Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

VundoFix not removing dll files [Solved]


  • This topic is locked This topic is locked

#1
satish_j

satish_j

    New Member

  • Member
  • Pip
  • 4 posts
After i repaired my XP system,it is running very slow..Task manager shows CPU usage in the range 30-35%,whereas the Process tab does not show me any process using this much CPU..
I thought may be it is some malware issue and scanned the system for 'Vundo' using VundoFix.exe..it scanned the system and found some 7 dll files in system32 folder..
After i clicked 'Remove Vundo',it displayed message as 'Registry editing has been disabled by your administrator'..I clicked OK and then it prompted to reboot the system.
I rebooted the system,but still the performance was slow(i.e issue not resolved)..
checked system32 folder and the 7 dll files(deleted by VundoFix.exe) re-appeared there..
checked vundofix.txt file from C drive and it specified that all 7 files were deleted..
Iam not getting what went wrong??
Can anyone pls guide me in solving the issue???
  • 0

Advertisements


#2
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Hello, satish_j, and welcome to GeeksToGo! Before I can help you, please do the following:

Please follow the steps in this topic, and post back with the following logs if you are still having problems and I will look over the log for you:

  • Malwarebytes' Anti-Malware log
  • OTL.txt and Extras.txt
  • ark.txt

If something doesn't work, make a note of it, and move on to the next step. Tell me if anything doesn't work, but make sure you tried everything first. :)
  • 0

#3
satish_j

satish_j

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks for your reply,but after following the instructions given in the link,I feel that the logs take more than the necessary information about the system(particularly OTL log)..No offences here..Iam posting ark.txt and malwarevbytes logs though:
GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-06-06 00:39:43

Windows 5.1.2600 Service Pack 3

Running: gmer.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\pgldipow.sys





---- System - GMER 1.0.15 ----



SSDT			\SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)  ZwClose [0xB2E346B8]

SSDT			\??\C:\WINDOWS\system32\windrvNT.sys												   ZwCreateFile [0xF3E5936A]

SSDT			\SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)  ZwCreateKey [0xB2E34574]

SSDT			\SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)  ZwDeleteValueKey [0xB2E34A52]

SSDT			\SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)  ZwDuplicateObject [0xB2E3414C]

SSDT			\??\C:\WINDOWS\system32\windrvNT.sys												   ZwOpenFile [0xF3E59CD8]

SSDT			\SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)  ZwOpenKey [0xB2E3464E]

SSDT			\SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)  ZwOpenProcess [0xB2E3408C]

SSDT			\SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)  ZwOpenThread [0xB2E340F0]

SSDT			\??\C:\WINDOWS\system32\windrvNT.sys												   ZwQueryDirectoryFile [0xF3E59842]

SSDT			\??\C:\WINDOWS\system32\windrvNT.sys												   ZwQueryInformationProcess [0xF3E561E0]

SSDT			\SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)  ZwQueryValueKey [0xB2E3476E]

SSDT			\SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)  ZwRestoreKey [0xB2E3472E]

SSDT			\??\C:\WINDOWS\system32\windrvNT.sys												   ZwSetInformationFile [0xF3E5A142]

SSDT			\SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)  ZwSetValueKey [0xB2E348AE]



---- Kernel code sections - GMER 1.0.15 ----



init			C:\WINDOWS\system32\drivers\Achernar.sys											   entry point in "init" section [0xF7721010]

init			C:\WINDOWS\System32\Drivers\Aldebaran.sys											  entry point in "init" section [0xF7963AF4]



---- Devices - GMER 1.0.15 ----



AttachedDevice  \FileSystem\Ntfs \Ntfs																 aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

AttachedDevice  \Driver\Tcpip \Device\Ip															   aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice  \Driver\Tcpip \Device\Tcp															  aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice  \Driver\Tcpip \Device\Udp															  aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice  \Driver\Tcpip \Device\RawIp															aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice  \FileSystem\Fastfat \Fat															   fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice  \FileSystem\Fastfat \Fat															   InCDrec.SYS (InCD File System Recognizer/Nero AG)

AttachedDevice  \FileSystem\Fastfat \Fat															   aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)



---- Registry - GMER 1.0.15 ----



Reg			 HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk			  0xEA 0x4C 0xB0 0x3A ...

Reg			 HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk			  0x98 0x11 0xFF 0x7F ...

Reg			 HKLM\SOFTWARE\Classes\CLSID\{91ad5fdd-8ebe-4031-96ce-e0a201ca0e51}@Model			   180

Reg			 HKLM\SOFTWARE\Classes\CLSID\{91ad5fdd-8ebe-4031-96ce-e0a201ca0e51}@Therad			  30

Reg			 HKLM\SOFTWARE\Classes\CLSID\{91ad5fdd-8ebe-4031-96ce-e0a201ca0e51}@MData			   0x2B 0x8F 0x78 0x29 ...

Reg			 HKLM\SOFTWARE\Classes\CLSID\{a958e7b4-9024-44fa-9a35-7294ec6cf4bd}@Model			   246

Reg			 HKLM\SOFTWARE\Classes\CLSID\{a958e7b4-9024-44fa-9a35-7294ec6cf4bd}@Therad			  25



---- Files - GMER 1.0.15 ----



File			C:\sccfg.sys																		   



---- EOF - GMER 1.0.15 ----
Malware log:
Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org



Database version: 4052



Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512



6/5/2010 12:42:35

mbam-log-2010-06-05 (12-42-35).txt



Scan type: Quick scan

Objects scanned: 158410

Time elapsed: 13 minute(s), 1 second(s)



Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 11

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 4

Files Infected: 20



Memory Processes Infected:

(No malicious items detected)



Memory Modules Infected:

(No malicious items detected)



Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{23kln5j0-4opm-11we-aax5-24ef1f387232} (Generic.Bot.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67kln5j0-4opm-33we-aax5-14kc2a323342} (Generic.Bot.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\winhost_app.winhost_appdll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{5e06398e-3017-467b-a399-18425a20f655} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{23kln5j0-4opm-11we-aax5-24ef1f387232} (Backdoor.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{67kln5j0-4opm-33we-aax5-14kc2a323342} (Worm.AutoRun) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000162-9980-0010-8000-00aa00389b71} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.



Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{07c7156e-d651-4acc-9ad3-498c916e9651} (Trojan.Vundo) -> Quarantined and deleted successfully.



Registry Data Items Infected:

(No malicious items detected)



Folders Infected:

C:\Documents and Settings\Haresh\Application Data\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\_qbothome (Trojan.Qakbot) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\_qbothome\u (Trojan.Qakbot) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\28463 (Keylogger.Ardamax) -> Quarantined and deleted successfully.



Files Infected:

c:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe (Generic.Bot.H) -> Quarantined and deleted successfully.

C:\DATA\DELETED\POWER.exe (Generic.Bot.H) -> Quarantined and deleted successfully.

C:\WINDOWS\winhost_app.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Haresh\Application Data\wsnpoem\video.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Haresh\Application Data\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\_qbothome\q1.27046 (Trojan.Qakbot) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\_qbothome\seclog.kcb (Trojan.Qakbot) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\_qbothome\updates.cb (Trojan.Qakbot) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\_qbothome\_qbot.cb (Trojan.Qakbot) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\_qbothome\crontab.cb (Trojan.Qakbot) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\_qbothome\_qbot_installed (Trojan.Qakbot) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\_qbothome\~efd9452.tmp (Trojan.Qakbot) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\_qbothome\ps_dump_Haresh.txt (Trojan.Qakbot) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\_qbothome\msadvapi32.dll.001376 (Trojan.Qakbot) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\_qbothome\updates1.cb (Trojan.Qakbot) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\_qbothome\si.txt (Trojan.Qakbot) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\_qbothome\ps_dump_Satish.txt (Trojan.Qakbot) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\_qbothome\seclog.txt (Trojan.Qakbot) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\28463\svchost.001 (Keylogger.Ardamax) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.

My major issue is:I cannot run 'gpedit.msc','services.msc' and may be other admin commands that i havnt tried yet..even from admin login..
System is also slow but that is when i exract rar files,unzip files,etc....
All i want to know is whether you can help me if i provide you the HijackThis Log instead of OTL Log...May be you can get any idea about any malware process starting at system startup..Iam not an expert,but i think that my Hijackthis log does not show any sign of malware activity..

Thanks,

Edited by satish_j, 05 June 2010 - 02:01 PM.

  • 0

#4
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
HijackThis is outdated, and not very useful in the malware field anymore, because it hasn't been updated. OTL will give me a better look at your computer. From the look of your Malwarebyte's log, it doesn't look like you are completely clear just yet. I'll guide you to becoming clean as long as you follow my steps. :)
  • 0

#5
satish_j

satish_j

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Okay,foll is the OTL.txt...i have manipilated some names here like comp name and user name..

OTL logfile created on: 6/6/2010 00:42:53 - Run 1

OTL by OldTimer - Version 3.2.5.3	 Folder = Z:\Utilities

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: M/d/yyyy

 

759.00 Mb Total Physical Memory | 460.00 Mb Available Physical Memory | 61.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 81.00% Paging File free

Paging file location(s): D:\pagefile.sys 1140 2280C:\pagefile.sys 2 2 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 12.31 Gb Total Space | 3.56 Gb Free Space | 28.92% Space Free | Partition Type: FAT32

Drive D: | 12.49 Gb Total Space | 6.82 Gb Free Space | 54.62% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive X: | 48.83 Gb Total Space | 1.25 Gb Free Space | 2.55% Space Free | Partition Type: NTFS

Drive Y: | 48.83 Gb Total Space | 0.91 Gb Free Space | 1.86% Space Free | Partition Type: NTFS

Drive Z: | 51.39 Gb Total Space | 0.98 Gb Free Space | 1.90% Space Free | Partition Type: NTFS

 

Computer Name: TITAN

Current User Name: Admin

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

 

[color=#E56717]========== Processes (SafeList) ==========[/color]

 

PRC - [2010/06/06 00:26:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- Z:\Utilities\OTL.exe

PRC - [2009/11/25 05:21:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe

PRC - [2009/11/25 05:21:36 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe

PRC - [2009/11/25 05:21:22 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

PRC - [2009/11/25 05:18:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

PRC - [2009/11/25 05:13:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files\Adobe Professional\Acrobat 9.0\Acrobat\acrotray.exe

PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/12/23 15:29:08 | 000,901,120 | ---- | M] (Filseclab) -- C:\Program Files\Filseclab\xfilter\xfilter.exe

PRC - [2005/07/22 15:00:10 | 000,081,920 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe

PRC - [2005/05/04 00:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

PRC - [2005/05/03 21:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.exe

PRC - [2003/08/06 13:24:20 | 012,037,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

PRC - [2003/04/15 10:22:08 | 001,290,302 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2001/08/23 12:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe

 

 

[color=#E56717]========== Modules (SafeList) ==========[/color]

 

MOD - [2010/06/06 00:26:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- Z:\Utilities\OTL.exe

MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll

 

 

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

 

SRV - [2009/11/28 01:32:18 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/11/25 05:21:36 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)

SRV - [2009/11/25 05:21:22 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)

SRV - [2009/11/25 05:18:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)

SRV - [2009/11/25 05:13:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)

SRV - [2008/08/07 11:17:30 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)

SRV - [2007/10/18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)

SRV - [2007/06/25 08:47:12 | 001,552,680 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)

SRV - [2006/06/07 12:46:24 | 000,942,080 | ---- | M] (Diskeeper Corporation) [On_Demand | Stopped] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)

SRV - [2005/08/29 22:03:50 | 059,027,456 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- x:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE -- (OracleServiceORCL)

SRV - [2005/08/29 19:32:22 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- x:\oracle\product\10.2.0\db_1\Bin\extjob.exe -- (OracleJobSchedulerORCL)

SRV - [2005/08/16 12:21:06 | 000,024,064 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- X:\oracle\product\10.2.0\db_1\BIN\nmesrvc.exe -- (OracleDBConsoleorcl)

SRV - [2005/05/04 00:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER)

SRV - [2005/05/03 21:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL\binn\sqlagent.exe -- (SQLSERVERAGENT)

SRV - [2003/04/15 10:22:08 | 001,290,302 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2001/08/23 12:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)

 

 

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

 

DRV - [2009/11/25 05:21:00 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2009/11/25 05:20:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)

DRV - [2009/11/25 05:20:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2009/11/25 05:19:08 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2009/11/25 05:18:58 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2009/11/25 05:17:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2008/06/06 09:24:44 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2008/05/19 00:42:34 | 000,035,363 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\windrvNT.sys -- (windrvNT)

DRV - [2008/05/07 07:38:36 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2008/05/07 07:38:20 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2008/05/07 07:38:20 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2007/09/11 21:59:46 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)

DRV - [2007/06/25 08:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)

DRV - [2007/06/25 08:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)

DRV - [2007/06/25 08:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)

DRV - [2007/04/18 15:57:32 | 000,004,352 | ---- | M] (SUNGIL Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sit_flt.sys -- (sit_flt)

DRV - [2007/04/17 14:52:22 | 000,039,680 | ---- | M] (SUNGIL) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sit_mdm.sys -- (sit_mdm)

DRV - [2007/04/17 12:28:08 | 000,038,656 | ---- | M] (SUNGIL) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sit_prt.sys -- (sit_prt)

DRV - [2007/04/17 12:21:26 | 000,022,144 | ---- | M] (SUNGIL) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sit_bus.sys -- (sit_bus)

DRV - [2006/12/23 14:01:06 | 000,126,224 | ---- | M] (Filseclab Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\xpacket.sys -- (XPacket)

DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2006/07/22 23:58:10 | 000,002,996 | ---- | M] (Buzz) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hwinterface.sys -- (hwinterface)

DRV - [2005/08/30 17:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)

DRV - [2005/08/30 17:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)

DRV - [2005/08/30 17:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)

DRV - [2005/07/26 17:03:22 | 003,644,032 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2005/07/07 19:56:04 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)

DRV - [2005/07/07 19:56:00 | 000,006,576 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)

DRV - [2005/07/07 19:55:58 | 000,089,872 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)

DRV - [2005/07/07 19:55:52 | 000,081,728 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)

DRV - [2005/07/07 19:55:50 | 000,079,488 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)

DRV - [2005/04/07 17:18:34 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)

DRV - [2004/11/28 05:21:54 | 000,279,264 | ---- | M] (Zone Labs Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)

DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2004/02/11 15:34:50 | 000,021,808 | ---- | M] (An Chen Computer Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\Aldebaran.sys -- (Aldebaran)

DRV - [2004/02/11 15:34:46 | 000,016,855 | ---- | M] (An Chen Computer Co., Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\Achernar.sys -- (Achernar)

DRV - [2003/04/15 10:23:24 | 000,267,333 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDrv.sys -- (CVPNDRV)

DRV - [2002/10/15 00:00:00 | 000,101,431 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel(R)

DRV - [2002/10/15 00:00:00 | 000,013,891 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys -- (IdeBusDr)

DRV - [2002/08/26 17:09:42 | 000,138,916 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)

DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)

 

 

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

 

 

[color=#E56717]========== Internet Explorer ==========[/color]

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

[color=#E56717]========== FireFox ==========[/color]

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/07/15 00:46:52 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/07/15 00:46:52 | 000,000,000 | ---D | M]

 

[2010/04/21 23:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions

[2010/04/21 23:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\3ys3bozq.default\extensions

[2008/07/15 00:46:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

 

O1 HOSTS File: ([2007/11/24 23:17:12 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1	   localhost

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Program Files\Adobe Professional\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] D:\Program Files\Adobe Professional\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [XFILTER] C:\Program Files\Filseclab\xfilter\xfilter.exe (Filseclab)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Filseclab Messenger.lnk = C:\Program Files\Common Files\Filseclab\FilMsg.exe File not found

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Filseclab\xfilter\XFILTER.DLL (Filseclab Corporation)

O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaudio.cab (Reg Error: Key error.)

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.4.2_11)

O16 - DPF: {CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.4.2_11)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)

O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll ()

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (acaptuser32.dll) - C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\cbxuvss: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll -  File not found

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\byvsr.dll) - C:\WINDOWS\System32\byvsr.dll File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/02/17 21:19:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *sprestrt) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 -  File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/02/17 21:05:46 | 000,000,000 | ---D | M]

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: LanmanServer -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)

Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)

Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()

Drivers32: VIDC.HFYU - C:\WINDOWS\System32\HUFFYUV.DLL (Disappearing Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\Ir50_32.dll (Intel Corporation)

Drivers32: VIDC.JPEG - C:\WINDOWS\System32\jpegcode.dll (Zoran Microelectronics Ltd.)

Drivers32: VIDC.MJPG - C:\WINDOWS\System32\jpegcode.dll (Zoran Microelectronics Ltd.)

Drivers32: VIDC.NSVI - C:\WINDOWS\System32\Nsvideo.dll ()

Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

Drivers32: VIDC.XVID - xvidvfw.dll File not found

Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (16902109354000384)

 

[color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color]

 

[2010/06/05 12:20:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes

[2010/06/05 12:20:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/06/05 12:20:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/06/05 12:20:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/06/05 12:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/06/02 23:51:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations

[2010/05/31 01:22:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2010/05/31 00:49:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$

[2010/05/29 01:09:54 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll

[2010/05/29 01:09:54 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll

[2010/05/29 01:08:17 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys

[2010/05/29 01:02:12 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys

[2010/04/24 12:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDub Mod

[2010/04/23 23:39:53 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2010/04/21 23:42:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla

[2010/04/21 23:42:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Mozilla

[2010/04/11 23:21:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\OJOsoft Corporation

[2010/04/11 00:40:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\PC Suite

[2010/04/11 00:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Winamp

[2010/03/27 12:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

[2010/03/27 12:38:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync

[2010/03/27 12:37:33 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ShellNew

[2010/03/27 12:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2010/03/27 12:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\mkvtoolnix

[2010/03/27 12:22:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Media Player Classic

[2010/03/27 12:05:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\DivX

[2010/03/18 22:45:24 | 000,000,000 | ---D | C] -- C:\Program Files\AHD

[2010/03/18 22:40:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Adobe

[2010/03/18 22:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Adobe

[2010/03/18 22:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Identities

[2010/03/18 22:39:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\My Documents\My Pictures

[2010/03/18 22:39:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\My Documents\My Music

[2010/03/18 22:39:47 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Admin\Application Data\Microsoft

[2010/03/18 22:39:47 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Admin\Cookies

[2010/03/18 22:39:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\SendTo

[2010/03/18 22:39:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent

[2010/03/18 22:39:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Application Data

[2010/03/18 22:39:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Start Menu

[2010/03/18 22:39:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\My Documents

[2010/03/18 22:39:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Favorites

[2010/03/18 22:39:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\Templates

[2010/03/18 22:39:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\PrintHood

[2010/03/18 22:39:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\NetHood

[2010/03/18 22:39:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\Local Settings

[2010/03/18 22:39:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft

[2010/03/18 22:39:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop

[2007/06/17 23:30:35 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL

 

[color=#E56717]========== Files - Modified Within 90 Days ==========[/color]

 

[2010/06/06 00:29:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/06/06 00:28:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/06/05 13:21:32 | 002,359,296 | -H-- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT

[2010/06/05 13:21:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Admin\ntuser.ini

[2010/06/05 00:59:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/06/03 21:31:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm

[2010/06/03 21:31:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm

[2010/06/03 21:25:40 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2010/05/31 21:25:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm

[2010/05/31 21:25:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm

[2010/05/31 01:25:32 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2010/05/31 01:20:54 | 000,277,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/05/30 18:55:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm

[2010/05/30 18:55:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm

[2010/05/30 13:23:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm

[2010/05/30 13:23:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm

[2010/05/29 01:31:38 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/29 01:15:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job

[2010/05/29 01:12:46 | 000,004,382 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/05/29 01:11:48 | 000,000,287 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf

[2010/05/29 01:07:06 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2010/05/29 01:07:06 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2010/05/29 01:06:56 | 000,004,297 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI

[2010/05/29 01:06:16 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest

[2010/05/29 01:06:16 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest

[2010/05/29 01:06:12 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest

[2010/05/29 01:06:12 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest

[2010/05/29 01:06:12 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest

[2010/05/29 01:06:12 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest

[2010/05/29 01:06:12 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest

[2010/05/29 01:06:12 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest

[2010/05/29 01:06:02 | 000,000,807 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/05/29 01:05:12 | 000,027,916 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010/05/29 01:03:52 | 000,000,216 | -HS- | M] () -- C:\boot.ini

[2010/05/29 01:00:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/05/29 00:38:30 | 000,364,658 | ---- | M] () -- C:\WINDOWS\setupapi.old

[2010/05/23 18:43:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm

[2010/05/23 18:43:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm

[2010/05/23 15:03:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm

[2010/05/23 15:03:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm

[2010/05/22 20:26:08 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/05/06 22:50:58 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Admin\MidiCvrt.ini

[2010/05/03 19:12:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm

[2010/05/03 19:12:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm

[2010/05/02 20:12:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm

[2010/05/02 20:12:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/04/25 19:02:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm

[2010/04/25 19:02:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm

[2010/04/25 15:34:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm

[2010/04/25 15:34:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm

[2010/04/20 21:42:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm

[2010/04/20 21:42:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm

[2010/04/18 13:28:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm

[2010/04/18 13:28:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm

[2010/04/16 12:42:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm

[2010/04/16 12:42:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm

[2010/04/15 16:34:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm

[2010/04/15 16:34:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm

[2010/04/14 14:28:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm

[2010/04/14 14:28:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm

[2010/04/13 19:47:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm

[2010/04/13 19:47:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm

[2010/04/13 15:07:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm

[2010/04/13 15:07:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm

[2010/04/12 13:59:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm

[2010/04/12 13:59:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm

[2010/04/11 23:21:32 | 000,073,104 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/04/11 21:44:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm

[2010/04/11 21:44:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm

[2010/04/11 16:09:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm

[2010/04/11 16:09:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm

[2010/04/02 14:14:50 | 000,000,887 | ---- | M] () -- C:\WINDOWS\ODBC.INI

[2010/03/18 22:56:32 | 000,000,582 | RHS- | M] () -- C:\Documents and Settings\Admin\ntuser.pol

[2010/03/18 22:45:00 | 000,000,562 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

 

[color=#E56717]========== Files Created - No Company Name ==========[/color]

 

[2010/05/31 01:14:09 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta

[2010/05/31 01:14:09 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css

[2010/05/31 01:14:09 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf

[2010/05/31 01:14:09 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js

[2010/05/31 01:14:07 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm

[2010/05/31 01:14:07 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav

[2010/05/31 01:14:07 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm

[2010/05/31 01:14:07 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm

[2010/05/31 01:14:06 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav

[2010/05/31 01:14:06 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav

[2010/05/31 01:14:06 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav

[2010/05/31 01:14:06 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav

[2010/05/31 01:14:06 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav

[2010/05/31 01:14:06 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav

[2010/05/31 01:14:06 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav

[2010/05/31 01:14:05 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav

[2010/05/31 01:14:05 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf

[2010/05/31 01:14:04 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf

[2010/05/31 01:14:03 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv

[2010/05/31 01:14:03 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif

[2010/05/31 01:14:03 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif

[2010/05/31 01:14:03 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf

[2010/05/31 01:14:03 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif

[2010/05/31 01:14:03 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif

[2010/05/31 01:14:03 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif

[2010/05/31 01:14:03 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif

[2010/05/31 01:14:03 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif

[2010/05/31 01:14:03 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif

[2010/05/31 01:14:03 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif

[2010/05/31 01:14:03 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif

[2010/05/31 01:14:03 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif

[2010/05/31 01:14:03 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js

[2010/05/31 01:14:03 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif

[2010/05/31 01:14:03 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif

[2010/05/31 01:14:03 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif

[2010/05/31 01:14:03 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif

[2010/05/31 01:14:03 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif

[2010/05/31 01:14:03 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif

[2010/05/31 01:14:03 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif

[2010/05/31 01:14:03 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif

[2010/05/31 01:14:03 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif

[2010/05/31 01:14:03 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm

[2010/05/31 01:14:03 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf

[2010/05/31 01:14:02 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv

[2010/05/31 01:14:02 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm

[2010/05/31 01:14:02 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz

[2010/05/31 01:14:02 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl

[2010/05/31 01:14:02 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl

[2010/05/31 01:14:02 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl

[2010/05/31 01:14:02 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl

[2010/05/31 01:14:02 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl

[2010/05/31 01:14:02 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl

[2010/05/31 01:14:02 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl

[2010/05/31 01:14:02 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl

[2010/05/31 01:14:02 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl

[2010/05/31 01:14:02 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl

[2010/05/31 01:14:02 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl

[2010/05/31 01:14:02 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl

[2010/05/31 01:14:02 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl

[2010/05/31 01:14:02 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl

[2010/05/31 01:14:02 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl

[2010/05/31 01:14:01 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv

[2010/05/31 01:14:01 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip

[2010/05/31 01:14:01 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip

[2010/05/31 01:14:00 | 000,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp

[2010/05/31 01:14:00 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf

[2010/05/31 01:14:00 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif

[2010/05/31 01:14:00 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif

[2010/05/31 01:14:00 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt

[2010/05/31 01:13:59 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv

[2010/05/31 01:13:58 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js

[2010/05/31 01:13:57 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv

[2010/05/31 01:13:57 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz

[2010/05/31 01:13:57 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css

[2010/05/31 01:13:57 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm

[2010/05/31 01:13:57 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js

[2010/05/31 01:13:57 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif

[2010/05/31 01:13:57 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif

[2010/05/31 01:13:57 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif

[2010/05/31 01:13:57 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif

[2010/05/31 01:13:57 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif

[2010/05/31 01:13:57 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif

[2010/05/29 01:10:40 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls

[2010/05/29 01:09:47 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls

[2010/05/29 01:09:47 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls

[2010/05/29 01:09:45 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll

[2010/05/29 01:09:14 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls

[2010/05/29 01:09:13 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex

[2010/05/29 01:09:04 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe

[2010/05/29 01:09:02 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe

[2010/05/29 01:09:00 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex

[2010/05/29 01:08:48 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll

[2010/05/29 01:08:40 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex

[2010/05/29 01:08:21 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll

[2010/05/29 01:08:16 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls

[2010/05/29 01:08:16 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls

[2010/05/29 01:08:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls

[2010/05/29 01:08:15 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls

[2010/05/29 01:08:15 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls

[2010/05/29 01:08:15 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls

[2010/05/29 01:08:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls

[2010/05/29 01:08:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls

[2010/05/29 01:08:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls

[2010/05/29 01:08:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls

[2010/05/29 01:08:14 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls

[2010/05/29 01:08:14 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls

[2010/05/29 01:08:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls

[2010/05/29 01:08:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls

[2010/05/29 01:08:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls

[2010/05/29 01:08:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls

[2010/05/29 01:08:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls

[2010/05/29 01:08:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls

[2010/05/29 01:08:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls

[2010/05/29 01:08:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls

[2010/05/29 01:08:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls

[2010/05/29 01:08:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls

[2010/05/29 01:08:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls

[2010/05/29 01:08:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls

[2010/05/29 01:08:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls

[2010/05/29 01:08:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls

[2010/05/29 01:08:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls

[2010/05/29 01:08:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls

[2010/05/29 01:08:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls

[2010/05/29 01:08:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls

[2010/05/29 01:08:12 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls

[2010/05/29 01:08:12 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls

[2010/05/29 01:08:12 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls

[2010/05/29 01:08:12 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls

[2010/05/29 01:08:12 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls

[2010/05/29 01:08:12 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls

[2010/05/29 01:08:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls

[2010/05/29 01:08:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls

[2010/05/29 01:08:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls

[2010/05/29 01:08:11 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls

[2010/05/29 01:08:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls

[2010/05/29 01:08:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls

[2010/05/29 01:08:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls

[2010/05/29 01:08:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls

[2010/05/29 01:08:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls

[2010/05/29 01:08:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls

[2010/05/29 01:08:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls

[2010/05/29 01:08:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls

[2010/05/29 01:08:10 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls

[2010/05/29 01:08:10 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls

[2010/05/29 01:08:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls

[2010/05/29 01:08:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls

[2010/05/29 01:08:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls

[2010/05/29 01:08:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls

[2010/05/29 01:08:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls

[2010/05/29 01:08:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls

[2010/05/29 01:08:09 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls

[2010/05/29 01:08:09 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls

[2010/05/29 01:08:09 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls

[2010/05/29 01:08:08 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls

[2010/05/29 01:06:15 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest

[2010/05/29 01:06:10 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest

[2010/05/29 01:06:10 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest

[2010/05/29 01:06:10 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest

[2010/05/29 01:06:10 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest

[2010/05/29 01:06:10 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest

[2010/05/29 01:02:52 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb

[2010/05/29 01:02:52 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb

[2010/05/29 01:02:51 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx

[2010/05/29 00:25:50 | 000,004,382 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2010/05/29 00:25:29 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT

[2010/05/29 00:25:29 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT

[2010/05/29 00:25:29 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT

[2010/05/29 00:25:29 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT

[2010/05/29 00:25:29 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat

[2010/05/29 00:25:28 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT

[2010/05/29 00:25:28 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT

[2010/05/29 00:25:28 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT

[2010/05/06 22:50:57 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Admin\MidiCvrt.ini

[2010/04/07 21:55:06 | 000,000,268 | -H-- | C] () -- C:\sqmdata02.sqm

[2010/04/07 21:55:06 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt02.sqm

[2010/03/27 12:14:59 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/03/18 22:39:49 | 000,000,582 | RHS- | C] () -- C:\Documents and Settings\Admin\ntuser.pol

[2010/03/18 22:39:48 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Admin\ntuser.ini

[2010/03/18 22:39:47 | 002,359,296 | -H-- | C] () -- C:\Documents and Settings\Admin\NTUSER.DAT

[2010/03/18 22:39:47 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Admin\ntuser.dat.LOG

[2010/03/01 12:19:15 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010/03/01 12:19:11 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2010/03/01 12:19:09 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2010/03/01 12:19:09 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2010/02/06 18:38:13 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2009/06/23 23:58:02 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini

[2009/06/23 23:52:47 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv

[2009/06/23 23:52:46 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll

[2009/03/22 20:25:50 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2009/03/10 00:33:21 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll

[2009/03/06 23:20:10 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys

[2008/11/22 22:09:42 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2008/10/23 11:34:44 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll

[2008/10/23 11:34:44 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll

[2008/10/23 11:34:44 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll

[2008/10/23 11:34:44 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll

[2008/10/23 11:34:42 | 003,190,784 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll

[2008/10/23 11:34:42 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll

[2008/10/23 11:34:42 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll

[2008/10/23 11:34:42 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll

[2008/10/23 11:34:42 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll

[2008/10/23 11:34:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll

[2008/10/23 11:34:40 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll

[2008/10/23 11:34:40 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll

[2008/10/23 11:34:40 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll

[2008/10/23 11:34:40 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll

[2008/10/23 11:34:40 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll

[2008/10/23 11:34:40 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll

[2008/10/23 11:34:40 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll

[2008/10/09 13:40:56 | 000,000,046 | ---- | C] () -- C:\WINDOWS\iBall-Baton ADSL Modem_Router Utility.INI

[2008/09/02 23:31:23 | 000,000,405 | ---- | C] () -- C:\WINDOWS\MP3trtg.ini

[2008/06/28 22:15:49 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2008/05/19 00:42:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\suppdll.dll

[2008/05/19 00:42:32 | 000,035,363 | ---- | C] () -- C:\WINDOWS\System32\windrvNT.sys

[2008/03/09 23:10:06 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2007/11/08 19:46:10 | 000,051,712 | ---- | C] () -- C:\WINDOWS\wc98pp.dll

[2007/07/18 01:02:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI

[2007/07/05 23:41:38 | 000,000,035 | ---- | C] () -- C:\WINDOWS\DEITY.INI

[2007/06/30 15:35:03 | 000,000,345 | ---- | C] () -- C:\WINDOWS\pdf2word.INI

[2007/06/17 23:30:36 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\PG32CONV.DLL

[2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll

[2007/01/08 00:55:40 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Winchat.ini

[2006/12/07 23:08:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini

[2006/11/11 23:41:39 | 000,000,126 | ---- | C] () -- C:\WINDOWS\mdm.ini

[2006/09/10 12:10:36 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Nsvideo.dll

[2006/08/31 21:46:41 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\infcpy.dll

[2006/07/16 12:38:45 | 000,000,115 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2006/06/19 23:44:14 | 000,001,305 | ---- | C] () -- C:\WINDOWS\openhelp.ini

[2006/06/19 23:44:14 | 000,000,331 | ---- | C] () -- C:\WINDOWS\WINHELP.INI

[2006/06/19 23:44:14 | 000,000,232 | ---- | C] () -- C:\WINDOWS\TCW.INI

[2006/06/19 23:43:57 | 000,000,200 | ---- | C] () -- C:\WINDOWS\OWL.INI

[2006/06/19 23:43:51 | 000,000,049 | ---- | C] () -- C:\WINDOWS\workshop.ini

[2006/05/28 12:46:01 | 000,000,108 | ---- | C] () -- C:\WINDOWS\ANS2000.INI

[2006/05/28 12:46:01 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini

[2006/05/28 12:46:01 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini

[2006/05/01 14:30:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL

[2006/04/03 21:41:28 | 000,122,944 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll

[2006/03/18 18:46:04 | 000,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll

[2006/02/19 12:31:04 | 000,000,887 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/02/19 00:34:05 | 000,000,191 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2006/02/17 22:56:46 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini

[2006/02/17 22:56:44 | 000,088,064 | ---- | C] () -- C:\WINDOWS\System32\AudioExCtl.dll

[2006/02/17 22:41:38 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2006/02/17 22:08:02 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll

[2004/08/04 00:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2000/01/07 05:30:00 | 000,024,448 | ---- | C] () -- C:\WINDOWS\sysgtime.dll

[2000/01/07 05:30:00 | 000,024,448 | ---- | C] () -- C:\WINDOWS\System32\proclsvr.drv

[1999/03/06 00:40:31 | 000,000,136 | ---- | C] () -- C:\WINDOWS\System32\mstraps.dll

[1999/01/22 16:16:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

 

[color=#E56717]========== LOP Check ==========[/color]

 

[2006/05/01 14:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Newsoft

[2007/09/07 00:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software

[2007/10/10 00:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FaceOnBody

[2007/10/30 01:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eset

[2007/11/06 23:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg

[2007/11/06 23:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure

[2007/11/27 22:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft

[2007/11/28 23:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sctemp

[2008/08/25 22:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations

[2008/08/25 22:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2009/06/23 23:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995

[2009/08/25 23:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe

[2010/03/27 12:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\mkvtoolnix

[2010/04/11 00:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\PC Suite

[2010/05/29 01:15:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job

 

[color=#E56717]========== Purity Check ==========[/color]

 

 

 

[color=#E56717]========== Custom Scans ==========[/color]

 

 

[color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]

[2008/09/02 23:37:58 | 000,637,368 | R--- | M] () -- C:\amt1

[2006/02/17 21:19:34 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2006/02/17 21:19:34 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2006/02/17 21:19:34 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2006/02/17 21:19:34 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2010/05/30 18:55:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm

[2008/08/10 11:12:56 | 000,000,417 | R--- | M] () -- C:\deb.sbl

[2010/06/03 23:40:16 | 000,001,014 | ---- | M] () -- C:\VundoFix.txt

[2010/05/30 18:55:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm

[2010/05/31 21:25:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm

[2004/08/03 17:08:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2010/05/31 21:25:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm

[2010/06/03 21:31:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm

[2010/06/03 21:31:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm

[2010/04/11 16:09:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm

[2010/04/11 16:09:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm

[2010/04/11 21:44:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm

[2010/04/11 21:44:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm

[2010/04/12 13:59:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm

[2010/04/12 13:59:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm

[2010/04/13 15:07:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm

[2010/04/13 15:07:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm

[2010/04/13 19:47:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm

[2010/04/13 19:47:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm

[2010/04/14 14:28:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm

[2010/04/14 14:28:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm

[2010/04/15 16:34:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm

[2010/04/15 16:34:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm

[2010/04/16 12:42:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm

[2010/04/16 12:42:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm

[2010/04/18 13:28:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm

[2010/04/18 13:28:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm

[2010/04/20 21:42:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm

[2010/04/20 21:42:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm

[2010/04/25 15:34:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm

[2010/04/25 15:34:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm

[2010/04/25 19:02:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm

[2010/04/25 19:02:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm

[2010/05/02 20:12:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm

[2010/05/02 20:12:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm

[2010/05/03 19:12:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm

[2010/05/03 19:12:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm

[2010/05/23 15:03:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm

[2010/05/23 15:03:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm

[2010/05/23 18:43:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm

[2010/05/23 18:43:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm

[2010/05/30 13:23:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm

[2010/05/30 13:23:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm

[2010/05/29 01:03:52 | 000,000,216 | -HS- | M] () -- C:\boot.ini

[2009/03/15 23:10:34 | 000,250,048 | RHS- | M] () -- C:\ntldr

 

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

 

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]

 

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

 

[color=#A23BEC]< %systemroot%\System32\config\*.sav  >[/color]

[2010/05/29 00:57:38 | 030,146,560 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2010/05/29 00:57:38 | 000,524,288 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2010/05/27 23:06:02 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav

[2010/05/29 00:57:38 | 007,602,176 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

 

[color=#A23BEC]< %systemroot%\system32\user32.dll /md5 >[/color]

[2008/04/14 05:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

 

[color=#A23BEC]< %systemroot%\system32\ws2_32.dll /md5 >[/color]

[2008/04/14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< End of report >
AND,HERE IS THE EXTRAS.TXT
OTL Extras logfile created on: 6/6/2010 00:42:53 - Run 1

OTL by OldTimer - Version 3.2.5.3	 Folder = Z:\Utilities

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: M/d/yyyy

 

759.00 Mb Total Physical Memory | 460.00 Mb Available Physical Memory | 61.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 81.00% Paging File free

Paging file location(s): D:\pagefile.sys 1140 2280C:\pagefile.sys 2 2 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 12.31 Gb Total Space | 3.56 Gb Free Space | 28.92% Space Free | Partition Type: FAT32

Drive D: | 12.49 Gb Total Space | 6.82 Gb Free Space | 54.62% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive X: | 48.83 Gb Total Space | 1.25 Gb Free Space | 2.55% Space Free | Partition Type: NTFS

Drive Y: | 48.83 Gb Total Space | 0.91 Gb Free Space | 1.86% Space Free | Partition Type: NTFS

Drive Z: | 51.39 Gb Total Space | 0.98 Gb Free Space | 1.90% Space Free | Partition Type: NTFS

 

Computer Name: TITAN

Current User Name: Admin

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

 

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

 

 

[color=#E56717]========== File Associations ==========[/color]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

[color=#E56717]========== Shell Spawning ==========[/color]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Lock folder with Folder Lock] -- X:\Folder Lock\Folder Lock.exe %1 (NewSoftwares.net Inc.)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[color=#E56717]========== Security Center Settings ==========[/color]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

 

[color=#E56717]========== Authorized Applications List ==========[/color]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Sunbelt Software\Personal Firewall\KPF4GUI.EXE" = C:\Program Files\Sunbelt Software\Personal Firewall\KPF4GUI.EXE:*:Enabled:Sunbelt Firewall GUI -- File not found

"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

"F:\.System\S-1-6-21-2434476501-1644491937-600003330-1213\Autorun.exe" = F:\.System\S-1-6-21-2434476501-1644491937-600003330-1213\Autorun.exe:*:Enabled:wins32 -- File not found

"G:\.System\S-1-6-21-2434476501-1644491937-600003330-1213\Autorun.exe" = G:\.System\S-1-6-21-2434476501-1644491937-600003330-1213\Autorun.exe:*:Enabled:wins32 -- File not found

 

 

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{095C4517-3E7A-4C70-A981-7146CFAD4D39}" = Dual Mode Digital Camera 3.0M

"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English

"{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}" = PC Connectivity Solution

"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86

"{2C9241DC-E141-4BB9-99F2-0BC54D81862F}" = Smart Start UP

"{3134052E-B1F0-465C-B320-5042095B1033}" = Nero 7 Essentials

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{48A4D5B9-0439-4731-9C2C-292AB9CDC54A}" = Filseclab Personal Firewall

"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger

"{51C91B84-7B46-4FE7-8999-8228CFA75F89}" = Intel(R) Integrated Performance Primitives RTI 4.0

"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help

"{7148F0A8-6813-11D6-A77B-00B0D0142110}" = Java 2 Runtime Environment, SE v1.4.2_11

"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.2.0.52

"{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}" = Ad-Aware SE Personal

"{8398B542-3CC4-44D9-83DF-696CCE70124B}" = Windows Support Tools

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = Realtek RTL8139/810x Fast Ethernet NIC Driver Setup

"{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Application Accelerator

"{9B5FE330-0E0C-4CE2-BD96-303E4E9827CE}" = TATA Indicom Dialer

"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer

"{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}" = Nokia PC Suite

"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch

"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch

"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant

"{B0C0F5E6-10B1-11D6-9296-0050BA073EEC}" = Presto! VideoWorks 6 (VCD Version)

"{B6C1C65F-EE1C-4E45-8112-422693F22FD4}" = Diskeeper Professional Premier Edition

"{BDD8B3C0-0877-418D-ACC9-2AB0064B901A}" = Presto! Mr. Photo 3

"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver

"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3

"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English

"{D642ACC5-F7E9-48F3-A7EE-B49C5447A10E}" = Samsung PC Studio 3

"{D9CDB463-BB48-4B80-B1B6-5B940A4621E0}" = AutoStreamer

"{DA82F00E-7294-40E7-B7A6-60B4C16C605E}" = Visual Studio.NET Baseline - English

"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F18E394A-385B-41CB-9E47-09C07A0B78CC}_is1" = VirtualDub Mod v1.5.10.2 b2542

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"{FEE895F1-0A64-4FFA-B802-54E6239EA8D5}" = AHD Subtitles Maker Pro

"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd  (10/12/2007 6.85.4.0)

"7-Zip" = 7-Zip 4.65

"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows Driver Package - Nokia Modem  (05/22/2008 7.00.0.1)

"Adobe Acrobat 5.0" = Adobe Acrobat 4.0, 5.0

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Advanced ZIP Password Recovery" = Advanced ZIP Password Recovery

"AllToAVI" = AllToAVI v4 r5394

"Audio Editor Gold_is1" = Audio Editor Gold v7.4.2.10

"avast!" = avast! Antivirus

"Belarc Advisor 2.0" = Belarc Advisor 7.2

"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem  (05/22/2008 3.8)

"CCleaner" = CCleaner (remove only)

"COM Explorer" = COM Explorer

"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)

"Energy_Manager_4.0" = QMS Admin 6.0

"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20

"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.8.0

"Free RM to MP3 Converter_is1" = Free RM to MP3 Converter 1.12

"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16

"HijackThis" = HijackThis 2.0.2

"ImTOO Video Editor" = ImTOO Video Editor

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.7.5

"Kundli 5.0_is1" = Kundli 5.0

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft SQL Server 2000" = Microsoft SQL Server 2000

"MIDI MP3 Converter_is1" = MIDI MP3 Converter 4.10

"MKVtoolnix" = MKVtoolnix 3.2.0

"Mozilla Firefox (3.0)" = Mozilla Firefox (3.0)

"Nokia PC Suite" = Nokia PC Suite

"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter

"Product_Name" = QMS Token Gen

"QuickTime" = QuickTime

"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set

"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software

"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

"Super Mario 3 : Mario Forever" = Super Mario 3 : Mario Forever

"True DBGrid Pro 6.0" = APEX True DBGrid Pro 6.0

"WebPost" = Microsoft Web Publishing Wizard 1.53

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR archiver

"WinZip" = WinZip

"WordWeb" = WordWeb Pro

 

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

 

[ Antivirus Events ]

Error - 6/28/2008 13:43:57 | Computer Name = TITAN | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

 Y:\DESKTOP\AIORS2.exe failed, 0000001E.  

 

Error - 8/5/2009 13:33:27 | Computer Name = TITAN | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

 Y:\DESKTOP\AIORS2.exe failed, 0000001E.  

 

Error - 8/19/2009 14:11:00 | Computer Name = TITAN | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

 Y:\DESKTOP\AIORS2.exe failed, 0000001E.  

 

Error - 8/19/2009 15:13:18 | Computer Name = TITAN | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

 Y:\DESKTOP\AIORS2.exe failed, 0000001E.  

 

Error - 12/6/2009 10:05:18 | Computer Name = TITAN | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

 Y:\DESKTOP\Wallpapers\City Night Scenes Wallpapers\City Night Scenes Wallpapers

 27.jpg failed, 0000001E.  

 

Error - 12/17/2009 15:02:27 | Computer Name = TITAN | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

 Y:\DESKTOP\AIORS2.exe failed, 0000001E.  

 

Error - 1/1/2010 13:56:13 | Computer Name = TITAN | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

 Y:\DESKTOP\AIORS2.exe failed, 0000001E.  

 

Error - 1/4/2010 12:58:48 | Computer Name = TITAN | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

 Y:\DESKTOP\AIORS2.exe failed, 0000001E.  

 

Error - 1/25/2010 13:16:34 | Computer Name = TITAN | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

 Y:\DESKTOP\AIORS2.exe failed, 0000001E.  

 

Error - 2/4/2010 16:02:09 | Computer Name = TITAN | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

 Y:\DESKTOP\AIORS2.exe failed, 0000001E.  

 

 

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

 

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 

< End of report >

  • 0

#6
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Download ComboFix from one of these locations:


Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#7
satish_j

satish_j

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks for your time...iam going to format my system and start afresh..
Downloading(even simple browsing)from web WITH ANTIVIRUS DISABLED doesn't seem appropriate to me..
  • 0

#8
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP