Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Weird pop up messages when turning the labtop on


  • Please log in to reply

#1
aimi

aimi

    Member

  • Member
  • PipPip
  • 27 posts
It all started when my coursework doc refused to open and the messages was the file may be corrupted etc.
I tried opening it with my labtop but then the screen went black even though the sound works so i switched off the labtop and turn it on again. When i was directed to windows, the screen wasn't bright even though i plugged in my adapter and i received the following errors:

PreMKBD - Only administrator account permits this program.

dmhkcore.exe - basically say this program needs to close etc

Batterymanager.ex - similar to above, saying program needs to close.
I've run panda antivirus and 9 hacking tools were detected so i deleted it but when i restart the whole thing, the following messages still appear.


RootRepealLog:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/28 20:51
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9F8B000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7D2F000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA9321000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06cd1c

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06d446

#: 062 Function Name: NtDeleteFile
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06d592

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa070a42

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa070a74

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06d4f6

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06ce60

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06d050

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06d194

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa070b48

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa070ab2

#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa070ae4

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa070b16

#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06ccca

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06d5f2

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa0709e2

#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06cc60

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\PavProc.sys" at address 0xa9a24a70

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\PavProc.sys" at address 0xa9a23e40

==EOF==

OTL Log:
OTL logfile created on: 11/28/2009 8:58:06 PM - Run 1
OTL by OldTimer - Version 3.1.11.2 Folder = D:\Syed Ihsan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.36 Mb Total Physical Memory | 543.38 Mb Available Physical Memory | 53.57% Memory free
2.39 Gb Paging File | 1.93 Gb Available in Paging File | 80.92% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.04 Gb Total Space | 57.04 Gb Free Space | 80.29% Space Free | Partition Type: NTFS
Drive D: | 72.00 Gb Total Space | 61.08 Gb Free Space | 84.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-406
Current User Name: Syed Ihsan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/28 20:54:48 | 00,535,552 | ---- | M] (OldTimer Tools) -- D:\Syed Ihsan\Desktop\OTL.exe
PRC - [2009/08/18 20:39:08 | 01,406,184 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2009/08/18 20:39:06 | 00,955,624 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2009/06/20 17:44:00 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/06/20 17:43:14 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/11 23:35:46 | 00,036,972 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0\bin\jusched.exe
PRC - [2008/08/28 18:34:52 | 01,044,480 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/08/26 20:51:00 | 16,851,456 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2008/04/14 12:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 12:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2008/02/28 22:00:20 | 00,141,848 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2008/02/28 22:00:16 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2008/02/28 22:00:14 | 00,137,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2008/02/28 22:00:04 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2007/12/21 04:40:30 | 00,659,456 | ---- | M] (Samsung Electronics,.LTD) -- C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
PRC - [2007/07/23 18:30:42 | 00,406,832 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\apvxdwin.exe
PRC - [2007/07/16 15:14:22 | 00,148,272 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\PAVSRV51.EXE
PRC - [2007/07/12 11:47:30 | 00,169,264 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrlS.exe
PRC - [2007/07/06 14:14:10 | 00,096,560 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
PRC - [2007/06/20 12:32:28 | 00,091,440 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\SrvLoad.exe
PRC - [2007/06/14 15:38:02 | 00,063,024 | ---- | M] (Panda Software) -- C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
PRC - [2007/06/07 16:29:22 | 00,083,504 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
PRC - [2007/05/24 10:31:26 | 00,108,592 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
PRC - [2007/04/23 11:23:14 | 01,032,640 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
PRC - [2007/04/23 11:22:14 | 03,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2007/04/01 09:02:38 | 01,416,072 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/04/01 09:02:38 | 00,568,176 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/04/01 09:02:36 | 00,273,256 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2007/01/15 14:42:16 | 00,067,120 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
PRC - [2006/10/30 22:29:28 | 00,036,864 | ---- | M] () -- C:\Program Files\Samsung\Samsung Network Manager\SNMWLANService.exe
PRC - [2005/08/12 17:37:50 | 01,504,256 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2004/03/18 18:27:02 | 00,315,392 | ---- | M] (KYOCERA MITA) -- C:\Program Files\Kyocera Mita\FileUtility\NsCatCom.exe
PRC - [2004/03/18 18:27:02 | 00,315,392 | ---- | M] (KYOCERA MITA) -- C:\Program Files\Kyocera Mita\FileUtility\NsCatCom.exe
PRC - [2003/09/16 15:50:18 | 00,061,440 | ---- | M] (KYOCERA MITA CORPORATION) -- C:\Program Files\Kyocera Mita\FileUtility\SFUSVC.exe


========== Modules (SafeList) ==========

MOD - [2009/11/28 20:54:48 | 00,535,552 | ---- | M] (OldTimer Tools) -- D:\Syed Ihsan\Desktop\OTL.exe
MOD - [2009/08/18 20:39:14 | 00,341,224 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2009/08/18 20:39:10 | 00,632,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Trusteer\Rapport\bin\msvcr80.dll
MOD - [2009/06/20 17:44:09 | 00,008,704 | ---- | M] () -- C:\Program Files\Real\RealPlayer\rpchromebrowserrecordhelper.dll
MOD - [2007/06/21 09:12:50 | 00,087,344 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\pavoepl.dll
MOD - [2007/04/02 05:00:48 | 00,086,016 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2003/03/18 20:14:52 | 00,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSVCP71.DLL
MOD - [2003/02/21 04:42:22 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSVCR71.DLL


========== Win32 Services (SafeList) ==========

SRV - [2009/08/18 20:39:06 | 00,955,624 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2009/06/20 18:11:43 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 21:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/05/13 16:44:00 | 00,077,480 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2007/07/16 15:14:22 | 00,148,272 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe -- (PAVSRV)
SRV - [2007/07/12 11:47:30 | 00,169,264 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe -- (Panda Software Controller)
SRV - [2007/06/14 15:38:02 | 00,063,024 | ---- | M] (Panda Software) -- C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe -- (PavPrSrv)
SRV - [2007/05/24 10:31:26 | 00,108,592 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe -- (PSIMSVC)
SRV - [2007/04/23 11:22:14 | 03,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/04/01 09:02:36 | 00,273,256 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007/01/15 14:42:16 | 00,067,120 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe -- (pmshellsrv)
SRV - [2006/10/30 22:29:28 | 00,036,864 | ---- | M] () -- C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe -- (SNM WLAN Service)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/08/12 17:37:50 | 01,504,256 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2004/04/15 19:59:42 | 00,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE -- (Pml Driver HPZ12)
SRV - [2003/09/16 15:50:18 | 00,061,440 | ---- | M] (KYOCERA MITA CORPORATION) -- C:\Program Files\Kyocera Mita\FileUtility\SFUSVC.exe -- (SFUSVC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/06/20 17:44:10 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [4oD] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE (Panda Software International)
O4 - HKLM..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics)
O4 - HKLM..\Run: [EDS] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MagicKeyboard] C:\Program Files\Samsung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe (Panda Software International)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Syed Ihsan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Scanner File Utility.lnk = C:\Program Files\Kyocera Mita\FileUtility\NsCatCom.exe (KYOCERA MITA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{00CD55D6-EE5A-4570-9875-8A306628C032}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Panda Security\Panda Internet Security 2008\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Panda Security\Panda Internet Security 2008\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Panda Security\Panda Internet Security 2008\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Panda Security\Panda Internet Security 2008\pavlsp.dll (Panda Software International)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1245227281546 (MUWebControl Class)
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} https://www1.gotomee...ets/g2mdlax.cab (GoToMeeting/GoToWebinar Web Starter)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (Panda Software International)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/11 23:32:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/11/12 16:16:35 | 00,001,166 | ---- | M] () - C:\Autoreport _ Repor-KT07VN.pcf -- [ NTFS ]
O32 - AutoRun File - [2009/11/12 16:16:35 | 00,010,847 | ---- | M] () - C:\Autoreport _ Repor-KT07VN.ppf -- [ NTFS ]
O33 - MountPoints2\{02c5cd6c-8868-11de-adf2-002269e24000}\Shell - "" = AutoRun
O33 - MountPoints2\{02c5cd6c-8868-11de-adf2-002269e24000}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{26ecae8a-e7c8-11dd-ad47-001377d32071}\Shell\Auto\command - "" = scurity.exe
O33 - MountPoints2\{26ecae8a-e7c8-11dd-ad47-001377d32071}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{285b958a-6496-11de-adca-002269e24000}\Shell - "" = AutoRun
O33 - MountPoints2\{285b958a-6496-11de-adca-002269e24000}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{285b958a-6496-11de-adca-002269e24000}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5f270fd5-775f-11de-adda-00059a3c7800}\Shell - "" = AutoRun
O33 - MountPoints2\{5f270fd5-775f-11de-adda-00059a3c7800}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{afc694e7-d021-11de-ae2b-002163c48961}\Shell - "" = AutoRun
O33 - MountPoints2\{afc694e7-d021-11de-ae2b-002163c48961}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{afc694e7-d021-11de-ae2b-002163c48961}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/11/28 20:54:28 | 00,535,552 | ---- | C] (OldTimer Tools) -- D:\Syed Ihsan\Desktop\OTL.exe
[2009/11/28 20:50:36 | 00,472,064 | ---- | C] ( ) -- D:\Syed Ihsan\Desktop\RootRepeal.exe
[2009/11/28 20:24:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Syed Ihsan\Application Data\Malwarebytes
[2009/11/28 20:24:10 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/28 20:24:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/28 20:24:08 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/28 20:24:08 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/20 11:33:09 | 00,000,000 | ---D | C] -- D:\Syed Ihsan\My Documents\REQ010882 invoice_files
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/28 20:54:48 | 00,535,552 | ---- | M] (OldTimer Tools) -- D:\Syed Ihsan\Desktop\OTL.exe
[2009/11/28 20:51:08 | 00,000,015 | ---- | M] () -- D:\Syed Ihsan\Desktop\settings.dat
[2009/11/28 20:50:38 | 00,472,064 | ---- | M] ( ) -- D:\Syed Ihsan\Desktop\RootRepeal.exe
[2009/11/28 20:47:11 | 00,578,468 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/28 20:47:11 | 00,482,536 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/28 20:47:11 | 00,086,080 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/28 20:43:18 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/11/28 20:42:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/28 20:42:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/28 20:42:33 | 10,637,02528 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/28 20:41:42 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\Syed Ihsan\NTUSER.DAT
[2009/11/28 20:41:42 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Syed Ihsan\ntuser.ini
[2009/11/28 20:37:02 | 00,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2557262065-285147340-301454875-1005UA.job
[2009/11/28 20:24:13 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/28 19:26:18 | 00,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2009/11/28 19:19:09 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/27 22:48:10 | 00,104,929 | ---- | M] () -- D:\Syed Ihsan\My Documents\life.xps
[2009/11/27 12:37:00 | 00,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2557262065-285147340-301454875-1005Core.job
[2009/11/27 12:31:50 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/23 12:05:19 | 00,000,191 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2009/11/20 11:33:09 | 00,004,026 | ---- | M] () -- D:\Syed Ihsan\My Documents\REQ010882 invoice.htm
[2009/11/17 08:37:48 | 00,002,179 | ---- | M] () -- D:\Syed Ihsan\Desktop\Google Chrome.lnk
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/28 20:50:44 | 00,000,015 | ---- | C] () -- D:\Syed Ihsan\Desktop\settings.dat
[2009/11/28 20:24:13 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/27 22:48:08 | 00,104,929 | ---- | C] () -- D:\Syed Ihsan\My Documents\life.xps
[2009/11/20 11:33:09 | 00,004,026 | ---- | C] () -- D:\Syed Ihsan\My Documents\REQ010882 invoice.htm
[2009/10/06 08:12:16 | 00,000,191 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI
[2009/07/17 11:45:44 | 00,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/07/06 13:22:43 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\bsrmgcv.dll
[2009/07/06 13:22:43 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\bsrmgps.dll
[2009/07/06 13:22:22 | 00,585,728 | ---- | C] () -- C:\WINDOWS\System32\bsratswf.dll
[2009/07/06 13:22:22 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\bsratwmv.dll
[2009/06/15 15:19:56 | 00,032,768 | ---- | C] () -- C:\Documents and Settings\Syed Ihsan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/08 10:30:54 | 00,000,191 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2009/04/08 10:28:37 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2009/01/21 09:35:28 | 00,001,520 | ---- | C] () -- C:\WINDOWS\System32\Maintenance_KBD.ini
[2009/01/21 09:20:37 | 00,000,179 | ---- | C] () -- C:\WINDOWS\nscatch.ini
[2009/01/20 07:19:56 | 00,001,520 | ---- | C] () -- C:\WINDOWS\System32\Syed Ihsan_KBD.ini
[2008/12/11 18:20:24 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/11/11 23:44:21 | 00,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI
[2008/11/11 23:44:21 | 00,001,520 | ---- | C] () -- C:\WINDOWS\System32\Owner_KBD.ini
[2008/11/11 23:44:18 | 00,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
[2008/11/11 23:44:18 | 00,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
[2008/11/11 23:44:18 | 00,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
[2008/11/11 23:44:18 | 00,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
[2008/11/11 23:44:18 | 00,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
[2008/11/11 23:44:18 | 00,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
[2008/11/11 23:44:18 | 00,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
[2008/11/11 23:44:18 | 00,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
[2008/11/11 23:44:18 | 00,001,857 | ---- | C] () -- C:\WINDOWS\System32\KBDUU.INI
[2008/11/11 23:44:18 | 00,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
[2008/11/11 23:44:18 | 00,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
[2008/11/11 23:44:18 | 00,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI
[2008/11/11 23:44:18 | 00,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
[2008/11/11 23:44:18 | 00,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI
[2008/11/11 23:44:18 | 00,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI
[2008/11/11 23:44:18 | 00,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
[2008/11/11 23:44:18 | 00,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI
[2008/11/11 23:42:05 | 00,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini
[2008/11/11 23:42:05 | 00,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini
[2008/11/11 23:38:50 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/11/11 22:12:32 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/04/01 09:00:28 | 02,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/04/01 08:41:52 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/10/19 16:37:00 | 00,015,852 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2005/08/12 17:38:00 | 00,181,176 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2005/08/12 17:37:46 | 00,189,440 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/02/17 12:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2009/02/03 21:28:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2009/03/16 07:31:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cogniview
[2009/11/28 20:57:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/01/19 17:42:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sentinel
[2009/09/02 07:48:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2008/11/11 23:39:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLAN
[2009/03/16 07:31:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Application Data\Cogniview
[2009/09/02 07:48:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Application Data\Trusteer

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: ATAPI.SYS >
[2008/04/14 08:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 08:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 12:00:00 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 12:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 12:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 12:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 12:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< End of report >
[2009/11/28 21:00:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/11/28 20:54:48 | 00,535,552 | ---- | M] (OldTimer Tools) -- D:\Syed Ihsan\Desktop\OTL.exe
[2009/11/28 20:51:08 | 00,000,015 | ---- | M] () -- D:\Syed Ihsan\Desktop\settings.dat
[2009/11/28 20:50:38 | 00,472,064 | ---- | M] ( ) -- D:\Syed Ihsan\Desktop\RootRepeal.exe
[2009/11/28 20:47:11 | 00,578,468 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/28 20:47:11 | 00,482,536 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/28 20:47:11 | 00,086,080 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/28 20:43:18 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/11/28 20:42:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/28 20:42:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/28 20:41:42 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\Syed Ihsan\NTUSER.DAT
[2009/11/28 20:41:42 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Syed Ihsan\ntuser.ini
[2009/11/28 20:37:02 | 00,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2557262065-285147340-301454875-1005UA.job
[2009/11/28 20:24:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Application Data\Malwarebytes
[2009/11/28 20:24:14 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/28 20:24:13 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/28 20:24:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/28 19:26:18 | 00,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2009/11/28 19:19:09 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/27 22:48:10 | 00,104,929 | ---- | M] () -- D:\Syed Ihsan\My Documents\life.xps
[2009/11/27 12:37:00 | 00,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2557262065-285147340-301454875-1005Core.job
[2009/11/27 12:31:50 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/26 20:17:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Application Data\U3
[2009/11/26 20:06:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/11/23 12:05:19 | 00,000,191 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2009/11/20 11:33:09 | 00,004,026 | ---- | M] () -- D:\Syed Ihsan\My Documents\REQ010882 invoice.htm
[2009/11/17 08:37:48 | 00,002,179 | ---- | M] () -- D:\Syed Ihsan\Desktop\Google Chrome.lnk
[2009/11/17 08:37:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Local Settings\Application Data\Temp
[2009/11/13 09:01:15 | 00,124,687 | ---- | M] () -- D:\Syed Ihsan\My Documents\JV2DCM-Rolf Booking.pdf
[2009/11/12 07:55:16 | 00,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/04 13:02:54 | 00,000,375 | ---- | M] () -- D:\Syed Ihsan\Desktop\Shortcut to cv.lnk
[2009/11/04 13:01:52 | 00,028,672 | ---- | M] () -- D:\Syed Ihsan\Desktop\cv.odt
[2009/10/30 15:18:23 | 00,000,467 | ---- | M] () -- D:\Syed Ihsan\My Documents\ChatLog M4 Systems Demonstration 2009_10_30 15_18.rtf
[2009/10/18 14:35:42 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\Syed Ihsan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/06 07:51:28 | 00,068,456 | ---- | M] () -- C:\Documents and Settings\Syed Ihsan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/13 16:04:29 | 06,420,308 | -H-- | M] () -- C:\Documents and Settings\Syed Ihsan\Local Settings\Application Data\IconCache.db
[2008/11/11 15:24:29 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Syed Ihsan\Application Data\desktop.ini
[2008/11/11 15:24:29 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

========== Files - Modified Within 14 Days ==========

[2009/11/28 20:54:48 | 00,535,552 | ---- | M] (OldTimer Tools) -- D:\Syed Ihsan\Desktop\OTL.exe
[2009/11/28 20:51:08 | 00,000,015 | ---- | M] () -- D:\Syed Ihsan\Desktop\settings.dat
[2009/11/28 20:50:38 | 00,472,064 | ---- | M] ( ) -- D:\Syed Ihsan\Desktop\RootRepeal.exe
[2009/11/28 20:47:11 | 00,578,468 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/28 20:47:11 | 00,482,536 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/28 20:47:11 | 00,086,080 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/28 20:43:18 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/11/28 20:42:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/28 20:42:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/28 20:42:33 | 10,637,02528 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/28 20:41:42 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\Syed Ihsan\NTUSER.DAT
[2009/11/28 20:41:42 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Syed Ihsan\ntuser.ini
[2009/11/28 20:37:02 | 00,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2557262065-285147340-301454875-1005UA.job
[2009/11/28 20:24:13 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/28 19:26:18 | 00,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2009/11/28 19:19:09 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/27 22:48:10 | 00,104,929 | ---- | M] () -- D:\Syed Ihsan\My Documents\life.xps
[2009/11/27 12:37:00 | 00,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2557262065-285147340-301454875-1005Core.job
[2009/11/27 12:31:50 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/23 12:05:19 | 00,000,191 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2009/11/20 11:33:09 | 00,004,026 | ---- | M] () -- D:\Syed Ihsan\My Documents\REQ010882 invoice.htm
[2009/11/17 08:37:48 | 00,002,179 | ---- | M] () -- D:\Syed Ihsan\Desktop\Google Chrome.lnk
[2009/11/13 09:01:15 | 00,124,687 | ---- | M] () -- D:\Syed Ihsan\My Documents\JV2DCM-Rolf Booking.pdf
[2009/11/12 16:16:35 | 00,010,847 | ---- | M] () -- C:\Autoreport _ Repor-KT07VN.ppf
[2009/11/12 16:16:35 | 00,001,166 | ---- | M] () -- C:\Autoreport _ Repor-KT07VN.pcf
[2009/11/12 07:55:16 | 00,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/04 13:02:54 | 00,000,375 | ---- | M] () -- D:\Syed Ihsan\Desktop\Shortcut to cv.lnk
[2009/11/04 13:01:52 | 00,028,672 | ---- | M] () -- D:\Syed Ihsan\Desktop\cv.odt
[2009/10/30 15:18:23 | 00,000,467 | ---- | M] () -- D:\Syed Ihsan\My Documents\ChatLog M4 Systems Demonstration 2009_10_30 15_18.rtf
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== LOP Check ==========

[2009/02/03 21:28:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2009/03/16 07:31:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cogniview
[2009/11/28 21:02:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/01/19 17:42:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sentinel
[2009/09/02 07:48:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2008/11/11 23:39:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLAN
[2009/03/16 07:31:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Application Data\Cogniview
[2009/09/02 07:48:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Application Data\Trusteer

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: ATAPI.SYS >
[2008/04/14 08:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 08:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 12:00:00 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 12:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 12:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 12:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 12:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< End of report >
[2009/11/28 21:02:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/11/28 20:54:48 | 00,535,552 | ---- | M] (OldTimer Tools) -- D:\Syed Ihsan\Desktop\OTL.exe
[2009/11/28 20:51:08 | 00,000,015 | ---- | M] () -- D:\Syed Ihsan\Desktop\settings.dat
[2009/11/28 20:50:38 | 00,472,064 | ---- | M] ( ) -- D:\Syed Ihsan\Desktop\RootRepeal.exe
[2009/11/28 20:47:11 | 00,578,468 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/28 20:47:11 | 00,482,536 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/28 20:47:11 | 00,086,080 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/28 20:43:18 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/11/28 20:42:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/28 20:42:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/28 20:41:42 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\Syed Ihsan\NTUSER.DAT
[2009/11/28 20:41:42 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Syed Ihsan\ntuser.ini
[2009/11/28 20:37:02 | 00,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2557262065-285147340-301454875-1005UA.job
[2009/11/28 20:24:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Application Data\Malwarebytes
[2009/11/28 20:24:14 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/28 20:24:13 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/28 20:24:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/28 19:26:18 | 00,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2009/11/28 19:19:09 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/27 22:48:10 | 00,104,929 | ---- | M] () -- D:\Syed Ihsan\My Documents\life.xps
[2009/11/27 12:37:00 | 00,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2557262065-285147340-301454875-1005Core.job
[2009/11/27 12:31:50 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/26 20:17:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Application Data\U3
[2009/11/26 20:06:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/11/23 12:05:19 | 00,000,191 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2009/11/20 11:33:09 | 00,004,026 | ---- | M] () -- D:\Syed Ihsan\My Documents\REQ010882 invoice.htm
[2009/11/17 08:37:48 | 00,002,179 | ---- | M] () -- D:\Syed Ihsan\Desktop\Google Chrome.lnk
[2009/11/17 08:37:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Local Settings\Application Data\Temp
[2009/11/13 09:01:15 | 00,124,687 | ---- | M] () -- D:\Syed Ihsan\My Documents\JV2DCM-Rolf Booking.pdf
[2009/11/12 07:55:16 | 00,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/04 13:02:54 | 00,000,375 | ---- | M] () -- D:\Syed Ihsan\Desktop\Shortcut to cv.lnk
[2009/11/04 13:01:52 | 00,028,672 | ---- | M] () -- D:\Syed Ihsan\Desktop\cv.odt
[2009/10/30 15:18:23 | 00,000,467 | ---- | M] () -- D:\Syed Ihsan\My Documents\ChatLog M4 Systems Demonstration 2009_10_30 15_18.rtf
[2009/10/18 14:35:42 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\Syed Ihsan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/06 07:51:28 | 00,068,456 | ---- | M] () -- C:\Documents and Settings\Syed Ihsan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/13 16:04:29 | 06,420,308 | -H-- | M] () -- C:\Documents and Settings\Syed Ihsan\Local Settings\Application Data\IconCache.db
[2008/11/11 15:24:29 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Syed Ihsan\Application Data\desktop.ini
[2008/11/11 15:24:29 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/28 20:54:48 | 00,535,552 | ---- | M] (OldTimer Tools) -- D:\Syed Ihsan\Desktop\OTL.exe
[2009/11/28 20:51:08 | 00,000,015 | ---- | M] () -- D:\Syed Ihsan\Desktop\settings.dat
[2009/11/28 20:50:38 | 00,472,064 | ---- | M] ( ) -- D:\Syed Ihsan\Desktop\RootRepeal.exe
[2009/11/28 20:47:11 | 00,578,468 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/28 20:47:11 | 00,482,536 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/28 20:47:11 | 00,086,080 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/28 20:43:18 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/11/28 20:42:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/28 20:42:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/28 20:42:33 | 10,637,02528 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/28 20:41:42 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\Syed Ihsan\NTUSER.DAT
[2009/11/28 20:41:42 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Syed Ihsan\ntuser.ini
[2009/11/28 20:37:02 | 00,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2557262065-285147340-301454875-1005UA.job
[2009/11/28 20:24:13 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/28 19:26:18 | 00,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2009/11/28 19:19:09 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/27 22:48:10 | 00,104,929 | ---- | M] () -- D:\Syed Ihsan\My Documents\life.xps
[2009/11/27 12:37:00 | 00,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2557262065-285147340-301454875-1005Core.job
[2009/11/27 12:31:50 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/23 12:05:19 | 00,000,191 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2009/11/20 11:33:09 | 00,004,026 | ---- | M] () -- D:\Syed Ihsan\My Documents\REQ010882 invoice.htm
[2009/11/17 08:37:48 | 00,002,179 | ---- | M] () -- D:\Syed Ihsan\Desktop\Google Chrome.lnk
[2009/11/13 09:01:15 | 00,124,687 | ---- | M] () -- D:\Syed Ihsan\My Documents\JV2DCM-Rolf Booking.pdf
[2009/11/12 16:16:35 | 00,010,847 | ---- | M] () -- C:\Autoreport _ Repor-KT07VN.ppf
[2009/11/12 16:16:35 | 00,001,166 | ---- | M] () -- C:\Autoreport _ Repor-KT07VN.pcf
[2009/11/12 07:55:16 | 00,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/04 13:02:54 | 00,000,375 | ---- | M] () -- D:\Syed Ihsan\Desktop\Shortcut to cv.lnk
[2009/11/04 13:01:52 | 00,028,672 | ---- | M] () -- D:\Syed Ihsan\Desktop\cv.odt
[2009/10/30 15:18:23 | 00,000,467 | ---- | M] () -- D:\Syed Ihsan\My Documents\ChatLog M4 Systems Demonstration 2009_10_30 15_18.rtf
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== LOP Check ==========

[2009/02/03 21:28:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2009/03/16 07:31:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cogniview
[2009/11/28 21:02:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/01/19 17:42:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sentinel
[2009/09/02 07:48:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2008/11/11 23:39:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLAN
[2009/03/16 07:31:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Application Data\Cogniview
[2009/09/02 07:48:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Application Data\Trusteer

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: ATAPI.SYS >
[2008/04/14 08:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\System32\dllcache\atapi.sys
[2008/04/14 08:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\System32\drivers\atapi.sys
[2008/04/14 12:00:00 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\System32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 12:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 12:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 12:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 12:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< End of report >
[2009/11/28 21:02:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/11/28 20:54:48 | 00,535,552 | ---- | M] (OldTimer Tools) -- D:\Syed Ihsan\Desktop\OTL.exe
[2009/11/28 20:51:08 | 00,000,015 | ---- | M] () -- D:\Syed Ihsan\Desktop\settings.dat
[2009/11/28 20:50:38 | 00,472,064 | ---- | M] ( ) -- D:\Syed Ihsan\Desktop\RootRepeal.exe
[2009/11/28 20:47:11 | 00,578,468 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/28 20:47:11 | 00,482,536 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/28 20:47:11 | 00,086,080 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/28 20:43:18 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/11/28 20:42:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/28 20:42:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/28 20:41:42 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\Syed Ihsan\NTUSER.DAT
[2009/11/28 20:41:42 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Syed Ihsan\ntuser.ini
[2009/11/28 20:37:02 | 00,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2557262065-285147340-301454875-1005UA.job
[2009/11/28 20:24:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Application Data\Malwarebytes
[2009/11/28 20:24:14 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/28 20:24:13 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/28 20:24:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/28 19:26:18 | 00,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2009/11/28 19:19:09 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/27 22:48:10 | 00,104,929 | ---- | M] () -- D:\Syed Ihsan\My Documents\life.xps
[2009/11/27 12:37:00 | 00,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2557262065-285147340-301454875-1005Core.job
[2009/11/27 12:31:50 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/26 20:17:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Application Data\U3
[2009/11/26 20:06:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/11/23 12:05:19 | 00,000,191 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2009/11/20 11:33:09 | 00,004,026 | ---- | M] () -- D:\Syed Ihsan\My Documents\REQ010882 invoice.htm
[2009/11/17 08:37:48 | 00,002,179 | ---- | M] () -- D:\Syed Ihsan\Desktop\Google Chrome.lnk
[2009/11/17 08:37:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Local Settings\Application Data\Temp
[2009/11/13 09:01:15 | 00,124,687 | ---- | M] () -- D:\Syed Ihsan\My Documents\JV2DCM-Rolf Booking.pdf
[2009/11/12 07:55:16 | 00,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/04 13:02:54 | 00,000,375 | ---- | M] () -- D:\Syed Ihsan\Desktop\Shortcut to cv.lnk
[2009/11/04 13:01:52 | 00,028,672 | ---- | M] () -- D:\Syed Ihsan\Desktop\cv.odt
[2009/10/30 15:18:23 | 00,000,467 | ---- | M] () -- D:\Syed Ihsan\My Documents\ChatLog M4 Systems Demonstration 2009_10_30 15_18.rtf
[2009/10/18 14:35:42 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\Syed Ihsan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/06 07:51:28 | 00,068,456 | ---- | M] () -- C:\Documents and Settings\Syed Ihsan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/13 16:04:29 | 06,420,308 | -H-- | M] () -- C:\Documents and Settings\Syed Ihsan\Local Settings\Application Data\IconCache.db
[2008/11/11 15:24:29 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Syed Ihsan\Application Data\desktop.ini
[2008/11/11 15:24:29 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/28 20:54:48 | 00,535,552 | ---- | M] (OldTimer Tools) -- D:\Syed Ihsan\Desktop\OTL.exe
[2009/11/28 20:51:08 | 00,000,015 | ---- | M] () -- D:\Syed Ihsan\Desktop\settings.dat
[2009/11/28 20:50:38 | 00,472,064 | ---- | M] ( ) -- D:\Syed Ihsan\Desktop\RootRepeal.exe
[2009/11/28 20:47:11 | 00,578,468 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/28 20:47:11 | 00,482,536 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/28 20:47:11 | 00,086,080 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/28 20:43:18 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/11/28 20:42:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/28 20:42:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/28 20:42:33 | 10,637,02528 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/28 20:41:42 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\Syed Ihsan\NTUSER.DAT
[2009/11/28 20:41:42 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Syed Ihsan\ntuser.ini
[2009/11/28 20:37:02 | 00,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2557262065-285147340-301454875-1005UA.job
[2009/11/28 20:24:13 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/28 19:26:18 | 00,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2009/11/28 19:19:09 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/27 22:48:10 | 00,104,929 | ---- | M] () -- D:\Syed Ihsan\My Documents\life.xps
[2009/11/27 12:37:00 | 00,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2557262065-285147340-301454875-1005Core.job
[2009/11/27 12:31:50 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/23 12:05:19 | 00,000,191 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2009/11/20 11:33:09 | 00,004,026 | ---- | M] () -- D:\Syed Ihsan\My Documents\REQ010882 invoice.htm
[2009/11/17 08:37:48 | 00,002,179 | ---- | M] () -- D:\Syed Ihsan\Desktop\Google Chrome.lnk
[2009/11/13 09:01:15 | 00,124,687 | ---- | M] () -- D:\Syed Ihsan\My Documents\JV2DCM-Rolf Booking.pdf
[2009/11/12 16:16:35 | 00,010,847 | ---- | M] () -- C:\Autoreport _ Repor-KT07VN.ppf
[2009/11/12 16:16:35 | 00,001,166 | ---- | M] () -- C:\Autoreport _ Repor-KT07VN.pcf
[2009/11/12 07:55:16 | 00,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/04 13:02:54 | 00,000,375 | ---- | M] () -- D:\Syed Ihsan\Desktop\Shortcut to cv.lnk
[2009/11/04 13:01:52 | 00,028,672 | ---- | M] () -- D:\Syed Ihsan\Desktop\cv.odt
[2009/10/30 15:18:23 | 00,000,467 | ---- | M] () -- D:\Syed Ihsan\My Documents\ChatLog M4 Systems Demonstration 2009_10_30 15_18.rtf
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== LOP Check ==========

[2009/02/03 21:28:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2009/03/16 07:31:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cogniview
[2009/11/28 21:02:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/01/19 17:42:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sentinel
[2009/09/02 07:48:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2008/11/11 23:39:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLAN
[2009/03/16 07:31:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Application Data\Cogniview
[2009/09/02 07:48:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Application Data\Trusteer

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: ATAPI.SYS >
[2008/04/14 08:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\System32\dllcache\atapi.sys
[2008/04/14 08:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\System32\drivers\atapi.sys
[2008/04/14 12:00:00 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\System32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 12:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 12:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 12:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 12:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< End of report >

Extras:

OTL Extras logfile created on: 11/28/2009 8:58:06 PM - Run 1
OTL by OldTimer - Version 3.1.11.2 Folder = D:\Syed Ihsan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.36 Mb Total Physical Memory | 543.38 Mb Available Physical Memory | 53.57% Memory free
2.39 Gb Paging File | 1.93 Gb Available in Paging File | 80.92% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.04 Gb Total Space | 57.04 Gb Free Space | 80.29% Space Free | Partition Type: NTFS
Drive D: | 72.00 Gb Total Space | 61.08 Gb Free Space | 84.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-406
Current User Name: Syed Ihsan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files\Panda Security\Panda Internet Security 2008\PAVSCRIP.EXE (Panda Software International)
.jse [@ = JSEFile] -- C:\Program Files\Panda Security\Panda Internet Security 2008\PAVSCRIP.EXE (Panda Software International)
.vbe [@ = VBEFile] -- C:\Program Files\Panda Security\Panda Internet Security 2008\PAVSCRIP.EXE (Panda Software International)
.vbs [@ = VBSFile] -- C:\Program Files\Panda Security\Panda Internet Security 2008\PAVSCRIP.EXE (Panda Software International)
.wsf [@ = WSFFile] -- C:\Program Files\Panda Security\Panda Internet Security 2008\PAVSCRIP.EXE (Panda Software International)
.wsh [@ = WSHFile] -- C:\Program Files\Panda Security\Panda Internet Security 2008\PAVSCRIP.EXE (Panda Software International)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
jsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* (Panda Software International)
jsefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* (Panda Software International)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* (Panda Software International)
vbsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* (Panda Software International)
wsffile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* (Panda Software International)
wshfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* (Panda Software International)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Zattoo\zattood.exe" = C:\Program Files\Zattoo\zattood.exe:*:Enabled:zattood -- ()
"C:\Program Files\Zattoo\Zattoo1.exe" = C:\Program Files\Zattoo\Zattoo1.exe:*:Enabled: -- ()
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- (Kontiki Inc.)
"C:\Program Files\Zattoo\Zattoo2.exe" = C:\Program Files\Zattoo\Zattoo2.exe:*:Enabled: -- ()
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00CD55D6-EE5A-4570-9875-8A306628C032}" = Cisco Systems VPN Client 4.7.00.0533
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{5007E629-8769-44BB-BD51-A20B6DCC5CC9}" = Microsoft Office Accounting 2009
"{53276F5A-85AB-4BEF-BAA2-2490975DC006}" = Microsoft Office Accounting 2009 Fixed Asset Manager
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5CBB720F-08E6-4043-B83F-76C277AF6DE7}" = Samsung Wallpaper
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{61C79AE1-5403-4687-AC68-28BFA5EF3895}" = KyoceraMita Scanner File Utility
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{8B7443F5-E141-42A0-AB61-ED2331AAD606}" = 4oD
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{ABB14904-A11B-4F42-996C-80FD608A0F17}" = Samsung EDS
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6C148EC-55FB-4FDF-AD4F-ECEA579D040D}" = Microsoft Office Accounting 2009 Equifax Addin
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9AE6BE1-5847-4962-86B0-2A290B7E6C43}" = Microsoft Office Accounting 2009 Tax Integration Add-in
"{DC0C35E4-CD3D-4F12-95BB-7C74D9467BD7}" = Microsoft Office Accounting 2009 PayPal Addin
"{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"{EEBA9416-3207-47E0-9022-116440599DBC}" = Panda Internet Security 2008
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}" = Atheros WLAN Client
"4oD" = 4oD
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BulentsScreenRecorder4" = BSR Screen Recorder 4
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2009" = Microsoft Office Accounting 2009
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 6.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tweak UI 2.10" = Tweak UI
"VISPROR" = Microsoft Office Visio Professional 2007 Trial
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zattoo" = Zattoo 3.3.1 Beta

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.0.0.320

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/8/2009 3:18:34 AM | Computer Name = PC-406 | Source = Application Error | ID = 1000
Description = Faulting application btstac~1.exe, version 5.1.0.3300, faulting module
btstac~1.exe, version 5.1.0.3300, fault address 0x00095927.

Error - 10/8/2009 3:18:35 AM | Computer Name = PC-406 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 10/8/2009 3:18:35 AM | Computer Name = PC-406 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 10/8/2009 3:18:35 AM | Computer Name = PC-406 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 10/8/2009 3:18:36 AM | Computer Name = PC-406 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 10/8/2009 3:18:37 AM | Computer Name = PC-406 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 10/8/2009 3:32:25 AM | Computer Name = PC-406 | Source = Google Update | ID = 20
Description =

Error - 10/8/2009 4:32:14 AM | Computer Name = PC-406 | Source = Google Update | ID = 20
Description =

Error - 10/8/2009 5:32:14 AM | Computer Name = PC-406 | Source = Google Update | ID = 20
Description =

Error - 10/8/2009 6:32:15 AM | Computer Name = PC-406 | Source = Google Update | ID = 20
Description =

[ OSession Events ]
Error - 2/23/2009 12:17:47 PM | Computer Name = PC-406 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 15691
seconds with 4320 seconds of active time. This session ended with a crash.

Error - 6/19/2009 8:16:23 AM | Computer Name = PC-406 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/19/2009 8:16:39 AM | Computer Name = PC-406 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/19/2009 8:16:45 AM | Computer Name = PC-406 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/14/2009 4:38:21 AM | Computer Name = PC-406 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2449
seconds with 660 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/25/2009 6:16:33 PM | Computer Name = PC-406 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 11/25/2009 6:16:34 PM | Computer Name = PC-406 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 11/25/2009 6:16:34 PM | Computer Name = PC-406 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 11/26/2009 4:14:58 PM | Computer Name = PC-406 | Source = Service Control Manager | ID = 7000
Description = The MEMIO service failed to start due to the following error: %%2

Error - 11/27/2009 8:31:03 AM | Computer Name = PC-406 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 002163C48961 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 11/27/2009 2:11:13 PM | Computer Name = PC-406 | Source = Service Control Manager | ID = 7000
Description = The MEMIO service failed to start due to the following error: %%2

Error - 11/27/2009 3:10:12 PM | Computer Name = PC-406 | Source = Service Control Manager | ID = 7000
Description = The MEMIO service failed to start due to the following error: %%2

Error - 11/28/2009 3:19:17 PM | Computer Name = PC-406 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 002163C48961 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 11/28/2009 3:19:38 PM | Computer Name = PC-406 | Source = Service Control Manager | ID = 7000
Description = The MEMIO service failed to start due to the following error: %%2

Error - 11/28/2009 4:43:12 PM | Computer Name = PC-406 | Source = Service Control Manager | ID = 7000
Description = The MEMIO service failed to start due to the following error: %%2


< End of report >


MBAM Log:
Malwarebytes' Anti-Malware 1.41
Database version: 3251
Windows 5.1.2600 Service Pack 3

11/28/2009 8:30:59 PM
mbam-log-2009-11-28 (20-30-59).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 30623
Time elapsed: 5 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP