Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Slow Computer - Unknown Spyware/Virus/Trojan [Closed]

Started by micalparkz , May 23 2010 08:04 AM

This topic is locked

#1
micalparkz

Posted 23 May 2010 - 08:04 AM

Member

Member
128 posts

Hi there,

Recently I have noticed that my system is getting real slow. Sometimes the Internet Explorer gets stuck. During video streaming, the system acts real slow. I have been here at this forum before too and I read and followed all the intructions. I will be pasting the relevant information and hope that someone of you out there will help me out with this.

Thanks

#2
micalparkz

Posted 23 May 2010 - 08:05 AM

Member

Topic Starter
Member
128 posts

MBAM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4132

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

23/05/2010 13:36:42
mbam-log-2010-05-23 (13-36-42).txt

Scan type: Quick scan
Objects scanned: 123841
Time elapsed: 10 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#3
micalparkz

Posted 23 May 2010 - 08:05 AM

Member

Topic Starter
Member
128 posts

GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-23 14:51:43
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Muneeb\AppData\Local\Temp\kgkyrfod.sys

---- System - GMER 1.0.15 ----

SSDT 86AB15B8 ZwAlertResumeThread
SSDT 86AB1698 ZwAlertThread
SSDT 8652F5B0 ZwAllocateVirtualMemory
SSDT 863FF978 ZwAlpcConnectPort
SSDT 86523958 ZwAssignProcessToJobObject
SSDT 86523F00 ZwCreateMutant
SSDT 8652CEA0 ZwCreateSymbolicLinkObject
SSDT 8652DAA0 ZwCreateThread
SSDT 86523A38 ZwDebugActiveProcess
SSDT 86523070 ZwDuplicateObject
SSDT 8652F3D0 ZwFreeVirtualMemory
SSDT 86523FD0 ZwImpersonateAnonymousToken
SSDT 86AB14D8 ZwImpersonateThread
SSDT 863D4A28 ZwLoadDriver
SSDT 8652F2D0 ZwMapViewOfSection
SSDT 86523E20 ZwOpenEvent
SSDT 86523210 ZwOpenProcess
SSDT 8652F6A0 ZwOpenProcessToken
SSDT 86523C60 ZwOpenSection
SSDT 86523140 ZwOpenThread
SSDT 86523868 ZwProtectVirtualMemory
SSDT 86804E40 ZwResumeThread
SSDT 86AB1938 ZwSetContextThread
SSDT 86AB1A18 ZwSetInformationProcess
SSDT 86523B18 ZwSetSystemInformation
SSDT 86523D40 ZwSuspendProcess
SSDT 86AB1778 ZwSuspendThread
SSDT 86523328 ZwTerminateProcess
SSDT 86AB1858 ZwTerminateThread
SSDT 86AB1AE8 ZwUnmapViewOfSection
SSDT 8652F4C0 ZwWriteVirtualMemory
SSDT 8652CF70 ZwCreateThreadEx

INT 0x62 ? 85B4BBF8
INT 0x72 ? 85B4BBF8
INT 0x82 ? 85B4BBF8
INT 0x92 ? 84D5DBF8
INT 0x92 ? 84D5DBF8
INT 0x92 ? 84D5DBF8
INT 0x92 ? 84D5DBF8
INT 0x92 ? 85B4BBF8
INT 0x92 ? 84D5DBF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 822FD880 8 Bytes [B8, 15, AB, 86, 98, 16, AB, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 822FD894 4 Bytes [B0, F5, 52, 86]
.text ntkrnlpa.exe!KeSetEvent + 13D 822FD8A0 4 Bytes [78, F9, 3F, 86]
.text ntkrnlpa.exe!KeSetEvent + 191 822FD8F4 4 Bytes [58, 39, 52, 86] {POP EAX; CMP [EDX-0x7a], EDX}
.text ntkrnlpa.exe!KeSetEvent + 1F5 822FD958 4 Bytes [00, 3F, 52, 86]
.text ...
? System32\Drivers\spvs.sys The system cannot find the path specified. !
.text tcpip.sys!EQoSTestHook + FFF85952 87E21A00 5 Bytes [3B, F0, 0F, 87, D6]
.text tcpip.sys!EQoSTestHook + FFF8595A 87E21A08 11 Bytes CALL 87E21B2B \SystemRoot\System32\drivers\tcpip.sys (TCP/IP Driver/Microsoft Corporation)
.text tcpip.sys!EQoSTestHook + FFF85968 87E21A16 7 Bytes [D1, EE, 66, 83, 7C, 77, FE]
.text tcpip.sys!EQoSTestHook + FFF85970 87E21A1E 6 Bytes [74, 0A, 68, 68, 08, EC]
.text tcpip.sys!EQoSTestHook + FFF85977 87E21A25 2 Bytes JMP 87E21AE3 \SystemRoot\System32\drivers\tcpip.sys (TCP/IP Driver/Microsoft Corporation)
.text ...
.text USBPORT.SYS!DllUnload 8C3E541B 5 Bytes JMP 85B4B1D8
.text adyh40h9.SYS 8B986000 22 Bytes [82, 53, 22, 82, 6C, 52, 22, ...]
.text adyh40h9.SYS 8B986017 181 Bytes [00, 32, 77, 78, 80, 3D, 75, ...]
.text adyh40h9.SYS 8B9860CE 10 Bytes [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}
.text adyh40h9.SYS 8B9860DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text adyh40h9.SYS 8B9860E7 714 Bytes [00, F0, 0E, 00, 00, 00, 00, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!CreateDialogParamW 775E72A2 5 Bytes JMP 6EC9DE50 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!GetAsyncKeyState 775E863C 5 Bytes JMP 6EBB8EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!SetWindowsHookExW 775E87AD 5 Bytes JMP 6EC99A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!CallNextHookEx 775E8E3B 5 Bytes JMP 6EC8D101 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!UnhookWindowsHookEx 775E98DB 5 Bytes JMP 6EC0466E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!EnableWindow 775ECD8B 5 Bytes JMP 6EC9DCDD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!CreateWindowExW 775F1305 5 Bytes JMP 6EC9DAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!GetKeyState 775F8CB1 5 Bytes JMP 6EC9D28B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!IsDialogMessageW 77600745 5 Bytes JMP 6EBC5A17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!CreateDialogParamA 776017AA 5 Bytes JMP 6ED953AB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!IsDialogMessage 77601847 5 Bytes JMP 6ED94C47 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!CreateDialogIndirectParamA 776026F1 5 Bytes JMP 6ED953E2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!CreateDialogIndirectParamW 77609A62 5 Bytes JMP 6ED95419 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!SetKeyboardState 77610987 5 Bytes JMP 6ED94FB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!DialogBoxParamW 776110B0 5 Bytes JMP 6EBC5505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!DialogBoxIndirectParamW 77612EF5 5 Bytes JMP 6ED9473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!SendInput 77612F75 5 Bytes JMP 6ED95B73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!EndDialog 7761326E 5 Bytes JMP 6EBC7EC2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!SetCursorPos 77626FB2 5 Bytes JMP 6ED95BC7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!DialogBoxParamA 77628152 5 Bytes JMP 6ED946DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!DialogBoxIndirectParamA 7762847D 5 Bytes JMP 6ED947A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!MessageBoxIndirectA 7763D4D9 5 Bytes JMP 6ED94671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!MessageBoxIndirectW 7763D5D3 5 Bytes JMP 6ED94606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!MessageBoxExA 7763D639 5 Bytes JMP 6ED945A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!MessageBoxExW 7763D65D 5 Bytes JMP 6ED94542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!keybd_event 7763D972 5 Bytes JMP 6ED95EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] SHELL32.dll!SHRestricted + D95 761C8988 4 Bytes [4D, 30, FE, 72]
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] SHELL32.dll!SHRestricted + D9D 761C8990 8 Bytes [57, 2F, FE, 72, 9C, 5B, FD, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] ole32.dll!OleLoadFromStream 76D61E12 5 Bytes JMP 6ED94AA7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] ole32.dll!CoCreateInstance 76D99EA6 5 Bytes JMP 6EC9DB20 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] ws2_32.dll!closesocket 7611330C 5 Bytes JMP 6DC4EEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] ws2_32.dll!recv 7611343A 5 Bytes JMP 6DC4F1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] ws2_32.dll!socket 761136D1 5 Bytes JMP 6DC4E59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] ws2_32.dll!connect 761140D9 5 Bytes JMP 6DC4E62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] ws2_32.dll!getaddrinfo 7611418A 5 Bytes JMP 6DC4E71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] ws2_32.dll!send 7611659B 5 Bytes JMP 6DC4E9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3772] kernel32.dll!FindResourceExA 77752575 7 Bytes JMP 2806C4C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3772] kernel32.dll!FindResourceA 77752653 5 Bytes JMP 2806C430 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3772] kernel32.dll!CreateEventA 777744C0 5 Bytes JMP 2806BF90 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3772] kernel32.dll!LockResource 777768DF 5 Bytes JMP 2806C670 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3772] kernel32.dll!FindResourceExW 777769FD 7 Bytes JMP 2806C3B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3772] kernel32.dll!LoadResource 77776ADB 7 Bytes JMP 2806C550 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3772] kernel32.dll!FindResourceW 77777FA1 5 Bytes JMP 2806C330 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3772] kernel32.dll!SizeofResource 77777FBF 7 Bytes JMP 2806C600 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3772] ADVAPI32.dll!CryptDeriveKey 76C5FCAE 7 Bytes JMP 2806BAA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3772] ADVAPI32.dll!CryptDecrypt 76C5FE91 7 Bytes JMP 2806BB00 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3772] USER32.dll!CreateDialogParamW 775E72A2 5 Bytes JMP 2806FC80 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3772] USER32.dll!SetWindowPlacement 775E7963 5 Bytes JMP 2806FB30 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3772] USER32.dll!SetWindowRgn 775EA221 7 Bytes JMP 2806FBD0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3772] USER32.dll!LoadImageW 775EC9E5 5 Bytes JMP 280702E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3772] USER32.dll!LoadIconW 775EDA9F 5 Bytes JMP 28070460 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3772] USER32.dll!CreateWindowExW 775F1305 5 Bytes JMP 2806DB70 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3772] USER32.dll!GetWindowLongW 775FF8BF 7 Bytes JMP 28070590 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3772] USER32.dll!PeekMessageW 7760045A 5 Bytes JMP 2806E590 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3772] USER32.dll!TrackPopupMenuEx 77610CE7 5 Bytes JMP 2806EC10 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3772] USER32.dll!MessageBoxIndirectW 7763D5D3 5 Bytes JMP 2806FE80 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3772] SHELL32.dll!Shell_NotifyIconW 76198626 5 Bytes JMP 2806D260 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3772] ole32.dll!CoRegisterClassObject 76D57DB6 5 Bytes JMP 2806C9D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3772] ole32.dll!CoCreateInstance 76D99EA6 5 Bytes JMP 2806CC50 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3772] ole32.dll!CoInitializeEx 76D9AD63 5 Bytes JMP 2806C8D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3772] WININET.dll!InternetReadFile 7750654B 5 Bytes JMP 28073800 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3772] WININET.dll!InternetCloseHandle 77509088 5 Bytes JMP 28073940 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3772] WININET.dll!HttpOpenRequestA 7750D508 5 Bytes JMP 280736A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3772] WININET.dll!HttpSendRequestA 7751EE89 5 Bytes JMP 280738A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Internet Explorer\iexplore.exe[3960] USER32.dll!CreateWindowExW 775F1305 5 Bytes JMP 6EC9DAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3960] USER32.dll!DialogBoxParamW 776110B0 5 Bytes JMP 6EBC5505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3960] USER32.dll!DialogBoxIndirectParamW 77612EF5 5 Bytes JMP 6ED9473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3960] USER32.dll!DialogBoxParamA 77628152 5 Bytes JMP 6ED946DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3960] USER32.dll!DialogBoxIndirectParamA 7762847D 5 Bytes JMP 6ED947A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3960] USER32.dll!MessageBoxIndirectA 7763D4D9 5 Bytes JMP 6ED94671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3960] USER32.dll!MessageBoxIndirectW 7763D5D3 5 Bytes JMP 6ED94606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3960] USER32.dll!MessageBoxExA 7763D639 5 Bytes JMP 6ED945A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3960] USER32.dll!MessageBoxExW 7763D65D 5 Bytes JMP 6ED94542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84D631F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 84D5F1F8
Device \Driver\usbuhci \Device\USBPDO-0 85C3F1F8
Device \Driver\PCI_PNP7511 \Device\00000052 spvs.sys
Device \Driver\usbehci \Device\USBPDO-1 85C3E1F8
Device \Driver\usbuhci \Device\USBPDO-2 85C3F1F8
Device \Driver\usbuhci \Device\USBPDO-3 85C3F1F8
Device \Driver\usbuhci \Device\USBPDO-4 85C3F1F8

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBPDO-5 85C3F1F8
Device \Driver\usbehci \Device\USBPDO-6 85C3E1F8
Device \Driver\volmgr \Device\HarddiskVolume1 84D5F1F8
Device \Driver\volmgr \Device\HarddiskVolume2 84D5F1F8
Device \Driver\cdrom \Device\CdRom0 85C451F8
Device \Driver\cdrom \Device\CdRom1 85C451F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84D611F8
Device \Driver\atapi \Device\Ide\IdePort0 84D611F8
Device \Driver\atapi \Device\Ide\IdePort1 84D611F8
Device \Driver\atapi \Device\Ide\IdePort2 84D611F8
Device \Driver\atapi \Device\Ide\IdePort3 84D611F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 84D611F8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 84D621F8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 84D621F8
Device \Driver\msahci \Device\Ide\PciIde0Channel4 84D621F8
Device \Driver\msahci \Device\Ide\PciIde0Channel5 84D621F8
Device \Driver\netbt \Device\NetBt_Wins_Export 868041F8
Device \Driver\Smb \Device\NetbiosSmb 866711F8
Device \Driver\iScsiPrt \Device\RaidPort0 85CB91F8
Device \Driver\netbt \Device\NetBT_Tcpip_{6751E093-3624-45FD-87C0-A5BA102A8C42} 868041F8

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 85C3F1F8
Device \Driver\usbehci \Device\USBFDO-1 85C3E1F8
Device \Driver\usbuhci \Device\USBFDO-2 85C3F1F8
Device \Driver\usbuhci \Device\USBFDO-3 85C3F1F8
Device \Driver\usbuhci \Device\USBFDO-4 85C3F1F8
Device \Driver\usbuhci \Device\USBFDO-5 85C3F1F8
Device \Driver\usbehci \Device\USBFDO-6 85C3E1F8
Device \Driver\sptd \Device\1846147541 spvs.sys
Device \Driver\netbt \Device\NetBT_Tcpip_{29001E24-50B1-48F4-8E2A-5B32BF5DAFE3} 868041F8
Device \Driver\adyh40h9 \Device\Scsi\adyh40h91 85CB71F8
Device \FileSystem\cdfs \Cdfs B2A72500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDF 0xA4 0x32 0x7E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x94 0xC6 0xCA 0x3D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x12 0xC0 0xB2 0x17 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xA3 0xCC 0xE6 0x1E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x6E 0x60 0xE0 0xF4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x07 0x01 0x7C 0x73 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDF 0xA4 0x32 0x7E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x94 0xC6 0xCA 0x3D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x12 0xC0 0xB2 0x17 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xA3 0xCC 0xE6 0x1E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x6E 0x60 0xE0 0xF4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x07 0x01 0x7C 0x73 ...

---- EOF - GMER 1.0.15 ----

#4
micalparkz

Posted 23 May 2010 - 08:06 AM

Member

Topic Starter
Member
128 posts

OTL.txt
OTL logfile created on: 23/05/2010 14:52:53 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Muneeb\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 53.28 Gb Free Space | 38.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MUNEEB-LODHI-PC
Current User Name: Muneeb
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/23 13:57:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Muneeb\Desktop\OTL.exe
PRC - [2010/05/05 13:47:58 | 009,242,424 | ---- | M] (FreeVoipDeal) -- C:\Program Files\FreeVoipDeal.com\FreeVoipDeal\freevoipdeal.exe
PRC - [2010/04/12 23:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/02/11 12:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/01/27 01:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe
PRC - [2009/12/25 19:51:14 | 008,129,056 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/11/24 23:24:24 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/08/22 09:26:07 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009/05/26 21:06:32 | 004,351,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/12 05:20:52 | 000,862,728 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/02/06 13:07:08 | 000,686,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
PRC - [2009/02/06 13:07:06 | 000,653,856 | ---- | M] (Acer Incorporated) -- C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
PRC - [2008/11/05 23:08:02 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2008/09/23 15:11:34 | 000,144,632 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/09/18 14:12:12 | 000,843,776 | ---- | M] () -- C:\Windows\vsnpstd3.exe

========== Modules (SafeList) ==========

MOD - [2010/05/23 13:57:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Muneeb\Desktop\OTL.exe
MOD - [2009/04/11 07:28:21 | 002,241,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
MOD - [2009/04/11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/21 03:34:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/21 03:33:54 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc_os.dll
MOD - [2006/11/02 10:46:13 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.dll
MOD - [2006/11/02 10:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/02/11 12:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/22 09:26:07 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/06 13:07:06 | 000,653,856 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2008/09/23 15:11:34 | 000,144,632 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/09/23 15:11:32 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) [On_Demand | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/05/05 23:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - [2010/05/10 09:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100522.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/10 09:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100522.003\NAVENG.SYS -- (NAVENG)
DRV - [2009/12/25 19:28:34 | 002,981,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/12/02 22:54:06 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/10/28 23:37:22 | 000,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100513.002\IDSvix86.sys -- (IDSVix86)
DRV - [2009/08/26 09:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/26 09:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/22 09:26:08 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2009/08/22 09:26:08 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/22 09:26:08 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/22 09:26:08 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 09:26:08 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/22 09:26:08 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/22 09:26:08 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/08/22 09:26:08 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/20 10:58:37 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/08/18 20:20:55 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/04/06 13:19:46 | 000,023,064 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/01/15 04:03:14 | 000,049,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)
DRV - [2009/01/09 02:48:16 | 000,204,976 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/12/10 16:56:26 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2008/11/04 22:13:32 | 000,952,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/10/28 17:29:36 | 002,476,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/30 10:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/01/30 10:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008/01/21 03:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 03:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 03:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 03:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 03:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/10/26 23:41:02 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/03/21 15:44:12 | 010,198,144 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2006/11/02 14:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006/11/02 14:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...A...0409&m=e525
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...A...0409&m=e525

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...A...0409&m=e525
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php?
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/27 01:55:23 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {4d02e7e6-5930-4b51-b9b0-9f21b3789400} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe (eMachines)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0; File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.139.132.107 212.139.132.11 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\eM1_Wide.bmp
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\eM1_Wide.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2348c50e-8759-11de-b212-00235a8afbea}\Shell - "" = AutoRun
O33 - MountPoints2\{2348c50e-8759-11de-b212-00235a8afbea}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{2348c50e-8759-11de-b212-00235a8afbea}\Shell\readit\command - "" = notepad readme.doc
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 03:46:39 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/05/23 13:57:17 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Muneeb\Desktop\OTL.exe
[2010/05/23 13:25:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/23 13:25:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/23 13:25:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/23 13:23:31 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/23 11:41:18 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Muneeb\Desktop\TFC.exe
[2010/05/15 08:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Age of Empires 3
[2010/05/15 08:48:54 | 000,000,000 | ---D | C] -- C:\Users\Muneeb\Documents\My Games
[2010/05/15 08:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/05/15 07:27:00 | 000,000,000 | ---D | C] -- C:\Users\Muneeb\AppData\Roaming\Malwarebytes
[2010/05/15 07:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/15 07:25:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/11 20:21:02 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/05/11 02:04:27 | 000,000,000 | ---D | C] -- C:\Users\Muneeb\AppData\Local\Acer ePower Management V4
[2010/05/09 19:13:18 | 000,000,000 | ---D | C] -- C:\Users\Muneeb\Desktop\Imran Khan
[2010/05/09 08:40:31 | 000,000,000 | ---D | C] -- C:\Users\Muneeb\{dfe01822-e176-44f5-8a32-3d41fab7784b}
[2010/05/09 08:40:27 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\Windows\System32\drivers\mcdbus.sys
[2010/05/09 08:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc
[2010/05/09 08:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2010/05/07 05:48:47 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/05/07 05:48:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/05/07 05:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/05/07 05:18:18 | 000,000,000 | ---D | C] -- C:\Windows\PaltalkScene
[2010/05/07 05:18:17 | 000,000,000 | ---D | C] -- C:\Program Files\Paltalk Messenger
[2010/04/26 23:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2010/04/24 04:56:00 | 000,000,000 | ---D | C] -- C:\Users\Muneeb\AppData\Roaming\FreeVoipDeal
[2010/04/24 04:53:14 | 000,000,000 | ---D | C] -- C:\Program Files\FreeVoipDeal.com
[2010/04/21 18:24:22 | 000,000,000 | ---D | C] -- C:\Users\Muneeb\AppData\Roaming\Mozilla
[2010/04/16 07:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/03/10 20:47:03 | 000,000,000 | ---D | C] -- C:\Users\Muneeb\Documents\Remote Assistance Logs
[2010/03/10 20:46:26 | 000,000,000 | ---D | C] -- C:\Users\Muneeb\AppData\Roaming\TeamViewer
[2010/03/10 20:45:55 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010/03/08 18:59:18 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\dpl100.dll
[2010/02/26 18:21:22 | 000,000,000 | ---D | C] -- C:\Users\Muneeb\AppData\Roaming\VoipBlast
[2010/02/26 18:19:45 | 000,000,000 | ---D | C] -- C:\Program Files\VoipBlast.com
[2009/07/03 21:13:45 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll
[2009/07/03 21:13:45 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2009/07/03 21:13:45 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2009/07/03 21:13:45 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll

========== Files - Modified Within 90 Days ==========

[2010/05/23 14:57:43 | 003,145,728 | -HS- | M] () -- C:\Users\Muneeb\NTUSER.DAT
[2010/05/23 14:24:02 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-20058629-2381750853-3300661804-1000UA.job
[2010/05/23 13:57:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Muneeb\Desktop\OTL.exe
[2010/05/23 13:55:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/23 13:55:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/23 13:25:08 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/23 13:23:32 | 000,000,735 | ---- | M] () -- C:\Users\Muneeb\Desktop\NTREGOPT.lnk
[2010/05/23 13:23:32 | 000,000,716 | ---- | M] () -- C:\Users\Muneeb\Desktop\ERUNT.lnk
[2010/05/23 11:56:49 | 000,052,736 | ---- | M] () -- C:\Users\Muneeb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/23 11:55:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/23 11:55:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/23 11:55:33 | 2074,066,944 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/23 11:54:32 | 000,524,288 | -HS- | M] () -- C:\Users\Muneeb\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/05/23 11:54:32 | 000,065,536 | -HS- | M] () -- C:\Users\Muneeb\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/05/23 11:43:10 | 000,444,908 | ---- | M] () -- C:\Users\Muneeb\Desktop\Malware and Spyware Cleaning Guide.mht
[2010/05/23 11:41:28 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Muneeb\Desktop\TFC.exe
[2010/05/23 11:39:38 | 734,011,392 | ---- | M] () -- C:\Users\Muneeb\Desktop\the good shepherd.avi
[2010/05/23 10:03:01 | 000,041,402 | ---- | M] () -- C:\Users\Muneeb\Desktop\nbh.jpg
[2010/05/23 09:54:00 | 000,212,314 | ---- | M] () -- C:\Users\Muneeb\Desktop\makuday.jpg
[2010/05/22 23:22:48 | 002,534,934 | -H-- | M] () -- C:\Users\Muneeb\AppData\Local\IconCache.db
[2010/05/22 10:07:24 | 1093,087,826 | ---- | M] () -- C:\Users\Muneeb\Desktop\bound by honor 1993.avi
[2010/05/21 00:24:00 | 000,000,858 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-20058629-2381750853-3300661804-1000Core.job
[2010/05/19 06:14:49 | 780,970,466 | ---- | M] () -- C:\Users\Muneeb\Desktop\rsuypjytkhtd.avi
[2010/05/19 03:08:06 | 000,001,033 | ---- | M] () -- C:\Users\Muneeb\Desktop\age3y - Shortcut.lnk
[2010/05/18 12:21:55 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/18 12:21:55 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/18 12:21:55 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/18 08:01:13 | 000,008,868 | ---- | M] () -- C:\Users\Muneeb\Desktop\rap addr.jpg
[2010/05/11 09:59:32 | 003,870,093 | ---- | M] () -- C:\Users\Muneeb\Desktop\06 Islam Ka Nizam-e-Jamaat.ram
[2010/05/09 09:23:10 | 000,026,112 | ---- | M] () -- C:\Users\Muneeb\Desktop\Deloitte expense form.doc
[2010/05/07 05:18:43 | 000,001,744 | ---- | M] () -- C:\Users\Muneeb\Desktop\PaltalkScene.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/28 23:36:43 | 000,447,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/26 23:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2010/04/24 04:53:19 | 000,000,947 | ---- | M] () -- C:\Users\Muneeb\Desktop\FreeVoipDeal.lnk
[2010/04/21 20:47:28 | 000,246,547 | ---- | M] () -- C:\Users\Muneeb\Desktop\UK_AnnualReport2009.pdf
[2010/04/21 20:02:30 | 000,080,896 | ---- | M] () -- C:\Users\Muneeb\Desktop\Skills%20And%20Learning%20Statement%20Edited[1].doc
[2010/04/16 06:30:43 | 000,035,328 | ---- | M] () -- C:\Users\Muneeb\Desktop\Application Questions.doc
[2010/04/12 03:20:01 | 000,913,272 | ---- | M] () -- C:\Users\Muneeb\Desktop\tier-1-post-study-work-for1.pdf
[2010/04/09 09:39:09 | 000,033,280 | ---- | M] () -- C:\Users\Muneeb\Documents\Muneeb CV - Other.doc
[2010/04/09 09:36:49 | 000,036,352 | ---- | M] () -- C:\Users\Muneeb\Documents\Muneeb CV Latest.doc
[2010/04/08 22:26:50 | 000,027,136 | ---- | M] () -- C:\Users\Muneeb\Documents\Cover letter assistant accountanty.doc
[2010/04/06 19:28:19 | 000,027,136 | ---- | M] () -- C:\Users\Muneeb\Documents\Cover letter management accountant.doc
[2010/04/06 19:18:40 | 000,027,136 | ---- | M] () -- C:\Users\Muneeb\Documents\Cover letter trainee accountant.doc
[2010/04/05 22:49:30 | 000,000,550 | ---- | M] () -- C:\Windows\ULEAD32.INI
[2010/03/20 22:27:03 | 000,272,711 | ---- | M] () -- C:\Users\Muneeb\Desktop\statement-of-policy.pdf
[2010/03/19 23:51:26 | 000,000,162 | -H-- | M] () -- C:\Users\Muneeb\Desktop\~$plication Questions.doc
[2010/03/11 04:10:43 | 000,000,298 | ---- | M] () -- C:\Windows\win.ini
[2010/03/08 18:59:18 | 000,094,208 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\dpl100.dll
[2010/03/03 12:11:59 | 000,498,879 | ---- | M] () -- C:\Users\Muneeb\Documents\Untitled.wma
[2010/03/03 11:50:19 | 000,449,489 | ---- | M] () -- C:\Users\Muneeb\Documents\Untitled (8).wma
[2010/02/26 18:19:50 | 000,000,902 | ---- | M] () -- C:\Users\Muneeb\Desktop\VoipBlast.lnk
[2010/02/25 05:15:42 | 000,127,184 | ---- | M] () -- C:\Users\Muneeb\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/23 15:53:57 | 000,000,680 | ---- | M] () -- C:\Users\Muneeb\AppData\Local\d3d9caps.dat

========== Files Created - No Company Name ==========

[2010/05/23 13:45:26 | 000,293,376 | ---- | C] () -- C:\Users\Muneeb\Desktop\gmer.exe
[2010/05/23 13:25:08 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/23 13:23:32 | 000,000,735 | ---- | C] () -- C:\Users\Muneeb\Desktop\NTREGOPT.lnk
[2010/05/23 13:23:32 | 000,000,716 | ---- | C] () -- C:\Users\Muneeb\Desktop\ERUNT.lnk
[2010/05/23 11:43:06 | 000,444,908 | ---- | C] () -- C:\Users\Muneeb\Desktop\Malware and Spyware Cleaning Guide.mht
[2010/05/23 11:38:26 | 734,011,392 | ---- | C] () -- C:\Users\Muneeb\Desktop\the good shepherd.avi
[2010/05/23 10:03:01 | 000,041,402 | ---- | C] () -- C:\Users\Muneeb\Desktop\nbh.jpg
[2010/05/23 09:54:00 | 000,212,314 | ---- | C] () -- C:\Users\Muneeb\Desktop\makuday.jpg
[2010/05/22 10:06:00 | 1093,087,826 | ---- | C] () -- C:\Users\Muneeb\Desktop\bound by honor 1993.avi
[2010/05/19 06:13:32 | 780,970,466 | ---- | C] () -- C:\Users\Muneeb\Desktop\rsuypjytkhtd.avi
[2010/05/19 03:08:06 | 000,001,033 | ---- | C] () -- C:\Users\Muneeb\Desktop\age3y - Shortcut.lnk
[2010/05/18 08:01:13 | 000,008,868 | ---- | C] () -- C:\Users\Muneeb\Desktop\rap addr.jpg
[2010/05/11 09:59:21 | 003,870,093 | ---- | C] () -- C:\Users\Muneeb\Desktop\06 Islam Ka Nizam-e-Jamaat.ram
[2010/05/09 09:22:26 | 000,026,112 | ---- | C] () -- C:\Users\Muneeb\Desktop\Deloitte expense form.doc
[2010/05/07 05:18:43 | 000,001,744 | ---- | C] () -- C:\Users\Muneeb\Desktop\PaltalkScene.lnk
[2010/04/24 04:53:19 | 000,000,947 | ---- | C] () -- C:\Users\Muneeb\Desktop\FreeVoipDeal.lnk
[2010/04/21 20:47:38 | 000,246,547 | ---- | C] () -- C:\Users\Muneeb\Desktop\UK_AnnualReport2009.pdf
[2010/04/21 20:02:28 | 000,080,896 | ---- | C] () -- C:\Users\Muneeb\Desktop\Skills%20And%20Learning%20Statement%20Edited[1].doc
[2010/04/12 03:20:41 | 000,913,272 | ---- | C] () -- C:\Users\Muneeb\Desktop\tier-1-post-study-work-for1.pdf
[2010/04/08 22:25:03 | 000,027,136 | ---- | C] () -- C:\Users\Muneeb\Documents\Cover letter assistant accountanty.doc
[2010/04/06 19:26:46 | 000,027,136 | ---- | C] () -- C:\Users\Muneeb\Documents\Cover letter management accountant.doc
[2010/03/20 22:44:41 | 000,272,711 | ---- | C] () -- C:\Users\Muneeb\Desktop\statement-of-policy.pdf
[2010/03/19 23:51:26 | 000,000,162 | -H-- | C] () -- C:\Users\Muneeb\Desktop\~$plication Questions.doc
[2010/03/03 12:11:59 | 000,498,879 | ---- | C] () -- C:\Users\Muneeb\Documents\Untitled.wma
[2010/03/03 11:50:19 | 000,449,489 | ---- | C] () -- C:\Users\Muneeb\Documents\Untitled (8).wma
[2010/02/26 18:19:50 | 000,000,902 | ---- | C] () -- C:\Users\Muneeb\Desktop\VoipBlast.lnk
[2009/09/15 08:48:14 | 000,000,061 | ---- | C] () -- C:\Windows\System32\SYSVCPDRV.SYS
[2009/09/15 08:12:52 | 000,000,178 | ---- | C] () -- C:\Windows\VPersonalityPlus.INI
[2009/08/20 11:00:34 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/12 16:57:15 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/08/04 02:01:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/03 22:02:01 | 000,000,550 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2009/07/03 21:13:48 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2009/07/03 17:19:26 | 000,000,062 | ---- | C] () -- C:\Windows\wininit.ini
[2009/03/11 05:09:03 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1591.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/07/04 13:43:59 | 000,000,000 | ---D | M] -- C:\Users\Muneeb\AppData\Roaming\12Voip
[2009/12/03 03:22:51 | 000,000,000 | ---D | M] -- C:\Users\Muneeb\AppData\Roaming\DAEMON Tools Lite
[2009/08/12 17:07:07 | 000,000,000 | ---D | M] -- C:\Users\Muneeb\AppData\Roaming\DAEMON Tools Pro
[2009/07/09 19:15:07 | 000,000,000 | ---D | M] -- C:\Users\Muneeb\AppData\Roaming\Foxit
[2010/05/04 04:49:07 | 000,000,000 | ---D | M] -- C:\Users\Muneeb\AppData\Roaming\FreeVoipDeal
[2009/07/07 21:42:48 | 000,000,000 | ---D | M] -- C:\Users\Muneeb\AppData\Roaming\GameRanger
[2009/09/15 08:08:16 | 000,000,000 | ---D | M] -- C:\Users\Muneeb\AppData\Roaming\GetRightToGo
[2009/07/03 21:36:52 | 000,000,000 | ---D | M] -- C:\Users\Muneeb\AppData\Roaming\InterVoip
[2009/07/04 17:54:47 | 000,000,000 | ---D | M] -- C:\Users\Muneeb\AppData\Roaming\IrfanView
[2009/07/16 19:08:58 | 000,000,000 | ---D | M] -- C:\Users\Muneeb\AppData\Roaming\Jumblo
[2010/05/07 05:18:32 | 000,000,000 | ---D | M] -- C:\Users\Muneeb\AppData\Roaming\Paltalk
[2009/07/04 13:36:31 | 000,000,000 | ---D | M] -- C:\Users\Muneeb\AppData\Roaming\PoivY
[2009/09/03 22:44:50 | 000,000,000 | ---D | M] -- C:\Users\Muneeb\AppData\Roaming\Red Alert 3
[2009/09/15 09:06:07 | 000,000,000 | ---D | M] -- C:\Users\Muneeb\AppData\Roaming\Screaming Bee
[2009/07/16 23:37:46 | 000,000,000 | ---D | M] -- C:\Users\Muneeb\AppData\Roaming\SmartVoip
[2010/03/10 20:54:55 | 000,000,000 | ---D | M] -- C:\Users\Muneeb\AppData\Roaming\TeamViewer
[2009/07/28 13:38:21 | 000,000,000 | ---D | M] -- C:\Users\Muneeb\AppData\Roaming\Template
[2010/05/14 19:32:04 | 000,000,000 | ---D | M] -- C:\Users\Muneeb\AppData\Roaming\uTorrent
[2010/02/26 18:33:56 | 000,000,000 | ---D | M] -- C:\Users\Muneeb\AppData\Roaming\VoipBlast
[2009/12/17 02:09:14 | 000,000,000 | ---D | M] -- C:\Users\Muneeb\AppData\Roaming\VoipGain
[2010/05/23 11:54:39 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/03/11 05:11:31 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/05/23 11:55:33 | 2074,066,944 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/09 20:45:57 | 001,440,024 | ---- | M] () -- C:\img2-001.raw
[2009/07/03 22:01:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/07/03 22:01:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/23 11:55:32 | 2387,857,408 | -HS- | M] () -- C:\pagefile.sys
[2009/03/11 15:05:08 | 000,002,469 | ---- | M] () -- C:\RHDSetup.log
[2009/04/11 17:53:18 | 000,386,464 | ---- | M] () -- C:\vcredist_x86.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /180 >
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/23 12:10:13 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/23 12:10:19 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/23 12:10:13 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2009/12/25 19:28:34 | 002,981,024 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys
[2009/12/02 22:54:06 | 000,691,696 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2009/12/11 12:43:30 | 000,302,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/12/11 12:43:11 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2010/02/18 15:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/12/08 18:26:18 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys
[2010/02/18 12:28:13 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >

#5
micalparkz

Posted 23 May 2010 - 08:06 AM

Member

Topic Starter
Member
128 posts

Extras.txt

OTL Extras logfile created on: 23/05/2010 14:52:53 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Muneeb\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 53.28 Gb Free Space | 38.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MUNEEB-LODHI-PC
Current User Name: Muneeb
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2441DFE7-F439-456F-83E3-ADA368A98D48}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{86D0D3E3-C712-41D7-BDDA-604078CBE0BB}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0050685F-E979-4B6A-AE5F-537FA4BE6BC6}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{0A601140-7448-48E1-B6E9-2831F35AFECC}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{200BBA61-215B-4D18-829B-B443EE8C006A}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{2636C4ED-0532-4774-9A1A-4CA41264A69E}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{2AC71987-B172-4830-A8F8-BDF0C8B989D1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2B658A3E-410E-446E-8FB7-CAF80A38AE7D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{34CA62F0-3366-4082-8442-F68FB216F458}" = protocol=6 | dir=in | app=c:\program files\freevoipdeal.com\freevoipdeal\freevoipdeal.exe |
"{455B9540-987B-4732-B5E1-C7F4106D556E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{46EE805F-0D6B-49F7-B109-C9525244C07E}" = protocol=6 | dir=in | app=c:\program files\voipgain.com\voipgain\voipgain.exe |
"{500DD8A9-5A67-448F-88F9-3CBFB5206468}" = protocol=17 | dir=in | app=c:\program files\voipgain.com\voipgain\voipgain.exe |
"{551CFB61-F51D-42C9-AE0C-4D31462706DD}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{553B5EF4-F21E-4057-BEF4-0C989298BAA7}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{59B4166E-19AE-430B-94DF-67BE339A4A04}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{5F56E92E-834F-4417-9BE4-4A4EE7E89D50}" = protocol=6 | dir=in | app=c:\program files\smartvoip.com\smartvoip\smartvoip.exe |
"{6CF36B3E-EF12-43E4-A6E6-4963D2AEEFC9}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{6E4D5C95-83B0-4535-AA33-C4817ACD753D}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{81F2BD88-FF90-41B3-BA9B-20D24AC6E530}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9BD327E2-9A67-474B-B7E6-70250D3487DA}" = protocol=17 | dir=in | app=c:\program files\freevoipdeal.com\freevoipdeal\freevoipdeal.exe |
"{A38E5C6F-0197-4F7B-AB61-77A7480B2F86}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{A606C290-53B1-43E0-A13B-262FCD196150}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{BD412037-3755-4FE6-9F32-A58E73F595E8}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{C0DE609F-1130-4734-8A16-2428F6FCD805}" = protocol=17 | dir=in | app=c:\program files\smartvoip.com\smartvoip\smartvoip.exe |
"{CD1944BE-4E3F-4530-990E-D94A6075B134}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D8E836CC-129D-4E6B-B142-483F891D6CCC}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{E56E6F3E-5226-4442-BB89-99AB4371563A}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{EA18EA89-31C8-4EC7-8DDD-E00C4BC9EDD9}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{F657C741-4FC1-41DF-8524-D67FF341B1CA}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"TCP Query User{2ABCFAF7-2362-4F41-A000-65C478D3E77F}C:\program files\intervoip.com\intervoip\intervoip.exe" = protocol=6 | dir=in | app=c:\program files\intervoip.com\intervoip\intervoip.exe |
"UDP Query User{1E40B535-73DD-406C-BCC2-DEA74B71215E}C:\program files\intervoip.com\intervoip\intervoip.exe" = protocol=17 | dir=in | app=c:\program files\intervoip.com\intervoip\intervoip.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DB0448D-AD82-4923-B305-D001E521A964}" = eMachines Power Management
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6BB42024-D62A-33F5-B883-52069E2C9668}" = Google Talk Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera Plus
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age Of Empires 2 & The Conquerors Expansion - Full Game" = Age Of Empires 2 & The Conquerors Expansion - Full Game
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"eMachines Screensaver" = eMachines ScreenSaver
"ERUNT_is1" = ERUNT 1.1j
"Foxit Reader" = Foxit Reader
"FreeVoipDeal_is1" = FreeVoipDeal
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InterVoip_is1" = InterVoip
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"N360" = Norton 360
"PalTalk8.2" = PaltalkScene
"RealPlayer 12.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 8.0
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.1 (remove only)
"SmartVoip_is1" = SmartVoip
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"The KMPlayer" = The KMPlayer (remove only)
"Ulead Photo Express 2.0 SE" = Ulead Photo Express 2.0 SE
"VoipBlast_is1" = VoipBlast
"VoipGain_is1" = VoipGain
"WildTangent emachines Master Uninstall" = eMachines Games
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"Yuri's Revenge" = Command && Conquer Red Alert 2 - Yuri's Revenge

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27/04/2010 23:57:56 | Computer Name = Muneeb-Lodhi-PC | Source = WinMgmt | ID = 10
Description =

Error - 28/04/2010 00:31:02 | Computer Name = Muneeb-Lodhi-PC | Source = Application Hang | ID = 1002
Description = The program ccSvcHst.exe version 108.1.1.10 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: f68 Start Time: 01cae6883f4981f6 Termination Time: 60000

Error - 28/04/2010 00:36:24 | Computer Name = Muneeb-Lodhi-PC | Source = Application Hang | ID = 1002
Description = The program ccSvcHst.exe version 108.1.1.10 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: f68 Start Time: 01cae6883f4981f6 Termination Time: 60000

Error - 28/04/2010 00:39:47 | Computer Name = Muneeb-Lodhi-PC | Source = WinMgmt | ID = 10
Description =

Error - 28/04/2010 18:33:55 | Computer Name = Muneeb-Lodhi-PC | Source = WinMgmt | ID = 10
Description =

Error - 28/04/2010 18:37:08 | Computer Name = Muneeb-Lodhi-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 28/04/2010 18:37:08 | Computer Name = Muneeb-Lodhi-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 28/04/2010 18:37:09 | Computer Name = Muneeb-Lodhi-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 28/04/2010 18:37:09 | Computer Name = Muneeb-Lodhi-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 28/04/2010 20:31:37 | Computer Name = Muneeb-Lodhi-PC | Source = Application Hang | ID = 1002
Description = The program msnmsgr.exe version 14.0.8089.726 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: c1c Start Time: 01cae72337542067 Termination Time: 77

[ System Events ]
Error - 31/08/2009 14:16:01 | Computer Name = Muneeb-Lodhi-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 31/08/2009 19:53:00 | Computer Name = Muneeb-Lodhi-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 31/08/2009 19:53:30 | Computer Name = Muneeb-Lodhi-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 01/09/2009 12:17:10 | Computer Name = Muneeb-Lodhi-PC | Source = DCOM | ID = 10010
Description =

Error - 02/09/2009 00:58:06 | Computer Name = Muneeb-Lodhi-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 02/09/2009 23:56:44 | Computer Name = Muneeb-Lodhi-PC | Source = DCOM | ID = 10010
Description =

Error - 03/09/2009 00:00:06 | Computer Name = Muneeb-Lodhi-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 03/09/2009 00:00:06 | Computer Name = Muneeb-Lodhi-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 06/09/2009 17:46:48 | Computer Name = Muneeb-Lodhi-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 08/09/2009 13:57:41 | Computer Name = Muneeb-Lodhi-PC | Source = DCOM | ID = 10016
Description =

< End of report >

#6
emeraldnzl

Posted 06 June 2010 - 05:29 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello micalparkz,

Please run the MGA Diagnostic Tool and post back the report it produces:

Download MGADiag to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default).
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.

#7
micalparkz

Posted 11 June 2010 - 08:13 AM

Member

Topic Starter
Member
128 posts

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-Q9CM8-KTDKK-8QXTR
Windows Product Key Hash: OI3PQUp2nK/Ysh5U6MY15ORIfio=
Windows Product ID: 89572-OEM-7332166-00029
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6002.2.00010300.2.0.002
ID: {0D7D0615-134C-4C1D-880E-912035E65EBB}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista ™ Home Basic
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.100218-0019
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{0D7D0615-134C-4C1D-880E-912035E65EBB}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.002</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-8QXTR</PKey><PID>89572-OEM-7332166-00029</PID><PIDType>2</PIDType><SID>S-1-5-21-20058629-2381750853-3300661804</SID><SYSTEM><Manufacturer>eMachines </Manufacturer><Model>eMachines E525 </Model></SYSTEM><BIOS><Manufacturer>eMachines</Manufacturer><Version>V1.03</Version><SMBIOSVersion major="2" minor="4"/><Date>20090311000000.000000+000</Date></BIOS><HWID>59313507018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57508</Pid><PidType>14</PidType></Product><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>7B346FE747BB70E</Val><Hash>PxJQkgQsrWdg+R2ep+lnGj0uQSQ=</Hash><Pid>81602-903-6966942-68096</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6002.18005
Name: Windows™ Vista, HomeBasic edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: 199086aa-6cb8-4e5b-b698-f2be56f1e8ee
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89572-00146-321-600029-02-2057-6001.0000-1852009
Installation ID: 013246218053919914666051866005410641984093901970535024
Processor Certificate URL: http://go.microsoft....k/?LinkID=43473
Machine Certificate URL: http://go.microsoft....k/?LinkID=43474
Use License URL: http://go.microsoft....k/?LinkID=43476
Product Key Certificate URL: http://go.microsoft....k/?LinkID=43475
Partial Product Key: 8QXTR
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
N/A, hr = 0x8007000d

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ACRSYS ACRPRDCT
FACP ACRSYS ACRPRDCT
HPET ACRSYS ACRPRDCT
BOOT ACRSYS ACRPRDCT
MCFG ACRSYS ACRPRDCT
ASF! ACRSYS ACRPRDCT
SLIC ACRSYS ACRPRDCT
SSDT PmRef Cpu0Cst
SSDT PmRef Cpu0Cst

#8
emeraldnzl

Posted 11 June 2010 - 02:54 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello micalparkz,

Please download ComboFix from one of these locations:

NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable.

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#9
emeraldnzl

Posted 19 June 2010 - 08:20 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.