Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Win7 Virus/Malware

Started by Husainfive , May 06 2011 11:07 AM

Page 3 of 5
1
2
3
4
5

This topic is locked

#31
Essexboy

Posted 07 May 2011 - 02:46 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi did you e-mail that to yourself ? OTLPE has a browser as part of the reatogo desktop - you could have used that to post the log here.. I had to reformat the log to make sense, plus I removed your e-mail address - don't want the spammers to get it

Start OTLPE as you did previously from CD

Download this fix.txt [attachment=49868:fix.txt]
Start OTLPE
Drag and drop fix.txt into the Custom scans and fixes box
If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done to normal mode if possible
Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

#32
Husainfive

Posted 08 May 2011 - 12:04 AM

Member

Topic Starter
Member
59 posts

Hey coach,

Having problems following your instructions.

First of all the sick machine has the OLTPE desktop from the last use. Do I need to shut it down and restart? I just cut and pasted your fix in the Custom area and clicked the RUN FIX button it took about 1 second and said everything ran well. I shut down and restarted using the CD and we are back to the OLTPE desktop. Now what?

These 2 lines
Let the program run unhindered, reboot when it is done to normal mode if possible

•Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

When am I supposed to NOT check the boxes? Am I to uncheck the 2 boxes and then run the RUN FIX? and then how do we reboot to normal mode?

A little confused.

Thanks

#33
Essexboy

Posted 08 May 2011 - 04:43 AM

GeekU Moderator

Retired Staff
69,964 posts

Once the fix has run remove the cd from the drive and reboot to normal windows please

#34
Husainfive

Posted 08 May 2011 - 07:12 AM

Member

Topic Starter
Member
59 posts

I took out the CD and booted normally but I got the same message as before. I went through both the options of starting normally and the other one of repair. No change.

One more thing. With OLTPE browser I cannot access Yahoo mail. It says to set the ActiveX setting to enable. It was already set to that so no mail access.

#35
Essexboy

Posted 08 May 2011 - 07:17 AM

GeekU Moderator

Retired Staff
69,964 posts

Could you run a fresh OTL scan for me please - from the OTLPE disc

#36
Husainfive

Posted 08 May 2011 - 07:30 AM

Member

Topic Starter
Member
59 posts

Should I leave these 2 boxes checked or unchecked?

"don't check the boxes beside LOP Check or Purity this time"

#37
Essexboy

Posted 08 May 2011 - 07:31 AM

GeekU Moderator

Retired Staff
69,964 posts

Unchecked please

#38
Husainfive

Posted 08 May 2011 - 08:18 AM

Member

Topic Starter
Member
59 posts

OTL logfile created on: 5/8/2011 2:34:28 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Windows 7 Ultimate (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 43.74 Gb Free Space | 34.18% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/12/07 11:51:18 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc)
SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/05/26 17:08:12 | 000,689,392 | ---- | M] (Radialpoint Inc.) [Auto] -- C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe -- (ServicepointService)
SRV - [2010/04/28 03:01:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/22 09:17:22 | 000,191,080 | ---- | M] (NVIDIA) [Auto] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2009/11/06 13:24:52 | 000,195,176 | ---- | M] (NVIDIA) [Auto] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/10/28 18:59:46 | 000,057,344 | ---- | M] () [Disabled] -- C:\Program Files\Informatica Secure Agent\infaagent.exe -- (InformaticaSecureAgent)
SRV - [2009/10/05 14:34:05 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/06 08:59:38 | 000,020,480 | ---- | M] (AG Interactive) [Disabled] -- C:\Program Files\AGI\core\3.1\AGCoreService.exe -- (AGCoreService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System] -- -- (MpKslee12eba3)
DRV - File not found [Kernel | System] -- -- (MpKsle82dad8a)
DRV - File not found [Kernel | System] -- -- (MpKsle57923cc)
DRV - File not found [Kernel | System] -- -- (MpKsldb945e53)
DRV - File not found [Kernel | System] -- -- (MpKslca118353)
DRV - File not found [Kernel | System] -- -- (MpKslbe2b482b)
DRV - File not found [Kernel | System] -- -- (MpKslbc921dfc)
DRV - File not found [Kernel | System] -- -- (MpKsla371056c)
DRV - File not found [Kernel | System] -- -- (MpKsl7b93acc7)
DRV - File not found [Kernel | System] -- -- (MpKsl72ef5bdd)
DRV - File not found [Kernel | System] -- -- (MpKsl6de98b42)
DRV - File not found [Kernel | System] -- -- (MpKsl68afc5f9)
DRV - File not found [Kernel | System] -- -- (MpKsl600e6028)
DRV - File not found [Kernel | System] -- -- (MpKsl5d09ede9)
DRV - File not found [Kernel | System] -- -- (MpKsl54c80171)
DRV - File not found [Kernel | System] -- -- (MpKsl51dba0ce)
DRV - File not found [Kernel | System] -- -- (MpKsl4dd55a5e)
DRV - File not found [Kernel | System] -- -- (MpKsl4b2a0e3b)
DRV - File not found [Kernel | System] -- -- (MpKsl369fa31d)
DRV - File not found [Kernel | System] -- -- (MpKsl25d777f1)
DRV - [2011/05/06 17:58:20 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E62C4551-5936-40BC-B2EA-6D575B0954D8}\MpKsl4c2d2107.sys -- (MpKsl4c2d2107)
DRV - [2011/05/06 17:07:23 | 000,153,680 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\pci.sys -- (pci)
DRV - [2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 13:13:09 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/09/15 14:59:28 | 000,038,248 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvoclock.sys -- (nvoclock)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2006/10/09 21:55:00 | 004,428,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Shahid_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\Shahid_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.my.yahoo.com/
IE - HKU\Shahid_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKU\Shahid_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Shahid_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 5D AB 19 2C 44 CA 01 [binary data]
IE - HKU\Shahid_ON_C\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\Shahid_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\Shahid_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Shahid_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: ([2009/10/05 14:42:58 | 000,001,306 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O7 - HKU\Shahid_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\Shahid_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\Shahid_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\Shahid_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\Shahid_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/07 22:46:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/06 18:03:10 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/05/06 18:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/05/06 18:03:09 | 000,307,288 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/05/06 18:03:06 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/05/06 18:03:05 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/06 18:03:05 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/05/06 18:03:04 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/05/06 18:02:08 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/06 18:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/06 17:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/05/01 09:42:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\ElevatedDiagnostics
[2011/04/24 07:43:06 | 000,000,000 | ---D | C] -- C:\Users\Shahid\Desktop\Desi Variety
[2011/04/17 22:05:36 | 000,000,000 | ---D | C] -- C:\Users\Shahid\Desktop\Ali Shakir
[2011/04/14 19:45:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/14 19:45:38 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/14 19:45:37 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/14 19:44:51 | 002,331,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/14 19:44:46 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011/04/14 19:44:40 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/04/14 19:44:28 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/14 19:44:27 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/12 19:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/04/09 18:34:15 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/04/09 18:34:15 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/04/09 18:34:14 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/04/09 18:34:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/09 18:34:14 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/09 18:34:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/09 18:34:13 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/04/09 18:34:13 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/04/09 18:34:13 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/09 18:34:13 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/04/09 18:34:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/04/09 18:34:13 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/09 18:34:12 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/09 18:34:12 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/04/09 18:34:12 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/04/09 18:34:11 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/04/09 18:34:11 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/04/09 18:34:11 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/09 18:34:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/04/09 18:34:11 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/09 18:34:11 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/09 18:34:11 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/09 18:34:10 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/09 18:34:10 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/09 18:34:10 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/09 18:34:10 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/04/09 18:34:10 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/04/09 18:34:10 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/04/09 18:34:10 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/09 18:34:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/09 18:34:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/09 18:34:09 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/04/09 18:34:08 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/04/09 18:34:08 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/04/09 18:34:08 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/04/09 18:34:07 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/04/09 18:34:07 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/09 18:34:07 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/09 18:34:07 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

========== Files - Modified Within 30 Days ==========

[2011/05/08 16:57:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/07 15:37:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/05/07 08:25:31 | 1602,859,008 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/06 19:37:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/06 18:04:02 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/06 18:04:02 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/06 18:03:10 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/06 18:03:04 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/06 17:58:30 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/06 17:07:23 | 000,153,680 | ---- | M] () -- C:\Windows\System32\drivers\pci.sys
[2011/05/06 10:18:05 | 009,496,576 | ---- | M] () -- C:\Users\Shahid\Desktop\Clever and creative billboard ads.pps
[2011/05/06 10:12:21 | 005,533,696 | ---- | M] () -- C:\Users\Shahid\Desktop\Greece 3.pps
[2011/05/05 09:01:29 | 005,131,776 | ---- | M] () -- C:\Users\Shahid\Documents\Scotland.pps
[2011/05/04 18:06:00 | 002,148,721 | ---- | M] () -- C:\Users\Shahid\Desktop\The Dirty Little Kindle Book of Sex Quotes.PDF
[2011/05/04 16:17:20 | 000,001,106 | ---- | M] () -- C:\Users\Shahid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
[2011/05/03 15:47:34 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/05/01 09:55:54 | 000,628,944 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/01 09:55:54 | 000,108,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/29 10:49:29 | 006,707,712 | ---- | M] () -- C:\Users\Shahid\Documents\Greece 2.pps
[2011/04/29 08:53:53 | 197,922,904 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/26 09:33:16 | 003,379,712 | ---- | M] () -- C:\Users\Shahid\Documents\Norway.pps
[2011/04/23 10:01:07 | 003,728,565 | ---- | M] () -- C:\Users\Shahid\Desktop\03 Track 3.wma
[2011/04/22 03:02:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/04/21 19:37:32 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2011/04/18 13:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/04/18 13:13:09 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/04/16 08:46:51 | 018,125,824 | ---- | M] () -- C:\Users\Shahid\Documents\Edwin Lord.pps
[2011/04/15 08:14:18 | 004,594,176 | ---- | M] () -- C:\Users\Shahid\Documents\Dolmabahce Palace.pps
[2011/04/15 07:41:58 | 004,902,912 | ---- | M] () -- C:\Users\Shahid\Documents\Fatima Bhtto.pps
[2011/04/15 06:22:31 | 002,339,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/09 18:41:10 | 000,001,407 | ---- | M] () -- C:\Users\Shahid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/09 18:34:15 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/04/09 18:34:15 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/04/09 18:34:14 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/04/09 18:34:14 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/09 18:34:14 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/09 18:34:14 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/09 18:34:13 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/09 18:34:13 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/04/09 18:34:13 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/04/09 18:34:13 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/09 18:34:13 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/04/09 18:34:13 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/04/09 18:34:12 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/09 18:34:12 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/04/09 18:34:12 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/04/09 18:34:11 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/04/09 18:34:11 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/09 18:34:11 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/04/09 18:34:11 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/09 18:34:11 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/04/09 18:34:11 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/09 18:34:11 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/09 18:34:11 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/04/09 18:34:11 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/09 18:34:10 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/09 18:34:10 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/09 18:34:10 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/04/09 18:34:10 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/04/09 18:34:10 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/04/09 18:34:10 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/09 18:34:09 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/09 18:34:09 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/09 18:34:09 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/04/09 18:34:09 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/04/09 18:34:08 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/04/09 18:34:08 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/04/09 18:34:08 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/04/09 18:34:07 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/09 18:34:07 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/09 18:34:07 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

========== Files Created - No Company Name ==========

[2011/05/06 18:03:10 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/06 09:13:00 | 005,533,696 | ---- | C] () -- C:\Users\Shahid\Desktop\Greece 3.pps
[2011/05/06 08:39:00 | 009,496,576 | ---- | C] () -- C:\Users\Shahid\Desktop\Clever and creative billboard ads.pps
[2011/05/05 07:50:00 | 005,131,776 | ---- | C] () -- C:\Users\Shahid\Documents\Scotland.pps
[2011/05/04 18:06:00 | 002,148,721 | ---- | C] () -- C:\Users\Shahid\Desktop\The Dirty Little Kindle Book of Sex Quotes.PDF
[2011/04/29 10:41:59 | 006,707,712 | ---- | C] () -- C:\Users\Shahid\Documents\Greece 2.pps
[2011/04/24 16:01:53 | 003,728,565 | ---- | C] () -- C:\Users\Shahid\Desktop\03 Track 3.wma
[2011/04/16 07:57:00 | 018,125,824 | ---- | C] () -- C:\Users\Shahid\Documents\Edwin Lord.pps
[2011/04/16 07:54:00 | 003,379,712 | ---- | C] () -- C:\Users\Shahid\Documents\Norway.pps
[2011/04/15 07:59:00 | 004,594,176 | ---- | C] () -- C:\Users\Shahid\Documents\Dolmabahce Palace.pps
[2011/04/15 07:40:00 | 004,902,912 | ---- | C] () -- C:\Users\Shahid\Documents\Fatima Bhtto.pps
[2011/04/09 18:34:11 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/03/23 09:23:00 | 000,000,120 | ---- | C] () -- C:\Users\Shahid\AppData\Local\Qkusapev.dat
[2011/03/23 09:23:00 | 000,000,000 | ---- | C] () -- C:\Users\Shahid\AppData\Local\Ikuvamecusur.bin
[2010/11/08 09:16:46 | 000,003,584 | ---- | C] () -- C:\Users\Shahid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/20 10:00:27 | 000,007,625 | ---- | C] () -- C:\Users\Shahid\AppData\Local\Resmon.ResmonCfg
[2010/07/20 20:43:47 | 127,611,835 | ---- | C] () -- C:\Windows\System32\xa4152933.exe
[2010/07/20 20:43:42 | 127,611,835 | ---- | C] () -- C:\Windows\System32\xa4148050.exe
[2010/07/20 20:35:32 | 127,611,835 | ---- | C] () -- C:\Windows\System32\xa3658005.exe
[2010/07/20 20:35:27 | 127,611,835 | ---- | C] () -- C:\Windows\System32\xa3653325.exe
[2009/12/15 12:23:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/10 11:22:25 | 000,000,332 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/11/03 17:59:00 | 000,000,043 | ---- | C] () -- C:\Windows\FFS20ChtReg.ini
[2009/08/31 14:00:22 | 000,021,504 | ---- | C] () -- C:\Windows\System32\WBCustomizer.dll
[2009/08/31 14:00:21 | 000,185,344 | ---- | C] () -- C:\Windows\System32\MemWarp.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 002,339,104 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,628,944 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,108,160 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 19:11:17 | 000,153,680 | ---- | C] () -- C:\Windows\System32\drivers\pci.sys
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 1068 bytes -> C:\ProgramData\TEMP:CFAFAA98
< End of report >

#39
Essexboy

Posted 08 May 2011 - 09:12 AM

GeekU Moderator

Retired Staff
69,964 posts

I must admit at the moment I can see no reason for the non start

I would like to check out one file which looks suspect so that I can replace it with a fresh copy

Run OTLPE and in the custom scans box paste the following and then run the quick scan

/md5start
pci.*
/md5stop

#40
Husainfive

Posted 08 May 2011 - 09:51 AM

Member

Topic Starter
Member
59 posts

OTL logfile created on: 5/8/2011 4:26:11 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Windows 7 Ultimate (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 43.74 Gb Free Space | 34.18% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/12/07 11:51:18 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc)
SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/05/26 17:08:12 | 000,689,392 | ---- | M] (Radialpoint Inc.) [Auto] -- C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe -- (ServicepointService)
SRV - [2010/04/28 03:01:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/22 09:17:22 | 000,191,080 | ---- | M] (NVIDIA) [Auto] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2009/11/06 13:24:52 | 000,195,176 | ---- | M] (NVIDIA) [Auto] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/10/28 18:59:46 | 000,057,344 | ---- | M] () [Disabled] -- C:\Program Files\Informatica Secure Agent\infaagent.exe -- (InformaticaSecureAgent)
SRV - [2009/10/05 14:34:05 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/06 08:59:38 | 000,020,480 | ---- | M] (AG Interactive) [Disabled] -- C:\Program Files\AGI\core\3.1\AGCoreService.exe -- (AGCoreService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System] -- -- (MpKslee12eba3)
DRV - File not found [Kernel | System] -- -- (MpKsle82dad8a)
DRV - File not found [Kernel | System] -- -- (MpKsle57923cc)
DRV - File not found [Kernel | System] -- -- (MpKsldb945e53)
DRV - File not found [Kernel | System] -- -- (MpKslca118353)
DRV - File not found [Kernel | System] -- -- (MpKslbe2b482b)
DRV - File not found [Kernel | System] -- -- (MpKslbc921dfc)
DRV - File not found [Kernel | System] -- -- (MpKsla371056c)
DRV - File not found [Kernel | System] -- -- (MpKsl7b93acc7)
DRV - File not found [Kernel | System] -- -- (MpKsl72ef5bdd)
DRV - File not found [Kernel | System] -- -- (MpKsl6de98b42)
DRV - File not found [Kernel | System] -- -- (MpKsl68afc5f9)
DRV - File not found [Kernel | System] -- -- (MpKsl600e6028)
DRV - File not found [Kernel | System] -- -- (MpKsl5d09ede9)
DRV - File not found [Kernel | System] -- -- (MpKsl54c80171)
DRV - File not found [Kernel | System] -- -- (MpKsl51dba0ce)
DRV - File not found [Kernel | System] -- -- (MpKsl4dd55a5e)
DRV - File not found [Kernel | System] -- -- (MpKsl4b2a0e3b)
DRV - File not found [Kernel | System] -- -- (MpKsl369fa31d)
DRV - File not found [Kernel | System] -- -- (MpKsl25d777f1)
DRV - [2011/05/06 17:58:20 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E62C4551-5936-40BC-B2EA-6D575B0954D8}\MpKsl4c2d2107.sys -- (MpKsl4c2d2107)
DRV - [2011/05/06 17:07:23 | 000,153,680 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\pci.sys -- (pci)
DRV - [2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 13:13:09 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/09/15 14:59:28 | 000,038,248 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvoclock.sys -- (nvoclock)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2006/10/09 21:55:00 | 004,428,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Shahid_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\Shahid_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.my.yahoo.com/
IE - HKU\Shahid_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKU\Shahid_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Shahid_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 5D AB 19 2C 44 CA 01 [binary data]
IE - HKU\Shahid_ON_C\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\Shahid_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\Shahid_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Shahid_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: ([2009/10/05 14:42:58 | 000,001,306 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Shahid\Start Menu\Programs\Startup\Webshots.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O7 - HKU\Shahid_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\Shahid_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\Shahid_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\Shahid_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\Shahid_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/07 22:46:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/06 18:03:10 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/05/06 18:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/05/06 18:03:09 | 000,307,288 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/05/06 18:03:06 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/05/06 18:03:05 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/06 18:03:05 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/05/06 18:03:04 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/05/06 18:02:08 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/06 18:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/06 17:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/05/01 09:42:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\ElevatedDiagnostics
[2011/04/24 07:43:06 | 000,000,000 | ---D | C] -- C:\Users\Shahid\Desktop\Desi Variety
[2011/04/17 22:05:36 | 000,000,000 | ---D | C] -- C:\Users\Shahid\Desktop\Ali Shakir
[2011/04/12 19:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

========== Files - Modified Within 30 Days ==========

[2011/05/08 16:57:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/07 15:37:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/05/07 08:25:31 | 1602,859,008 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/06 19:37:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/06 18:04:02 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/06 18:04:02 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/06 18:03:10 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/06 18:03:04 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/06 17:58:30 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/06 17:07:23 | 000,153,680 | ---- | M] () -- C:\Windows\System32\drivers\pci.sys
[2011/05/06 10:18:05 | 009,496,576 | ---- | M] () -- C:\Users\Shahid\Desktop\Clever and creative billboard ads.pps
[2011/05/06 10:12:21 | 005,533,696 | ---- | M] () -- C:\Users\Shahid\Desktop\Greece 3.pps
[2011/05/05 09:01:29 | 005,131,776 | ---- | M] () -- C:\Users\Shahid\Documents\Scotland.pps
[2011/05/04 18:06:00 | 002,148,721 | ---- | M] () -- C:\Users\Shahid\Desktop\The Dirty Little Kindle Book of Sex Quotes.PDF
[2011/05/04 16:17:20 | 000,001,106 | ---- | M] () -- C:\Users\Shahid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
[2011/05/03 15:47:34 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/05/01 09:55:54 | 000,628,944 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/01 09:55:54 | 000,108,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/29 10:49:29 | 006,707,712 | ---- | M] () -- C:\Users\Shahid\Documents\Greece 2.pps
[2011/04/29 08:53:53 | 197,922,904 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/26 09:33:16 | 003,379,712 | ---- | M] () -- C:\Users\Shahid\Documents\Norway.pps
[2011/04/23 10:01:07 | 003,728,565 | ---- | M] () -- C:\Users\Shahid\Desktop\03 Track 3.wma
[2011/04/22 03:02:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/04/21 19:37:32 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2011/04/18 13:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/04/18 13:13:09 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/04/16 08:46:51 | 018,125,824 | ---- | M] () -- C:\Users\Shahid\Documents\Edwin Lord.pps
[2011/04/15 08:14:18 | 004,594,176 | ---- | M] () -- C:\Users\Shahid\Documents\Dolmabahce Palace.pps
[2011/04/15 07:41:58 | 004,902,912 | ---- | M] () -- C:\Users\Shahid\Documents\Fatima Bhtto.pps
[2011/04/15 06:22:31 | 002,339,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/09 18:41:10 | 000,001,407 | ---- | M] () -- C:\Users\Shahid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/09 18:34:11 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

========== Files Created - No Company Name ==========

[2011/05/06 18:03:10 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/06 09:13:00 | 005,533,696 | ---- | C] () -- C:\Users\Shahid\Desktop\Greece 3.pps
[2011/05/06 08:39:00 | 009,496,576 | ---- | C] () -- C:\Users\Shahid\Desktop\Clever and creative billboard ads.pps
[2011/05/05 07:50:00 | 005,131,776 | ---- | C] () -- C:\Users\Shahid\Documents\Scotland.pps
[2011/05/04 18:06:00 | 002,148,721 | ---- | C] () -- C:\Users\Shahid\Desktop\The Dirty Little Kindle Book of Sex Quotes.PDF
[2011/04/29 10:41:59 | 006,707,712 | ---- | C] () -- C:\Users\Shahid\Documents\Greece 2.pps
[2011/04/24 16:01:53 | 003,728,565 | ---- | C] () -- C:\Users\Shahid\Desktop\03 Track 3.wma
[2011/04/16 07:57:00 | 018,125,824 | ---- | C] () -- C:\Users\Shahid\Documents\Edwin Lord.pps
[2011/04/16 07:54:00 | 003,379,712 | ---- | C] () -- C:\Users\Shahid\Documents\Norway.pps
[2011/04/15 07:59:00 | 004,594,176 | ---- | C] () -- C:\Users\Shahid\Documents\Dolmabahce Palace.pps
[2011/04/15 07:40:00 | 004,902,912 | ---- | C] () -- C:\Users\Shahid\Documents\Fatima Bhtto.pps
[2011/04/09 18:34:11 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/03/23 09:23:00 | 000,000,120 | ---- | C] () -- C:\Users\Shahid\AppData\Local\Qkusapev.dat
[2011/03/23 09:23:00 | 000,000,000 | ---- | C] () -- C:\Users\Shahid\AppData\Local\Ikuvamecusur.bin
[2010/11/08 09:16:46 | 000,003,584 | ---- | C] () -- C:\Users\Shahid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/20 10:00:27 | 000,007,625 | ---- | C] () -- C:\Users\Shahid\AppData\Local\Resmon.ResmonCfg
[2010/07/20 20:43:47 | 127,611,835 | ---- | C] () -- C:\Windows\System32\xa4152933.exe
[2010/07/20 20:43:42 | 127,611,835 | ---- | C] () -- C:\Windows\System32\xa4148050.exe
[2010/07/20 20:35:32 | 127,611,835 | ---- | C] () -- C:\Windows\System32\xa3658005.exe
[2010/07/20 20:35:27 | 127,611,835 | ---- | C] () -- C:\Windows\System32\xa3653325.exe
[2009/12/15 12:23:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/10 11:22:25 | 000,000,332 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/11/03 17:59:00 | 000,000,043 | ---- | C] () -- C:\Windows\FFS20ChtReg.ini
[2009/08/31 14:00:22 | 000,021,504 | ---- | C] () -- C:\Windows\System32\WBCustomizer.dll
[2009/08/31 14:00:21 | 000,185,344 | ---- | C] () -- C:\Windows\System32\MemWarp.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 002,339,104 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,628,944 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,108,160 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 19:11:17 | 000,153,680 | ---- | C] () -- C:\Windows\System32\drivers\pci.sys
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2009/10/03 13:30:19 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\AGI
[2010/09/17 08:36:15 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\AstoundStereoExpander
[2011/01/13 11:20:07 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\Audacity
[2010/04/14 19:53:04 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\AVG9
[2010/09/29 22:51:42 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\BitTorrent
[2010/06/22 12:14:41 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\Christofer Persson
[2011/05/06 17:54:00 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\COWON
[2011/05/06 17:57:58 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\Dropbox
[2010/09/08 09:53:21 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\GetRightToGo
[2011/03/19 14:43:37 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\ImgBurn
[2010/08/17 12:36:44 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\Mask Pro 4.0
[2010/10/15 08:49:20 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\Moyea
[2010/09/29 22:08:03 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\NeatImage PS
[2010/09/29 21:58:03 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\NeatImage SL
[2011/05/06 08:58:28 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\onOne Software
[2010/07/17 09:26:58 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\Rogers Online Protection
[2011/01/11 15:00:09 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\salesforce.com
[2011/02/16 15:57:25 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\SMART Technologies
[2009/10/03 13:30:31 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\Temp
[2010/09/30 12:57:00 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\webex
[2009/10/03 13:30:46 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\Webshots
[2009/10/03 13:30:15 | 000,000,000 | ---D | M] -- C:\ProgramData\agi
[2010/10/18 21:22:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Alwil Software
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2009/12/15 13:58:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Applications
[2011/05/06 17:38:57 | 000,000,000 | ---D | M] -- C:\ProgramData\AVAST Software
[2010/05/28 09:52:26 | 000,000,000 | ---D | M] -- C:\ProgramData\avg9
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/01/12 16:42:44 | 000,000,000 | ---D | M] -- C:\ProgramData\onOne Software
[2011/01/28 08:03:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Radialpoint
[2010/07/17 09:26:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Rogers Online Protection
[2010/08/10 07:25:45 | 000,000,000 | ---D | M] -- C:\ProgramData\SpeedBit
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/09/17 08:36:15 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/09/30 13:56:19 | 000,000,000 | ---D | M] -- C:\ProgramData\WebEx
[2010/10/14 15:15:46 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/15 15:41:41 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/04/09 08:00:12 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< md5start >

< pci.* >

< /md5stop >
Invalid Switch: md5stop

========== Alternate Data Streams ==========

@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 1068 bytes -> C:\ProgramData\TEMP:CFAFAA98

< End of report >

#41
Essexboy

Posted 08 May 2011 - 10:02 AM

GeekU Moderator

Retired Staff
69,964 posts

Could you rerun please as you missed the first backslash for md5

/md5start
pci.*
/md5stop

#42
Husainfive

Posted 08 May 2011 - 10:30 AM

Member

Topic Starter
Member
59 posts

Not sure what is happening but now in OLTPE I do not see WINDOWS under C drive. There is an old Windows Old still there normally it used to show 2 Windows folders. Just for your info. I will reboot from the CD and see maybe that will cure it.

#43
Essexboy

Posted 08 May 2011 - 10:32 AM

GeekU Moderator

Retired Staff
69,964 posts

Hmm that is weird - how old is the hard drive on that system ?

#44
Husainfive

Posted 08 May 2011 - 10:54 AM

Member

Topic Starter
Member
59 posts

OTL logfile created on: 5/8/2011 6:41:39 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Windows 7 Ultimate (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 43.74 Gb Free Space | 34.18% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/12/07 11:51:18 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc)
SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/05/26 17:08:12 | 000,689,392 | ---- | M] (Radialpoint Inc.) [Auto] -- C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe -- (ServicepointService)
SRV - [2010/04/28 03:01:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/22 09:17:22 | 000,191,080 | ---- | M] (NVIDIA) [Auto] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2009/11/06 13:24:52 | 000,195,176 | ---- | M] (NVIDIA) [Auto] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/10/28 18:59:46 | 000,057,344 | ---- | M] () [Disabled] -- C:\Program Files\Informatica Secure Agent\infaagent.exe -- (InformaticaSecureAgent)
SRV - [2009/10/05 14:34:05 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/06 08:59:38 | 000,020,480 | ---- | M] (AG Interactive) [Disabled] -- C:\Program Files\AGI\core\3.1\AGCoreService.exe -- (AGCoreService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System] -- -- (MpKslee12eba3)
DRV - File not found [Kernel | System] -- -- (MpKsle82dad8a)
DRV - File not found [Kernel | System] -- -- (MpKsle57923cc)
DRV - File not found [Kernel | System] -- -- (MpKsldb945e53)
DRV - File not found [Kernel | System] -- -- (MpKslca118353)
DRV - File not found [Kernel | System] -- -- (MpKslbe2b482b)
DRV - File not found [Kernel | System] -- -- (MpKslbc921dfc)
DRV - File not found [Kernel | System] -- -- (MpKsla371056c)
DRV - File not found [Kernel | System] -- -- (MpKsl7b93acc7)
DRV - File not found [Kernel | System] -- -- (MpKsl72ef5bdd)
DRV - File not found [Kernel | System] -- -- (MpKsl6de98b42)
DRV - File not found [Kernel | System] -- -- (MpKsl68afc5f9)
DRV - File not found [Kernel | System] -- -- (MpKsl600e6028)
DRV - File not found [Kernel | System] -- -- (MpKsl5d09ede9)
DRV - File not found [Kernel | System] -- -- (MpKsl54c80171)
DRV - File not found [Kernel | System] -- -- (MpKsl51dba0ce)
DRV - File not found [Kernel | System] -- -- (MpKsl4dd55a5e)
DRV - File not found [Kernel | System] -- -- (MpKsl4b2a0e3b)
DRV - File not found [Kernel | System] -- -- (MpKsl369fa31d)
DRV - File not found [Kernel | System] -- -- (MpKsl25d777f1)
DRV - [2011/05/06 17:58:20 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E62C4551-5936-40BC-B2EA-6D575B0954D8}\MpKsl4c2d2107.sys -- (MpKsl4c2d2107)
DRV - [2011/05/06 17:07:23 | 000,153,680 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\pci.sys -- (pci)
DRV - [2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 13:13:09 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/09/15 14:59:28 | 000,038,248 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvoclock.sys -- (nvoclock)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2006/10/09 21:55:00 | 004,428,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Shahid_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\Shahid_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.my.yahoo.com/
IE - HKU\Shahid_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKU\Shahid_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Shahid_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 5D AB 19 2C 44 CA 01 [binary data]
IE - HKU\Shahid_ON_C\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\Shahid_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\Shahid_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Shahid_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: ([2009/10/05 14:42:58 | 000,001,306 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O7 - HKU\Shahid_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\Shahid_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\Shahid_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\Shahid_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\Shahid_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/07 22:46:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/06 18:03:10 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/05/06 18:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/05/06 18:03:09 | 000,307,288 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/05/06 18:03:06 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/05/06 18:03:05 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/06 18:03:05 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/05/06 18:03:04 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/05/06 18:02:08 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/06 18:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/06 17:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/05/01 09:42:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\ElevatedDiagnostics
[2011/04/24 07:43:06 | 000,000,000 | ---D | C] -- C:\Users\Shahid\Desktop\Desi Variety
[2011/04/17 22:05:36 | 000,000,000 | ---D | C] -- C:\Users\Shahid\Desktop\Ali Shakir
[2011/04/12 19:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

========== Files - Modified Within 30 Days ==========

[2011/05/08 16:57:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/07 15:37:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/05/07 08:25:31 | 1602,859,008 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/06 19:37:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/06 18:04:02 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/06 18:04:02 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/06 18:03:10 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/06 18:03:04 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/06 17:58:30 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/06 17:07:23 | 000,153,680 | ---- | M] () -- C:\Windows\System32\drivers\pci.sys
[2011/05/06 10:18:05 | 009,496,576 | ---- | M] () -- C:\Users\Shahid\Desktop\Clever and creative billboard ads.pps
[2011/05/06 10:12:21 | 005,533,696 | ---- | M] () -- C:\Users\Shahid\Desktop\Greece 3.pps
[2011/05/05 09:01:29 | 005,131,776 | ---- | M] () -- C:\Users\Shahid\Documents\Scotland.pps
[2011/05/04 18:06:00 | 002,148,721 | ---- | M] () -- C:\Users\Shahid\Desktop\The Dirty Little Kindle Book of Sex Quotes.PDF
[2011/05/04 16:17:20 | 000,001,106 | ---- | M] () -- C:\Users\Shahid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
[2011/05/03 15:47:34 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/05/01 09:55:54 | 000,628,944 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/01 09:55:54 | 000,108,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/29 10:49:29 | 006,707,712 | ---- | M] () -- C:\Users\Shahid\Documents\Greece 2.pps
[2011/04/29 08:53:53 | 197,922,904 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/26 09:33:16 | 003,379,712 | ---- | M] () -- C:\Users\Shahid\Documents\Norway.pps
[2011/04/23 10:01:07 | 003,728,565 | ---- | M] () -- C:\Users\Shahid\Desktop\03 Track 3.wma
[2011/04/22 03:02:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/04/21 19:37:32 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2011/04/18 13:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/04/18 13:13:09 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/04/16 08:46:51 | 018,125,824 | ---- | M] () -- C:\Users\Shahid\Documents\Edwin Lord.pps
[2011/04/15 08:14:18 | 004,594,176 | ---- | M] () -- C:\Users\Shahid\Documents\Dolmabahce Palace.pps
[2011/04/15 07:41:58 | 004,902,912 | ---- | M] () -- C:\Users\Shahid\Documents\Fatima Bhtto.pps
[2011/04/15 06:22:31 | 002,339,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/09 18:41:10 | 000,001,407 | ---- | M] () -- C:\Users\Shahid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/09 18:34:11 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

========== Files Created - No Company Name ==========

[2011/05/06 18:03:10 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/06 09:13:00 | 005,533,696 | ---- | C] () -- C:\Users\Shahid\Desktop\Greece 3.pps
[2011/05/06 08:39:00 | 009,496,576 | ---- | C] () -- C:\Users\Shahid\Desktop\Clever and creative billboard ads.pps
[2011/05/05 07:50:00 | 005,131,776 | ---- | C] () -- C:\Users\Shahid\Documents\Scotland.pps
[2011/05/04 18:06:00 | 002,148,721 | ---- | C] () -- C:\Users\Shahid\Desktop\The Dirty Little Kindle Book of Sex Quotes.PDF
[2011/04/29 10:41:59 | 006,707,712 | ---- | C] () -- C:\Users\Shahid\Documents\Greece 2.pps
[2011/04/24 16:01:53 | 003,728,565 | ---- | C] () -- C:\Users\Shahid\Desktop\03 Track 3.wma
[2011/04/16 07:57:00 | 018,125,824 | ---- | C] () -- C:\Users\Shahid\Documents\Edwin Lord.pps
[2011/04/16 07:54:00 | 003,379,712 | ---- | C] () -- C:\Users\Shahid\Documents\Norway.pps
[2011/04/15 07:59:00 | 004,594,176 | ---- | C] () -- C:\Users\Shahid\Documents\Dolmabahce Palace.pps
[2011/04/15 07:40:00 | 004,902,912 | ---- | C] () -- C:\Users\Shahid\Documents\Fatima Bhtto.pps
[2011/04/09 18:34:11 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/03/23 09:23:00 | 000,000,120 | ---- | C] () -- C:\Users\Shahid\AppData\Local\Qkusapev.dat
[2011/03/23 09:23:00 | 000,000,000 | ---- | C] () -- C:\Users\Shahid\AppData\Local\Ikuvamecusur.bin
[2010/11/08 09:16:46 | 000,003,584 | ---- | C] () -- C:\Users\Shahid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/20 10:00:27 | 000,007,625 | ---- | C] () -- C:\Users\Shahid\AppData\Local\Resmon.ResmonCfg
[2010/07/20 20:43:47 | 127,611,835 | ---- | C] () -- C:\Windows\System32\xa4152933.exe
[2010/07/20 20:43:42 | 127,611,835 | ---- | C] () -- C:\Windows\System32\xa4148050.exe
[2010/07/20 20:35:32 | 127,611,835 | ---- | C] () -- C:\Windows\System32\xa3658005.exe
[2010/07/20 20:35:27 | 127,611,835 | ---- | C] () -- C:\Windows\System32\xa3653325.exe
[2009/12/15 12:23:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/10 11:22:25 | 000,000,332 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/11/03 17:59:00 | 000,000,043 | ---- | C] () -- C:\Windows\FFS20ChtReg.ini
[2009/08/31 14:00:22 | 000,021,504 | ---- | C] () -- C:\Windows\System32\WBCustomizer.dll
[2009/08/31 14:00:21 | 000,185,344 | ---- | C] () -- C:\Windows\System32\MemWarp.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 002,339,104 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,628,944 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,108,160 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 19:11:17 | 000,153,680 | ---- | C] () -- C:\Windows\System32\drivers\pci.sys
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2009/10/03 13:30:19 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\AGI
[2010/09/17 08:36:15 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\AstoundStereoExpander
[2011/01/13 11:20:07 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\Audacity
[2010/04/14 19:53:04 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\AVG9
[2010/09/29 22:51:42 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\BitTorrent
[2010/06/22 12:14:41 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\Christofer Persson
[2011/05/06 17:54:00 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\COWON
[2011/05/06 17:57:58 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\Dropbox
[2010/09/08 09:53:21 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\GetRightToGo
[2011/03/19 14:43:37 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\ImgBurn
[2010/08/17 12:36:44 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\Mask Pro 4.0
[2010/10/15 08:49:20 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\Moyea
[2010/09/29 22:08:03 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\NeatImage PS
[2010/09/29 21:58:03 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\NeatImage SL
[2011/05/06 08:58:28 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\onOne Software
[2010/07/17 09:26:58 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\Rogers Online Protection
[2011/01/11 15:00:09 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\salesforce.com
[2011/02/16 15:57:25 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\SMART Technologies
[2009/10/03 13:30:31 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\Temp
[2010/09/30 12:57:00 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\webex
[2009/10/03 13:30:46 | 000,000,000 | ---D | M] -- C:\Users\Shahid\AppData\Roaming\Webshots
[2009/10/03 13:30:15 | 000,000,000 | ---D | M] -- C:\ProgramData\agi
[2010/10/18 21:22:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Alwil Software
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2009/12/15 13:58:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Applications
[2011/05/06 17:38:57 | 000,000,000 | ---D | M] -- C:\ProgramData\AVAST Software
[2010/05/28 09:52:26 | 000,000,000 | ---D | M] -- C:\ProgramData\avg9
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/01/12 16:42:44 | 000,000,000 | ---D | M] -- C:\ProgramData\onOne Software
[2011/01/28 08:03:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Radialpoint
[2010/07/17 09:26:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Rogers Online Protection
[2010/08/10 07:25:45 | 000,000,000 | ---D | M] -- C:\ProgramData\SpeedBit
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/09/17 08:36:15 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/09/30 13:56:19 | 000,000,000 | ---D | M] -- C:\ProgramData\WebEx
[2010/10/14 15:15:46 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/15 15:41:41 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/04/09 08:00:12 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: PCI.MDM >
[2006/10/20 11:05:26 | 000,014,691 | ---- | M] () MD5=05D4763DD72A90FEB1A4179049057AC4 -- C:\dell\drivers\R137550\Pci.mdm

< MD5 for: PCI.SY_ >
[2004/08/03 23:07:48 | 000,037,184 | ---- | M] () MD5=0B305D746EB9DBD9DA13707187041B55 -- C:\Windows.old\Windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\i386\pci.sy_

< MD5 for: PCI.SYS >
[2001/08/17 13:58:06 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=1F96EECDF5D1E3385AC44C6A457B381F -- C:\Windows.old\Windows\$NtServicePackUninstall$\pci.sys
[2001/08/23 08:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=1F96EECDF5D1E3385AC44C6A457B381F -- C:\Windows.old\Windows\system32\ReinstallBackups\0001\DriverFiles\i386\pci.sys
[2001/08/17 13:58:06 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=1F96EECDF5D1E3385AC44C6A457B381F -- C:\Windows.old\Windows\system32\ReinstallBackups\0002\DriverFiles\i386\pci.sys
[2001/08/17 13:58:06 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=1F96EECDF5D1E3385AC44C6A457B381F -- C:\Windows.old\Windows\system32\ReinstallBackups\0004\DriverFiles\i386\pci.sys
[2001/08/17 13:58:06 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=1F96EECDF5D1E3385AC44C6A457B381F -- C:\Windows.old\Windows\system32\ReinstallBackups\0005\DriverFiles\i386\pci.sys
[2011/05/06 17:07:23 | 000,153,680 | ---- | M] () MD5=49206B406B4F4A86A456BE49E1991A70 -- C:\Windows\System32\drivers\pci.sys
[2004/08/03 23:07:48 | 000,068,224 | ---- | M] (Microsoft Corporation) MD5=8086D9979234B603AD5BC2F5D890B234 -- C:\Windows.old\Windows\ServicePackFiles\i386\pci.sys
[2004/08/03 23:07:48 | 000,068,224 | ---- | M] (Microsoft Corporation) MD5=8086D9979234B603AD5BC2F5D890B234 -- C:\Windows.old\Windows\system32\drivers\pci.sys
[2009/07/13 21:20:45 | 000,153,680 | ---- | M] (Microsoft Corporation) MD5=C858CB77C577780ECC456A892E7E7D0F -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\pci.sys
[2009/07/13 21:20:45 | 000,153,680 | ---- | M] (Microsoft Corporation) MD5=C858CB77C577780ECC456A892E7E7D0F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\pci.sys

< MD5 for: PCI.SYS.MUI >
[2009/07/13 22:04:34 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=B66B5FC76F0959DFD47303E3B7AC0AFE -- C:\Windows\System32\drivers\en-US\pci.sys.mui
[2009/07/13 22:04:34 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=B66B5FC76F0959DFD47303E3B7AC0AFE -- C:\Windows\winsxs\x86_machine.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_44e367984f593be7\pci.sys.mui

========== Alternate Data Streams ==========

@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 1068 bytes -> C:\ProgramData\TEMP:CFAFAA98
< End of report >

#45
Essexboy

Posted 08 May 2011 - 11:02 AM

GeekU Moderator

Retired Staff
69,964 posts

Looks like that may be the culprit

Download the attached fix.txt
[attachment=49887:fix.txt]

Start OTLPE
Drag and drop fix.txt into the Custom scans and fixes box
If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done to normal mode if possible
Then post a new OTL log