\YaoYang_multimedia\VideoSamples\YUVviewer.exe:Zone.Identifier 155648 bytes executable

---- EOF - GMER 1.0.15 ----
3)MBRCheck:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 165):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D1000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xBA0A8000 tqvqprev.sys
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0B8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB9F4A000 pcmcia.sys
0xBA0C8000 MountMgr.sys
0xB9F2B000 ftdisk.sys
0xB9F05000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0D8000 VolSnap.sys
0xB9EED000 atapi.sys
0xBA0E8000 disk.sys
0xBA0F8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9ECD000 fltmgr.sys
0xB9EBB000 sr.sys
0xBA108000 Lbd.sys
0xB9EA6000 drvmcdb.sys
0xBA338000 PxHelp20.sys
0xB9E8F000 KSecDD.sys
0xB9E02000 Ntfs.sys
0xB9DD5000 NDIS.sys
0xB9DBB000 Mup.sys
0xBA128000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA560000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB4B70000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xB4B5C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB4B3E000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xBA430000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB4B1B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA438000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB4B07000 \SystemRoot\system32\DRIVERS\gtipci21.sys
0xBA564000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0xB47DF000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xB479C000 \SystemRoot\system32\drivers\STAC97.sys
0xB4778000 \SystemRoot\system32\drivers\portcls.sys
0xBA158000 \SystemRoot\system32\drivers\drmk.sys
0xB4755000 \SystemRoot\system32\drivers\ks.sys
0xB4724000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xB4625000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xB457D000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA468000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA178000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB4563000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xBA470000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA478000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA198000 \SystemRoot\system32\DRIVERS\serial.sys
0xB4C9D000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB454F000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA60A000 \SystemRoot\system32\DRIVERS\actrpcsc.sys
0xBA1C8000 \SystemRoot\System32\Drivers\tosrfcom.sys
0xB4512000 \SystemRoot\system32\DRIVERS\iwca.sys
0xBA757000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB96AB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB4C99000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB44D8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB967B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB968B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA480000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB44C7000 \SystemRoot\system32\DRIVERS\psched.sys
0xB965B000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xADFA3000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xADF9B000 \SystemRoot\system32\DRIVERS\raspti.sys
0xADC3F000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB037A000 \SystemRoot\system32\DRIVERS\termdd.sys
0xADF93000 \SystemRoot\system32\DRIVERS\RMSPPPOE.SYS
0xBA64E000 \SystemRoot\system32\DRIVERS\swenum.sys
0xADBE1000 \SystemRoot\system32\DRIVERS\update.sys
0xAFBDE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xADF8B000 \SystemRoot\system32\DRIVERS\omci.sys
0xB319A000 \SystemRoot\system32\DRIVERS\tosporte.sys
0xB3FE7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB39C6000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5D4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB16DD000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xB038A000 \SystemRoot\System32\Drivers\tosrfusb.sys
0x9A64E000 \??\C:\Program Files\Symantec AntiVirus\savrt.sys
0x9A629000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0x9A615000 \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
0x9A4CA000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110318.019\navex15.sys
0x9A4B6000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110318.019\naveng.sys
0xBA64A000 \SystemRoot\system32\drivers\sscdbhk5.sys
0x9B6D9000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB3996000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xAE08B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xAE066000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x9C0F1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xAE1BF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9D177000 \SystemRoot\System32\Drivers\Null.SYS
0x9B019000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA61E000 \SystemRoot\System32\Drivers\Beep.SYS
0xB3889000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB244A000 \SystemRoot\system32\drivers\ssrtln.sys
0xB039A000 \SystemRoot\system32\DRIVERS\redbook.sys
0xAE0BB000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xAE143000 \SystemRoot\System32\drivers\vga.sys
0xBA650000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA65C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB027D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9A6EE000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB3056000 \SystemRoot\system32\DRIVERS\rasacd.sys
0x9A483000 \SystemRoot\system32\DRIVERS\ipsec.sys
0x9A42A000 \SystemRoot\system32\DRIVERS\tcpip.sys
0x9A3F1000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x9A3CB000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x9C3AE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9A3A3000 \SystemRoot\system32\DRIVERS\netbt.sys
0x9A381000 \SystemRoot\System32\drivers\afd.sys
0xB34D8000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9A31C000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0x9A2FA000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xBA3B8000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x9A2CF000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9A25F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB3849000 \SystemRoot\System32\Drivers\Fips.SYS
0x9A201000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x9A1E4000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x9CAA7000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xB312A000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x9A1CC000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5E2000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAE0E3000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA360000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0x9C6E8000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF03F000 \SystemRoot\System32\ialmdev5.DLL
0xBF06B000 \SystemRoot\System32\ialmdd5.DLL
0xBF148000 \SystemRoot\System32\ATMFD.DLL
0xADF17000 \SystemRoot\system32\drivers\drvnddm.sys
0x9AAB6000 \SystemRoot\system32\dla\tfsndres.sys
0x9A1B6000 \SystemRoot\system32\dla\tfsnifs.sys
0x9CAB3000 \SystemRoot\system32\dla\tfsnopio.sys
0xBA5DC000 \SystemRoot\system32\dla\tfsnpool.sys
0xB028D000 \SystemRoot\system32\dla\tfsnboio.sys
0xB08C0000 \SystemRoot\system32\dla\tfsncofs.sys
0x9A9C8000 \SystemRoot\system32\dla\tfsndrct.sys
0x9A19D000 \SystemRoot\system32\dla\tfsnudf.sys
0x9A184000 \SystemRoot\system32\dla\tfsnudfa.sys
0xB16C9000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xB33F0000 \SystemRoot\system32\DRIVERS\mdc8021x.sys
0xB33EC000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xAE1BB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x99695000 \SystemRoot\system32\drivers\wdmaud.sys
0x9C41E000 \SystemRoot\system32\drivers\sysaudio.sys
0x9945A000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA626000 \??\C:\WINDOWS\system32\Drivers\BASFND.sys
0x98EEB000 \SystemRoot\system32\DRIVERS\srv.sys
0x9A0DC000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x986D4000 \SystemRoot\system32\DRIVERS\secdrv.sys
0x9815B000 \SystemRoot\System32\Drivers\HTTP.sys
0x9800B000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0x98624000 \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
0xBA5BA000 \SystemRoot\System32\Drivers\SmartDefragDriver.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 67):
0 System Idle Process
4 System
1120 C:\WINDOWS\system32\smss.exe
1216 csrss.exe
1240 C:\WINDOWS\system32\winlogon.exe
1284 C:\WINDOWS\system32\services.exe
1296 C:\WINDOWS\system32\lsass.exe
1480 C:\WINDOWS\system32\svchost.exe
1572 svchost.exe
1612 C:\WINDOWS\system32\svchost.exe
1716 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1748 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1784 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
1828 svchost.exe
1916 svchost.exe
1944 C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
328 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
352 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
508 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
632 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
948 C:\WINDOWS\system32\spoolsv.exe
552 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
588 scardsvr.exe
2024 C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
1056 svchost.exe
804 C:\WINDOWS\explorer.exe
988 C:\Program Files\Common Files\ActivCard\acautoreg.exe
1076 C:\Program Files\Common Files\ActivCard\accoca.exe
1156 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1172 C:\WINDOWS\system32\BAsfIpM.exe
1420 C:\Program Files\Bonjour\mDNSResponder.exe
1816 C:\WINDOWS\system32\cisvc.exe
2044 C:\Program Files\Symantec AntiVirus\DefWatch.exe
576 C:\Program Files\Dell\OpenManage\Client\Iap.exe
1556 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
700 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
840 C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
2104 C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
2244 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
2292 C:\WINDOWS\system32\svchost.exe
3096 wmiprvse.exe
3856 C:\WINDOWS\system32\cidaemon.exe
1596 unsecapp.exe
2008 alg.exe
3376 C:\Program Files\Apoint\Apoint.exe
3644 C:\WINDOWS\system32\hkcmd.exe
3652 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
3668 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
3832 C:\WINDOWS\system32\dla\tfswctrl.exe
292 C:\Program Files\Apoint\ApntEx.exe
1800 C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
2932 C:\Program Files\Broadcom\BACS\BacsTray.exe
268 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
2220 C:\PROGRA~1\SYMANT~1\VPTray.exe
2912 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
3328 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
224 C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
2380 C:\Program Files\iTunes\iTunesHelper.exe
3088 C:\WINDOWS\system32\ctfmon.exe
1600 C:\Program Files\iPod\bin\iPodService.exe
872 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
752 C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
3544 C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
1680 C:\Documents and Settings\mtummala\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
1544 C:\Documents and Settings\mtummala\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
1504 C:\Documents and Settings\mtummala\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
1932 C:\Documents and Settings\mtummala\My Documents\Downloads\MBRCheck (1).exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`04699200 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK8026GAX, Rev: PA002D

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

4) DDS:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by mtummala at 14:30:03.89 on Fri 03/25/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1164 [GMT -7:00]
.
AV: Best Malware Protection *Enabled/Updated* {70A14F37-30F8-4107-9F17-25C6FCF8D2B0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Best Malware Protection *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\accoca.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\IObit\Advanced SystemCare 3\Awc.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Documents and Settings\mtummala\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\mtummala\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\mtummala\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.dell.com
uInternet Settings,ProxyServer = http=127.0.0.1:25396
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft

office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: {784391a5-cfc2-47a0-8ed3-165a7dd1978f} - pikiriro.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common

files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common

files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common

files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe "
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [QuickPassword] c:\program files\activcard\activcard gold\agquickp.exe
mRun: [bacstray] c:\program files\broadcom\bacs\\BacsTray.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe "
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [IObit Security 360] c:\program files\iobit\iobit security 360\IS360tray.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-disallowrun: 0 = msseces.exe
uPolicies-disallowrun: 1 = MSASCui.exe
uPolicies-disallowrun: 2 = ekrn.exe
uPolicies-disallowrun: 3 = egui.exe
uPolicies-disallowrun: 4 = avgnt.exe
uPolicies-disallowrun: 5 = avcenter.exe
uPolicies-disallowrun: 6 = avscan.exe
uPolicies-disallowrun: 7 = avgfrw.exe
uPolicies-disallowrun: 8 = avgui.exe
uPolicies-disallowrun: 9 = avgtray.exe
uPolicies-disallowrun: 10 = avgscanx.exe
uPolicies-disallowrun: 11 = avgcfgex.exe
uPolicies-disallowrun: 12 = avgemc.exe
uPolicies-disallowrun: 13 = avgchsvx.exe
uPolicies-disallowrun: 14 = avgcmgr.exe
uPolicies-disallowrun: 15 = avgwdsvc.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common

files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common

files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program

files\java\jre1.5.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} -

c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://bouncer.nps.edu/CACHE/stc/2/binaries/vpnweb.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133841809890
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft

office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: jajakumew - {d3179d88-f4b4-4a80-b43e-9cc089fe1a57} - No File
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft

office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
IFEO: image file execution options - svchost.exe
IFEO: OLT.exe - svchost.exe
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-24 64512]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-3-25 13496]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2008-5-28 337280]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2008-5-28 54656]
R2 acautoreg;ActivCard Gold Autoregister;c:\program files\common files\activcard\acautoreg.exe [2002-9-12 53248]
R2 Accoca;ActivCard Gold service;c:\program files\common files\activcard\accoca.exe [2004-8-11 143360]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2008-6-24 191848]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2008-6-24 169320]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-24 1405384]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856]
R3 Actrpcsc;Actrpcsc;c:\windows\system32\drivers\actrpcsc.sys [2003-9-16 14784]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys

[2010-6-4 102448]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2005-8-17 80384]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-3-24 15232]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110318.019\naveng.sys [2011-3-18 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110318.019\navex15.sys [2011-3-18 1360760]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [2002-10-3 31504]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 ACTR;Smart Card Reader;c:\windows\system32\drivers\ACTR.SYS [2003-2-6 16408]
S2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2011-3-25 312152]
S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2008-9-30 1956792]
S3 actccid;ActivCard USB Reader V2;c:\windows\system32\drivers\actccid.sys [2002-8-2 47660]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2008-9-30 116664]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]
.
=============== Created Last 30 ================
.
2011-03-25 20:47:44 -------- d-----w- c:\program files\ToniArts
2011-03-25 20:46:23 733184 ----a-w- c:\program files\common

files\installshield\professional\runtime\10\01\intel32\iKernel.dll
2011-03-25 20:46:23 69715 ----a-w- c:\program files\common

files\installshield\professional\runtime\10\01\intel32\ctor.dll
2011-03-25 20:46:23 5632 ----a-w- c:\program files\common

files\installshield\professional\runtime\10\01\intel32\DotNetInstaller.exe
2011-03-25 20:46:23 266240 ----a-w- c:\program files\common

files\installshield\professional\runtime\10\01\intel32\iscript.dll
2011-03-25 20:46:23 172032 ----a-w- c:\program files\common

files\installshield\professional\runtime\10\01\intel32\iuser.dll
2011-03-25 20:46:17 180356 ----a-w- c:\program files\common

files\installshield\professional\runtime\10\01\intel32\iGdi.dll
2011-03-25 20:46:16 303236 ----a-w- c:\program files\common

files\installshield\professional\runtime\10\01\intel32\setup.dll
2011-03-25 20:34:42 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-03-25 20:34:41 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-03-25 20:33:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\IObit
2011-03-25 20:28:36 -------- d-----w- c:\applic~1\IObit
2011-03-25 20:28:33 -------- d-----w- c:\program files\IObit
2011-03-25 05:53:21 -------- d-----w- c:\docume~1\mtummala\locals~1\applic~1\Temp
2011-03-25 05:53:15 -------- d-----w- c:\docume~1\mtummala\locals~1\applic~1\Google
2011-03-25 05:52:45 -------- d-----w- c:\docume~1\mtummala\locals~1\applic~1\Deployment
2011-03-25 05:39:19 -------- d-----w- c:\windows\pss
2011-03-25 01:02:47 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-25 00:42:18 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-03-25 00:38:50 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{6A27DD32-7047-49DB-A679-BD2BD6B0BBD1}
2011-03-25 00:38:20 -------- d-----w- c:\program files\Lavasoft
2011-03-24 21:21:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-03-24 21:21:16 -------- d-----w- c:\applic~1\SUPERAntiSpyware.com
2011-03-24 21:21:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-21 16:44:10 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\BMBQCODYDP
2011-03-21 16:43:30 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\879913
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-25 22:29:00 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
.
============= FINISH: 14:30:54.40 ===============

DDS and DDS attached continued in another posting.

 

This is a continuation of the previous post "Task Manager Does not Appear ":

5) DDS ATTACH:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/5/2005 7:33:25 PM
System Uptime: 3/25/2011 1:11:21 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0N7254
Processor: Intel(R) Pentium(R) M processor 2.00GHz | Microprocessor | 1994/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 7.267 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
RP121: 12/25/2010 7:18:29 PM - System Checkpoint
RP122: 12/30/2010 6:24:50 PM - System Checkpoint
RP123: 1/10/2011 5:49:23 PM - System Checkpoint
RP124: 1/11/2011 6:59:19 PM - System Checkpoint
RP125: 1/11/2011 9:19:10 PM - Software Distribution Service 3.0
RP126: 1/13/2011 5:56:18 PM - System Checkpoint
RP127: 1/14/2011 7:10:53 PM - System Checkpoint
RP128: 1/16/2011 7:38:24 PM - System Checkpoint
RP129: 1/20/2011 6:21:33 AM - System Checkpoint
RP130: 1/22/2011 10:31:21 AM - System Checkpoint
RP131: 1/27/2011 1:08:45 PM - System Checkpoint
RP132: 1/29/2011 3:54:44 PM - System Checkpoint
RP133: 1/30/2011 6:19:28 PM - System Checkpoint
RP134: 2/1/2011 6:21:47 PM - System Checkpoint
RP135: 2/3/2011 6:28:25 PM - System Checkpoint
RP136: 2/5/2011 9:41:34 AM - System Checkpoint
RP137: 2/6/2011 11:38:16 AM - System Checkpoint
RP138: 2/7/2011 5:40:07 PM - System Checkpoint
RP139: 2/9/2011 6:53:43 PM - System Checkpoint
RP140: 2/9/2011 7:58:03 PM - Software Distribution Service 3.0
RP141: 2/13/2011 10:11:44 AM - System Checkpoint
RP142: 2/14/2011 12:09:23 PM - System Checkpoint
RP143: 2/16/2011 6:57:50 AM - System Checkpoint
RP144: 2/19/2011 6:33:19 PM - System Checkpoint
RP145: 2/20/2011 7:19:13 PM - System Checkpoint
RP146: 2/23/2011 5:51:28 PM - System Checkpoint
RP147: 2/25/2011 3:54:12 PM - Software Distribution Service 3.0
RP148: 2/26/2011 5:16:03 PM - System Checkpoint
RP149: 3/5/2011 6:19:16 PM - System Checkpoint
RP150: 3/7/2011 6:40:26 PM - System Checkpoint
RP151: 3/12/2011 9:03:16 AM - Software Distribution Service 3.0
RP152: 3/15/2011 8:57:28 PM - Software Distribution Service 3.0
RP153: 3/17/2011 10:17:03 AM - System Checkpoint
RP154: 3/18/2011 11:57:09 AM - System Checkpoint
RP155: 3/19/2011 6:50:39 PM - System Checkpoint
RP156: 3/20/2011 7:51:20 PM - System Checkpoint
RP157: 3/24/2011 9:05:31 AM - Installed VIPRE Antivirus Premium.
RP158: 3/24/2011 11:31:46 AM - Removed VIPRE Antivirus Premium.
RP159: 3/24/2011 6:12:50 PM - Software Distribution Service 3.0
RP160: 3/25/2011 1:32:09 PM - Advanced SystemCare RestorePoint
RP161: 3/25/2011 1:47:44 PM - Installed EasyCleaner
.
==== Installed Programs ======================
.
.
2Wire Wireless Client
ActivCard Gold
ActivCard USB Reader V2 (2.0.3)
Ad-Aware
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Flash Player 10 ActiveX
Advanced SystemCare 3
ALPS Touch Pad Driver
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bluetooth Stack for Windows by Toshiba
Bonjour
Broadcom Advanced Control Suite 2
Broadcom ASF Management Applications
Cisco AnyConnect VPN Client
Conexant D110 MDC V.9x Modem
Critical Update for Windows Media Player 11 (KB959772)
DBsign Web Signer
Digital Line Detect
EA Download Manager
EasyCleaner
Google Chrome
Grey Olltwit's Ski Run
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
IObit Security 360
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes' Anti-Malware
MATLAB 6.5
mCore
mDrWiFi
MetaFrame Presentation Server Web Client for Win32
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project Professional 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio Professional 2003
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mIWA
mIWCA
mLogView
mMHouse
MobileMe Control Panel
Modem Helper
Move Networks Media Player for Internet Explorer
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
mToolkit
mWlsSafe
mXML
mZConfig
NetWaiting
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
OMCI
PMB
PowerDVD 5.1
PPP over Ethernet Protocol 0.98
QuickSet
QuickTime
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Smart Defrag 2
Sonic DLA
Sonic RecordNow! Plus
Sonic Update Manager
SUPERAntiSpyware
Symantec AntiVirus
The Sims™ 2 Double Deluxe
The Sims™ 2 FreeTime
The Sims™ 2 Fun with Pets Collection
The Sims™ 2 Seasons
TurboTax 2005
TurboTax 2008
TurboTax 2008 wcaiper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 wcaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wnyiper
TurboTax 2009 wrapper
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Outlook 2007 Junk Email Filter (KB2508979)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VoiceOver Kit
WebFldrs XP
WexTech AnswerWorks
Where in the USA is Carmen Sandiego?
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Worms 2 Demo
Yahoo! Install Manager
.
==== Event Viewer Messages From Past Week ========
.
3/25/2011 8:08:51 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
3/25/2011 8:02:43 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server)

for the Network Card with network address 0013CE30C3EF. The following error occurred: The operation was canceled by the

user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
3/25/2011 8:02:38 AM, error: Dhcp [1002] - The IP address lease 192.168.1.121 for the Network Card with network address

0013CE30C3EF has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/25/2011 10:39:52 AM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
3/24/2011 8:49:46 AM, error: Service Control Manager [7024] - The Symantec SPBBCSvc service terminated with service-specific

error 4294967295 (0xFFFFFFFF).
3/24/2011 8:49:46 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec Event

Manager service to connect.
3/24/2011 8:49:23 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec

AntiVirus service to connect.
3/24/2011 8:49:23 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec

AntiVirus Definition Watcher service to connect.
3/24/2011 8:29:16 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to

load: SBRE
3/24/2011 8:29:11 PM, error: Service Control Manager [7000] - The Smart Card Reader service failed to start due to the

following error: The system cannot find the device specified.
3/24/2011 8:28:30 PM, error: SCardSvr [602] - WDM Reader driver initialization cannot open reader device: The system cannot

find the path specified.
3/24/2011 8:19:36 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to

load: IntelIde
3/24/2011 6:31:23 PM, error: Service Control Manager [7034] - The Symantec AntiVirus service terminated unexpectedly. It

has done this 3 time(s).
3/24/2011 6:31:11 PM, error: Service Control Manager [7031] - The Symantec AntiVirus service terminated unexpectedly. It

has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
3/24/2011 6:30:58 PM, error: Service Control Manager [7031] - The Symantec AntiVirus service terminated unexpectedly. It

has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
3/24/2011 4:01:29 PM, error: System Error [1003] - Error code 1000000a, parameter1 fefeff12, parameter2 00000002, parameter3

00000001, parameter4 80517212.
3/24/2011 12:36:31 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action

(Restart the service) after the unexpected termination of the Symantec AntiVirus service, but this action failed with the

following error: The service database is locked.
3/24/2011 11:42:47 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
3/24/2011 10:27:42 PM, error: Service Control Manager [7034] - The RegSrvc service terminated unexpectedly. It has done

this 1 time(s).
3/24/2011 10:27:42 PM, error: Service Control Manager [7034] - The PMBDeviceInfoProvider service terminated unexpectedly.

It has done this 1 time(s).
3/24/2011 10:27:42 PM, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has

done this 1 time(s).
3/24/2011 10:27:42 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has

done this 1 time(s).
3/24/2011 10:27:42 PM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly.

It has done this 1 time(s).
3/24/2011 10:27:42 PM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 1

time(s).
3/24/2011 10:27:42 PM, error: Service Control Manager [7034] - The Broadcom ASF IP monitoring service v6.0.4 service

terminated unexpectedly. It has done this 1 time(s).
3/24/2011 10:27:42 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has

done this 1 time(s).
3/24/2011 10:27:42 PM, error: Service Control Manager [7034] - The ActivCard Gold service service terminated unexpectedly.

It has done this 1 time(s).
3/24/2011 10:27:42 PM, error: Service Control Manager [7034] - The ActivCard Gold Autoregister service terminated

unexpectedly. It has done this 1 time(s).
3/24/2011 10:27:42 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated

unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the

service.
3/24/2011 10:27:42 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It

has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/24/2011 10:27:30 PM, error: Service Control Manager [7034] - The WLANKEEPER service terminated unexpectedly. It has done

this 1 time(s).
3/24/2011 10:27:30 PM, error: Service Control Manager [7034] - The Spectrum24 Event Monitor service terminated unexpectedly.

It has done this 1 time(s).
3/24/2011 10:27:30 PM, error: Service Control Manager [7034] - The EvtEng service terminated unexpectedly. It has done this

1 time(s).
3/24/2011 10:27:30 PM, error: Service Control Manager [7031] - The Cisco AnyConnect VPN Agent service terminated

unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the

service.
3/24/2011 1:19:17 PM, error: Dhcp [1002] - The IP address lease 192.168.1.121 for the Network Card with network address

0013CE30C3EF has been denied by the DHCP server 192.168.33.1 (The DHCP Server sent a DHCPNACK message).
3/21/2011 10:22:39 AM, error: System Error [1003] - Error code 10000050, parameter1 fefeff06, parameter2 00000000,

parameter3 8053d684, parameter4 00000000.
.
==== End Of File ===========================

And that's all.

 

Hello Broni:

Thank you for your help. I have downloaded and ran combofix without a snag. Here is the log file: (I did not use wordwrap this time. But if it is still doing it, it means I don't know how to disable it. Anyway, here is the log:

ComboFix 11-03-25.01 - mtummala 03/25/2011 18:34:19.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1332 [GMT -7:00]
Running from: c:\documents and settings\mtummala\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\879913
c:\documents and settings\All Users\Application Data\879913\65.mof
c:\documents and settings\All Users\Application Data\879913\8799133480202c0ae39ac544ab2c420f.ocx
c:\documents and settings\All Users\Application Data\879913\8kp45e7tm9qvv45e7tmh0wnhs01xg45e7tm9q01u8z6hrw.dll
c:\documents and settings\All Users\Application Data\879913\BMP.ico
c:\documents and settings\mtummala\jaudioMp3Win.tar
c:\documents and settings\mtummala\ntuser.pol
c:\documents and settings\mtummala\Recent\ANTIGEN.dll
c:\documents and settings\mtummala\Recent\ANTIGEN.exe
c:\documents and settings\mtummala\Recent\ANTIGEN.sys
c:\documents and settings\mtummala\Recent\cb.dll
c:\documents and settings\mtummala\Recent\cb.drv
c:\documents and settings\mtummala\Recent\cid.exe
c:\documents and settings\mtummala\Recent\cid.sys
c:\documents and settings\mtummala\Recent\CLSV.dll
c:\documents and settings\mtummala\Recent\CLSV.drv
c:\documents and settings\mtummala\Recent\CLSV.exe
c:\documents and settings\mtummala\Recent\CLSV.sys
c:\documents and settings\mtummala\Recent\DBOLE.dll
c:\documents and settings\mtummala\Recent\DBOLE.drv
c:\documents and settings\mtummala\Recent\ddv.exe
c:\documents and settings\mtummala\Recent\ddv.sys
c:\documents and settings\mtummala\Recent\eb.dll
c:\documents and settings\mtummala\Recent\eb.drv
c:\documents and settings\mtummala\Recent\eb.exe
c:\documents and settings\mtummala\Recent\eb.sys
c:\documents and settings\mtummala\Recent\energy.dll
c:\documents and settings\mtummala\Recent\energy.drv
c:\documents and settings\mtummala\Recent\energy.exe
c:\documents and settings\mtummala\Recent\exec.dll
c:\documents and settings\mtummala\Recent\exec.drv
c:\documents and settings\mtummala\Recent\exec.sys
c:\documents and settings\mtummala\Recent\fan.dll
c:\documents and settings\mtummala\Recent\fix.drv
c:\documents and settings\mtummala\Recent\fix.sys
c:\documents and settings\mtummala\Recent\FS.dll
c:\documents and settings\mtummala\Recent\grid.dll
c:\documents and settings\mtummala\Recent\hymt.drv
c:\documents and settings\mtummala\Recent\hymt.sys
c:\documents and settings\mtummala\Recent\kernel32.dll
c:\documents and settings\mtummala\Recent\kernel32.exe
c:\documents and settings\mtummala\Recent\kernel32.sys
c:\documents and settings\mtummala\Recent\pal.drv
c:\documents and settings\mtummala\Recent\pal.sys
c:\documents and settings\mtummala\Recent\PE.dll
c:\documents and settings\mtummala\Recent\PE.drv
c:\documents and settings\mtummala\Recent\PE.exe
c:\documents and settings\mtummala\Recent\PE.sys
c:\documents and settings\mtummala\Recent\ppal.dll
c:\documents and settings\mtummala\Recent\ppal.drv
c:\documents and settings\mtummala\Recent\ppal.sys
c:\documents and settings\mtummala\Recent\runddl.dll
c:\documents and settings\mtummala\Recent\runddlkey.exe
c:\documents and settings\mtummala\Recent\runddlkey.sys
c:\documents and settings\mtummala\Recent\SICKBOY.exe
c:\documents and settings\mtummala\Recent\SICKBOY.sys
c:\documents and settings\mtummala\Recent\sld.exe
c:\documents and settings\mtummala\Recent\sld.sys
c:\documents and settings\mtummala\Recent\SM.exe
c:\documents and settings\mtummala\Recent\snl2w.drv
c:\documents and settings\mtummala\Recent\snl2w.sys
c:\documents and settings\mtummala\Recent\std.drv
c:\documents and settings\mtummala\Recent\std.sys
c:\documents and settings\mtummala\Recent\tempdoc.exe
c:\documents and settings\mtummala\Recent\tempdoc.sys
c:\documents and settings\mtummala\Recent\tjd.dll
c:\documents and settings\mtummala\Recent\tjd.drv
c:\documents and settings\mtummala\Recent\tjd.exe
c:\documents and settings\mtummala\Recent\tjd.sys
c:\program files\Shared
c:\program files\Shared\shared.sig
.
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-26 to 2011-03-26 )))))))))))))))))))))))))))))))
.
.
2011-03-26 01:42 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2011-03-26 01:42 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2011-03-25 20:47 . 2011-03-25 20:47 -------- d-----w- c:\program files\ToniArts
2011-03-25 20:46 . 2004-07-16 07:20 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2011-03-25 20:46 . 2004-07-16 07:20 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2011-03-25 20:46 . 2004-07-16 07:19 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2011-03-25 20:46 . 2004-07-16 07:18 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2011-03-25 20:46 . 2004-07-16 07:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2011-03-25 20:46 . 2011-03-25 20:46 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2011-03-25 20:46 . 2011-03-25 20:46 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2011-03-25 20:34 . 2011-02-23 23:54 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-03-25 20:34 . 2011-02-24 00:04 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-03-25 20:33 . 2011-03-25 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-03-25 20:28 . 2011-03-25 20:34 -------- d-----w- c:\application data\IObit
2011-03-25 20:28 . 2011-03-25 20:33 -------- d-----w- c:\program files\IObit
2011-03-25 05:53 . 2011-03-25 05:55 -------- d-----w- c:\documents and settings\mtummala\Local Settings\Application Data\Temp
2011-03-25 05:53 . 2011-03-25 05:55 -------- d-----w- c:\documents and settings\mtummala\Local Settings\Application Data\Google
2011-03-25 05:52 . 2011-03-25 05:53 -------- d-----w- c:\documents and settings\mtummala\Local Settings\Application Data\Deployment
2011-03-25 00:38 . 2011-03-25 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-03-24 21:21 . 2011-03-24 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-03-24 21:21 . 2011-03-24 21:21 -------- d-----w- c:\application data\SUPERAntiSpyware.com
2011-03-24 21:21 . 2011-03-24 21:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-24 16:07 . 2011-03-24 16:07 -------- d-----w- c:\documents and settings\mtummala\Application Data\Sunbelt
2011-03-21 16:44 . 2011-03-21 16:44 -------- d-sh--w- c:\documents and settings\All Users\Application Data\BMBQCODYDP
2011-02-24 20:10 . 2011-02-24 20:12 -------- d-----w- c:\application data\U3
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-08-11 22:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-11 22:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2004-08-11 22:11 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-11 22:11 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-11 22:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-11 22:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-11 22:00 1854976 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys
.
[-] 2006-10-19 04:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2004-08-04 10:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint "= "c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2005-02-15 155648]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2005-02-15 126976]
"IntelWireless "= "c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"DVDLauncher "= "c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"dla "= "c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"QuickPassword "= "c:\program files\ActivCard\ActivCard Gold\agquickp.exe" [2002-08-29 131072]
"bacstray "= "c:\program files\Broadcom\BACS\\BacsTray.exe" [2004-06-29 118784]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-06-25 53096]
"vptray "= "c:\progra~1\SYMANT~1\VPTray.exe" [2008-10-01 125368]
"Acrobat Assistant 8.0 "= "c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"PMBVolumeWatcher "= "c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2009-11-05 597792]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-09 47904]
"IObit Security 360 "= "c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-12 1280344]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 10:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-12-16 23:19 2402512 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-03-25 05:53 136176 ----atw- c:\documents and settings\mtummala\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 09:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-03-16 22:24 2423752 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [3/25/2011 1:34 PM 13496]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 acautoreg;ActivCard Gold Autoregister;c:\program files\Common Files\ActivCard\acautoreg.exe [9/12/2002 2:16 AM 53248]
R2 Accoca;ActivCard Gold service;c:\program files\Common Files\ActivCard\accoca.exe [8/11/2004 5:09 PM 143360]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 3:18 AM 360224]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [12/17/2009 3:32 PM 497856]
R3 Actrpcsc;Actrpcsc;c:\windows\system32\drivers\actrpcsc.sys [9/16/2003 5:20 PM 14784]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/4/2010 5:19 AM 102448]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [8/17/2005 1:02 PM 80384]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [10/3/2002 1:09 AM 31504]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 ACTR;Smart Card Reader;c:\windows\system32\drivers\ACTR.SYS [2/6/2003 4:27 PM 16408]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [3/25/2011 1:33 PM 312152]
S3 actccid;ActivCard USB Reader V2;c:\windows\system32\drivers\actccid.sys [8/2/2002 3:41 PM 47660]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/30/2008 6:41 PM 116664]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - HTTPFILTER
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1770514725-3046307576-833651094-1005Core.job
- c:\documents and settings\mtummala\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-25 05:53]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1770514725-3046307576-833651094-1005UA.job
- c:\documents and settings\mtummala\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-25 05:53]
.
2011-03-26 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-03-25 20:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:25396
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://bouncer.nps.edu/CACHE/stc/2/binaries/vpnweb.cab
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{784391a5-cfc2-47a0-8ed3-165a7dd1978f} - pikiriro.dll
SSODL-jajakumew-{d3179d88-f4b4-4a80-b43e-9cc089fe1a57} - (no file)
SafeBoot-Lavasoft Ad-Aware Service
SafeBoot-SBAMSvc
SafeBoot-SBPIMSvc
AddRemove-Move Networks Player - IE - c:\documents and settings\mtummala\Desktop\Application Data\Move Networks\ie_bin\Uninst.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\mtummala\Desktop\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-25 18:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1252)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2011-03-25 19:05:27
ComboFix-quarantined-files.txt 2011-03-26 02:05
.
Pre-Run: 7,932,289,024 bytes free
Post-Run: 7,629,729,792 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A4E82E4D7A52A608147F641EA9FA8878

I will wait for your clearnce before I do any updating etc.

Thanks very much again.

 

I made the CFScript file and dropped it in Combofiix.exe. First there was an error about how it can't find explorer.exe at the given address and then after a few minutes it went away. It scanned and tried to reboot. Something went wrong and windows closed the windows saying that it might be dangerous to the machine. I force shut it and then opened the computer again. It booted very slowly (more than five minutes) and things were very erratic. The Combofix did make a log file which I am supplying below. The last time I couldn't even write this posting. Then I thought it would work better if I rebooted the computer again. This time I am able to write this post without a problem. The runtime C++ error (concerning Norton) did not show up this time. So things may be returning to normal. Anyway, here is the log:

ComboFix 11-03-25.01 - mtummala 03/25/2011 21:21:57.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1418 [GMT -7:00]
Running from: c:\documents and settings\mtummala\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\mtummala\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\BMBQCODYDP
c:\documents and settings\All Users\Application Data\BMBQCODYDP\BMCOGUKP.cfg
c:\documents and settings\mtummala\Application Data\Sunbelt
c:\documents and settings\mtummala\Application Data\Sunbelt\AntiMalware\HistoryCleaner\HistoryCleaner.xml
c:\documents and settings\mtummala\Application Data\Sunbelt\AntiMalware\logs\SBAMTray.csv
c:\documents and settings\mtummala\Application Data\Sunbelt\AntiMalware\logs\SBAMUI.csv
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SBRE
-------\Service_SBRE
.
.
((((((((((((((((((((((((( Files Created from 2011-02-26 to 2011-03-26 )))))))))))))))))))))))))))))))
.
.
2011-03-26 04:18 . 2011-03-26 15:11 -------- d-----r- C:\32788R22FWJFW
2011-03-26 02:33 . 2011-03-26 02:34 -------- d--h--w- c:\application data\SecuROM
2011-03-26 01:42 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2011-03-26 01:42 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2011-03-25 20:47 . 2011-03-25 20:47 -------- d-----w- c:\program files\ToniArts
2011-03-25 20:46 . 2004-07-16 07:20 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2011-03-25 20:46 . 2004-07-16 07:20 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2011-03-25 20:46 . 2004-07-16 07:19 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2011-03-25 20:46 . 2004-07-16 07:18 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2011-03-25 20:46 . 2004-07-16 07:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2011-03-25 20:46 . 2011-03-25 20:46 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2011-03-25 20:46 . 2011-03-25 20:46 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2011-03-25 20:34 . 2011-02-23 23:54 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-03-25 20:34 . 2011-02-24 00:04 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-03-25 20:33 . 2011-03-25 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-03-25 20:28 . 2011-03-25 20:34 -------- d-----w- c:\application data\IObit
2011-03-25 20:28 . 2011-03-25 20:33 -------- d-----w- c:\program files\IObit
2011-03-25 05:53 . 2011-03-25 05:55 -------- d-----w- c:\documents and settings\mtummala\Local Settings\Application Data\Temp
2011-03-25 05:53 . 2011-03-25 05:55 -------- d-----w- c:\documents and settings\mtummala\Local Settings\Application Data\Google
2011-03-25 05:52 . 2011-03-25 05:53 -------- d-----w- c:\documents and settings\mtummala\Local Settings\Application Data\Deployment
2011-03-25 00:38 . 2011-03-25 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-03-24 21:21 . 2011-03-24 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-03-24 21:21 . 2011-03-24 21:21 -------- d-----w- c:\application data\SUPERAntiSpyware.com
2011-03-24 21:21 . 2011-03-24 21:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-02-24 20:10 . 2011-02-24 20:12 -------- d-----w- c:\application data\U3
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-08-11 22:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-11 22:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2004-08-11 22:11 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-11 22:11 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-11 22:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-11 22:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-11 22:00 1854976 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
.
[-] 2006-10-19 04:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2004-08-04 10:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint "= "c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2005-02-15 155648]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2005-02-15 126976]
"IntelWireless "= "c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"DVDLauncher "= "c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"dla "= "c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"QuickPassword "= "c:\program files\ActivCard\ActivCard Gold\agquickp.exe" [2002-08-29 131072]
"bacstray "= "c:\program files\Broadcom\BACS\\BacsTray.exe" [2004-06-29 118784]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-06-25 53096]
"vptray "= "c:\progra~1\SYMANT~1\VPTray.exe" [2008-10-01 125368]
"Acrobat Assistant 8.0 "= "c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"PMBVolumeWatcher "= "c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2009-11-05 597792]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-09 47904]
"IObit Security 360 "= "c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-12 1280344]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 10:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-12-16 23:19 2402512 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-03-25 05:53 136176 ----atw- c:\documents and settings\mtummala\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 09:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-03-16 22:24 2423752 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
.
R0 drvmcdb;drvmcdb;c:\windows\system32\drivers\drvmcdb.sys [8/17/2005 1:23 PM 87488]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [3/25/2011 1:34 PM 13496]
R1 APPDRV;APPDRV;c:\windows\system32\drivers\APPDRV.SYS [8/17/2005 1:21 PM 16128]
R1 eeCtrl;Symantec Eraser Control driver;c:\program files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [12/18/2009 10:13 AM 371248]
R1 omci;OMCI WDM Device Driver;c:\windows\system32\drivers\omci.sys [2/13/2004 8:46 AM 17153]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R1 SPBBCDrv;SPBBCDrv;c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [7/26/2007 8:25 PM 400216]
R1 sscdbhk5;sscdbhk5;c:\windows\system32\drivers\sscdbhk5.sys [8/17/2005 1:23 PM 5627]
R1 ssrtln;ssrtln;c:\windows\system32\drivers\ssrtln.sys [8/17/2005 1:23 PM 23545]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA;c:\windows\system32\drivers\tosrfcom.sys [10/5/2004 1:33 AM 62799]
R2 acautoreg;ActivCard Gold Autoregister;c:\program files\Common Files\ActivCard\acautoreg.exe [9/12/2002 2:16 AM 53248]
R2 Accoca;ActivCard Gold service;c:\program files\Common Files\ActivCard\accoca.exe [8/11/2004 5:09 PM 143360]
R2 Apple Mobile Device;Apple Mobile Device;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [8/13/2010 12:58 PM 144672]
R2 BAsfIpM;Broadcom ASF IP monitoring service v6.0.4;c:\windows\system32\BAsfIpM.exe [4/1/2004 4:05 PM 77824]
R2 BASFND;BASFND;c:\windows\system32\drivers\BASFND.sys [4/24/2003 2:21 PM 6025]
R2 DefWatch;Symantec AntiVirus Definition Watcher;c:\program files\Symantec AntiVirus\DefWatch.exe [9/30/2008 6:40 PM 31160]
R2 drvnddm;drvnddm;c:\windows\system32\drivers\drvnddm.sys [8/17/2005 1:23 PM 40480]
R2 Iap;Iap;c:\program files\Dell\OpenManage\Client\Iap.exe [2/13/2004 8:47 AM 155648]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [9/29/2009 10:17 AM 13088]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [3/25/2011 1:33 PM 312152]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9;c:\windows\system32\drivers\mdc8021x.sys [2/16/2006 8:19 PM 15781]
R2 NICCONFIGSVC;NICCONFIGSVC;c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe [8/17/2005 1:21 PM 356352]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 3:18 AM 360224]
R2 RegSrvc;RegSrvc;c:\program files\Intel\Wireless\Bin\RegSrvc.exe [9/7/2004 2:02 PM 139264]
R2 s24trans;WLAN Transport;c:\windows\system32\drivers\s24trans.sys [8/31/2004 6:53 AM 11354]
R2 tfsnboio;tfsnboio;c:\windows\system32\dla\tfsnboio.sys [8/17/2005 1:23 PM 25883]
R2 tfsncofs;tfsncofs;c:\windows\system32\dla\tfsncofs.sys [8/17/2005 1:23 PM 34843]
R2 tfsndrct;tfsndrct;c:\windows\system32\dla\tfsndrct.sys [8/17/2005 1:23 PM 4123]
R2 tfsndres;tfsndres;c:\windows\system32\dla\tfsndres.sys [8/17/2005 1:23 PM 2239]
R2 tfsnifs;tfsnifs;c:\windows\system32\dla\tfsnifs.sys [8/17/2005 1:23 PM 86586]
R2 tfsnopio;tfsnopio;c:\windows\system32\dla\tfsnopio.sys [8/17/2005 1:23 PM 15227]
R2 tfsnpool;tfsnpool;c:\windows\system32\dla\tfsnpool.sys [8/17/2005 1:23 PM 6363]
R2 tfsnudf;tfsnudf;c:\windows\system32\dla\tfsnudf.sys [8/17/2005 1:23 PM 98714]
R2 tfsnudfa;tfsnudfa;c:\windows\system32\dla\tfsnudfa.sys [8/17/2005 1:23 PM 100603]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [12/17/2009 3:32 PM 497856]
R2 WLANKEEPER;WLANKEEPER;c:\program files\Intel\Wireless\Bin\WLKEEPER.exe [9/7/2004 2:12 PM 225353]
R3 Actrpcsc;Actrpcsc;c:\windows\system32\drivers\actrpcsc.sys [9/16/2003 5:20 PM 14784]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP;c:\windows\system32\drivers\Apfiltr.sys [8/17/2005 1:01 PM 108791]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/4/2010 5:19 AM 102448]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [8/17/2005 1:02 PM 80384]
R3 HSFHWICH;HSFHWICH;c:\windows\system32\drivers\HSFHWICH.sys [8/17/2005 1:02 PM 200064]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP;c:\windows\system32\drivers\iwca.sys [8/12/2004 6:44 AM 234496]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [10/3/2002 1:09 AM 31504]
R3 STAC97;SigmaTel C-Major Audio;c:\windows\system32\drivers\STAC97.sys [8/17/2005 1:02 PM 273168]
R3 tosporte;Bluetooth Port Driver from Toshiba;c:\windows\system32\drivers\Tosporte.sys [1/8/2005 4:15 PM 51582]
R3 Tosrfusb;Bluetooth USB Controller;c:\windows\system32\drivers\tosrfusb.sys [12/22/2004 2:38 AM 34816]
R3 w29n51;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows XP;c:\windows\system32\drivers\w29n51.sys [8/17/2005 1:01 PM 3210496]
S2 ACTR;Smart Card Reader;c:\windows\system32\drivers\ACTR.SYS [2/6/2003 4:27 PM 16408]
S2 Fax;Fax;c:\windows\system32\fxssvc.exe [8/11/2004 3:11 PM 267776]
S3 actccid;ActivCard USB Reader V2;c:\windows\system32\drivers\actccid.sys [8/2/2002 3:41 PM 47660]
S3 bvrp_pci;bvrp_pci; [x]
S3 CVirtA;Cisco Systems VPN Adapter;c:\windows\system32\drivers\CVirtA.sys [2/8/2005 11:27 AM 5275]
S3 E100B;Intel(R) PRO Adapter Driver;c:\windows\system32\drivers\e100b325.sys [8/11/2004 3:09 PM 117760]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [12/18/2009 11:17 AM 651720]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service;c:\program files\Microsoft Office\Office12\GrooveAuditService.exe [10/25/2008 11:44 AM 65888]
S3 odserv;Microsoft Office Diagnostics Service;c:\program files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [11/4/2008 1:06 AM 441712]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/30/2008 6:41 PM 116664]
S3 SNDSrvc;Symantec Network Drivers Service;c:\program files\Common Files\Symantec Shared\SNDSrvc.exe [8/20/2008 4:50 PM 214408]
S3 toshidpt;TOSHIBA Bluetooth HID port driver;c:\windows\system32\drivers\Toshidpt.sys [10/17/2002 4:55 AM 2851]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA;c:\windows\system32\drivers\TosRfbd.sys [1/17/2005 11:13 AM 98304]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA;c:\windows\system32\drivers\tosrfbnp.sys [7/9/2004 8:07 AM 36531]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA;c:\windows\system32\drivers\TosRfhid.sys [11/16/2004 1:51 PM 50048]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA;c:\windows\system32\drivers\tosrfnds.sys [1/7/2005 4:42 AM 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA;c:\windows\system32\drivers\TosRfSnd.sys [12/16/2004 8:30 AM 50048]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [9/5/2010 10:57 AM 41984]
S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows;c:\windows\system32\drivers\vpnva.sys [12/17/2009 3:18 PM 20152]
S4 agpCPQ;Compaq AGP Bus Filter;c:\windows\system32\drivers\agpcpq.sys [8/11/2004 3:35 PM 44928]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1770514725-3046307576-833651094-1005Core.job
- c:\documents and settings\mtummala\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-25 05:53]
.
2011-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1770514725-3046307576-833651094-1005UA.job
- c:\documents and settings\mtummala\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-25 05:53]
.
2011-03-26 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-03-25 20:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://bouncer.nps.edu/CACHE/stc/2/binaries/vpnweb.cab
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1248)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
- - - - - - - > 'explorer.exe'(1708)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\wscntfy.exe
c:\program files\Broadcom\BACS\BacsTray.exe
c:\program files\Apoint\Apntex.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
c:\program files\Symantec AntiVirus\DoScan.exe
c:\progra~1\Symantec\LIVEUP~1\LUALL.EXE
.
**************************************************************************
.
Completion time: 2011-03-25 21:56:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-26 04:56
ComboFix2.txt 2011-03-26 02:05
.
Pre-Run: 7,703,969,792 bytes free
Post-Run: 7,532,818,432 bytes free
.
- - End Of File - - A70B69DCAB5885B4CEE26C5DCB4AF63D

I reenabled Symantec (Norton). But I think there are still little errors of some programs (in the background) not responding and ending. But I will let the windows take care of them.

The programs open better although still slowly. I tried to open the Notepad file and it opened several instances of it. The next time it opened fine.

Thanks for your advice on Advanced System Care and registry cleaners in general.

And thanks again for your help. Should we not mark this post as 'resolved'? What do you think?

 

I know the disk space is very low (6.5 gb out of 80 -- it dropped 1.5 gbs between just your previous reply and the last reply. I have asked the girl's father to remove some files and make room.) Should I uninstall Symantec and install AVG or AVAST instead?

What do you think?

 

My friend's father came today and cleaned up the hard disk. We have better breathing space (more than 19gbs of 80). We have also uninstalled advanced system care and whole bunch of other programs including symantec and installed AVAST. But before any of that I have one error message coming up twice (in different forms) (the others which came up before were gone) and that says: Data Extension Prevention -- Microsoft windows: "To help protect your computer, windows has closed this porgram: WMI Publisher Microsoft "
The other message which came after that said: "WMI encountered a problem and needed to close. This error occurred on 3/26/2011 at 9:34:15 am."
These I think are new and started coming after I wrote to you last time.
Also, the booting is still quite slow, but there is this page that comes up with options to choose from such as Recovery Console, Windows XP (and something else). This started coming up recently. I think you might have solutions for these.

Here are the logs for after running the OTL:

1. OTL.TXT:

OTL logfile created on: 3/26/2011 2:10:02 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\mtummala\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 19.33 Gb Free Space | 25.96% Space Free | Partition Type: NTFS

Computer Name: MLAPTOP1 | User Name: mtummala | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/26 14:07:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mtummala\Desktop\OTL.exe
PRC - [2011/03/22 13:37:56 | 001,644,376 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/02/23 07:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 07:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/12/17 15:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/11/04 18:20:14 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2008/06/11 23:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/30 12:59:54 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2004/09/13 14:33:20 | 000,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/09/07 14:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2004/09/07 14:08:02 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/09/07 14:03:40 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2004/08/19 12:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/08/11 17:09:32 | 000,143,360 | ---- | M] (ActivCard) -- C:\Program Files\Common Files\ActivCard\accoca.exe
PRC - [2004/06/29 10:20:10 | 000,118,784 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\BACS\BacsTray.exe
PRC - [2004/04/01 16:05:48 | 000,077,824 | ---- | M] (Broadcom Corp.) -- C:\WINDOWS\system32\BAsfIpM.exe
PRC - [2004/02/13 08:47:02 | 000,155,648 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe
PRC - [2002/09/12 02:16:04 | 000,053,248 | ---- | M] (ActivCard S.A.) -- C:\Program Files\Common Files\ActivCard\acautoreg.exe
PRC - [2002/08/29 05:07:06 | 000,131,072 | ---- | M] (ActivCard S.A.) -- C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe


========== Modules (SafeList) ==========

MOD - [2011/03/26 14:07:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mtummala\Desktop\OTL.exe
MOD - [2011/02/23 07:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/23 07:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/12/18 11:17:38 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/17 15:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2004/09/07 14:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2004/08/11 17:09:32 | 000,143,360 | ---- | M] (ActivCard) [Auto | Running] -- C:\Program Files\Common Files\ActivCard\accoca.exe -- (Accoca)
SRV - [2004/04/01 16:05:48 | 000,077,824 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\WINDOWS\system32\BAsfIpM.exe -- (BAsfIpM)
SRV - [2004/02/13 08:47:02 | 000,155,648 | ---- | M] (Dell Inc) [Auto | Running] -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap)
SRV - [2002/09/12 02:16:04 | 000,053,248 | ---- | M] (ActivCard S.A.) [Auto | Running] -- C:\Program Files\Common Files\ActivCard\acautoreg.exe -- (acautoreg)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 17:04:30 | 000,013,496 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2011/02/23 06:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 06:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 06:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 06:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 06:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 06:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 06:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/12/17 15:18:50 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/03/10 20:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/01/17 11:13:28 | 000,098,304 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2005/01/08 16:15:40 | 000,051,582 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosporte.sys -- (tosporte)
DRV - [2005/01/07 04:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/12/22 02:38:12 | 000,034,816 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2004/12/16 08:30:14 | 000,050,048 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2004/11/16 14:03:52 | 000,108,791 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/11/16 13:51:54 | 000,050,048 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2004/10/21 18:56:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2004/10/05 01:33:02 | 000,062,799 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2004/09/03 15:23:38 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/08/31 06:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/08/18 12:53:54 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/12 06:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/07/09 08:07:34 | 000,036,531 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2004/06/17 18:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 18:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 18:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/03 19:26:16 | 000,080,384 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2004/04/13 20:20:08 | 000,015,781 | R--- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/02/13 14:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/09/16 17:20:40 | 000,014,784 | ---- | M] (ActivCard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\actrpcsc.sys -- (Actrpcsc)
DRV - [2003/04/24 14:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BASFND.sys -- (BASFND)
DRV - [2003/02/06 16:27:24 | 000,016,408 | ---- | M] (ActivCard S.A.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\ACTR.SYS -- (ACTR)
DRV - [2002/10/17 04:55:48 | 000,002,851 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Toshidpt.sys -- (toshidpt)
DRV - [2002/10/03 01:09:08 | 000,031,504 | ---- | M] (Robert Schlabbach) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RMSPPPOE.SYS -- (RMSPPPOE) WAN Miniport (PPP over Ethernet Protocol)
DRV - [2002/08/02 15:41:08 | 000,047,660 | R--- | M] (ActivCard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\actccid.sys -- (actccid)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1770514725-3046307576-833651094-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1770514725-3046307576-833651094-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/03/25 21:45:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-1770514725-3046307576-833651094-1005\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1770514725-3046307576-833651094-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [bacstray] C:\Program Files\Broadcom\BACS\\BacsTray.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [QuickPassword] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe (ActivCard S.A.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1770514725-3046307576-833651094-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1770514725-3046307576-833651094-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1770514725-3046307576-833651094-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1770514725-3046307576-833651094-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://bouncer.nps.edu/CACHE/stc/2/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133841809890 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\mtummala\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mtummala\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 15:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 30 Days ==========

[2011/03/26 14:07:44 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mtummala\Desktop\OTL.exe
[2011/03/26 10:41:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/03/26 10:41:53 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/03/26 10:41:53 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/03/26 10:41:49 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/03/26 10:41:48 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/03/26 10:41:48 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/03/26 10:41:47 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/03/26 10:41:47 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/03/26 10:41:46 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/03/26 10:40:40 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/03/26 10:40:37 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/03/26 10:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/03/26 10:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/03/26 10:17:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/26 09:36:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/03/25 21:56:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/03/25 21:18:39 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/03/25 19:33:55 | 000,000,000 | -H-D | C] -- C:\Application Data\SecuROM
[2011/03/25 18:42:37 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2011/03/25 18:42:37 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe
[2011/03/25 18:29:12 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/25 18:25:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/25 18:25:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/25 18:25:20 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/25 18:25:20 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/25 18:25:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/25 18:22:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/25 13:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\ToniArts
[2011/03/25 13:47:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EasyCleaner
[2011/03/25 13:34:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 2
[2011/03/25 13:33:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/03/25 13:28:36 | 000,000,000 | ---D | C] -- C:\Application Data\IObit
[2011/03/25 13:28:33 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/03/24 23:01:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mtummala\My Documents\Downloads
[2011/03/24 22:55:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mtummala\Start Menu\Programs\Google Chrome
[2011/03/24 22:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mtummala\Local Settings\Application Data\Temp
[2011/03/24 22:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mtummala\Local Settings\Application Data\Google
[2011/03/24 22:52:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mtummala\Local Settings\Application Data\Deployment
[2011/03/24 22:39:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/03/24 17:38:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/03/24 14:21:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

========== Files - Modified Within 30 Days ==========

[2011/03/26 14:07:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mtummala\Desktop\OTL.exe
[2011/03/26 13:58:02 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1770514725-3046307576-833651094-1005UA.job
[2011/03/26 11:18:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/26 11:15:28 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2011/03/26 11:13:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/26 11:13:42 | 2138,497,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/26 10:41:54 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/03/26 10:41:47 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/03/25 22:58:01 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1770514725-3046307576-833651094-1005Core.job
[2011/03/25 21:45:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/25 21:08:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/03/25 18:21:49 | 004,302,838 | R--- | M] () -- C:\Documents and Settings\mtummala\Desktop\ComboFix.exe
[2011/03/25 14:01:05 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/03/25 13:34:28 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk
[2011/03/24 22:55:38 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\mtummala\Desktop\Google Chrome.lnk
[2011/03/24 08:48:19 | 000,292,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/22 17:13:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/13 08:43:06 | 000,446,384 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 08:43:06 | 000,073,424 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/25 17:42:57 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

========== Files Created - No Company Name ==========

[2011/03/26 10:41:54 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/03/25 18:29:29 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/03/25 18:29:24 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/03/25 18:25:21 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/25 18:25:20 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/25 18:25:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/25 18:25:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/25 18:25:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/25 18:22:00 | 004,302,838 | R--- | C] () -- C:\Documents and Settings\mtummala\Desktop\ComboFix.exe
[2011/03/25 14:16:21 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2011/03/25 13:34:42 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/03/25 13:34:41 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/03/25 13:34:28 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk
[2011/03/24 22:55:38 | 000,002,309 | ---- | C] () -- C:\Documents and Settings\mtummala\Desktop\Google Chrome.lnk
[2011/03/24 22:53:19 | 000,000,990 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1770514725-3046307576-833651094-1005UA.job
[2011/03/24 22:53:18 | 000,000,938 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1770514725-3046307576-833651094-1005Core.job
[2010/11/25 11:50:00 | 000,000,188 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2010/09/01 14:04:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/29 14:05:59 | 000,061,996 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2007/04/03 16:18:06 | 000,193,576 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/06/03 19:51:39 | 000,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/06/03 19:50:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/12/25 19:00:04 | 000,000,283 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2005/12/25 18:54:33 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/12/23 04:35:42 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\mtummala\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/05 20:57:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/05 20:45:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2005/12/05 17:13:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/08/17 13:25:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/17 13:23:28 | 000,000,341 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/08/17 13:21:42 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/08/17 13:02:14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/08/17 13:02:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/08/17 13:01:34 | 000,000,371 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/12/03 06:20:12 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2004/09/23 01:09:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/09/15 21:57:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/12 06:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/08/11 15:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 15:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 15:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 15:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 15:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 15:06:43 | 000,292,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 15:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 15:00:28 | 000,446,384 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 15:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 15:00:28 | 000,073,424 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 15:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 15:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 15:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 15:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 15:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 15:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 15:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 15:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/07/21 08:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/16 05:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/07/30 06:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll
[2002/06/28 13:20:54 | 000,005,025 | ---- | C] () -- C:\WINDOWS\System32\patterns.dat
[2002/06/03 06:25:14 | 000,000,243 | ---- | C] () -- C:\WINDOWS\System32\acomi.ini
[1999/04/11 14:54:20 | 000,282,112 | ---- | C] () -- C:\WINDOWS\System32\cncs232.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/11/11 09:35:45 | 000,000,000 | -HS- | M] () -- C:\947466015
[2011/03/25 13:15:15 | 000,001,788 | ---- | M] () -- C:\aaw7boot.log
[2010/12/25 15:11:41 | 000,392,004 | ---- | M] () -- C:\AnalysisLog.sr0
[2004/08/11 15:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/03/25 14:01:05 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/03/25 21:08:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/03/25 21:56:42 | 000,021,034 | ---- | M] () -- C:\ComboFix.txt
[2004/08/11 15:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/08/17 13:02:52 | 000,004,046 | RH-- | M] () -- C:\dell.sdr
[2011/03/26 11:13:42 | 2138,497,024 | -HS- | M] () -- C:\hiberfil.sys
[2005/12/05 16:08:46 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 15:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2011/03/24 07:41:54 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/08/11 15:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/12/16 21:26:43 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/03/26 11:13:13 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/11 15:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/02/23 07:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/11 15:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 15:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 15:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/12/16 21:34:44 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2005/08/17 13:15:23 | 000,000,310 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\convert.log

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/03/25 18:21:49 | 004,302,838 | R--- | M] () -- C:\Documents and Settings\mtummala\Desktop\ComboFix.exe
[2011/03/26 14:07:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mtummala\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/04 03:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2005/03/22 07:58:10 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\mtummala\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/02/23 16:55:37 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\mtummala\Cookies\desktop.ini
[2011/03/26 13:58:25 | 000,442,368 | ---- | M] () -- C:\Documents and Settings\mtummala\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >
[2004/10/29 19:56:50 | 000,466,944 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 17:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/03 23:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/03 23:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 10:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/03 23:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/03 23:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/03 23:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/03 23:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/03 23:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

continued on the next post...

 

2: Extras.txt:


OTL Extras logfile created on: 3/26/2011 2:10:02 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\mtummala\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 19.33 Gb Free Space | 25.96% Space Free | Partition Type: NTFS

Computer Name: MLAPTOP1 | User Name: mtummala | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1770514725-3046307576-833651094-1005\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNetisabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
"{27ABD540-0A6E-4288-BFB3-7042C44F34F6}" = ActivCard USB Reader V2 (2.0.3)
"{2A8E4833-F483-4074-B4DB-F295F7901A8D}" = MobileMe Control Panel
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3B8186F0-EAA2-012B-AE69-000000000000}" = TurboTax 2009 wnyiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{41AA7187-8272-462c-9EED-7B614DA1404E}" = The Sims™ 2 Fun with Pets Collection
"{44D21B77-D4FC-49E8-A726-CD00D5016703}" = DBsign Web Signer
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Advanced Control Suite 2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6E82345B-C2F5-4BDC-9692-4CBF5E531C9B}" = ActivCard Gold
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}" = OMCI
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! Plus
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = 2Wire Wireless Client
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C22E50B4-B9D0-4a07-B1F3-12362514FEA7}" = The Sims™ 2 Double Deluxe
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast" = avast! Free Antivirus
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Advanced Control Suite 2
"IrfanView" = IrfanView (remove only)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"ProInst" = Intel(R) PROSet/Wireless Software
"RASPPPOE" = PPP over Ethernet Protocol 0.98
"Smart Defrag 2_is1" = Smart Defrag 2
"TurboTax 2009" = TurboTax 2009
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"Where in the USA is Carmen Sandiego?" = Where in the USA is Carmen Sandiego?
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1770514725-3046307576-833651094-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/26/2011 12:47:12 AM | Computer Name = MLAPTOP1 | Source = Symantec AntiVirus | ID = 16711685
Description =

Error - 3/26/2011 12:47:54 AM | Computer Name = MLAPTOP1 | Source = Symantec AntiVirus | ID = 16711725
Description =

Error - 3/26/2011 1:02:08 AM | Computer Name = MLAPTOP1 | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/26/2011 1:02:11 AM | Computer Name = MLAPTOP1 | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/26/2011 1:02:12 AM | Computer Name = MLAPTOP1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/26/2011 1:03:06 AM | Computer Name = MLAPTOP1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/26/2011 1:42:41 AM | Computer Name = MLAPTOP1 | Source = Application Error | ID = 1000
Description = Faulting application wmiprvse.exe, version 5.1.2600.5755, faulting
module unknown, version 0.0.0.0, fault address 0x00e6e970.

Error - 3/26/2011 12:31:19 PM | Computer Name = MLAPTOP1 | Source = Application Error | ID = 1004
Description = Faulting application wmiprvse.exe, version 5.1.2600.5755, faulting
module unknown, version 0.0.0.0, fault address 0x00e6e970.

Error - 3/26/2011 12:34:29 PM | Computer Name = MLAPTOP1 | Source = Application Error | ID = 1000
Description = Faulting application wmiprvse.exe, version 5.1.2600.5755, faulting
module unknown, version 0.0.0.0, fault address 0x0114e970.

Error - 3/26/2011 2:17:56 PM | Computer Name = MLAPTOP1 | Source = Application Error | ID = 1004
Description = Faulting application wmiprvse.exe, version 5.1.2600.5755, faulting
module unknown, version 0.0.0.0, fault address 0x0114e970.

[ Cisco AnyConnect VPN Client Events ]
Error - 1/31/2011 7:35:54 PM | Computer Name = MLAPTOP1 | Source = vpnagent | ID = 67108866
Description = Function: service_main_NT File: .\Agent.cpp Line: 674 Invoked Function:
WaitForSingleObject Return Code: 6 (0x00000006) Description: The handle is invalid.



Error - 3/7/2011 11:27:32 PM | Computer Name = MLAPTOP1 | Source = vpnagent | ID = 67108866
Description = Function: service_main_NT File: .\Agent.cpp Line: 674 Invoked Function:
WaitForSingleObject Return Code: 6 (0x00000006) Description: The handle is invalid.



Error - 3/24/2011 9:33:01 PM | Computer Name = MLAPTOP1 | Source = vpnagent | ID = 67108866
Description = Function: service_main_NT File: .\Agent.cpp Line: 674 Invoked Function:
WaitForSingleObject Return Code: 6 (0x00000006) Description: The handle is invalid.



Error - 3/24/2011 11:54:20 PM | Computer Name = MLAPTOP1 | Source = vpnagent | ID = 67108866
Description = Function: service_main_NT File: .\Agent.cpp Line: 674 Invoked Function:
WaitForSingleObject Return Code: 6 (0x00000006) Description: The handle is invalid.



[ System Events ]
Error - 3/25/2011 1:55:21 PM | Computer Name = MLAPTOP1 | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 3/25/2011 1:55:22 PM | Computer Name = MLAPTOP1 | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 3/25/2011 1:55:23 PM | Computer Name = MLAPTOP1 | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 3/25/2011 1:55:24 PM | Computer Name = MLAPTOP1 | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 3/25/2011 1:55:25 PM | Computer Name = MLAPTOP1 | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 3/25/2011 1:55:26 PM | Computer Name = MLAPTOP1 | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 3/25/2011 1:56:41 PM | Computer Name = MLAPTOP1 | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 3/26/2011 12:26:46 PM | Computer Name = MLAPTOP1 | Source = SCardSvr | ID = 602
Description = WDM Reader driver initialization cannot open reader device: The system
cannot find the path specified.

Error - 3/26/2011 12:26:52 PM | Computer Name = MLAPTOP1 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.122 for the Network Card with network
address 0013CE30C3EF has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3/26/2011 12:29:19 PM | Computer Name = MLAPTOP1 | Source = Service Control Manager | ID = 7000
Description = The Smart Card Reader service failed to start due to the following
error: %%20


< End of report >

I will wait for your suggestions.

Thanks.

 

Hello Broni:

The WMI error message did not show this time. Thanks.
I am giving the information you wanted below:

1) I have updated the Java version and removed the older java versions.
2) I have removed the traces of Norton using the Norton Removal tool.
3) The OTI.text (03272011-011314.txt):


All processes killed
========== OTL ==========
Error: No service named LiveUpdate was found to stop!
Service\Driver key LiveUpdate not found.
File C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{472734EA-242A-422B-ADF8-83D1E48CC825} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon\ not found.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 .
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Application Data

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: mtummala
->Temp folder emptied: 2426 bytes
->Temporary Internet Files folder emptied: 64501 bytes
->Google Chrome cache emptied: 14706977 bytes
->Apple Safari cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 255 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 14.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Application Data

User: Default User

User: LocalService

User: mtummala

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03272011_011314

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!
________
Registry entries deleted on Reboot...

(The first time I tried to do that when I tried to restore the previous session of Chrome the computer crashed and I lost the file ... "Irq not less than or equal ..." error message. So I did it again and am sending the result to you.)

4) Security Checkup file: (Checkup.txt)

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
EasyCleaner
Java(TM) 6 Update 24
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Adobe Flash Player
````````````````````````````````
Process Check:
objlist.exe by Laurent
mtummala Desktop OTL.exe
mtummala Local Settings Application Data Google\Chrome\Application\chrome.exe
mtummala My Documents Downloads SecurityCheck.exe
mtummala LOCALS~1 Temp RarSFX0\SecurityCheck\Objlist.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
AVAST Software Avast setup avast.setup
``````````End of Log````````````
=========

5) I used the temp file cleaner and restarted the computer.

6) I ran the eset online scanner and scanned the computer (it took about 7 hours!) And here is the report: (ESET.txt)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde3.zip Win32/Bagle.gen.zip worm
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\879913\65.mof.vir Win32/RogueAV.A trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP161\A0154697.mof Win32/RogueAV.A trojan

=====

It looks like there are still two trojans and a worm left over in the computer. How do I remove them?

The computer booting and performance has improved somewhat but it is still pretty slow. I have removed the registry entry concerning a disconnected network drive (following Microsoft instructions) and also disabled the index.services to make the boot process a bit faster. Things might have improved a bit.

Thanks again.

 

Thanks again for your thorough and complete help. I couldn't have done without you. It was a learning experience. Your help me inspired me to become a lifetime member of windowsbbs.

I have removed the old version of java. And I ran the OTL and later cleaned up:

Here is the log:

1) OTL Log: (03272011_085354):


All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Application Data

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: mtummala
->Temp folder emptied: 802 bytes
->Temporary Internet Files folder emptied: 2636515 bytes
->Google Chrome cache emptied: 6839472 bytes
->Apple Safari cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 255 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 9.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Application Data

User: Default User

User: LocalService

User: mtummala

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.22.3 log created on 03272011_085354

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
======
I have done the defragging.

I will make a note of all the suggestions you have made regarding maintenance and will pass them on to my friend.

The computer is doing fine without any error messages. Only it's so very slow (for about 20 minutes or so, including the booting) and then it's reasonable. I guess there are so many processes (at one time I noticed 70), it's bound to be slow. I have re-enabled the indexing services since the computer is slow anyway and it might be useful to do searches.

If there is nothing else, upon hearing from you, I will mark the thread as "resolved. "

Thanks.