[thegamemodo9]

I'm having the dreaded Google redirect problem. I tried running through the guide already available on this website, but my computer will not run TDSSKiller. I tried using RKill and then attempted to run TDSSKiller, but to no avail. Below is a copy of my OTL Log. Any help to resolving this issue is greatly appreciated. Thanks.

OTL logfile created on: 4/20/2011 3:35:03 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Vinod\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 34.00 Mb Available Physical Memory | 8.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 34.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.65 Gb Total Space | 24.61 Gb Free Space | 44.22% Space Free | Partition Type: NTFS

Computer Name: VINU | User Name: Vinod | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/20 15:34:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vinod\Desktop\OTL.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/05 17:06:32 | 000,125,208 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/11/25 16:07:16 | 000,352,256 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
PRC - [2005/11/10 13:24:50 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2005/08/10 13:15:50 | 000,035,328 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2005/08/06 05:18:38 | 000,978,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2005/08/01 08:10:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/15 13:52:42 | 001,077,322 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
PRC - [2005/07/12 20:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/07/08 03:13:14 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2005/06/01 00:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/05/31 23:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/05/19 10:57:36 | 000,188,416 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2005/04/26 19:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/01/17 19:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 03:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/10/25 18:23:10 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
PRC - [2004/10/14 18:28:02 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/08/28 03:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/28 03:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe


========== Modules (SafeList) ==========

MOD - [2011/04/20 15:34:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vinod\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004/10/14 18:27:48 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/08/10 13:15:50 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/07/12 20:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/07/08 03:13:14 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2005/01/17 19:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/28 03:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - [2011/04/20 15:01:52 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{46998AFE-2162-43BA-B070-9703910AB7C6}\MpKsl3e7a2edf.sys -- (MpKsl3e7a2edf)
DRV - [2011/04/20 14:17:24 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{46998AFE-2162-43BA-B070-9703910AB7C6}\MpKslabee0281.sys -- (MpKslabee0281)
DRV - [2011/04/20 13:54:23 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{46998AFE-2162-43BA-B070-9703910AB7C6}\MpKsle75d68b9.sys -- (MpKsle75d68b9)
DRV - [2005/11/15 19:40:24 | 000,043,264 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/11/15 12:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/11/10 19:44:12 | 004,064,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/10/20 17:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/09/12 22:08:30 | 000,468,736 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2005/08/24 18:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/08/04 01:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/08/01 08:10:00 | 000,092,700 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/08/01 08:10:00 | 000,087,004 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/08/01 08:10:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/08/01 08:10:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/08/01 08:10:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/08/01 08:10:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/08/01 08:10:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/07/07 12:03:34 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/07/07 12:02:56 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/06/02 06:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/03/04 14:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/01/12 03:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/09/19 18:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 15:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/11/09 20:48:46 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbbc.sys -- (Wdm1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 19 54 9D 43 83 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/04/12 15:24:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/28 14:31:21 | 000,000,000 | ---D | M]

[2009/01/22 22:44:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vinod\Application Data\Mozilla\Extensions
[2010/10/25 17:32:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vinod\Application Data\Mozilla\Firefox\Profiles\xnpc6lif.default\extensions
[2009/12/06 14:34:02 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Vinod\Application Data\Mozilla\Firefox\Profiles\xnpc6lif.default\extensions\[email protected]
[2009/01/22 22:43:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2011/04/20 14:05:10 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Vinod\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://connect-bw02...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Vinod\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vinod\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/04 21:30:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9f2da248-4e0c-11dd-b8e2-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{9f2da248-4e0c-11dd-b8e2-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9f2da248-4e0c-11dd-b8e2-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{9f2da249-4e0c-11dd-b8e2-00038a000015}\Shell\AutoRun\command - "" = setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/20 15:33:53 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vinod\Desktop\OTL.exe
[2011/04/20 14:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vinod\Desktop\GooredFix Backups
[2011/04/20 13:57:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/20 13:50:33 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/04/20 13:48:14 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vinod\Desktop\OTM.exe
[2011/04/20 13:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vinod\My Documents\4
[2011/04/20 13:40:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/04/20 13:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/04/19 22:38:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Vinod\Recent
[2011/04/19 22:32:34 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/04/19 21:45:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/04/19 20:27:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vinod\Application Data\Malwarebytes
[2011/04/19 20:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/19 20:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2005/11/04 21:59:49 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[1 C:\Documents and Settings\Vinod\My Documents\*.tmp files -> C:\Documents and Settings\Vinod\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/20 15:40:38 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/04/20 15:34:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vinod\Desktop\OTL.exe
[2011/04/20 15:26:06 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Vinod\Desktop\rkill.scr
[2011/04/20 15:07:06 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/20 15:01:27 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/20 14:59:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/20 14:58:38 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/20 14:58:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/20 14:58:25 | 467,914,752 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/20 14:42:29 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Vinod\Desktop\tdsskiller.zip
[2011/04/20 14:05:10 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/20 13:48:29 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vinod\Desktop\OTM.exe
[2011/04/20 13:40:47 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\Vinod\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/04/20 13:19:25 | 000,228,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/20 12:48:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/20 12:32:57 | 000,475,694 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/20 12:32:57 | 000,084,966 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/19 23:05:58 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/04/19 20:29:22 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/19 17:49:42 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EC0D626D-C16C-416C-9E4F-285C2459B793}.job
[2011/04/17 21:13:47 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19521332r
[2011/04/17 21:13:47 | 000,000,120 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19521332
[2011/04/17 21:13:12 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\19521332
[1 C:\Documents and Settings\Vinod\My Documents\*.tmp files -> C:\Documents and Settings\Vinod\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/20 15:24:48 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Vinod\Desktop\rkill.scr
[2011/04/20 14:37:22 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Vinod\Desktop\tdsskiller.zip
[2011/04/20 14:11:49 | 000,000,390 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/04/20 13:40:47 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\Vinod\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/04/19 23:09:46 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/19 22:56:24 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/04/19 21:04:29 | 467,914,752 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/19 20:05:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/17 21:13:47 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19521332r
[2011/04/17 21:13:46 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19521332
[2011/04/17 21:13:12 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\19521332
[2009/09/19 22:09:54 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/08/23 16:04:49 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Vinod\Application Data\$_hpcst$.hpc
[2008/04/25 21:47:41 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/04/24 19:29:40 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/04/24 19:29:40 | 000,002,539 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2006/06/15 12:31:45 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\Vinod\Application Data\wklnhst.dat
[2006/03/29 13:27:34 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/02/15 15:49:24 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\Vinod\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/12 15:03:34 | 000,000,075 | ---- | C] () -- C:\WINDOWS\USBBC.ini
[2006/02/12 15:03:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DettoMe.INI
[2006/02/12 11:46:16 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2006/02/11 16:44:37 | 000,015,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
[2006/02/10 12:11:28 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Vinod\Local Settings\Application Data\fusioncache.dat
[2006/02/10 12:10:30 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\ControlWZCS.exe
[2006/02/10 12:10:27 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2006/02/10 12:10:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2006/02/10 12:10:09 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\PlugPlayPCIDevice.exe
[2006/02/10 12:10:09 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\MFCFirstRemove.exe
[2005/12/21 20:04:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/30 18:16:05 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/11/30 18:16:05 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/11/30 18:16:05 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/11/30 18:16:05 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/11/29 17:52:15 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/11/29 17:22:11 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat
[2005/11/29 17:22:11 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2005/11/29 17:22:08 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/11/29 17:22:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/11/29 17:16:48 | 000,004,528 | R--- | C] () -- C:\WINDOWS\System32\SETBROWS.EXE
[2005/11/11 17:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/07 12:00:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/07 11:27:47 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2005/11/04 23:09:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/11/04 23:07:42 | 000,000,272 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/04 23:05:40 | 000,000,172 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/11/04 23:03:51 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/04 23:03:51 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/04 23:03:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/04 23:03:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/04 23:03:51 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/04 23:03:51 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/04 22:31:32 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2005/11/04 22:27:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/11/04 21:59:49 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/11/04 21:31:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/11/04 21:28:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/11/04 21:26:52 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/04 19:56:25 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/04 19:53:47 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2005/11/04 19:53:47 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2005/11/04 19:53:47 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2005/11/04 19:53:47 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2005/11/04 19:53:47 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2005/11/04 19:53:16 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/11/04 19:53:10 | 000,475,694 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/11/04 19:53:10 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/11/04 19:53:10 | 000,084,966 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/11/04 19:53:10 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/11/04 19:53:08 | 000,004,688 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/11/04 19:53:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/11/04 19:53:02 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/11/04 19:52:54 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/11/04 19:52:54 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/11/04 19:52:40 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/11/04 19:52:29 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/11/04 13:23:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/11/04 13:22:17 | 000,228,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/29 15:57:00 | 000,131,138 | ---- | C] () -- C:\WINDOWS\System32\rscn05cl.dll
[2005/08/24 18:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/09 17:13:59 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005/08/09 17:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/09 17:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/08/09 17:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/06/10 18:59:16 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/04/12 15:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/09/17 20:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011/04/19 23:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/12 15:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/02/11 21:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2010/06/06 12:46:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Vinod\Application Data\.#
[2008/04/25 22:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vinod\Application Data\acccore
[2006/02/12 11:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vinod\Application Data\Aim
[2011/01/05 18:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vinod\Application Data\click
[2009/12/20 13:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vinod\Application Data\DNA
[2009/01/30 22:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vinod\Application Data\InterVideo
[2010/10/29 23:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vinod\Application Data\Juniper Networks
[2006/04/06 14:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vinod\Application Data\Smartsims
[2006/06/15 12:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vinod\Application Data\Template
[2005/11/04 22:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vinod\Application Data\toshiba
[2009/07/05 11:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vinod\Application Data\Viewpoint
[2011/04/20 15:07:06 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/04/20 15:40:38 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2006/02/10 12:10:05 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job
[2011/04/19 17:49:42 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EC0D626D-C16C-416C-9E4F-285C2459B793}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

< End of report >

Edited by thegamemodo9, 20 April 2011 - 02:58 PM.

[Advertisements]

This is the OTL Extras Log:


OTL Extras logfile created on: 4/20/2011 3:35:03 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Vinod\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 34.00 Mb Available Physical Memory | 8.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 34.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.65 Gb Total Space | 24.61 Gb Free Space | 44.22% Space Free | Partition Type: NTFS

Computer Name: VINU | User Name: Vinod | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed
"C:\Program Files\Common Files\AOL\1131163763\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1131163763\EE\AOLServiceHost.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}" = Atheros Client Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90510409-6D54-11D4-BEE3-00C04F990354}" = Microsoft Visio Professional 2002 [English]
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BA561482-C49D-4687-A61C-96236C1688F0}" = ArcSoft Software Suite
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BE3F89C0-42D5-11D5-A40A-00105AC8331A}" = Metamail (Toshiba Registration Utility)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA9F6EF5-E48A-4E45-BC57-AA16193763B7}" = Detto IntelliMover
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AgileMessenger" = AgileMessenger
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Instant Messenger" = AOL Instant Messenger
"ATI Display Driver" = ATI Display Driver
"ERUNT_is1" = ERUNT 1.1j
"Google Updater" = Google Updater
"HijackThis" = HijackThis 1.99.1
"ie8" = Windows Internet Explorer 8
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Power Saver" = TOSHIBA Power Saver
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"sat_screensaver_30mb.scr" = sat_screensaver_30mb
"SKTools Lite" = SKTools Lite
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TCPMP" = TCPMP
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Veetle TV" = Veetle TV 0.9.18
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Music Engine" = Yahoo! Music Engine
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Juniper_Networks_Cache_Cleaner 6.5.0" = Juniper Networks Cache Cleaner 6.5.0
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/3/2011 11:30:12 PM | Computer Name = VINU | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/19/2011 10:46:45 PM | Computer Name = VINU | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8107.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 4/20/2011 12:04:35 AM | Computer Name = VINU | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8107.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 4/20/2011 11:48:45 AM | Computer Name = VINU | Source = Application Hang | ID = 1002
Description = Hanging application HijackThis.exe, version 1.99.0.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/20/2011 1:32:40 PM | Computer Name = VINU | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 9082, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 4/20/2011 1:32:40 PM | Computer Name = VINU | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ASP.NET_2.0.50727
(ASP.NET_2.0.50727) failed. The Error code is the first DWORD in Data section.

Error - 4/20/2011 1:32:52 PM | Computer Name = VINU | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 9082, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 4/20/2011 1:32:52 PM | Computer Name = VINU | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service aspnet_state
(ASP.NET State Service) failed. The Error code is the first DWORD in Data section.

Error - 4/20/2011 1:32:55 PM | Computer Name = VINU | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 9082, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 4/20/2011 3:03:20 PM | Computer Name = VINU | Source = Microsoft Security Client | ID = 5000
Description =

[ System Events ]
Error - 4/20/2011 3:04:49 PM | Computer Name = VINU | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/20/2011 3:04:49 PM | Computer Name = VINU | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
15000 milliseconds: Restart the service.

Error - 4/20/2011 3:04:49 PM | Computer Name = VINU | Source = Service Control Manager | ID = 7034
Description = The Atheros Configuration Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/20/2011 3:04:49 PM | Computer Name = VINU | Source = Service Control Manager | ID = 7034
Description = The ConfigFree Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/20/2011 3:04:49 PM | Computer Name = VINU | Source = Service Control Manager | ID = 7031
Description = The .NET Runtime Optimization Service v2.0.50727_X86 service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 60000 milliseconds: Restart the service.

Error - 4/20/2011 3:04:49 PM | Computer Name = VINU | Source = Service Control Manager | ID = 7034
Description = The DVD-RAM_Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/20/2011 3:04:49 PM | Computer Name = VINU | Source = Service Control Manager | ID = 7034
Description = The Swupdtmr service terminated unexpectedly. It has done this 1
time(s).

Error - 4/20/2011 3:04:49 PM | Computer Name = VINU | Source = Service Control Manager | ID = 7034
Description = The TOSHIBA Application Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/20/2011 3:04:49 PM | Computer Name = VINU | Source = Service Control Manager | ID = 7034
Description = The Viewpoint Manager Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 4/20/2011 3:04:49 PM | Computer Name = VINU | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).

[thegamemodo9]

This is the OTL Extras Log:


OTL Extras logfile created on: 4/20/2011 3:35:03 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Vinod\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 34.00 Mb Available Physical Memory | 8.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 34.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.65 Gb Total Space | 24.61 Gb Free Space | 44.22% Space Free | Partition Type: NTFS

Computer Name: VINU | User Name: Vinod | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed
"C:\Program Files\Common Files\AOL\1131163763\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1131163763\EE\AOLServiceHost.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}" = Atheros Client Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90510409-6D54-11D4-BEE3-00C04F990354}" = Microsoft Visio Professional 2002 [English]
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BA561482-C49D-4687-A61C-96236C1688F0}" = ArcSoft Software Suite
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BE3F89C0-42D5-11D5-A40A-00105AC8331A}" = Metamail (Toshiba Registration Utility)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA9F6EF5-E48A-4E45-BC57-AA16193763B7}" = Detto IntelliMover
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AgileMessenger" = AgileMessenger
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Instant Messenger" = AOL Instant Messenger
"ATI Display Driver" = ATI Display Driver
"ERUNT_is1" = ERUNT 1.1j
"Google Updater" = Google Updater
"HijackThis" = HijackThis 1.99.1
"ie8" = Windows Internet Explorer 8
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Power Saver" = TOSHIBA Power Saver
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"sat_screensaver_30mb.scr" = sat_screensaver_30mb
"SKTools Lite" = SKTools Lite
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TCPMP" = TCPMP
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Veetle TV" = Veetle TV 0.9.18
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Music Engine" = Yahoo! Music Engine
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Juniper_Networks_Cache_Cleaner 6.5.0" = Juniper Networks Cache Cleaner 6.5.0
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/3/2011 11:30:12 PM | Computer Name = VINU | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/19/2011 10:46:45 PM | Computer Name = VINU | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8107.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 4/20/2011 12:04:35 AM | Computer Name = VINU | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8107.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 4/20/2011 11:48:45 AM | Computer Name = VINU | Source = Application Hang | ID = 1002
Description = Hanging application HijackThis.exe, version 1.99.0.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/20/2011 1:32:40 PM | Computer Name = VINU | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 9082, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 4/20/2011 1:32:40 PM | Computer Name = VINU | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ASP.NET_2.0.50727
(ASP.NET_2.0.50727) failed. The Error code is the first DWORD in Data section.

Error - 4/20/2011 1:32:52 PM | Computer Name = VINU | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 9082, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 4/20/2011 1:32:52 PM | Computer Name = VINU | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service aspnet_state
(ASP.NET State Service) failed. The Error code is the first DWORD in Data section.

Error - 4/20/2011 1:32:55 PM | Computer Name = VINU | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 9082, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 4/20/2011 3:03:20 PM | Computer Name = VINU | Source = Microsoft Security Client | ID = 5000
Description =

[ System Events ]
Error - 4/20/2011 3:04:49 PM | Computer Name = VINU | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/20/2011 3:04:49 PM | Computer Name = VINU | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
15000 milliseconds: Restart the service.

Error - 4/20/2011 3:04:49 PM | Computer Name = VINU | Source = Service Control Manager | ID = 7034
Description = The Atheros Configuration Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/20/2011 3:04:49 PM | Computer Name = VINU | Source = Service Control Manager | ID = 7034
Description = The ConfigFree Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/20/2011 3:04:49 PM | Computer Name = VINU | Source = Service Control Manager | ID = 7031
Description = The .NET Runtime Optimization Service v2.0.50727_X86 service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 60000 milliseconds: Restart the service.

Error - 4/20/2011 3:04:49 PM | Computer Name = VINU | Source = Service Control Manager | ID = 7034
Description = The DVD-RAM_Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/20/2011 3:04:49 PM | Computer Name = VINU | Source = Service Control Manager | ID = 7034
Description = The Swupdtmr service terminated unexpectedly. It has done this 1
time(s).

Error - 4/20/2011 3:04:49 PM | Computer Name = VINU | Source = Service Control Manager | ID = 7034
Description = The TOSHIBA Application Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/20/2011 3:04:49 PM | Computer Name = VINU | Source = Service Control Manager | ID = 7034
Description = The Viewpoint Manager Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 4/20/2011 3:04:49 PM | Computer Name = VINU | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).

[SpySentinel]

Hi thegamemodo9,

Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your malware problem.
Sorry for the delay, we have been very busy lately, and I apologize for your wait.



Spybot Search & Destroy TeaTimer

• Right click the TeaTimer icon in the system Tray
• Then click Exit Spybot-S&D Resident
• (One you are clean you can restart TeaTimer by going to C:\Program Files\Spybot - Search & Destroy, and double clicking on TeaTimer.exe

Step #1

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.



Step #2

Run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O4 - HKCU..\Run: [Aim6] File not found
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
  O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
  O33 - MountPoints2\{9f2da248-4e0c-11dd-b8e2-00038a000015}\Shell - "" = AutoRun
  O33 - MountPoints2\{9f2da248-4e0c-11dd-b8e2-00038a000015}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{9f2da248-4e0c-11dd-b8e2-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
  O33 - MountPoints2\{9f2da249-4e0c-11dd-b8e2-00038a000015}\Shell\AutoRun\command - "" = setupSNK.exe
  [2011/04/17 21:13:47 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19521332r
  [2011/04/17 21:13:47 | 000,000,120 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19521332
  [2011/04/17 21:13:12 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\19521332
  @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done

Step #3

Scan with exeHelper:

Please download exeHelper to your desktop.

• Double-click on exeHelper.com to run the fix.
• A black window should pop up, press any key to close once the fix is completed.
• Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

Note: If the window shows a message that says "Error deleting file", please re-run the program



Step #4

Now try running TDSSKiller and let me know if it was successful.

[thegamemodo9]

TDSSKiller still did not run. I would like to note that my start up is just agonizingly slow right now.

Below is a copy of the exehelperlog

exeHelper by Raktor
Build 20100414
Run at 17:59:45 on 04/23/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--



Please let me know what to do next. Thanks.

Edited by thegamemodo9, 23 April 2011 - 05:13 PM.

[SpySentinel]

Download Combofix from any of the links below but rename it to Iexplorer.com before saving it to your desktop.

* IMPORTANT !!! Save Iexplorer.com to your Desktop

Link 1
Link 2<--Right Click and use Save As if using this link.


Double click on the Iexplorer.com ComboFix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt so we can continue cleaning the system.

[thegamemodo9]

I don't think this program is running correctly either. It starts but inevitably freezes (cursor stops blinking in the DOS prompt) everytime. I even let it run overnight hoping that it would just take some time to think through. I also went back to my OTL restore point and tried it from there. No luck. Nevertheless, this is what the catchme log says each time I've tried to run the program before it freezes my computer, resulting in a restart.

File "C:\WINDOWS\system32\drivers\volsnap.sys" added successfully

Please let me know what I can try to do next.

Edited by thegamemodo9, 24 April 2011 - 05:37 PM.

[SpySentinel]

Step #1

Please delete ComboFix and rKill from your desktop. Then,

Download Combofix from any of the links below but rename it to Iexplorer.com before saving it to your desktop.

* IMPORTANT !!! Save Iexplorer.com to your Desktop

Link 1
Link 2<--Right Click and use Save As if using this link.

But please do not run it yet.



Step #2

Scan with exeHelper:

Please download exeHelper to your desktop.

• Double-click on exeHelper.com to run the fix.
• A black window should pop up, press any key to close once the fix is completed.
• Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

Note: If the window shows a message that says "Error deleting file", please re-run the program



Step #3

Download and Run RKill:

Please download RKill by Grinler from one of the 4 links below and save it to your desktop.


Link 1
Link 2
Link 3
Link 4

• Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  
  
• Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  
  
• A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  
  
• If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Step #4

Double click on the Iexplorer.com ComboFix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt so we can continue cleaning the system.

[thegamemodo9]

No go. It still freezes. I turned off my anti-malware processes before running, but the program just won't finish running.

Is there another method we could try to clean this up? I'll keep trying in the meantime.

Here is the exehelper log:

exeHelper by Raktor
Build 20100414
Run at 13:33:02 on 04/26/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--



This is what the RKill logs says:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 04/26/2011 at 13:57:05.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\PROGRA~1\MICROS~4\rapimgr.exe


Rkill completed on 04/26/2011 at 13:57:21.

Edited by thegamemodo9, 26 April 2011 - 12:59 PM.

[SpySentinel]

We need to disable malware processes on your system first

• Download TheKiller to your Desktop
• Note that TheKiller is renamed as explorer.exe
• Run it by double click
• Press OK button after program finish
• Do not restart your system after this step

NOTE: If malware blocks TheKiller from running please try to run it several more times




Download RogueKiller to your desktop

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 2 and validate
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.




Then please try running ComboFix again and if you are successful, please post the ComboFix log.

[thegamemodo9]

Still couldn't get ComboFix to finish running.

This is all the RKreport said:

RogueKiller V4.3.11 [04/25/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Vinod [Admin rights]
Mode: Remove -- Date : 04/28/2011 21:34:11

Bad processes: 0

Registry Entries: 0

HOSTS File:
ÿþ1

Finished : << RKreport[1].txt >>
RKreport[1].txt

Please advise what I can do next. Thanks.

[SpySentinel]

Hi thegamemodo9,

I have outlined two options below. If Option 1 does not work, please try Option 2.


Option 1

Note: If using Firefox right-click on any download links and choose Save As

Please download OTH to your desktop
Please download OTL to your desktop
Please download the attached file Scan.txt to your desktop

Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.



Then select Start OTL. OTL will now run

• Double-click on the Custom Scans box and a message box will popup asking if you want to load a custom scan from a file
  Select Scan.txt that you downloaded
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Click the Internet Explorer button, post these logs in your Virus Removal topic.

Option 2

OK this file is big Print these instruction out so that you know what you are doing

Two programmes to download

First

ISOBurner this will allow you to burn REATOGO-X-PE ISO to a cd and make it bootable. Just install the programme, from there on in it is fairly automatic. Instructions

Second

• Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
• When downloaded double click and this will then open ISOBurner to burn the file to CD
• Reboot your system using the boot CD you just created.
  
  Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• Your system should now display a REATOGO-X-PE desktop.
• Double-click on the OTLPE icon.
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system
• Please post the contents of the C:\OTL.txt file in your reply.

[thegamemodo9]

There is no attached Scan.txt file. I'm sure the first option will run through, just need the attachment.

Also, the OTLPE.iso link from option 2 appears to be broken.

Thanks.

Edited by thegamemodo9, 28 April 2011 - 10:09 PM.

[SpySentinel]

Sorry about that. For Option 1, please skip the steps that ask for the Scan.txt, and go straight to Click the Quick Scan button...and follow the instructions from there.

[thegamemodo9]

I did the quick scan, but I did not get an Extras log. Below is the OTL log.



OTL logfile created on: 4/30/2011 3:25:44 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Vinod\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 241.00 Mb Available Physical Memory | 54.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.65 Gb Total Space | 24.18 Gb Free Space | 43.45% Space Free | Partition Type: NTFS

Computer Name: VINU | User Name: Vinod | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/30 15:16:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vinod\Desktop\OTL.scr
PRC - [2011/04/30 15:15:54 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vinod\Desktop\OTH.scr
PRC - [2005/08/01 08:10:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE


========== Modules (SafeList) ==========

MOD - [2011/04/30 15:16:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vinod\Desktop\OTL.scr
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/08/10 13:15:50 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/07/12 20:14:42 | 000,040,960 | ---- | M] () [Auto | Stopped] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/07/08 03:13:14 | 000,036,864 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2005/01/17 19:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/28 03:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - [2005/11/15 19:40:24 | 000,043,264 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/11/15 12:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/11/10 19:44:12 | 004,064,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/10/20 17:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/09/12 22:08:30 | 000,468,736 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2005/08/24 18:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/08/04 01:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/08/01 08:10:00 | 000,092,700 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/08/01 08:10:00 | 000,087,004 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/08/01 08:10:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/08/01 08:10:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/08/01 08:10:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/08/01 08:10:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/08/01 08:10:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/07/07 12:03:34 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/07/07 12:02:56 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/06/02 06:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/03/04 14:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/01/12 03:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/09/19 18:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 15:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/11/09 20:48:46 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbbc.sys -- (Wdm1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 19 54 9D 43 83 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/04/12 15:24:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/23 17:26:16 | 000,000,000 | ---D | M]

[2009/01/22 22:44:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vinod\Application Data\Mozilla\Extensions
[2010/10/25 17:32:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vinod\Application Data\Mozilla\Firefox\Profiles\xnpc6lif.default\extensions
[2009/12/06 14:34:02 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Vinod\Application Data\Mozilla\Firefox\Profiles\xnpc6lif.default\extensions\[email protected]
[2009/01/22 22:43:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/04/23 17:36:07 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Vinod\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://connect-bw02...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Vinod\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vinod\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/04 21:30:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/30 15:16:10 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vinod\Desktop\OTL.scr
[2011/04/30 15:15:50 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vinod\Desktop\OTH.scr
[2011/04/28 21:36:00 | 000,000,000 | --SD | C] -- C:\Iexplorer29870I
[2011/04/28 21:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vinod\Desktop\RK_Quarantine
[2011/04/26 14:00:03 | 000,000,000 | --SD | C] -- C:\Iexplorer4920I
[2011/04/26 13:39:43 | 000,000,000 | --SD | C] -- C:\Iexplorer8852I
[2011/04/26 13:15:28 | 000,000,000 | --SD | C] -- C:\Iexplorer18022I
[2011/04/24 13:20:31 | 000,000,000 | --SD | C] -- C:\Iexplorer23271I
[2011/04/24 13:19:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/24 11:59:42 | 000,000,000 | ---D | C] -- C:\Iexplorer17905I
[2011/04/24 11:46:50 | 000,000,000 | ---D | C] -- C:\Iexplorer28272I
[2011/04/24 11:14:08 | 000,000,000 | ---D | C] -- C:\Iexplorer24898I
[2011/04/24 10:35:57 | 000,000,000 | --SD | C] -- C:\Iexplorer32588I
[2011/04/23 23:38:09 | 000,000,000 | ---D | C] -- C:\Iexplorer27922I
[2011/04/23 22:47:38 | 000,000,000 | ---D | C] -- C:\Iexplorer
[2011/04/23 17:35:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/20 15:33:53 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vinod\Desktop\OTL.exe
[2011/04/20 13:57:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/20 13:50:33 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/04/20 13:48:14 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vinod\Desktop\OTM.exe
[2011/04/20 13:40:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/04/20 13:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/04/19 22:38:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Vinod\Recent
[2011/04/19 22:32:34 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/04/19 21:45:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/04/19 20:27:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vinod\Application Data\Malwarebytes
[2011/04/19 20:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/19 20:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2005/11/04 21:59:49 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[1 C:\Documents and Settings\Vinod\My Documents\*.tmp files -> C:\Documents and Settings\Vinod\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/30 15:24:10 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/30 15:16:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vinod\Desktop\OTL.scr
[2011/04/30 15:15:54 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vinod\Desktop\OTH.scr
[2011/04/30 15:00:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/30 12:42:04 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EC0D626D-C16C-416C-9E4F-285C2459B793}.job
[2011/04/28 21:53:35 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/28 21:53:27 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/28 21:53:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/28 21:53:12 | 467,914,752 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/28 21:30:39 | 001,116,672 | ---- | M] () -- C:\Documents and Settings\Vinod\Desktop\RogueKiller.exe
[2011/04/28 21:24:34 | 000,737,055 | ---- | M] () -- C:\Documents and Settings\Vinod\Desktop\explorer.exe
[2011/04/26 12:58:44 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Vinod\Desktop\Iexplore.exe
[2011/04/26 12:56:31 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Vinod\Desktop\exeHelper.com
[2011/04/26 12:55:41 | 004,330,188 | R--- | M] () -- C:\Documents and Settings\Vinod\Desktop\Iexplorer.com
[2011/04/23 17:36:07 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/20 15:34:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vinod\Desktop\OTL.exe
[2011/04/20 14:42:29 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Vinod\Desktop\tdsskiller.zip
[2011/04/20 13:48:29 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vinod\Desktop\OTM.exe
[2011/04/20 13:40:47 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\Vinod\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/04/20 13:19:25 | 000,228,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/20 12:48:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/20 12:32:57 | 000,475,694 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/20 12:32:57 | 000,084,966 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/19 23:05:58 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/04/19 20:29:22 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[1 C:\Documents and Settings\Vinod\My Documents\*.tmp files -> C:\Documents and Settings\Vinod\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/28 21:30:37 | 001,116,672 | ---- | C] () -- C:\Documents and Settings\Vinod\Desktop\RogueKiller.exe
[2011/04/28 21:24:27 | 000,737,055 | ---- | C] () -- C:\Documents and Settings\Vinod\Desktop\explorer.exe
[2011/04/26 12:58:41 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Vinod\Desktop\Iexplore.exe
[2011/04/26 12:56:31 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Vinod\Desktop\exeHelper.com
[2011/04/26 12:55:20 | 004,330,188 | R--- | C] () -- C:\Documents and Settings\Vinod\Desktop\Iexplorer.com
[2011/04/20 14:37:22 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Vinod\Desktop\tdsskiller.zip
[2011/04/20 13:40:47 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\Vinod\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/04/19 23:09:46 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/19 22:56:24 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/04/19 21:04:29 | 467,914,752 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/19 20:05:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/19 22:09:54 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/08/23 16:04:49 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Vinod\Application Data\$_hpcst$.hpc
[2008/04/25 21:47:41 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/04/24 19:29:40 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/04/24 19:29:40 | 000,002,539 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2006/06/15 12:31:45 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\Vinod\Application Data\wklnhst.dat
[2006/03/29 13:27:34 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/02/15 15:49:24 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\Vinod\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/12 15:03:34 | 000,000,075 | ---- | C] () -- C:\WINDOWS\USBBC.ini
[2006/02/12 15:03:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DettoMe.INI
[2006/02/12 11:46:16 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2006/02/11 16:44:37 | 000,015,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
[2006/02/10 12:11:28 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Vinod\Local Settings\Application Data\fusioncache.dat
[2006/02/10 12:10:30 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\ControlWZCS.exe
[2006/02/10 12:10:27 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2006/02/10 12:10:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2006/02/10 12:10:09 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\PlugPlayPCIDevice.exe
[2006/02/10 12:10:09 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\MFCFirstRemove.exe
[2005/12/21 20:04:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/30 18:16:05 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/11/30 18:16:05 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/11/30 18:16:05 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/11/30 18:16:05 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/11/29 17:52:15 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/11/29 17:22:11 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat
[2005/11/29 17:22:11 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2005/11/29 17:22:08 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/11/29 17:22:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/11/29 17:16:48 | 000,004,528 | R--- | C] () -- C:\WINDOWS\System32\SETBROWS.EXE
[2005/11/11 17:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/07 12:00:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/07 11:27:47 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2005/11/04 23:09:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/11/04 23:07:42 | 000,000,272 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/04 23:05:40 | 000,000,172 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/11/04 23:03:51 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/04 23:03:51 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/04 23:03:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/04 23:03:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/04 23:03:51 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/04 23:03:51 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/04 22:31:32 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2005/11/04 22:27:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/11/04 21:59:49 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/11/04 21:31:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/11/04 21:28:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/11/04 21:26:52 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/04 19:56:25 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/04 19:53:16 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/11/04 19:53:10 | 000,475,694 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/11/04 19:53:10 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/11/04 19:53:10 | 000,084,966 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/11/04 19:53:10 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/11/04 19:53:08 | 000,004,688 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/11/04 19:53:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/11/04 19:53:02 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/11/04 19:52:54 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/11/04 19:52:54 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/11/04 19:52:40 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/11/04 19:52:29 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/11/04 13:23:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/11/04 13:22:17 | 000,228,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/29 15:57:00 | 000,131,138 | ---- | C] () -- C:\WINDOWS\System32\rscn05cl.dll
[2005/08/24 18:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/09 17:13:59 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005/08/09 17:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/09 17:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/08/09 17:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/06/10 18:59:16 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/04/12 15:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/09/17 20:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011/04/19 23:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/23 17:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/02/11 21:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2010/06/06 12:46:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Vinod\Application Data\.#
[2008/04/25 22:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vinod\Application Data\acccore
[2006/02/12 11:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vinod\Application Data\Aim
[2011/01/05 18:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vinod\Application Data\click
[2009/12/20 13:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vinod\Application Data\DNA
[2009/01/30 22:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vinod\Application Data\InterVideo
[2010/10/29 23:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vinod\Application Data\Juniper Networks
[2006/04/06 14:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vinod\Application Data\Smartsims
[2006/06/15 12:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vinod\Application Data\Template
[2005/11/04 22:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vinod\Application Data\toshiba
[2011/04/30 15:24:10 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2006/02/10 12:10:05 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job
[2011/04/30 12:42:04 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EC0D626D-C16C-416C-9E4F-285C2459B793}.job

========== Purity Check ==========



< End of report >

Edited by thegamemodo9, 30 April 2011 - 02:37 PM.

[SpySentinel]

Download RogueKiller to your desktop

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 1 and validate
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.