I tried opening it with my labtop but then the screen went black even though the sound works so i switched off the labtop and turn it on again. When i was directed to windows, the screen wasn't bright even though i plugged in my adapter and i received the following errors:
PreMKBD - Only administrator account permits this program.
dmhkcore.exe - basically say this program needs to close etc
Batterymanager.ex - similar to above, saying program needs to close.
I've run panda antivirus and 9 hacking tools were detected so i deleted it but when i restart the whole thing, the following messages still appear.
RootRepealLog:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/28 20:51
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9F8B000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7D2F000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA9321000 Size: 49152 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06cd1c
#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06d446
#: 062 Function Name: NtDeleteFile
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06d592
#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa070a42
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa070a74
#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06d4f6
#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06ce60
#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06d050
#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06d194
#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa070b48
#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa070ab2
#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa070ae4
#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa070b16
#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06ccca
#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06d5f2
#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa0709e2
#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xaa06cc60
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\PavProc.sys" at address 0xa9a24a70
#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\PavProc.sys" at address 0xa9a23e40
==EOF==
OTL Log:
OTL logfile created on: 11/28/2009 8:58:06 PM - Run 1
OTL by OldTimer - Version 3.1.11.2 Folder = D:\Syed Ihsan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.36 Mb Total Physical Memory | 543.38 Mb Available Physical Memory | 53.57% Memory free
2.39 Gb Paging File | 1.93 Gb Available in Paging File | 80.92% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.04 Gb Total Space | 57.04 Gb Free Space | 80.29% Space Free | Partition Type: NTFS
Drive D: | 72.00 Gb Total Space | 61.08 Gb Free Space | 84.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC-406
Current User Name: Syed Ihsan
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/11/28 20:54:48 | 00,535,552 | ---- | M] (OldTimer Tools) -- D:\Syed Ihsan\Desktop\OTL.exe
PRC - [2009/08/18 20:39:08 | 01,406,184 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2009/08/18 20:39:06 | 00,955,624 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2009/06/20 17:44:00 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/06/20 17:43:14 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/11 23:35:46 | 00,036,972 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0\bin\jusched.exe
PRC - [2008/08/28 18:34:52 | 01,044,480 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/08/26 20:51:00 | 16,851,456 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2008/04/14 12:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 12:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2008/02/28 22:00:20 | 00,141,848 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2008/02/28 22:00:16 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2008/02/28 22:00:14 | 00,137,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2008/02/28 22:00:04 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2007/12/21 04:40:30 | 00,659,456 | ---- | M] (Samsung Electronics,.LTD) -- C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
PRC - [2007/07/23 18:30:42 | 00,406,832 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\apvxdwin.exe
PRC - [2007/07/16 15:14:22 | 00,148,272 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\PAVSRV51.EXE
PRC - [2007/07/12 11:47:30 | 00,169,264 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrlS.exe
PRC - [2007/07/06 14:14:10 | 00,096,560 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
PRC - [2007/06/20 12:32:28 | 00,091,440 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\SrvLoad.exe
PRC - [2007/06/14 15:38:02 | 00,063,024 | ---- | M] (Panda Software) -- C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
PRC - [2007/06/07 16:29:22 | 00,083,504 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
PRC - [2007/05/24 10:31:26 | 00,108,592 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
PRC - [2007/04/23 11:23:14 | 01,032,640 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
PRC - [2007/04/23 11:22:14 | 03,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2007/04/01 09:02:38 | 01,416,072 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/04/01 09:02:38 | 00,568,176 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/04/01 09:02:36 | 00,273,256 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2007/01/15 14:42:16 | 00,067,120 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
PRC - [2006/10/30 22:29:28 | 00,036,864 | ---- | M] () -- C:\Program Files\Samsung\Samsung Network Manager\SNMWLANService.exe
PRC - [2005/08/12 17:37:50 | 01,504,256 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2004/03/18 18:27:02 | 00,315,392 | ---- | M] (KYOCERA MITA) -- C:\Program Files\Kyocera Mita\FileUtility\NsCatCom.exe
PRC - [2004/03/18 18:27:02 | 00,315,392 | ---- | M] (KYOCERA MITA) -- C:\Program Files\Kyocera Mita\FileUtility\NsCatCom.exe
PRC - [2003/09/16 15:50:18 | 00,061,440 | ---- | M] (KYOCERA MITA CORPORATION) -- C:\Program Files\Kyocera Mita\FileUtility\SFUSVC.exe
========== Modules (SafeList) ==========
MOD - [2009/11/28 20:54:48 | 00,535,552 | ---- | M] (OldTimer Tools) -- D:\Syed Ihsan\Desktop\OTL.exe
MOD - [2009/08/18 20:39:14 | 00,341,224 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2009/08/18 20:39:10 | 00,632,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Trusteer\Rapport\bin\msvcr80.dll
MOD - [2009/06/20 17:44:09 | 00,008,704 | ---- | M] () -- C:\Program Files\Real\RealPlayer\rpchromebrowserrecordhelper.dll
MOD - [2007/06/21 09:12:50 | 00,087,344 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\pavoepl.dll
MOD - [2007/04/02 05:00:48 | 00,086,016 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2003/03/18 20:14:52 | 00,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSVCP71.DLL
MOD - [2003/02/21 04:42:22 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSVCR71.DLL
========== Win32 Services (SafeList) ==========
SRV - [2009/08/18 20:39:06 | 00,955,624 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2009/06/20 18:11:43 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 21:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/05/13 16:44:00 | 00,077,480 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2007/07/16 15:14:22 | 00,148,272 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe -- (PAVSRV)
SRV - [2007/07/12 11:47:30 | 00,169,264 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe -- (Panda Software Controller)
SRV - [2007/06/14 15:38:02 | 00,063,024 | ---- | M] (Panda Software) -- C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe -- (PavPrSrv)
SRV - [2007/05/24 10:31:26 | 00,108,592 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe -- (PSIMSVC)
SRV - [2007/04/23 11:22:14 | 03,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/04/01 09:02:36 | 00,273,256 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007/01/15 14:42:16 | 00,067,120 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe -- (pmshellsrv)
SRV - [2006/10/30 22:29:28 | 00,036,864 | ---- | M] () -- C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe -- (SNM WLAN Service)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/08/12 17:37:50 | 01,504,256 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2004/04/15 19:59:42 | 00,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE -- (Pml Driver HPZ12)
SRV - [2003/09/16 15:50:18 | 00,061,440 | ---- | M] (KYOCERA MITA CORPORATION) -- C:\Program Files\Kyocera Mita\FileUtility\SFUSVC.exe -- (SFUSVC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/06/20 17:44:10 | 00,000,000 | ---D | M]
O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [4oD] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE (Panda Software International)
O4 - HKLM..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics)
O4 - HKLM..\Run: [EDS] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MagicKeyboard] C:\Program Files\Samsung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe (Panda Software International)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Syed Ihsan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Scanner File Utility.lnk = C:\Program Files\Kyocera Mita\FileUtility\NsCatCom.exe (KYOCERA MITA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{00CD55D6-EE5A-4570-9875-8A306628C032}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Panda Security\Panda Internet Security 2008\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Panda Security\Panda Internet Security 2008\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Panda Security\Panda Internet Security 2008\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Panda Security\Panda Internet Security 2008\pavlsp.dll (Panda Software International)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1245227281546 (MUWebControl Class)
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} https://www1.gotomee...ets/g2mdlax.cab (GoToMeeting/GoToWebinar Web Starter)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (Panda Software International)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/11 23:32:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/11/12 16:16:35 | 00,001,166 | ---- | M] () - C:\Autoreport _ Repor-KT07VN.pcf -- [ NTFS ]
O32 - AutoRun File - [2009/11/12 16:16:35 | 00,010,847 | ---- | M] () - C:\Autoreport _ Repor-KT07VN.ppf -- [ NTFS ]
O33 - MountPoints2\{02c5cd6c-8868-11de-adf2-002269e24000}\Shell - "" = AutoRun
O33 - MountPoints2\{02c5cd6c-8868-11de-adf2-002269e24000}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{26ecae8a-e7c8-11dd-ad47-001377d32071}\Shell\Auto\command - "" = scurity.exe
O33 - MountPoints2\{26ecae8a-e7c8-11dd-ad47-001377d32071}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{285b958a-6496-11de-adca-002269e24000}\Shell - "" = AutoRun
O33 - MountPoints2\{285b958a-6496-11de-adca-002269e24000}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{285b958a-6496-11de-adca-002269e24000}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5f270fd5-775f-11de-adda-00059a3c7800}\Shell - "" = AutoRun
O33 - MountPoints2\{5f270fd5-775f-11de-adda-00059a3c7800}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{afc694e7-d021-11de-ae2b-002163c48961}\Shell - "" = AutoRun
O33 - MountPoints2\{afc694e7-d021-11de-ae2b-002163c48961}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{afc694e7-d021-11de-ae2b-002163c48961}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
========== Files/Folders - Created Within 14 Days ==========
[2009/11/28 20:54:28 | 00,535,552 | ---- | C] (OldTimer Tools) -- D:\Syed Ihsan\Desktop\OTL.exe
[2009/11/28 20:50:36 | 00,472,064 | ---- | C] ( ) -- D:\Syed Ihsan\Desktop\RootRepeal.exe
[2009/11/28 20:24:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Syed Ihsan\Application Data\Malwarebytes
[2009/11/28 20:24:10 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/28 20:24:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/28 20:24:08 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/28 20:24:08 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/20 11:33:09 | 00,000,000 | ---D | C] -- D:\Syed Ihsan\My Documents\REQ010882 invoice_files
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2009/11/28 20:54:48 | 00,535,552 | ---- | M] (OldTimer Tools) -- D:\Syed Ihsan\Desktop\OTL.exe
[2009/11/28 20:51:08 | 00,000,015 | ---- | M] () -- D:\Syed Ihsan\Desktop\settings.dat
[2009/11/28 20:50:38 | 00,472,064 | ---- | M] ( ) -- D:\Syed Ihsan\Desktop\RootRepeal.exe
[2009/11/28 20:47:11 | 00,578,468 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/28 20:47:11 | 00,482,536 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/28 20:47:11 | 00,086,080 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/28 20:43:18 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/11/28 20:42:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/28 20:42:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/28 20:42:33 | 10,637,02528 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/28 20:41:42 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\Syed Ihsan\NTUSER.DAT
[2009/11/28 20:41:42 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Syed Ihsan\ntuser.ini
[2009/11/28 20:37:02 | 00,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2557262065-285147340-301454875-1005UA.job
[2009/11/28 20:24:13 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/28 19:26:18 | 00,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2009/11/28 19:19:09 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/27 22:48:10 | 00,104,929 | ---- | M] () -- D:\Syed Ihsan\My Documents\life.xps
[2009/11/27 12:37:00 | 00,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2557262065-285147340-301454875-1005Core.job
[2009/11/27 12:31:50 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/23 12:05:19 | 00,000,191 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2009/11/20 11:33:09 | 00,004,026 | ---- | M] () -- D:\Syed Ihsan\My Documents\REQ010882 invoice.htm
[2009/11/17 08:37:48 | 00,002,179 | ---- | M] () -- D:\Syed Ihsan\Desktop\Google Chrome.lnk
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2009/11/28 20:50:44 | 00,000,015 | ---- | C] () -- D:\Syed Ihsan\Desktop\settings.dat
[2009/11/28 20:24:13 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/27 22:48:08 | 00,104,929 | ---- | C] () -- D:\Syed Ihsan\My Documents\life.xps
[2009/11/20 11:33:09 | 00,004,026 | ---- | C] () -- D:\Syed Ihsan\My Documents\REQ010882 invoice.htm
[2009/10/06 08:12:16 | 00,000,191 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI
[2009/07/17 11:45:44 | 00,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/07/06 13:22:43 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\bsrmgcv.dll
[2009/07/06 13:22:43 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\bsrmgps.dll
[2009/07/06 13:22:22 | 00,585,728 | ---- | C] () -- C:\WINDOWS\System32\bsratswf.dll
[2009/07/06 13:22:22 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\bsratwmv.dll
[2009/06/15 15:19:56 | 00,032,768 | ---- | C] () -- C:\Documents and Settings\Syed Ihsan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/08 10:30:54 | 00,000,191 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2009/04/08 10:28:37 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2009/01/21 09:35:28 | 00,001,520 | ---- | C] () -- C:\WINDOWS\System32\Maintenance_KBD.ini
[2009/01/21 09:20:37 | 00,000,179 | ---- | C] () -- C:\WINDOWS\nscatch.ini
[2009/01/20 07:19:56 | 00,001,520 | ---- | C] () -- C:\WINDOWS\System32\Syed Ihsan_KBD.ini
[2008/12/11 18:20:24 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/11/11 23:44:21 | 00,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI
[2008/11/11 23:44:21 | 00,001,520 | ---- | C] () -- C:\WINDOWS\System32\Owner_KBD.ini
[2008/11/11 23:44:18 | 00,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
[2008/11/11 23:44:18 | 00,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
[2008/11/11 23:44:18 | 00,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
[2008/11/11 23:44:18 | 00,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
[2008/11/11 23:44:18 | 00,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
[2008/11/11 23:44:18 | 00,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
[2008/11/11 23:44:18 | 00,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
[2008/11/11 23:44:18 | 00,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
[2008/11/11 23:44:18 | 00,001,857 | ---- | C] () -- C:\WINDOWS\System32\KBDUU.INI
[2008/11/11 23:44:18 | 00,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
[2008/11/11 23:44:18 | 00,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
[2008/11/11 23:44:18 | 00,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI
[2008/11/11 23:44:18 | 00,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
[2008/11/11 23:44:18 | 00,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI
[2008/11/11 23:44:18 | 00,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI
[2008/11/11 23:44:18 | 00,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
[2008/11/11 23:44:18 | 00,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI
[2008/11/11 23:42:05 | 00,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini
[2008/11/11 23:42:05 | 00,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini
[2008/11/11 23:38:50 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/11/11 22:12:32 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/04/01 09:00:28 | 02,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/04/01 08:41:52 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/10/19 16:37:00 | 00,015,852 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2005/08/12 17:38:00 | 00,181,176 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2005/08/12 17:37:46 | 00,189,440 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/02/17 12:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== LOP Check ==========
[2009/02/03 21:28:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2009/03/16 07:31:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cogniview
[2009/11/28 20:57:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/01/19 17:42:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sentinel
[2009/09/02 07:48:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2008/11/11 23:39:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLAN
[2009/03/16 07:31:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Application Data\Cogniview
[2009/09/02 07:48:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Application Data\Trusteer
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: ATAPI.SYS >
[2008/04/14 08:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 08:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 12:00:00 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/14 12:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 12:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/14 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008/04/14 12:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 12:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< End of report >
[2009/11/28 21:00:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/11/28 20:54:48 | 00,535,552 | ---- | M] (OldTimer Tools) -- D:\Syed Ihsan\Desktop\OTL.exe
[2009/11/28 20:51:08 | 00,000,015 | ---- | M] () -- D:\Syed Ihsan\Desktop\settings.dat
[2009/11/28 20:50:38 | 00,472,064 | ---- | M] ( ) -- D:\Syed Ihsan\Desktop\RootRepeal.exe
[2009/11/28 20:47:11 | 00,578,468 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/28 20:47:11 | 00,482,536 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/28 20:47:11 | 00,086,080 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/28 20:43:18 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/11/28 20:42:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/28 20:42:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/28 20:41:42 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\Syed Ihsan\NTUSER.DAT
[2009/11/28 20:41:42 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Syed Ihsan\ntuser.ini
[2009/11/28 20:37:02 | 00,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2557262065-285147340-301454875-1005UA.job
[2009/11/28 20:24:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Application Data\Malwarebytes
[2009/11/28 20:24:14 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/28 20:24:13 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/28 20:24:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/28 19:26:18 | 00,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2009/11/28 19:19:09 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/27 22:48:10 | 00,104,929 | ---- | M] () -- D:\Syed Ihsan\My Documents\life.xps
[2009/11/27 12:37:00 | 00,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2557262065-285147340-301454875-1005Core.job
[2009/11/27 12:31:50 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/26 20:17:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Application Data\U3
[2009/11/26 20:06:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/11/23 12:05:19 | 00,000,191 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2009/11/20 11:33:09 | 00,004,026 | ---- | M] () -- D:\Syed Ihsan\My Documents\REQ010882 invoice.htm
[2009/11/17 08:37:48 | 00,002,179 | ---- | M] () -- D:\Syed Ihsan\Desktop\Google Chrome.lnk
[2009/11/17 08:37:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Local Settings\Application Data\Temp
[2009/11/13 09:01:15 | 00,124,687 | ---- | M] () -- D:\Syed Ihsan\My Documents\JV2DCM-Rolf Booking.pdf
[2009/11/12 07:55:16 | 00,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/04 13:02:54 | 00,000,375 | ---- | M] () -- D:\Syed Ihsan\Desktop\Shortcut to cv.lnk
[2009/11/04 13:01:52 | 00,028,672 | ---- | M] () -- D:\Syed Ihsan\Desktop\cv.odt
[2009/10/30 15:18:23 | 00,000,467 | ---- | M] () -- D:\Syed Ihsan\My Documents\ChatLog M4 Systems Demonstration 2009_10_30 15_18.rtf
[2009/10/18 14:35:42 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\Syed Ihsan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/06 07:51:28 | 00,068,456 | ---- | M] () -- C:\Documents and Settings\Syed Ihsan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/13 16:04:29 | 06,420,308 | -H-- | M] () -- C:\Documents and Settings\Syed Ihsan\Local Settings\Application Data\IconCache.db
[2008/11/11 15:24:29 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Syed Ihsan\Application Data\desktop.ini
[2008/11/11 15:24:29 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
========== Files - Modified Within 14 Days ==========
[2009/11/28 20:54:48 | 00,535,552 | ---- | M] (OldTimer Tools) -- D:\Syed Ihsan\Desktop\OTL.exe
[2009/11/28 20:51:08 | 00,000,015 | ---- | M] () -- D:\Syed Ihsan\Desktop\settings.dat
[2009/11/28 20:50:38 | 00,472,064 | ---- | M] ( ) -- D:\Syed Ihsan\Desktop\RootRepeal.exe
[2009/11/28 20:47:11 | 00,578,468 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/28 20:47:11 | 00,482,536 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/28 20:47:11 | 00,086,080 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/28 20:43:18 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/11/28 20:42:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/28 20:42:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/28 20:42:33 | 10,637,02528 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/28 20:41:42 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\Syed Ihsan\NTUSER.DAT
[2009/11/28 20:41:42 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Syed Ihsan\ntuser.ini
[2009/11/28 20:37:02 | 00,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2557262065-285147340-301454875-1005UA.job
[2009/11/28 20:24:13 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/28 19:26:18 | 00,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2009/11/28 19:19:09 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/27 22:48:10 | 00,104,929 | ---- | M] () -- D:\Syed Ihsan\My Documents\life.xps
[2009/11/27 12:37:00 | 00,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2557262065-285147340-301454875-1005Core.job
[2009/11/27 12:31:50 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/23 12:05:19 | 00,000,191 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2009/11/20 11:33:09 | 00,004,026 | ---- | M] () -- D:\Syed Ihsan\My Documents\REQ010882 invoice.htm
[2009/11/17 08:37:48 | 00,002,179 | ---- | M] () -- D:\Syed Ihsan\Desktop\Google Chrome.lnk
[2009/11/13 09:01:15 | 00,124,687 | ---- | M] () -- D:\Syed Ihsan\My Documents\JV2DCM-Rolf Booking.pdf
[2009/11/12 16:16:35 | 00,010,847 | ---- | M] () -- C:\Autoreport _ Repor-KT07VN.ppf
[2009/11/12 16:16:35 | 00,001,166 | ---- | M] () -- C:\Autoreport _ Repor-KT07VN.pcf
[2009/11/12 07:55:16 | 00,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/04 13:02:54 | 00,000,375 | ---- | M] () -- D:\Syed Ihsan\Desktop\Shortcut to cv.lnk
[2009/11/04 13:01:52 | 00,028,672 | ---- | M] () -- D:\Syed Ihsan\Desktop\cv.odt
[2009/10/30 15:18:23 | 00,000,467 | ---- | M] () -- D:\Syed Ihsan\My Documents\ChatLog M4 Systems Demonstration 2009_10_30 15_18.rtf
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== LOP Check ==========
[2009/02/03 21:28:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2009/03/16 07:31:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cogniview
[2009/11/28 21:02:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/01/19 17:42:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sentinel
[2009/09/02 07:48:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2008/11/11 23:39:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLAN
[2009/03/16 07:31:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Application Data\Cogniview
[2009/09/02 07:48:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Application Data\Trusteer
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: ATAPI.SYS >
[2008/04/14 08:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 08:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 12:00:00 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/14 12:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 12:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/14 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008/04/14 12:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 12:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< End of report >
[2009/11/28 21:02:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/11/28 20:54:48 | 00,535,552 | ---- | M] (OldTimer Tools) -- D:\Syed Ihsan\Desktop\OTL.exe
[2009/11/28 20:51:08 | 00,000,015 | ---- | M] () -- D:\Syed Ihsan\Desktop\settings.dat
[2009/11/28 20:50:38 | 00,472,064 | ---- | M] ( ) -- D:\Syed Ihsan\Desktop\RootRepeal.exe
[2009/11/28 20:47:11 | 00,578,468 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/28 20:47:11 | 00,482,536 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/28 20:47:11 | 00,086,080 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/28 20:43:18 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/11/28 20:42:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/28 20:42:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/28 20:41:42 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\Syed Ihsan\NTUSER.DAT
[2009/11/28 20:41:42 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Syed Ihsan\ntuser.ini
[2009/11/28 20:37:02 | 00,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2557262065-285147340-301454875-1005UA.job
[2009/11/28 20:24:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Application Data\Malwarebytes
[2009/11/28 20:24:14 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/28 20:24:13 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/28 20:24:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/28 19:26:18 | 00,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2009/11/28 19:19:09 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/27 22:48:10 | 00,104,929 | ---- | M] () -- D:\Syed Ihsan\My Documents\life.xps
[2009/11/27 12:37:00 | 00,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2557262065-285147340-301454875-1005Core.job
[2009/11/27 12:31:50 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/26 20:17:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Application Data\U3
[2009/11/26 20:06:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/11/23 12:05:19 | 00,000,191 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2009/11/20 11:33:09 | 00,004,026 | ---- | M] () -- D:\Syed Ihsan\My Documents\REQ010882 invoice.htm
[2009/11/17 08:37:48 | 00,002,179 | ---- | M] () -- D:\Syed Ihsan\Desktop\Google Chrome.lnk
[2009/11/17 08:37:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Local Settings\Application Data\Temp
[2009/11/13 09:01:15 | 00,124,687 | ---- | M] () -- D:\Syed Ihsan\My Documents\JV2DCM-Rolf Booking.pdf
[2009/11/12 07:55:16 | 00,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/04 13:02:54 | 00,000,375 | ---- | M] () -- D:\Syed Ihsan\Desktop\Shortcut to cv.lnk
[2009/11/04 13:01:52 | 00,028,672 | ---- | M] () -- D:\Syed Ihsan\Desktop\cv.odt
[2009/10/30 15:18:23 | 00,000,467 | ---- | M] () -- D:\Syed Ihsan\My Documents\ChatLog M4 Systems Demonstration 2009_10_30 15_18.rtf
[2009/10/18 14:35:42 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\Syed Ihsan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/06 07:51:28 | 00,068,456 | ---- | M] () -- C:\Documents and Settings\Syed Ihsan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/13 16:04:29 | 06,420,308 | -H-- | M] () -- C:\Documents and Settings\Syed Ihsan\Local Settings\Application Data\IconCache.db
[2008/11/11 15:24:29 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Syed Ihsan\Application Data\desktop.ini
[2008/11/11 15:24:29 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2009/11/28 20:54:48 | 00,535,552 | ---- | M] (OldTimer Tools) -- D:\Syed Ihsan\Desktop\OTL.exe
[2009/11/28 20:51:08 | 00,000,015 | ---- | M] () -- D:\Syed Ihsan\Desktop\settings.dat
[2009/11/28 20:50:38 | 00,472,064 | ---- | M] ( ) -- D:\Syed Ihsan\Desktop\RootRepeal.exe
[2009/11/28 20:47:11 | 00,578,468 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/28 20:47:11 | 00,482,536 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/28 20:47:11 | 00,086,080 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/28 20:43:18 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/11/28 20:42:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/28 20:42:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/28 20:42:33 | 10,637,02528 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/28 20:41:42 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\Syed Ihsan\NTUSER.DAT
[2009/11/28 20:41:42 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Syed Ihsan\ntuser.ini
[2009/11/28 20:37:02 | 00,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2557262065-285147340-301454875-1005UA.job
[2009/11/28 20:24:13 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/28 19:26:18 | 00,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2009/11/28 19:19:09 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/27 22:48:10 | 00,104,929 | ---- | M] () -- D:\Syed Ihsan\My Documents\life.xps
[2009/11/27 12:37:00 | 00,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2557262065-285147340-301454875-1005Core.job
[2009/11/27 12:31:50 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/23 12:05:19 | 00,000,191 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2009/11/20 11:33:09 | 00,004,026 | ---- | M] () -- D:\Syed Ihsan\My Documents\REQ010882 invoice.htm
[2009/11/17 08:37:48 | 00,002,179 | ---- | M] () -- D:\Syed Ihsan\Desktop\Google Chrome.lnk
[2009/11/13 09:01:15 | 00,124,687 | ---- | M] () -- D:\Syed Ihsan\My Documents\JV2DCM-Rolf Booking.pdf
[2009/11/12 16:16:35 | 00,010,847 | ---- | M] () -- C:\Autoreport _ Repor-KT07VN.ppf
[2009/11/12 16:16:35 | 00,001,166 | ---- | M] () -- C:\Autoreport _ Repor-KT07VN.pcf
[2009/11/12 07:55:16 | 00,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/04 13:02:54 | 00,000,375 | ---- | M] () -- D:\Syed Ihsan\Desktop\Shortcut to cv.lnk
[2009/11/04 13:01:52 | 00,028,672 | ---- | M] () -- D:\Syed Ihsan\Desktop\cv.odt
[2009/10/30 15:18:23 | 00,000,467 | ---- | M] () -- D:\Syed Ihsan\My Documents\ChatLog M4 Systems Demonstration 2009_10_30 15_18.rtf
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== LOP Check ==========
[2009/02/03 21:28:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2009/03/16 07:31:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cogniview
[2009/11/28 21:02:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/01/19 17:42:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sentinel
[2009/09/02 07:48:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2008/11/11 23:39:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLAN
[2009/03/16 07:31:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Application Data\Cogniview
[2009/09/02 07:48:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Application Data\Trusteer
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: ATAPI.SYS >
[2008/04/14 08:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\System32\dllcache\atapi.sys
[2008/04/14 08:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\System32\drivers\atapi.sys
[2008/04/14 12:00:00 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\System32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/14 12:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 12:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/14 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008/04/14 12:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 12:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< End of report >
[2009/11/28 21:02:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/11/28 20:54:48 | 00,535,552 | ---- | M] (OldTimer Tools) -- D:\Syed Ihsan\Desktop\OTL.exe
[2009/11/28 20:51:08 | 00,000,015 | ---- | M] () -- D:\Syed Ihsan\Desktop\settings.dat
[2009/11/28 20:50:38 | 00,472,064 | ---- | M] ( ) -- D:\Syed Ihsan\Desktop\RootRepeal.exe
[2009/11/28 20:47:11 | 00,578,468 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/28 20:47:11 | 00,482,536 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/28 20:47:11 | 00,086,080 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/28 20:43:18 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/11/28 20:42:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/28 20:42:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/28 20:41:42 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\Syed Ihsan\NTUSER.DAT
[2009/11/28 20:41:42 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Syed Ihsan\ntuser.ini
[2009/11/28 20:37:02 | 00,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2557262065-285147340-301454875-1005UA.job
[2009/11/28 20:24:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Application Data\Malwarebytes
[2009/11/28 20:24:14 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/28 20:24:13 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/28 20:24:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/28 19:26:18 | 00,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2009/11/28 19:19:09 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/27 22:48:10 | 00,104,929 | ---- | M] () -- D:\Syed Ihsan\My Documents\life.xps
[2009/11/27 12:37:00 | 00,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2557262065-285147340-301454875-1005Core.job
[2009/11/27 12:31:50 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/26 20:17:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Application Data\U3
[2009/11/26 20:06:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/11/23 12:05:19 | 00,000,191 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2009/11/20 11:33:09 | 00,004,026 | ---- | M] () -- D:\Syed Ihsan\My Documents\REQ010882 invoice.htm
[2009/11/17 08:37:48 | 00,002,179 | ---- | M] () -- D:\Syed Ihsan\Desktop\Google Chrome.lnk
[2009/11/17 08:37:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Local Settings\Application Data\Temp
[2009/11/13 09:01:15 | 00,124,687 | ---- | M] () -- D:\Syed Ihsan\My Documents\JV2DCM-Rolf Booking.pdf
[2009/11/12 07:55:16 | 00,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/04 13:02:54 | 00,000,375 | ---- | M] () -- D:\Syed Ihsan\Desktop\Shortcut to cv.lnk
[2009/11/04 13:01:52 | 00,028,672 | ---- | M] () -- D:\Syed Ihsan\Desktop\cv.odt
[2009/10/30 15:18:23 | 00,000,467 | ---- | M] () -- D:\Syed Ihsan\My Documents\ChatLog M4 Systems Demonstration 2009_10_30 15_18.rtf
[2009/10/18 14:35:42 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\Syed Ihsan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/06 07:51:28 | 00,068,456 | ---- | M] () -- C:\Documents and Settings\Syed Ihsan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/13 16:04:29 | 06,420,308 | -H-- | M] () -- C:\Documents and Settings\Syed Ihsan\Local Settings\Application Data\IconCache.db
[2008/11/11 15:24:29 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Syed Ihsan\Application Data\desktop.ini
[2008/11/11 15:24:29 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2009/11/28 20:54:48 | 00,535,552 | ---- | M] (OldTimer Tools) -- D:\Syed Ihsan\Desktop\OTL.exe
[2009/11/28 20:51:08 | 00,000,015 | ---- | M] () -- D:\Syed Ihsan\Desktop\settings.dat
[2009/11/28 20:50:38 | 00,472,064 | ---- | M] ( ) -- D:\Syed Ihsan\Desktop\RootRepeal.exe
[2009/11/28 20:47:11 | 00,578,468 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/28 20:47:11 | 00,482,536 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/28 20:47:11 | 00,086,080 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/28 20:43:18 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/11/28 20:42:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/28 20:42:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/28 20:42:33 | 10,637,02528 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/28 20:41:42 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\Syed Ihsan\NTUSER.DAT
[2009/11/28 20:41:42 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Syed Ihsan\ntuser.ini
[2009/11/28 20:37:02 | 00,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2557262065-285147340-301454875-1005UA.job
[2009/11/28 20:24:13 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/28 19:26:18 | 00,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2009/11/28 19:19:09 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/27 22:48:10 | 00,104,929 | ---- | M] () -- D:\Syed Ihsan\My Documents\life.xps
[2009/11/27 12:37:00 | 00,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2557262065-285147340-301454875-1005Core.job
[2009/11/27 12:31:50 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/23 12:05:19 | 00,000,191 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2009/11/20 11:33:09 | 00,004,026 | ---- | M] () -- D:\Syed Ihsan\My Documents\REQ010882 invoice.htm
[2009/11/17 08:37:48 | 00,002,179 | ---- | M] () -- D:\Syed Ihsan\Desktop\Google Chrome.lnk
[2009/11/13 09:01:15 | 00,124,687 | ---- | M] () -- D:\Syed Ihsan\My Documents\JV2DCM-Rolf Booking.pdf
[2009/11/12 16:16:35 | 00,010,847 | ---- | M] () -- C:\Autoreport _ Repor-KT07VN.ppf
[2009/11/12 16:16:35 | 00,001,166 | ---- | M] () -- C:\Autoreport _ Repor-KT07VN.pcf
[2009/11/12 07:55:16 | 00,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/04 13:02:54 | 00,000,375 | ---- | M] () -- D:\Syed Ihsan\Desktop\Shortcut to cv.lnk
[2009/11/04 13:01:52 | 00,028,672 | ---- | M] () -- D:\Syed Ihsan\Desktop\cv.odt
[2009/10/30 15:18:23 | 00,000,467 | ---- | M] () -- D:\Syed Ihsan\My Documents\ChatLog M4 Systems Demonstration 2009_10_30 15_18.rtf
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== LOP Check ==========
[2009/02/03 21:28:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2009/03/16 07:31:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cogniview
[2009/11/28 21:02:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/01/19 17:42:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sentinel
[2009/09/02 07:48:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2008/11/11 23:39:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLAN
[2009/03/16 07:31:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Application Data\Cogniview
[2009/09/02 07:48:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Syed Ihsan\Application Data\Trusteer
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: ATAPI.SYS >
[2008/04/14 08:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\System32\dllcache\atapi.sys
[2008/04/14 08:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\System32\drivers\atapi.sys
[2008/04/14 12:00:00 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\System32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/14 12:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 12:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/14 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008/04/14 12:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 12:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< End of report >
Extras:
OTL Extras logfile created on: 11/28/2009 8:58:06 PM - Run 1
OTL by OldTimer - Version 3.1.11.2 Folder = D:\Syed Ihsan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.36 Mb Total Physical Memory | 543.38 Mb Available Physical Memory | 53.57% Memory free
2.39 Gb Paging File | 1.93 Gb Available in Paging File | 80.92% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.04 Gb Total Space | 57.04 Gb Free Space | 80.29% Space Free | Partition Type: NTFS
Drive D: | 72.00 Gb Total Space | 61.08 Gb Free Space | 84.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC-406
Current User Name: Syed Ihsan
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files\Panda Security\Panda Internet Security 2008\PAVSCRIP.EXE (Panda Software International)
.jse [@ = JSEFile] -- C:\Program Files\Panda Security\Panda Internet Security 2008\PAVSCRIP.EXE (Panda Software International)
.vbe [@ = VBEFile] -- C:\Program Files\Panda Security\Panda Internet Security 2008\PAVSCRIP.EXE (Panda Software International)
.vbs [@ = VBSFile] -- C:\Program Files\Panda Security\Panda Internet Security 2008\PAVSCRIP.EXE (Panda Software International)
.wsf [@ = WSFFile] -- C:\Program Files\Panda Security\Panda Internet Security 2008\PAVSCRIP.EXE (Panda Software International)
.wsh [@ = WSHFile] -- C:\Program Files\Panda Security\Panda Internet Security 2008\PAVSCRIP.EXE (Panda Software International)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
jsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* (Panda Software International)
jsefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* (Panda Software International)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* (Panda Software International)
vbsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* (Panda Software International)
wsffile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* (Panda Software International)
wshfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* (Panda Software International)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Zattoo\zattood.exe" = C:\Program Files\Zattoo\zattood.exe:*:Enabled:zattood -- ()
"C:\Program Files\Zattoo\Zattoo1.exe" = C:\Program Files\Zattoo\Zattoo1.exe:*:Enabled: -- ()
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- (Kontiki Inc.)
"C:\Program Files\Zattoo\Zattoo2.exe" = C:\Program Files\Zattoo\Zattoo2.exe:*:Enabled: -- ()
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00CD55D6-EE5A-4570-9875-8A306628C032}" = Cisco Systems VPN Client 4.7.00.0533
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{5007E629-8769-44BB-BD51-A20B6DCC5CC9}" = Microsoft Office Accounting 2009
"{53276F5A-85AB-4BEF-BAA2-2490975DC006}" = Microsoft Office Accounting 2009 Fixed Asset Manager
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5CBB720F-08E6-4043-B83F-76C277AF6DE7}" = Samsung Wallpaper
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{61C79AE1-5403-4687-AC68-28BFA5EF3895}" = KyoceraMita Scanner File Utility
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{8B7443F5-E141-42A0-AB61-ED2331AAD606}" = 4oD
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{ABB14904-A11B-4F42-996C-80FD608A0F17}" = Samsung EDS
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6C148EC-55FB-4FDF-AD4F-ECEA579D040D}" = Microsoft Office Accounting 2009 Equifax Addin
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9AE6BE1-5847-4962-86B0-2A290B7E6C43}" = Microsoft Office Accounting 2009 Tax Integration Add-in
"{DC0C35E4-CD3D-4F12-95BB-7C74D9467BD7}" = Microsoft Office Accounting 2009 PayPal Addin
"{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"{EEBA9416-3207-47E0-9022-116440599DBC}" = Panda Internet Security 2008
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}" = Atheros WLAN Client
"4oD" = 4oD
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BulentsScreenRecorder4" = BSR Screen Recorder 4
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2009" = Microsoft Office Accounting 2009
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 6.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tweak UI 2.10" = Tweak UI
"VISPROR" = Microsoft Office Visio Professional 2007 Trial
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zattoo" = Zattoo 3.3.1 Beta
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.0.0.320
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10/8/2009 3:18:34 AM | Computer Name = PC-406 | Source = Application Error | ID = 1000
Description = Faulting application btstac~1.exe, version 5.1.0.3300, faulting module
btstac~1.exe, version 5.1.0.3300, fault address 0x00095927.
Error - 10/8/2009 3:18:35 AM | Computer Name = PC-406 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 10/8/2009 3:18:35 AM | Computer Name = PC-406 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 10/8/2009 3:18:35 AM | Computer Name = PC-406 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 10/8/2009 3:18:36 AM | Computer Name = PC-406 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 10/8/2009 3:18:37 AM | Computer Name = PC-406 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 10/8/2009 3:32:25 AM | Computer Name = PC-406 | Source = Google Update | ID = 20
Description =
Error - 10/8/2009 4:32:14 AM | Computer Name = PC-406 | Source = Google Update | ID = 20
Description =
Error - 10/8/2009 5:32:14 AM | Computer Name = PC-406 | Source = Google Update | ID = 20
Description =
Error - 10/8/2009 6:32:15 AM | Computer Name = PC-406 | Source = Google Update | ID = 20
Description =
[ OSession Events ]
Error - 2/23/2009 12:17:47 PM | Computer Name = PC-406 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 15691
seconds with 4320 seconds of active time. This session ended with a crash.
Error - 6/19/2009 8:16:23 AM | Computer Name = PC-406 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.
Error - 6/19/2009 8:16:39 AM | Computer Name = PC-406 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.
Error - 6/19/2009 8:16:45 AM | Computer Name = PC-406 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 8/14/2009 4:38:21 AM | Computer Name = PC-406 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2449
seconds with 660 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 11/25/2009 6:16:33 PM | Computer Name = PC-406 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 11/25/2009 6:16:34 PM | Computer Name = PC-406 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 11/25/2009 6:16:34 PM | Computer Name = PC-406 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 11/26/2009 4:14:58 PM | Computer Name = PC-406 | Source = Service Control Manager | ID = 7000
Description = The MEMIO service failed to start due to the following error: %%2
Error - 11/27/2009 8:31:03 AM | Computer Name = PC-406 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 002163C48961 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 11/27/2009 2:11:13 PM | Computer Name = PC-406 | Source = Service Control Manager | ID = 7000
Description = The MEMIO service failed to start due to the following error: %%2
Error - 11/27/2009 3:10:12 PM | Computer Name = PC-406 | Source = Service Control Manager | ID = 7000
Description = The MEMIO service failed to start due to the following error: %%2
Error - 11/28/2009 3:19:17 PM | Computer Name = PC-406 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 002163C48961 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 11/28/2009 3:19:38 PM | Computer Name = PC-406 | Source = Service Control Manager | ID = 7000
Description = The MEMIO service failed to start due to the following error: %%2
Error - 11/28/2009 4:43:12 PM | Computer Name = PC-406 | Source = Service Control Manager | ID = 7000
Description = The MEMIO service failed to start due to the following error: %%2
< End of report >
MBAM Log:
Malwarebytes' Anti-Malware 1.41
Database version: 3251
Windows 5.1.2600 Service Pack 3
11/28/2009 8:30:59 PM
mbam-log-2009-11-28 (20-30-59).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 30623
Time elapsed: 5 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)