Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

desperately help needed for yet another ALUREON.H virus

Started by Ali Butt , Dec 25 2011 05:58 AM

  • Please log in to reply

#1
Ali Butt
Posted 25 December 2011 - 05:58 AM

Ali Butt

    Member

  • Member
  • PipPip
  • 24 posts
desperately help needed for yet another ALUREON.H virus
hijackthis log file:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:43:22 PM, on 12/25/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\IProsetMonitor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
E:\Program Files\USB Disk Security\USBGuard.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
E:\Program Files\folder guard\Folder Guard\FGKey.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
E:\Program Files\IM Magician\vmonproc.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
E:\idm\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Webshots\315~1.761\webshots.scr
E:\Program Files\IM Magician\Vicamon.exe
E:\idm\Internet Download Manager\IEMonitor.exe
E:\Program Files\folder guard\Folder Guard\FGuard.exe
C:\WINDOWS\explorer.exe
E:\Program Files\BitTorrent\BitTorrent.exe
e:\Program Files\Mozilla Firefox\firefox.exe
e:\Program Files\Mozilla Firefox\plugin-container.exe
d:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Documents and Settings\ALI BUTT\My Documents\Downloads\Programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\idm\Internet Download Manager\IDMIECC.dll
O2 - BHO: agihelper.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll
O2 - BHO: Webroot Browser Helper Object - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [USB Security] e:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [FG_Monitor] E:\Program Files\folder guard\Folder Guard\FGKey.exe /Start
O4 - HKLM\..\Run: [IMMON] "e:\Program Files\IM Magician\Vicamon.exe"
O4 - HKLM\..\Run: [IMMONSUPPORT] "e:\Program Files\IM Magician\vmonproc.exe" /cls=IMMAGICIAN_CAMERA_MONITOR_I /exe=Vicamon.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "E:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [IDMan] E:\idm\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "d:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\3.1.5.7619\Launcher.exe
O8 - Extra context menu item: Download all links with IDM - E:\idm\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - E:\idm\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Intel® PROSet Monitoring Service - Intel Corporation - C:\WINDOWS\system32\IProsetMonitor.exe
O23 - Service: MBAMService - Malwarebytes Corporation - d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MySQL - Unknown owner - e:\Program Files\PDAS_MySQL\mysql\bin\mysqld.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
O23 - Service: Airytec Switch Off - Task Scheduler (SwOffScheduler) - Unknown owner - e:\Program Files\Airytec\Switch Off\swoff.exe (file missing)
O23 - Service: Airytec Switch Off - Web Interface (SwOffWeb) - Unknown owner - e:\Program Files\Airytec\Switch Off\swoff.exe (file missing)
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
O23 - Service: Windows Presentation Foundation Font Cache 4.0.0.0 (WPFFontCache_v0400) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (file missing)

--
End of file - 7699 bytes
  • 0

Advertisements

#2
RKinner
Posted 25 December 2011 - 11:53 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL
select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#3
Ali Butt
Posted 25 December 2011 - 01:36 PM

Ali Butt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
combo fix log file:
ComboFix 11-12-24.10 - ALI BUTT 12/25/2011 23:32:01.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.256 [GMT 5:00]
Running from: c:\documents and settings\ALI BUTT\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: BitDefender Antivirus *Disabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: BitDefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Internet Explorer\SET101.tmp
c:\program files\Internet Explorer\SET102.tmp
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bafc0d9009b345.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\is-7FRUC.tmp
c:\windows\system32\lsprst7.dll
c:\windows\system32\SET109.tmp
c:\windows\system32\SET10A.tmp
c:\windows\system32\SET10B.tmp
c:\windows\system32\SET10C.tmp
c:\windows\system32\SET10D.tmp
c:\windows\system32\SET10E.tmp
c:\windows\system32\SET10F.tmp
c:\windows\system32\SET110.tmp
c:\windows\system32\SET111.tmp
c:\windows\system32\SET112.tmp
c:\windows\system32\SET113.tmp
c:\windows\system32\SET114.tmp
c:\windows\system32\SET115.tmp
c:\windows\system32\SET116.tmp
c:\windows\system32\SET117.tmp
c:\windows\system32\SET119.tmp
c:\windows\system32\SET11A.tmp
c:\windows\system32\SET11B.tmp
c:\windows\system32\SET11C.tmp
c:\windows\system32\SET11D.tmp
c:\windows\system32\SET11E.tmp
c:\windows\system32\SET11F.tmp
c:\windows\system32\SET120.tmp
c:\windows\system32\SET121.tmp
c:\windows\system32\SET122.tmp
c:\windows\system32\SET123.tmp
c:\windows\system32\SET124.tmp
c:\windows\system32\SET125.tmp
c:\windows\system32\SET126.tmp
c:\windows\system32\SET127.tmp
c:\windows\system32\SET128.tmp
c:\windows\system32\SET129.tmp
c:\windows\system32\SET12A.tmp
c:\windows\system32\SET12B.tmp
c:\windows\system32\SET12C.tmp
c:\windows\system32\SET12D.tmp
c:\windows\system32\SET12E.tmp
c:\windows\system32\SET12F.tmp
c:\windows\system32\SET130.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-11-25 to 2011-12-25 )))))))))))))))))))))))))))))))
.
.
2011-12-25 17:36 . 2011-12-25 17:36 -------- d-----w- c:\windows\LastGood
2011-12-25 17:31 . 2011-12-25 17:31 -------- d-----w- c:\documents and settings\ALI BUTT\Application Data\Nullsoft
2011-12-25 17:25 . 2011-12-25 17:25 -------- d-----w- c:\program files\Common Files\Java
2011-12-25 17:25 . 2011-12-25 17:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-25 17:24 . 2011-12-25 17:24 -------- d-----w- c:\program files\Java
2011-12-25 16:15 . 2011-12-25 16:15 -------- d-----w- c:\documents and settings\HOME\Application Data\PlayFirst
2011-12-25 16:15 . 2011-12-25 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2011-12-25 15:44 . 2011-12-25 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\GoBit Games
2011-12-25 15:44 . 2011-12-25 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-12-25 15:42 . 2011-12-25 15:42 -------- d-----w- c:\documents and settings\HOME\Local Settings\Application Data\Adobe
2011-12-25 15:41 . 2011-12-25 15:41 -------- d-----w- c:\documents and settings\HOME\Application Data\Zbshareware Lab
2011-12-25 15:41 . 2011-12-25 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Zbshareware Lab
2011-12-25 10:53 . 2011-12-25 10:53 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-25 10:52 . 2011-12-25 10:52 -------- d-----w- c:\documents and settings\ALI BUTT\Application Data\Malwarebytes
2011-12-25 10:51 . 2011-12-25 10:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-25 10:38 . 2011-12-25 10:38 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-12-25 10:38 . 2011-12-25 10:38 -------- d-----w- c:\documents and settings\ALI BUTT\Local Settings\Application Data\Adobe
2011-12-25 10:34 . 2011-12-25 10:34 -------- d-----w- c:\windows\system32\Adobe
2011-12-25 10:32 . 2011-12-25 10:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-25 09:09 . 2011-12-25 09:25 -------- d-----w- c:\windows\RegAce
2011-12-22 18:32 . 2011-12-22 18:32 -------- d-----w- c:\documents and settings\ALI BUTT\Application Data\Yahoo!
2011-12-22 18:31 . 2011-12-22 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2011-12-21 15:30 . 2010-09-28 06:59 450560 ----a-w- c:\windows\system32\newlistview2.dll
2011-12-21 15:30 . 2010-09-28 06:56 77824 ----a-w- c:\windows\system32\vgf.dll
2011-12-21 15:30 . 2011-12-21 15:31 -------- d-----w- c:\program files\Common Files\Vimisoft Studio
2011-12-21 14:52 . 1999-07-26 05:47 109840 ----a-w- c:\windows\VidCap32.exe
2011-12-21 14:52 . 1998-09-02 03:24 35600 ----a-w- c:\windows\AMCAP.EXE
2011-12-21 14:51 . 2001-06-24 12:32 172032 ----a-w- c:\windows\JAPI2.DLL
2011-12-21 14:51 . 2004-12-03 07:19 102400 ----a-w- c:\windows\MMVEM.EXE
2011-12-21 14:51 . 2002-05-28 04:52 106496 ----a-w- c:\windows\JAPI.DLL
2011-12-21 14:51 . 1999-10-24 05:25 20992 ----a-w- c:\windows\MMVCB.AX
2011-12-21 14:48 . 2011-12-22 13:34 -------- d-----w- c:\documents and settings\ALI BUTT\Application Data\Vimisoft Studio
2011-12-21 14:48 . 2001-05-16 12:54 309616 ----a-w- c:\windows\system32\wmv8dmod.dll
2011-12-21 14:48 . 2001-03-25 23:41 245760 ----a-w- c:\windows\system32\mp4sds32.ax
2011-12-21 14:48 . 2001-05-11 08:18 420240 ----a-w- c:\windows\system32\mpg4c32.dll
2011-12-21 14:47 . 2011-12-21 14:47 -------- d-----w- c:\program files\Vimicro Corporation
2011-12-21 14:41 . 2004-08-03 17:58 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2011-12-21 14:41 . 2004-08-03 17:58 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2011-12-21 14:41 . 2004-08-03 18:10 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2011-12-21 14:41 . 2004-08-03 18:10 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2011-12-21 14:41 . 2004-08-03 19:56 16384 ----a-w- c:\windows\system32\ipsink.ax
2011-12-21 14:41 . 2004-08-03 18:10 15360 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2011-12-21 14:41 . 2004-08-03 18:10 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2011-12-21 14:41 . 2004-08-03 18:10 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2011-12-21 14:41 . 2004-08-03 18:10 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2011-12-20 07:24 . 2011-12-21 09:25 -------- d-----w- c:\documents and settings\HOME\Application Data\Hidden Objects XIII
2011-12-19 10:37 . 2011-12-19 10:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2011-12-14 17:13 . 2011-12-14 17:13 -------- d-----w- c:\documents and settings\ALI BUTT\Local Settings\Application Data\Help
2011-12-12 19:23 . 2011-12-12 19:23 -------- d-----w- c:\windows\Drivers
2011-12-12 18:44 . 2011-12-12 18:45 -------- d-----w- c:\documents and settings\Administrator
2011-12-12 18:23 . 2011-09-21 05:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2011-12-12 18:01 . 2001-08-17 08:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2011-12-12 18:01 . 2001-08-17 08:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-12-12 18:00 . 2001-08-17 09:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2011-12-12 18:00 . 2001-08-17 09:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-12-12 17:55 . 2011-12-12 17:55 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-04 17:29 . 2011-12-04 17:29 -------- d-----w- C:\$AVG
2011-12-04 12:13 . 2011-12-04 12:13 -------- d-----w- c:\windows\Puzzle Agent 2
2011-11-29 08:25 . 2011-11-29 08:25 -------- d-----w- c:\documents and settings\HOME\Application Data\AVG2012
2011-11-28 20:14 . 2011-11-28 20:14 -------- d-----w- c:\documents and settings\ALI BUTT\Application Data\AVG
2011-11-28 19:43 . 2011-11-28 19:43 -------- d-----w- c:\documents and settings\ALI BUTT\Application Data\AVG Secure Search
2011-11-28 19:43 . 2011-11-28 19:43 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-11-28 19:43 . 2011-12-19 10:37 -------- d-----w- c:\program files\AVG Secure Search
2011-11-28 19:42 . 2011-12-24 14:23 -------- d-----w- c:\windows\system32\drivers\AVG
2011-11-28 19:42 . 2011-12-21 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-11-28 19:40 . 2011-11-28 19:40 -------- d-----w- c:\program files\AVG
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-25 17:24 . 2011-06-05 07:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-07 01:23 . 2011-10-07 01:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 01:21 . 2011-10-04 01:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
.
[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys
.
[-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2004-08-03 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys
.
[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys
[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys
.
[-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ntfs.sys
.
[-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\browser.dll
.
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lsass.exe
.
[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\system32\netman.dll
[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netman.dll
.
[-] 2004-08-04 00:56 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\system32\comres.dll
[-] 2004-08-04 00:56 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\system32\dllcache\comres.dll
.
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\dllcache\qmgr.dll
.
[-] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\system32\rpcss.dll
[-] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\rpcss.dll
.
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\system32\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\services.exe
.
[-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\system32\spoolsv.exe
[-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\spoolsv.exe
.
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe
.
[-] 2004-08-03 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2004-08-03 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2001-08-23 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\cryptsvc.dll
.
[-] 2004-08-04 00:56 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\system32\es.dll
[-] 2004-08-04 00:56 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\system32\dllcache\es.dll
.
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\imm32.dll
.
[-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\system32\kernel32.dll
[-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\kernel32.dll
.
[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\linkinfo.dll
[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\linkinfo.dll
.
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lpk.dll
.
[-] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[-] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\system32\mshtml.dll
[-] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\mshtml.dll
.
[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2001-08-23 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
.
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\system32\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\mswsock.dll
.
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netlogon.dll
.
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\powrprof.dll
.
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\scecli.dll
.
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfc.dll
.
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\svchost.exe
.
[-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\system32\tapisrv.dll
[-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tapisrv.dll
.
[-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\system32\user32.dll
[-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\user32.dll
.
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\userinit.exe
.
[-] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[-] 2004-08-04 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll
[-] 2004-08-04 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\wininet.dll
.
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2_32.dll
.
[-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\ws2help.dll
[-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2help.dll
.
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\regedit.exe
[-] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regedit.exe
.
[-] 2004-08-04 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\system32\ole32.dll
[-] 2004-08-04 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ole32.dll
.
[-] 2004-08-04 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\system32\usp10.dll
[-] 2004-08-04 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\system32\dllcache\usp10.dll
.
[-] 2004-08-03 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ksuser.dll
[-] 2004-08-03 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\dllcache\ksuser.dll
.
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe
.
[-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\system32\shsvcs.dll
[-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\shsvcs.dll
.
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wscntfy.exe
.
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\xmlprov.dll
.
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\eventlog.dll
.
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfcfiles.dll
.
[-] 2004-08-03 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2004-08-03 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regsvc.dll
.
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\schedsvc.dll
.
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ssdpsrv.dll
.
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\termsrv.dll
.
[-] 2004-08-04 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-04 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\hnetcfg.dll
.
[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\appmgmts.dll
.
[-] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\system32\dllcache\aec.sys
[-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\system32\drivers\aec.sys
.
[-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\AGP440.SYS
[-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\agp440.sys
[-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\drivers\AGP440.SYS
.
[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys
.
[-] 2001-08-23 14:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll
[-] 2001-08-23 14:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\dllcache\mfc40u.dll
.
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll
.
[-] 2004-08-04 00:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll
[-] 2004-08-04 00:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
[-] 2004-08-04 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\windows\system32\ntkrnlpa.exe
.
[-] 2004-08-04 00:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 00:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\dllcache\ntmssvc.dll
.
[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\system32\upnphost.dll
[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\upnphost.dll
.
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dsound.dll
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dllcache\dsound.dll
.
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\d3d9.dll
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\d3d9.dll
.
[-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\ddraw.dll
[-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\ddraw.dll
.
[-] 2004-08-04 00:56 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\olepro32.dll
[-] 2004-08-04 00:56 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\olepro32.dll
.
[-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\perfctrs.dll
.
[-] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\system32\version.dll
[-] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\version.dll
.
[-] 2004-08-04 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\iexplore.exe
.
[-] 2004-08-03 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\system32\ntoskrnl.exe
.
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2004-08-04 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\system32\w32time.dll
[-] 2004-08-04 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\w32time.dll
.
[-] 2004-08-04 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\system32\wiaservc.dll
[-] 2004-08-04 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wiaservc.dll
.
[-] 2004-08-04 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\system32\midimap.dll
[-] 2004-08-04 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\midimap.dll
.
[-] 2004-08-04 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\system32\rasadhlp.dll
[-] 2004-08-04 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\rasadhlp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2010-03-18 05:09 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-12-19 10:37 1574240 ----a-w- c:\program files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll" [2011-12-19 1574240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 21864 ----a-w- e:\idm\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Audio Sandbox"="e:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2007-05-17 481280]
"IDMan"="e:\idm\Internet Download Manager\IDMan.exe" [2011-10-25 3437976]
"Messenger (Yahoo!)"="d:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-11-23 6497592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"USB Security"="e:\program files\USB Disk Security\USBGuard.exe" [2011-05-29 623520]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-02 2415456]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-12-19 892768]
"FG_Monitor"="e:\program files\folder guard\Folder Guard\FGKey.exe" [2008-01-04 118600]
"IMMON"="e:\program files\IM Magician\Vicamon.exe" [2010-09-28 143360]
"IMMONSUPPORT"="e:\program files\IM Magician\vmonproc.exe" [2010-09-28 233472]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\HOME\Start Menu\Programs\Startup\
Webshots Daily Features.lnk - c:\program files\Webshots Daily Features\Webshots Daily Features.exe [2011-8-5 142848]
.
c:\documents and settings\ALI BUTT\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\3.1.5.7619\Launcher.exe [2011-8-5 157088]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- e:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 09:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\software\\TeamViewer.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21563:TCP"= 21563:TCP:BitComet 21563 TCP
"21563:UDP"= 21563:UDP:BitComet 21563 UDP
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/2/2011 2:12 PM 691696]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [10/25/2011 1:22 PM 101616]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
R2 FGUARD32;FGUARD32;e:\program files\folder guard\Folder Guard\FGUARD32.SYS [10/30/2011 1:27 AM 54008]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [6/1/2011 12:17 PM 112800]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [12/19/2011 3:37 PM 869216]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]
R4 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
R4 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/25/2011 3:51 PM 366152]
S2 AGCoreService;AG Core Services;c:\program files\AGI\core\4.2.0.10754\AGCoreService.exe [8/5/2011 1:15 AM 20480]
S2 SwOffScheduler;Airytec Switch Off - Task Scheduler;e:\program files\Airytec\Switch Off\swoff.exe -service --> e:\program files\Airytec\Switch Off\swoff.exe -service [?]
S2 SwOffWeb;Airytec Switch Off - Web Interface;e:\program files\Airytec\Switch Off\swoff.exe -service --> e:\program files\Airytec\Switch Off\swoff.exe -service [?]
S3 cpudrv;cpudrv;\??\c:\program files\SystemRequirementsLab\cpudrv.sys --> c:\program files\SystemRequirementsLab\cpudrv.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - CLR_OPTIMIZATION_V4.0.30319_32
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-25 c:\windows\Tasks\Windows Codec Update Service.job
- e:\program files\Essentials Codec Pack\WECPUpdate.exe [2011-07-14 08:31]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
IE: Download all links with IDM - e:\idm\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - e:\idm\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\ALI BUTT\Application Data\Mozilla\Firefox\Profiles\cvwv2kj8.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-SpeedBitVideoAccelerator - e:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-25 23:43
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):20,a8,9d,9a,5f,da,8c,e4,a8,3b,30,26,b5,f9,2b,0d,b6,21,56,a1,ee,
00,53,9c,e5,ab,a7,52,be,40,52,51,01,dc,1d,45,fe,16,1a,c6,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{dc454fb3-43a4-4d4c-8b33-646f80f604ef}]
@Denied: (Full) (Everyone)
"Model"=dword:00000117
"Therad"=dword:0000001b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
Completion time: 2011-12-25 23:48:07
ComboFix-quarantined-files.txt 2011-12-25 18:48
.
Pre-Run: 12,576,800,768 bytes free
Post-Run: 12,714,729,472 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - B04CAC82519A0B8ED7E5543754B06D97
  • 0

#4
Ali Butt
Posted 25 December 2011 - 01:37 PM

Ali Butt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
tdsskileer log file:
23:53:53.0453 2124 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
23:53:54.0312 2124 ============================================================
23:53:54.0312 2124 Current date / time: 2011/12/25 23:53:54.0312
23:53:54.0312 2124 SystemInfo:
23:53:54.0312 2124
23:53:54.0312 2124 OS Version: 5.1.2600 ServicePack: 2.0
23:53:54.0312 2124 Product type: Workstation
23:53:54.0312 2124 ComputerName: HOME-1157E821BE
23:53:54.0312 2124 UserName: ALI BUTT
23:53:54.0312 2124 Windows directory: C:\WINDOWS
23:53:54.0312 2124 System windows directory: C:\WINDOWS
23:53:54.0312 2124 Processor architecture: Intel x86
23:53:54.0312 2124 Number of processors: 1
23:53:54.0312 2124 Page size: 0x1000
23:53:54.0312 2124 Boot type: Normal boot
23:53:54.0312 2124 ============================================================
23:53:55.0796 2124 Initialize success
23:54:25.0687 1868 ============================================================
23:54:25.0687 1868 Scan started
23:54:25.0687 1868 Mode: Manual;
23:54:25.0687 1868 ============================================================
23:54:26.0734 1868 Abiosdsk - ok
23:54:26.0765 1868 abp480n5 - ok
23:54:26.0843 1868 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:54:26.0859 1868 ACPI - ok
23:54:26.0937 1868 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:54:26.0937 1868 ACPIEC - ok
23:54:26.0984 1868 adpu160m - ok
23:54:27.0062 1868 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
23:54:27.0062 1868 aeaudio - ok
23:54:27.0140 1868 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
23:54:27.0140 1868 aec - ok
23:54:27.0218 1868 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
23:54:27.0218 1868 AFD - ok
23:54:27.0296 1868 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
23:54:27.0296 1868 agp440 - ok
23:54:27.0343 1868 Aha154x - ok
23:54:27.0390 1868 aic78u2 - ok
23:54:27.0421 1868 aic78xx - ok
23:54:27.0484 1868 AliIde - ok
23:54:27.0531 1868 amsint - ok
23:54:27.0578 1868 asc - ok
23:54:27.0625 1868 asc3350p - ok
23:54:27.0656 1868 asc3550 - ok
23:54:27.0765 1868 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:54:27.0765 1868 AsyncMac - ok
23:54:27.0843 1868 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:54:27.0843 1868 atapi - ok
23:54:27.0890 1868 Atdisk - ok
23:54:27.0968 1868 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\WINDOWS\system32\DRIVERS\atksgt.sys
23:54:28.0000 1868 atksgt - ok
23:54:28.0078 1868 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:54:28.0078 1868 Atmarpc - ok
23:54:28.0171 1868 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:54:28.0171 1868 audstub - ok
23:54:28.0265 1868 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
23:54:28.0265 1868 AVGIDSDriver - ok
23:54:28.0390 1868 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
23:54:28.0390 1868 AVGIDSEH - ok
23:54:28.0468 1868 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
23:54:28.0468 1868 AVGIDSFilter - ok
23:54:28.0546 1868 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
23:54:28.0546 1868 AVGIDSShim - ok
23:54:28.0640 1868 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
23:54:28.0640 1868 Avgldx86 - ok
23:54:28.0718 1868 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
23:54:28.0734 1868 Avgmfx86 - ok
23:54:28.0812 1868 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
23:54:28.0812 1868 Avgrkx86 - ok
23:54:28.0906 1868 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
23:54:28.0921 1868 Avgtdix - ok
23:54:29.0015 1868 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:54:29.0015 1868 Beep - ok
23:54:29.0093 1868 catchme - ok
23:54:29.0187 1868 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:54:29.0187 1868 cbidf2k - ok
23:54:29.0265 1868 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:54:29.0265 1868 CCDECODE - ok
23:54:29.0312 1868 cd20xrnt - ok
23:54:29.0390 1868 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:54:29.0390 1868 Cdaudio - ok
23:54:29.0468 1868 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
23:54:29.0468 1868 Cdfs - ok
23:54:29.0546 1868 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:54:29.0546 1868 Cdrom - ok
23:54:29.0593 1868 Changer - ok
23:54:29.0656 1868 CmdIde - ok
23:54:29.0718 1868 Cpqarray - ok
23:54:29.0750 1868 cpudrv - ok
23:54:29.0796 1868 dac2w2k - ok
23:54:29.0843 1868 dac960nt - ok
23:54:29.0937 1868 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
23:54:29.0937 1868 Disk - ok
23:54:30.0062 1868 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
23:54:30.0109 1868 dmboot - ok
23:54:30.0203 1868 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
23:54:30.0203 1868 dmio - ok
23:54:30.0265 1868 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:54:30.0265 1868 dmload - ok
23:54:30.0359 1868 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
23:54:30.0359 1868 DMusic - ok
23:54:30.0390 1868 dpti2o - ok
23:54:30.0468 1868 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
23:54:30.0468 1868 drmkaud - ok
23:54:30.0546 1868 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
23:54:30.0562 1868 E100B - ok
23:54:30.0640 1868 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
23:54:30.0640 1868 EL90XBC - ok
23:54:30.0734 1868 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
23:54:30.0734 1868 Fastfat - ok
23:54:30.0796 1868 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:54:30.0796 1868 Fdc - ok
23:54:30.0937 1868 FGUARD32 (f87bd63452c24df2dd11d64a89ec25dd) E:\Program Files\folder guard\Folder Guard\FGUARD32.SYS
23:54:30.0937 1868 FGUARD32 - ok
23:54:31.0046 1868 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
23:54:31.0046 1868 Fips - ok
23:54:31.0109 1868 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:54:31.0109 1868 Flpydisk - ok
23:54:31.0171 1868 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:54:31.0187 1868 FltMgr - ok
23:54:31.0265 1868 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:54:31.0265 1868 Fs_Rec - ok
23:54:31.0359 1868 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:54:31.0359 1868 Ftdisk - ok
23:54:31.0421 1868 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:54:31.0421 1868 Gpc - ok
23:54:31.0515 1868 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:54:31.0515 1868 HidUsb - ok
23:54:31.0562 1868 hpn - ok
23:54:31.0656 1868 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
23:54:31.0671 1868 HTTP - ok
23:54:31.0750 1868 i2omgmt - ok
23:54:31.0796 1868 i2omp - ok
23:54:31.0859 1868 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:54:31.0875 1868 i8042prt - ok
23:54:31.0953 1868 IDMTDI (330a6a0baf4fd945bde14c7b1d88d9b9) C:\WINDOWS\system32\DRIVERS\idmtdi.sys
23:54:31.0968 1868 IDMTDI - ok
23:54:32.0031 1868 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:54:32.0046 1868 Imapi - ok
23:54:32.0109 1868 ini910u - ok
23:54:32.0187 1868 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:54:32.0187 1868 IntelIde - ok
23:54:32.0281 1868 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:54:32.0281 1868 intelppm - ok
23:54:32.0359 1868 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:54:32.0359 1868 Ip6Fw - ok
23:54:32.0437 1868 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:54:32.0437 1868 IpFilterDriver - ok
23:54:32.0531 1868 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:54:32.0531 1868 IpInIp - ok
23:54:32.0625 1868 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:54:32.0625 1868 IpNat - ok
23:54:32.0703 1868 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:54:32.0703 1868 IPSec - ok
23:54:32.0765 1868 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:54:32.0765 1868 IRENUM - ok
23:54:32.0859 1868 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:54:32.0859 1868 isapnp - ok
23:54:32.0953 1868 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:54:32.0953 1868 Kbdclass - ok
23:54:33.0046 1868 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
23:54:33.0046 1868 kmixer - ok
23:54:33.0140 1868 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
23:54:33.0156 1868 KSecDD - ok
23:54:33.0218 1868 lbrtfdc - ok
23:54:33.0312 1868 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
23:54:33.0312 1868 lirsgt - ok
23:54:33.0375 1868 MBAMProtector - ok
23:54:33.0468 1868 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:54:33.0468 1868 mnmdd - ok
23:54:33.0562 1868 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
23:54:33.0562 1868 Modem - ok
23:54:33.0656 1868 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:54:33.0656 1868 Mouclass - ok
23:54:33.0718 1868 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:54:33.0718 1868 mouhid - ok
23:54:33.0828 1868 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
23:54:33.0828 1868 MountMgr - ok
23:54:33.0875 1868 mraid35x - ok
23:54:33.0968 1868 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:54:33.0968 1868 MRxDAV - ok
23:54:34.0078 1868 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:54:34.0109 1868 MRxSmb - ok
23:54:34.0218 1868 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
23:54:34.0218 1868 Msfs - ok
23:54:34.0296 1868 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:54:34.0296 1868 MSKSSRV - ok
23:54:34.0390 1868 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:54:34.0390 1868 MSPCLOCK - ok
23:54:34.0468 1868 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
23:54:34.0468 1868 MSPQM - ok
23:54:34.0562 1868 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:54:34.0562 1868 mssmbios - ok
23:54:34.0640 1868 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
23:54:34.0640 1868 MSTEE - ok
23:54:34.0734 1868 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
23:54:34.0734 1868 Mup - ok
23:54:34.0828 1868 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:54:34.0843 1868 NABTSFEC - ok
23:54:34.0921 1868 NAL (4c8a40aaf288f8aa22eab655fc5ff46f) C:\WINDOWS\system32\Drivers\iqvw32.sys
23:54:34.0921 1868 NAL - ok
23:54:35.0015 1868 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
23:54:35.0031 1868 NDIS - ok
23:54:35.0093 1868 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:54:35.0109 1868 NdisIP - ok
23:54:35.0187 1868 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:54:35.0187 1868 NdisTapi - ok
23:54:35.0265 1868 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:54:35.0265 1868 Ndisuio - ok
23:54:35.0343 1868 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:54:35.0359 1868 NdisWan - ok
23:54:35.0437 1868 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
23:54:35.0437 1868 NDProxy - ok
23:54:35.0500 1868 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:54:35.0500 1868 NetBIOS - ok
23:54:35.0546 1868 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:54:35.0562 1868 NetBT - ok
23:54:35.0671 1868 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
23:54:35.0687 1868 Npfs - ok
23:54:35.0781 1868 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
23:54:35.0828 1868 Ntfs - ok
23:54:35.0937 1868 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:54:35.0953 1868 Null - ok
23:54:36.0437 1868 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:54:36.0921 1868 nv - ok
23:54:37.0031 1868 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:54:37.0046 1868 NwlnkFlt - ok
23:54:37.0125 1868 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:54:37.0125 1868 NwlnkFwd - ok
23:54:37.0234 1868 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
23:54:37.0234 1868 Parport - ok
23:54:37.0312 1868 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
23:54:37.0312 1868 PartMgr - ok
23:54:37.0359 1868 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:54:37.0359 1868 ParVdm - ok
23:54:37.0437 1868 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
23:54:37.0453 1868 PCI - ok
23:54:37.0500 1868 PCIDump - ok
23:54:37.0546 1868 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:54:37.0546 1868 PCIIde - ok
23:54:37.0625 1868 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:54:37.0640 1868 Pcmcia - ok
23:54:37.0671 1868 PDCOMP - ok
23:54:37.0718 1868 PDFRAME - ok
23:54:37.0781 1868 PDRELI - ok
23:54:37.0828 1868 PDRFRAME - ok
23:54:37.0890 1868 perc2 - ok
23:54:37.0953 1868 perc2hib - ok
23:54:38.0078 1868 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:54:38.0093 1868 PptpMiniport - ok
23:54:38.0218 1868 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
23:54:38.0218 1868 PSched - ok
23:54:38.0343 1868 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:54:38.0343 1868 Ptilink - ok
23:54:38.0390 1868 ql1080 - ok
23:54:38.0437 1868 Ql10wnt - ok
23:54:38.0484 1868 ql12160 - ok
23:54:38.0609 1868 ql1240 - ok
23:54:38.0671 1868 ql1280 - ok
23:54:38.0765 1868 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:54:38.0765 1868 RasAcd - ok
23:54:38.0859 1868 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:54:38.0859 1868 Rasl2tp - ok
23:54:38.0906 1868 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:54:38.0921 1868 RasPppoe - ok
23:54:39.0000 1868 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:54:39.0000 1868 Raspti - ok
23:54:39.0093 1868 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:54:39.0109 1868 Rdbss - ok
23:54:39.0187 1868 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:54:39.0187 1868 RDPCDD - ok
23:54:39.0265 1868 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:54:39.0265 1868 rdpdr - ok
23:54:39.0343 1868 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
23:54:39.0343 1868 RDPWD - ok
23:54:39.0437 1868 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:54:39.0437 1868 redbook - ok
23:54:39.0562 1868 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:54:39.0578 1868 Secdrv - ok
23:54:39.0656 1868 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:54:39.0656 1868 serenum - ok
23:54:39.0703 1868 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
23:54:39.0703 1868 Serial - ok
23:54:39.0812 1868 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:54:39.0812 1868 Sfloppy - ok
23:54:39.0875 1868 Simbad - ok
23:54:39.0953 1868 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:54:39.0953 1868 SLIP - ok
23:54:40.0078 1868 smwdm (5ac51dba9b3a75d6ca79583edbf23001) C:\WINDOWS\system32\drivers\smwdm.sys
23:54:40.0109 1868 smwdm - ok
23:54:40.0171 1868 Sparrow - ok
23:54:40.0234 1868 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
23:54:40.0234 1868 splitter - ok
23:54:40.0359 1868 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
23:54:40.0359 1868 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
23:54:40.0359 1868 sptd ( LockedFile.Multi.Generic ) - warning
23:54:40.0359 1868 sptd - detected LockedFile.Multi.Generic (1)
23:54:40.0421 1868 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
23:54:40.0437 1868 sr - ok
23:54:40.0546 1868 SRS_SSCFilter (a864d48cc592985df965df0180b7bf26) C:\WINDOWS\system32\drivers\srs_sscfilter.sys
23:54:40.0546 1868 SRS_SSCFilter - ok
23:54:40.0640 1868 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
23:54:40.0656 1868 Srv - ok
23:54:40.0765 1868 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:54:40.0765 1868 streamip - ok
23:54:40.0843 1868 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:54:40.0843 1868 swenum - ok
23:54:40.0921 1868 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
23:54:40.0921 1868 swmidi - ok
23:54:41.0015 1868 symc810 - ok
23:54:41.0046 1868 symc8xx - ok
23:54:41.0093 1868 sym_hi - ok
23:54:41.0140 1868 sym_u3 - ok
23:54:41.0203 1868 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
23:54:41.0218 1868 sysaudio - ok
23:54:41.0328 1868 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:54:41.0343 1868 Tcpip - ok
23:54:41.0406 1868 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:54:41.0406 1868 TDPIPE - ok
23:54:41.0484 1868 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
23:54:41.0484 1868 TDTCP - ok
23:54:41.0562 1868 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:54:41.0562 1868 TermDD - ok
23:54:41.0625 1868 TosIde - ok
23:54:41.0703 1868 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
23:54:41.0718 1868 Udfs - ok
23:54:41.0765 1868 ultra - ok
23:54:41.0843 1868 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
23:54:41.0859 1868 Update - ok
23:54:41.0953 1868 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
23:54:41.0953 1868 usbaudio - ok
23:54:42.0015 1868 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:54:42.0031 1868 usbccgp - ok
23:54:42.0109 1868 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:54:42.0109 1868 usbehci - ok
23:54:42.0218 1868 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:54:42.0218 1868 usbhub - ok
23:54:42.0328 1868 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:54:42.0328 1868 usbprint - ok
23:54:42.0406 1868 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:54:42.0406 1868 USBSTOR - ok
23:54:42.0484 1868 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:54:42.0484 1868 usbuhci - ok
23:54:42.0546 1868 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
23:54:42.0562 1868 usbvideo - ok
23:54:42.0640 1868 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
23:54:42.0640 1868 VgaSave - ok
23:54:42.0671 1868 ViaIde - ok
23:54:42.0765 1868 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
23:54:42.0765 1868 VolSnap - ok
23:54:42.0859 1868 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:54:42.0859 1868 Wanarp - ok
23:54:42.0906 1868 WDICA - ok
23:54:42.0984 1868 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
23:54:42.0984 1868 wdmaud - ok
23:54:43.0140 1868 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:54:43.0156 1868 WS2IFSL - ok
23:54:43.0234 1868 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:54:43.0234 1868 WSTCODEC - ok
23:54:43.0312 1868 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:54:43.0500 1868 \Device\Harddisk0\DR0 - ok
23:54:43.0515 1868 Boot (0x1200) (1e99ee1969c12124f31a1b64d66503e7) \Device\Harddisk0\DR0\Partition0
23:54:43.0515 1868 \Device\Harddisk0\DR0\Partition0 - ok
23:54:43.0546 1868 Boot (0x1200) (61f71bd3e76986444f61168080abdcb1) \Device\Harddisk0\DR0\Partition1
23:54:43.0546 1868 \Device\Harddisk0\DR0\Partition1 - ok
23:54:43.0578 1868 Boot (0x1200) (4ab77dba99e89905606bc4aadde07468) \Device\Harddisk0\DR0\Partition2
23:54:43.0578 1868 \Device\Harddisk0\DR0\Partition2 - ok
23:54:43.0593 1868 ============================================================
23:54:43.0593 1868 Scan finished
23:54:43.0593 1868 ============================================================
23:54:43.0609 2244 Detected object count: 1
23:54:43.0609 2244 Actual detected object count: 1
23:55:15.0984 2244 sptd ( LockedFile.Multi.Generic ) - skipped by user
23:55:15.0984 2244 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
23:56:50.0781 3656 Deinitialize success
  • 0

#5
Ali Butt
Posted 25 December 2011 - 01:38 PM

Ali Butt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
aswmbr log file:
aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-25 23:57:35
-----------------------------
23:57:35.078 OS Version: Windows 5.1.2600 Service Pack 2
23:57:35.078 Number of processors: 1 586 0x207
23:57:35.078 ComputerName: HOME-1157E821BE UserName: ALI BUTT
23:57:37.750 Initialize success
00:06:28.031 AVAST engine defs: 11122500
00:06:37.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
00:06:37.296 Disk 0 Vendor: ST340016A 3.75 Size: 38166MB BusType: 3
00:06:37.296 Device \Driver\atapi -> MajorFunction 82f711f8
00:06:39.328 Disk 0 MBR read successfully
00:06:39.328 Disk 0 MBR scan
00:06:40.968 Disk 0 Windows XP default MBR code
00:06:41.000 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 20002 MB offset 63
00:06:43.578 Disk 0 Partition - 00 0F Extended LBA 18151 MB offset 40965750
00:06:43.593 Disk 0 Partition 2 00 0B FAT32 MSDOS5.0 10001 MB offset 40965813
00:06:43.812 Disk 0 Partition - 00 05 Extended 8150 MB offset 61448625
00:06:43.828 Disk 0 Partition 3 00 0B FAT32 MSDOS5.0 8150 MB offset 61448688
00:06:43.875 Disk 0 scanning sectors +78140160
00:06:44.406 Disk 0 scanning C:\WINDOWS\system32\drivers
00:07:09.031 Service scanning
00:07:10.203 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
00:07:10.843 Modules scanning
00:07:20.093 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**
00:07:22.250 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
00:07:23.125 AVAST engine scan C:\WINDOWS
00:07:30.312 AVAST engine scan C:\WINDOWS\system32
00:10:25.796 AVAST engine scan C:\WINDOWS\system32\drivers
00:10:40.156 AVAST engine scan C:\Documents and Settings\ALI BUTT
00:12:24.421 AVAST engine scan C:\Documents and Settings\All Users
00:12:41.718 Scan finished successfully
00:13:06.406 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
00:13:06.406 The log file has been saved successfully to "C:\aswMBR.txt"
  • 0

#6
Ali Butt
Posted 25 December 2011 - 01:41 PM

Ali Butt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
do i have to attach the log files or not?
note: no fix button was not enabled in aswmbr sacn.
  • 0

#7
Ali Butt
Posted 25 December 2011 - 01:43 PM

Ali Butt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
please can you tell me that if is it necessary to have all .netframework install on machine at the same time or only the latest one is needed? i have installed .netframework 1, 2, 3.5 and 4 on my machine. is it ok to uninstall the others and keep the latest one only.
thanks,
  • 0

#8
Ali Butt
Posted 25 December 2011 - 01:49 PM

Ali Butt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122503

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/26/2011 12:44:54 AM
mbam-log-2011-12-26 (00-44-54).txt

Scan type: Quick scan
Objects scanned: 199989
Time elapsed: 12 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#9
RKinner
Posted 25 December 2011 - 01:55 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I think you need to keep all of the .net programs but I'm no expert on them.

I would like to see the aswmbr log. I don't yet need the mbr.dat file that it also creates but hang on to it.


Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

Driver::
IDMTDI
sptd



******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Copy the text in the code box:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg 
%systemroot%\*.jpg 
%systemroot%\*.png 
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav 
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x 
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
DMIcall.sys
beep.sys
Netshell.dll
netcfgx.dll
Netman.dll
connect.dll
mswsock.dll
mmswsock.dll 
dxgthk.sys
ntdll.dll
atapi.sys 
/md5stop

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#10
Ali Butt
Posted 25 December 2011 - 02:06 PM

Ali Butt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
OTL logfile created on: 12/26/2011 12:48:08 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\ALI BUTT\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.98 Mb Total Physical Memory | 129.29 Mb Available Physical Memory | 25.30% Memory free
979.98 Mb Paging File | 430.23 Mb Available in Paging File | 43.90% Paging File free
Paging file location(s): C:\pagefile.sys 500 700 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 11.82 Gb Free Space | 60.53% Space Free | Partition Type: NTFS
Drive D: | 9.76 Gb Total Space | 3.28 Gb Free Space | 33.59% Space Free | Partition Type: FAT32
Drive E: | 7.94 Gb Total Space | 1.52 Gb Free Space | 19.15% Space Free | Partition Type: FAT32

Computer Name: HOME-1157E821BE | User Name: ALI BUTT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/26 00:18:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ALI BUTT\Desktop\OTL.exe
PRC - [2011/12/21 12:24:52 | 000,924,632 | ---- | M] (Mozilla Corporation) -- E:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/19 15:37:13 | 000,869,216 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2011/12/19 15:37:06 | 000,892,768 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/25 11:48:40 | 003,437,976 | ---- | M] (Tonec Inc.) -- E:\idm\Internet Download Manager\IDMan.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/05/29 23:23:40 | 000,623,520 | ---- | M] (Zbshareware Lab) -- E:\Program Files\USB Disk Security\USBGuard.exe
PRC - [2011/04/12 02:44:44 | 000,112,800 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\IPROSetMonitor.exe
PRC - [2010/09/28 17:49:22 | 000,143,360 | ---- | M] (Vimisoft Studio) -- E:\Program Files\IM Magician\vicamon.exe
PRC - [2010/09/28 17:46:38 | 000,233,472 | ---- | M] (Vimisoft Studio) -- E:\Program Files\IM Magician\vmonproc.exe
PRC - [2010/07/27 00:01:58 | 003,474,848 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\3.1.5.7619\Webshots.scr
PRC - [2010/05/25 19:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- E:\idm\Internet Download Manager\IEMonitor.exe
PRC - [2008/01/05 00:00:00 | 000,847,688 | ---- | M] (WinAbility® Software Corporation) -- E:\Program Files\folder guard\Folder Guard\FGuard.exe
PRC - [2008/01/05 00:00:00 | 000,118,600 | ---- | M] (WinAbility® Software Corporation) -- E:\Program Files\folder guard\Folder Guard\FGKey.exe
PRC - [2007/05/17 16:02:32 | 000,481,280 | ---- | M] (SRS Labs, Inc.) -- E:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
PRC - [2004/08/04 05:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/21 12:24:52 | 002,124,760 | ---- | M] () -- E:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/12/19 15:37:13 | 000,869,216 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
MOD - [2011/12/19 15:37:06 | 000,892,768 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2008/05/16 14:01:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2004/08/04 05:56:44 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/08/04 05:56:44 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SwOffWeb)
SRV - File not found [Auto | Stopped] -- -- (SwOffScheduler)
SRV - File not found [Auto | Stopped] -- -- (MySQL)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/12/19 15:37:13 | 000,869,216 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/10/30 00:55:32 | 000,072,704 | ---- | M] (SRS Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe -- (SRS Labs License Service)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/12 02:44:44 | 000,112,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service) Intel®
SRV - [2010/06/29 08:04:18 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Stopped] -- C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe -- (AGCoreService)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/21 08:09:28 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/09/21 08:09:24 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/06 20:14:42 | 000,101,616 | ---- | M] (Tonec Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2011/06/02 14:12:42 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/12/08 06:34:30 | 000,030,368 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2008/01/05 00:00:00 | 000,054,008 | ---- | M] (WinAbility® Software Corporation) [Kernel | Auto | Running] -- E:\Program Files\folder guard\Folder Guard\FGUARD32.SYS -- (FGUARD32)
DRV - [2006/10/09 10:18:10 | 000,034,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SRS_SSCFilter.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
DRV - [2001/08/17 17:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 27 0B AC 87 C2 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: D:\installd\real\Real Alternative\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: D:\installd\real\Real Alternative\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: e:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\ALI BUTT\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\ALI BUTT\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\ALI BUTT\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\SearchPredict\PRFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/23 11:41:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: e:\Program Files\Mozilla Firefox\components [2011/12/25 15:25:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: e:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\ALI BUTT\Application Data\IDM\idmmzcc5 [2011/10/30 15:56:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\ALI BUTT\Application Data\IDM\idmmzcc5 [2011/10/30 15:56:06 | 000,000,000 | ---D | M]

[2011/12/25 15:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ALI BUTT\Application Data\Mozilla\Extensions
[2011/12/25 22:24:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/12/25 23:43:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\idm\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll ()
O2 - BHO: (no name) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [FG_Monitor] E:\Program Files\folder guard\Folder Guard\FGKey.exe (WinAbility® Software Corporation)
O4 - HKLM..\Run: [IMMON] e:\Program Files\IM Magician\Vicamon.exe (Vimisoft Studio)
O4 - HKLM..\Run: [IMMONSUPPORT] e:\Program Files\IM Magician\vmonproc.exe (Vimisoft Studio)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [USB Security] e:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [IDMan] E:\idm\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] d:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SRS Audio Sandbox] E:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe (SRS Labs, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\ALI BUTT\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7619\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all links with IDM - E:\idm\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - E:\idm\Internet Download Manager\IEExt.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6143302-4981-49E1-9A13-51FB471FCDFE}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ALI BUTT\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/30 09:19:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/26 00:29:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/26 00:29:32 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/26 00:28:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ALI BUTT\Recent
[2011/12/26 00:28:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/26 00:18:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ALI BUTT\Desktop\OTL.exe
[2011/12/26 00:15:49 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\ALI BUTT\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/25 23:56:18 | 001,918,464 | ---- | C] (AVAST Software) -- C:\Documents and Settings\ALI BUTT\Desktop\aswMBR.exe
[2011/12/25 23:52:44 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\ALI BUTT\Desktop\TDSSKiller.exe
[2011/12/25 23:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI BUTT\Desktop\tsd
[2011/12/25 23:29:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/25 23:26:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/25 23:26:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/25 23:26:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/25 23:26:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/25 23:25:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/25 23:25:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/25 23:22:01 | 004,351,768 | R--- | C] (Swearware) -- C:\Documents and Settings\ALI BUTT\Desktop\ComboFix.exe
[2011/12/25 22:35:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI BUTT\Start Menu\Programs\Essentials Codec Pack
[2011/12/25 22:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI BUTT\Application Data\Nullsoft
[2011/12/25 22:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/12/25 22:25:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/25 22:25:10 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/12/25 22:25:09 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/12/25 22:25:08 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/12/25 22:25:08 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/12/25 22:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/12/25 21:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2011/12/25 20:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2011/12/25 20:44:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/12/25 20:41:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab
[2011/12/25 17:05:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI BUTT\Application Data\Sun
[2011/12/25 15:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI BUTT\Application Data\Malwarebytes
[2011/12/25 15:51:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/25 15:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/12/25 15:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/12/25 15:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/12/25 15:38:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI BUTT\Local Settings\Application Data\Adobe
[2011/12/25 15:34:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/12/25 15:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI BUTT\Application Data\Adobe
[2011/12/25 15:32:22 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/12/25 15:25:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI BUTT\Application Data\Mozilla
[2011/12/25 14:09:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegAce
[2011/12/22 23:32:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI BUTT\Application Data\Yahoo!
[2011/12/22 23:31:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2011/12/22 23:31:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/12/21 21:38:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/12/21 20:31:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\A4Tech IM Magician
[2011/12/21 20:30:27 | 000,450,560 | ---- | C] (FotoFan) -- C:\WINDOWS\System32\newlistview2.dll
[2011/12/21 20:30:27 | 000,077,824 | ---- | C] (FotoFan Studio) -- C:\WINDOWS\System32\vgf.dll
[2011/12/21 20:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Vimisoft Studio
[2011/12/21 19:52:09 | 000,109,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\VidCap32.exe
[2011/12/21 19:51:21 | 000,102,400 | ---- | C] (Meta Media Inc) -- C:\WINDOWS\MMVEM.EXE
[2011/12/21 19:51:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI BUTT\Start Menu\Programs\VP-EYE
[2011/12/21 19:48:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI BUTT\Application Data\Vimisoft Studio
[2011/12/21 19:48:16 | 000,309,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmv8dmod.dll
[2011/12/21 19:48:16 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mp4sds32.ax
[2011/12/21 19:47:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2011/12/21 19:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\Vimicro Corporation
[2011/12/21 19:41:12 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2011/12/21 19:41:07 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2011/12/21 19:41:04 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2011/12/21 19:41:04 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2011/12/21 19:41:04 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2011/12/21 19:41:00 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2011/12/21 19:40:56 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2011/12/21 19:40:51 | 000,085,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2011/12/21 19:40:48 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2011/12/21 19:40:34 | 000,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2011/12/21 19:40:19 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2011/12/21 19:40:19 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2011/12/21 19:40:19 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2011/12/21 19:40:19 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax
[2011/12/21 19:40:18 | 000,078,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2011/12/21 19:40:18 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2011/12/21 19:40:18 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2011/12/21 19:40:18 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2011/12/21 19:40:18 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2011/12/21 19:40:17 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2011/12/21 19:40:17 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2011/12/21 19:40:17 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2011/12/21 19:40:17 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2011/12/21 19:40:10 | 000,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2011/12/19 17:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI BUTT\Start Menu\Programs\XIII - Lost Identity
[2011/12/19 15:37:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/12/14 22:13:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI BUTT\Local Settings\Application Data\Help
[2011/12/14 22:13:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI BUTT\Application Data\Help
[2011/12/13 00:23:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Drivers
[2011/12/12 23:44:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/12/12 23:23:00 | 000,021,992 | ---- | C] (CPUID) -- C:\WINDOWS\System32\drivers\cpuz135_x32.sys
[2011/12/12 23:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CPUID
[2011/12/12 23:01:04 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2011/12/12 23:00:59 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2011/12/04 22:29:20 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/12/04 17:17:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI BUTT\My Documents\Telltale Games
[2011/12/04 17:13:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Puzzle Agent 2
[2011/11/29 01:43:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI BUTT\My Documents\New(2)
[2011/11/29 01:14:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI BUTT\Application Data\AVG
[2011/11/29 00:46:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI BUTT\Application Data\AVG2012
[2011/11/29 00:44:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/11/29 00:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ALI BUTT\Application Data\AVG Secure Search
[2011/11/29 00:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011/11/29 00:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2011/11/29 00:42:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/11/29 00:42:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/11/29 00:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/11/26 13:52:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ALI BUTT\My Documents\My Videos
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/26 00:46:19 | 085,150,936 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/12/26 00:29:38 | 000,000,554 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/26 00:23:37 | 000,181,020 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/12/26 00:22:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/26 00:18:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ALI BUTT\Desktop\OTL.exe
[2011/12/26 00:17:32 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\ALI BUTT\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/26 00:13:06 | 000,000,512 | ---- | M] () -- C:\MBR.dat
[2011/12/25 23:56:41 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Documents and Settings\ALI BUTT\Desktop\aswMBR.exe
[2011/12/25 23:43:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/25 23:29:09 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/25 23:22:44 | 004,351,768 | R--- | M] (Swearware) -- C:\Documents and Settings\ALI BUTT\Desktop\ComboFix.exe
[2011/12/25 23:18:24 | 000,473,714 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/25 23:18:24 | 000,082,374 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/25 22:36:29 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Windows Codec Update Service.job
[2011/12/25 22:36:06 | 000,000,597 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\Desktop\Media Player Classic.lnk
[2011/12/25 22:24:45 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/12/25 22:24:45 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/12/25 22:24:45 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/12/25 22:24:45 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/12/25 22:24:44 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/12/25 15:32:22 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/12/25 15:25:44 | 000,000,510 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/12/25 15:25:44 | 000,000,510 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/25 14:41:42 | 000,085,402 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\bookmarks-2011-12-25.json
[2011/12/25 04:16:06 | 000,013,985 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\The_Darjeeling_Limited_(2007)_720p_BRRip_suN_sujaidr.6817706.TPB.torrent
[2011/12/25 04:12:39 | 000,014,005 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\The_Inbetweeners_movie_2011_Extended_Cut_720p_BRrip_scOrp_sujaid.6884992.TPB.torrent
[2011/12/25 04:11:08 | 000,014,492 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\O_Brother_Where_Art_Thou_2000_720p_BRrip_scOrp_sujaidr.6893079.TPB.torrent
[2011/12/25 04:05:20 | 000,016,555 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\A_Separation_(2011)_720p_BRrip_sujaidr.6904198.TPB.torrent
[2011/12/25 02:54:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/24 21:25:30 | 000,014,106 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\A_Lonely_Place_to_Die_(2011)_720p_BluRay_x264_-_650MB_-_YIFY.6909023.TPB.torrent
[2011/12/23 19:52:26 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\ALI BUTT\Desktop\TDSSKiller.exe
[2011/12/23 11:41:42 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/12/23 00:10:56 | 000,173,568 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/22 23:31:17 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/12/22 23:31:17 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/12/21 20:31:33 | 000,000,490 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IM Magician.lnk
[2011/12/21 19:51:03 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VP-EYE 6.0.lnk
[2011/12/20 00:38:41 | 000,014,220 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\Mystic_River__2003__720p_BrRip_mkv___655MB___YIFY.torrent
[2011/12/20 00:35:15 | 000,017,169 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\Letters_from_Iwo_Jima__2006__720p__BRRip__MRShanku_Silver_RG.torrent
[2011/12/19 18:26:17 | 000,051,787 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/12/19 17:44:31 | 000,014,764 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\NOVO_2002_PARENTE_DVD_RIP_XVID.torrent
[2011/12/19 17:38:20 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\Desktop\XIII - Lost Identity.lnk
[2011/12/19 01:08:45 | 000,018,018 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\Burning_Palms__2010__720p__BRRip__MRShanku_Silver_RG.torrent
[2011/12/17 12:33:27 | 000,014,018 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\The_Curious_Case_of_Benjamin_Button_(2008)_650mb_720p_-_YIFY.6116188.TPB.torrent
[2011/12/17 12:23:34 | 000,066,668 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\The_Departed_(2006)_-_BRRip_-_720p_-_x264_-_MKV_by_RiddlerA.5838338.TPB.torrent
[2011/12/17 12:15:06 | 000,023,018 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\Das.Boot.[The.Boat].Original.Uncut.1981.DVDRip.H264.AAC.Gopo..6071769.TPB.torrent
[2011/12/17 11:59:25 | 000,073,137 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\Munich[2005]DvDrip[Eng]-aXXo.4320529.TPB.torrent
[2011/12/17 00:58:41 | 000,016,835 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\Bunraku_2010_720p_BRrip_ShAaNiG_sujaidr.torrent
[2011/12/17 00:34:42 | 000,021,621 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\Saint_(2010)_aka_Sint_BRrip_720p_sujaidr.6877706.TPB.torrent
[2011/12/16 17:21:53 | 000,015,128 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\Lars_von_Trier_-_Manderlay_(2005).4995399.TPB.torrent
[2011/12/16 16:55:42 | 000,000,978 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\Desktop\Shortcut to coed11.exe.lnk
[2011/12/16 16:31:26 | 000,028,897 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\Habemus_Papam_[We_Have_a_Pope](EngSubs_DVDrip)_2011.6773241.TPB.torrent
[2011/12/16 12:35:40 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\Start Menu\Programs\Startup\Webshots.lnk
[2011/12/15 16:25:24 | 000,083,883 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\Land_of_plenty_KLAXXON.torrent
[2011/12/15 13:47:15 | 000,111,560 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\Diary.of.A .Addict(2001)DVDRip.aaaevilacharya.6062160.TPB.torrent
[2011/12/15 13:41:57 | 000,020,636 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\The_Borgias_-_SEASON_1_Complete_480p_x264_-_BoB.6454225.TPB.torrent
[2011/12/15 12:51:26 | 000,014,940 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\[kat.ph]post.coitum.2004.dvdrip.torrent
[2011/12/15 03:57:25 | 000,014,570 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\[kat.ph]the.united.states.of.leland.dvdrip.torrent
[2011/12/15 01:36:43 | 000,014,998 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\Death_In_Love_2008_DVDRip_XviD_aAF.torrent
[2011/12/14 02:00:33 | 000,016,049 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\Mother_and_Child_(2009)_720p_mkv_x264_-_750MB_-_YIFY.6154744.TPB.torrent
[2011/12/14 01:43:12 | 000,014,972 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\Lost_in_Translation__2003__720p_BrRip_x264___700MB___YIFY.torrent
[2011/12/13 13:59:55 | 000,014,582 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\Wings_of_Desire_DVDRip_XviD_InFeCtiouS(ENG_SUBS)[ExtraTorrent].5554173.TPB.torrent
[2011/12/13 13:53:08 | 000,015,350 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\Haevnen(2010)(In_a_Better_World)DVDRip_nl_subs_Nlt-Release(Divx).6580282.TPB.torrent
[2011/12/13 13:46:16 | 000,028,803 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\Goodbye_Lenin___2003_avi_torrent.torrent
[2011/12/13 13:36:16 | 000,016,286 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\Chico_and_Rita_(2010)_BRRip_720p_x264_-MitZep_(PhoenixRG)_.6447274.TPB.torrent
[2011/12/13 13:25:27 | 000,029,483 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\The_Inbetweeners_2011_Extended_BDRIP_XVID_-_SCR0N.6883209.TPB.torrent
[2011/12/12 23:23:11 | 000,000,517 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CPUID CPU-Z.lnk
[2011/12/12 22:57:24 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/12 14:18:51 | 000,017,392 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\Walk_the_Line__2005___Extended_Cut__720p_x264__TYNYFYD_.torrent
[2011/12/12 14:07:38 | 000,256,634 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\Up_in_the_Air[2009]DvDrip[Eng]-FXG.5379168.TPB.torrent
[2011/12/12 13:44:55 | 000,056,873 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\Rescue.Dawn[2007]DvDrip[Eng]-aXXo.3882591.TPB.torrent
[2011/12/12 10:54:38 | 000,018,322 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\Kieslowski_-_Dekalog.4592132.TPB.torrent
[2011/12/12 03:40:43 | 000,035,993 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\_drama_politics)_Another_Way_[Egymasra_nezve]_EngSub_Div.4142403.TPB.torrent
[2011/12/12 03:34:23 | 000,015,291 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\The.Ron.Clark.Story.DVDRiP.XViD-DvF.4505329.TPB.torrent
[2011/12/09 17:45:35 | 000,012,985 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\Catch_44_2011_720p_BRrip_scOrp_sujaidr.6862257.TPB.torrent
[2011/12/09 17:43:44 | 000,019,681 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\Desktop\Turn_Me_On__Dammit__(2011)_720p_BRrip_sujaidr.6863611.TPB.torrent
[2011/12/08 23:01:05 | 000,057,001 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\The_Darjeeling_Limited[2007]DvDrip[Eng]-FXG.4027350.TPB.torrent
[2011/12/07 11:14:29 | 000,014,358 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\Hamlet_(1990)_MEL_GIBSON.GLENN_CLOSE.5131879.TPB.torrent
[2011/12/07 00:13:19 | 000,016,336 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\Synecdoche_New_York_(2008)_720p_BrRip_x264_-_750MB_-_YIFY.6867426.TPB.torrent
[2011/12/06 00:10:03 | 000,014,932 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\SOUND_OF_NOISE__2010__DVD_Rip_Xvid__StB_.torrent
[2011/12/06 00:05:50 | 000,016,868 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\Paula-Paula[2010][DVDRip][spanish].6271832.TPB.torrent
[2011/12/04 17:51:39 | 000,032,557 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\150_Gamehouse_Games.3974158.TPB.torrent
[2011/12/03 16:49:13 | 000,012,104 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\Love Child (2005) Liebeskind.torrent
[2011/12/03 10:09:59 | 000,021,259 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\The_Lookout__2007__720p___500mb___YIFY.torrent
[2011/12/02 23:24:53 | 000,018,332 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\The_Debt_Ha_Hov_2007_DVDRip.torrent
[2011/12/02 16:39:57 | 000,060,644 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\Alabama_Moon_2009_DVDRip_XviD_aAF.torrent
[2011/12/02 16:36:28 | 000,013,183 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\Red_Dog_(2011)_720p_BrRip_x264_-_600MB_-_YIFY.6853925.TPB.torrent
[2011/12/02 13:37:55 | 000,029,723 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\Desktop\Burke_and_Hare_2010_BDRip_XviD_AMIABLE.torrent
[2011/12/01 23:31:42 | 000,011,786 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\Martyrs (2008).torrent
[2011/12/01 22:36:50 | 000,000,044 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\{3D55D1F4-1059-11DC-B281-197056D89593}
[2011/12/01 16:55:46 | 000,015,758 | ---- | M] () -- C:\Documents and Settings\ALI BUTT\My Documents\11 Days 11 Nights (1987) Undici giorni, undici notti.torrent
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/26 00:46:19 | 085,150,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/12/26 00:29:38 | 000,000,554 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/26 00:13:06 | 000,000,512 | ---- | C] () -- C:\MBR.dat
[2011/12/25 23:29:09 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/12/25 23:29:04 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/25 23:26:11 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/25 23:26:11 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/25 23:26:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/25 23:26:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/25 23:26:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/25 22:36:29 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\Windows Codec Update Service.job
[2011/12/25 22:36:06 | 000,000,597 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\Desktop\Media Player Classic.lnk
[2011/12/25 15:25:44 | 000,000,510 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/12/25 15:25:44 | 000,000,510 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/25 15:25:43 | 000,000,510 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/25 14:41:42 | 000,085,402 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\bookmarks-2011-12-25.json
[2011/12/25 04:16:05 | 000,013,985 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\The_Darjeeling_Limited_(2007)_720p_BRRip_suN_sujaidr.6817706.TPB.torrent
[2011/12/25 04:12:39 | 000,014,005 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\The_Inbetweeners_movie_2011_Extended_Cut_720p_BRrip_scOrp_sujaid.6884992.TPB.torrent
[2011/12/25 04:11:07 | 000,014,492 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\O_Brother_Where_Art_Thou_2000_720p_BRrip_scOrp_sujaidr.6893079.TPB.torrent
[2011/12/25 04:05:17 | 000,016,555 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\A_Separation_(2011)_720p_BRrip_sujaidr.6904198.TPB.torrent
[2011/12/24 21:25:29 | 000,014,106 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\A_Lonely_Place_to_Die_(2011)_720p_BluRay_x264_-_650MB_-_YIFY.6909023.TPB.torrent
[2011/12/22 23:31:17 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/12/22 23:31:17 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/12/21 20:31:33 | 000,000,490 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IM Magician.lnk
[2011/12/21 19:52:09 | 000,035,600 | ---- | C] () -- C:\WINDOWS\AMCAP.EXE
[2011/12/21 19:51:45 | 000,172,032 | ---- | C] () -- C:\WINDOWS\JAPI2.DLL
[2011/12/21 19:51:09 | 000,106,496 | ---- | C] () -- C:\WINDOWS\JAPI.DLL
[2011/12/21 19:51:09 | 000,020,992 | ---- | C] () -- C:\WINDOWS\MMVCB.AX
[2011/12/21 19:51:03 | 000,000,649 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VP-EYE 6.0.lnk
[2011/12/20 00:38:39 | 000,014,220 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\Mystic_River__2003__720p_BrRip_mkv___655MB___YIFY.torrent
[2011/12/20 00:35:13 | 000,017,169 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\Letters_from_Iwo_Jima__2006__720p__BRRip__MRShanku_Silver_RG.torrent
[2011/12/19 18:26:17 | 000,051,787 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/12/19 17:44:29 | 000,014,764 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\NOVO_2002_PARENTE_DVD_RIP_XVID.torrent
[2011/12/19 17:38:20 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\Desktop\XIII - Lost Identity.lnk
[2011/12/19 01:08:41 | 000,018,018 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\Burning_Palms__2010__720p__BRRip__MRShanku_Silver_RG.torrent
[2011/12/17 12:33:26 | 000,014,018 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\The_Curious_Case_of_Benjamin_Button_(2008)_650mb_720p_-_YIFY.6116188.TPB.torrent
[2011/12/17 12:23:33 | 000,066,668 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\The_Departed_(2006)_-_BRRip_-_720p_-_x264_-_MKV_by_RiddlerA.5838338.TPB.torrent
[2011/12/17 12:15:03 | 000,023,018 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\Das.Boot.[The.Boat].Original.Uncut.1981.DVDRip.H264.AAC.Gopo..6071769.TPB.torrent
[2011/12/17 11:59:20 | 000,073,137 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\Munich[2005]DvDrip[Eng]-aXXo.4320529.TPB.torrent
[2011/12/17 00:58:38 | 000,016,835 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\Bunraku_2010_720p_BRrip_ShAaNiG_sujaidr.torrent
[2011/12/17 00:34:41 | 000,021,621 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\Saint_(2010)_aka_Sint_BRrip_720p_sujaidr.6877706.TPB.torrent
[2011/12/16 17:21:52 | 000,015,128 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\Lars_von_Trier_-_Manderlay_(2005).4995399.TPB.torrent
[2011/12/16 16:55:42 | 000,000,978 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\Desktop\Shortcut to coed11.exe.lnk
[2011/12/16 16:31:22 | 000,028,897 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\Habemus_Papam_[We_Have_a_Pope](EngSubs_DVDrip)_2011.6773241.TPB.torrent
[2011/12/15 16:25:20 | 000,083,883 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\Land_of_plenty_KLAXXON.torrent
[2011/12/15 13:47:12 | 000,111,560 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\Diary.of.A .Addict(2001)DVDRip.aaaevilacharya.6062160.TPB.torrent
[2011/12/15 13:41:55 | 000,020,636 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\The_Borgias_-_SEASON_1_Complete_480p_x264_-_BoB.6454225.TPB.torrent
[2011/12/15 12:51:17 | 000,014,940 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\[kat.ph]post.coitum.2004.dvdrip.torrent
[2011/12/15 03:57:24 | 000,014,570 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\[kat.ph]the.united.states.of.leland.dvdrip.torrent
[2011/12/15 01:36:40 | 000,014,998 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\Death_In_Love_2008_DVDRip_XviD_aAF.torrent
[2011/12/14 02:00:31 | 000,016,049 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\Mother_and_Child_(2009)_720p_mkv_x264_-_750MB_-_YIFY.6154744.TPB.torrent
[2011/12/14 01:43:08 | 000,014,972 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\Lost_in_Translation__2003__720p_BrRip_x264___700MB___YIFY.torrent
[2011/12/13 13:59:51 | 000,014,582 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\Wings_of_Desire_DVDRip_XviD_InFeCtiouS(ENG_SUBS)[ExtraTorrent].5554173.TPB.torrent
[2011/12/13 13:53:08 | 000,015,350 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\Haevnen(2010)(In_a_Better_World)DVDRip_nl_subs_Nlt-Release(Divx).6580282.TPB.torrent
[2011/12/13 13:46:16 | 000,028,803 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\Goodbye_Lenin___2003_avi_torrent.torrent
[2011/12/13 13:36:16 | 000,016,286 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\Chico_and_Rita_(2010)_BRRip_720p_x264_-MitZep_(PhoenixRG)_.6447274.TPB.torrent
[2011/12/13 13:25:24 | 000,029,483 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\The_Inbetweeners_2011_Extended_BDRIP_XVID_-_SCR0N.6883209.TPB.torrent
[2011/12/12 23:23:11 | 000,000,517 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CPUID CPU-Z.lnk
[2011/12/12 14:18:47 | 000,017,392 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\Walk_the_Line__2005___Extended_Cut__720p_x264__TYNYFYD_.torrent
[2011/12/12 14:07:36 | 000,256,634 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\Up_in_the_Air[2009]DvDrip[Eng]-FXG.5379168.TPB.torrent
[2011/12/12 13:44:52 | 000,056,873 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\Rescue.Dawn[2007]DvDrip[Eng]-aXXo.3882591.TPB.torrent
[2011/12/12 10:54:34 | 000,018,322 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\Kieslowski_-_Dekalog.4592132.TPB.torrent
[2011/12/12 03:40:43 | 000,035,993 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\_drama_politics)_Another_Way_[Egymasra_nezve]_EngSub_Div.4142403.TPB.torrent
[2011/12/12 03:34:20 | 000,015,291 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\The.Ron.Clark.Story.DVDRiP.XViD-DvF.4505329.TPB.torrent
[2011/12/09 17:45:34 | 000,012,985 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\Catch_44_2011_720p_BRrip_scOrp_sujaidr.6862257.TPB.torrent
[2011/12/09 17:43:37 | 000,019,681 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\Desktop\Turn_Me_On__Dammit__(2011)_720p_BRrip_sujaidr.6863611.TPB.torrent
[2011/12/08 23:01:02 | 000,057,001 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\The_Darjeeling_Limited[2007]DvDrip[Eng]-FXG.4027350.TPB.torrent
[2011/12/07 11:14:26 | 000,014,358 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\Hamlet_(1990)_MEL_GIBSON.GLENN_CLOSE.5131879.TPB.torrent
[2011/12/07 00:13:19 | 000,016,336 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\Synecdoche_New_York_(2008)_720p_BrRip_x264_-_750MB_-_YIFY.6867426.TPB.torrent
[2011/12/06 00:10:00 | 000,014,932 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\SOUND_OF_NOISE__2010__DVD_Rip_Xvid__StB_.torrent
[2011/12/06 00:05:47 | 000,016,868 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\Paula-Paula[2010][DVDRip][spanish].6271832.TPB.torrent
[2011/12/04 17:51:36 | 000,032,557 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\150_Gamehouse_Games.3974158.TPB.torrent
[2011/12/03 16:49:11 | 000,012,104 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\Love Child (2005) Liebeskind.torrent
[2011/12/03 10:09:56 | 000,021,259 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\The_Lookout__2007__720p___500mb___YIFY.torrent
[2011/12/02 23:24:36 | 000,018,332 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\The_Debt_Ha_Hov_2007_DVDRip.torrent
[2011/12/02 16:39:53 | 000,060,644 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\Alabama_Moon_2009_DVDRip_XviD_aAF.torrent
[2011/12/02 16:36:27 | 000,013,183 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\Red_Dog_(2011)_720p_BrRip_x264_-_600MB_-_YIFY.6853925.TPB.torrent
[2011/12/02 13:37:45 | 000,029,723 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\Desktop\Burke_and_Hare_2010_BDRip_XviD_AMIABLE.torrent
[2011/12/01 23:31:40 | 000,011,786 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\Martyrs (2008).torrent
[2011/12/01 22:36:44 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{3D55D1F4-1059-11DC-B281-197056D89593}
[2011/12/01 16:55:43 | 000,015,758 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\My Documents\11 Days 11 Nights (1987) Undici giorni, undici notti.torrent
[2011/11/29 00:44:06 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/11/10 12:58:03 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2011/11/01 22:49:24 | 000,055,256 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/10/29 00:48:29 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\Local Settings\Application Data\WebpageIcons.db
[2011/10/11 11:24:37 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2011/09/21 08:09:27 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2011/09/21 08:09:24 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2011/08/31 01:26:49 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/08/14 17:59:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2011/08/10 16:44:04 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/07/25 02:43:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/07 00:12:04 | 001,156,552 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2011/07/01 02:08:11 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/07/01 00:39:37 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011/07/01 00:38:42 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011/06/01 15:29:46 | 000,000,081 | ---- | C] () -- C:\WINDOWS\GECKOS.INI
[2011/05/30 12:12:14 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2011/05/30 12:06:08 | 000,173,568 | ---- | C] () -- C:\Documents and Settings\ALI BUTT\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/30 12:04:19 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/05/30 09:37:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/30 09:22:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/30 09:15:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/05/30 02:08:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/30 02:05:51 | 000,282,928 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/16 14:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 14:01:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/05/16 14:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/16 14:01:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/05/16 14:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 14:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 14:01:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/05/16 14:01:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/05/16 14:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/07/26 12:01:50 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
[2006/10/09 22:18:10 | 000,036,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\csiidecoder_kern_i386.sys
[2006/10/09 22:18:10 | 000,034,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\SRS_SSCFilter.sys
[2006/10/09 22:18:08 | 000,044,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\tshd4_kern_i386.sys
[2006/10/09 22:18:08 | 000,042,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\Surroundhp_kern_i386.sys
[2004/08/04 06:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/02 19:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/17 16:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/08/23 19:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 19:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 19:00:00 | 000,473,714 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 19:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 19:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 19:00:00 | 000,082,374 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 19:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 19:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 19:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 19:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Files - Unicode (All) ==========
[2011/07/07 11:51:54 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\ALI BUTT\?????) -- C:\Documents and Settings\ALI BUTT\獷楬汢捯污

< End of report >
  • 0

Advertisements

#11
Ali Butt
Posted 25 December 2011 - 02:07 PM

Ali Butt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
OTL Extras logfile created on: 12/26/2011 12:48:08 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\ALI BUTT\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.98 Mb Total Physical Memory | 129.29 Mb Available Physical Memory | 25.30% Memory free
979.98 Mb Paging File | 430.23 Mb Available in Paging File | 43.90% Paging File free
Paging file location(s): C:\pagefile.sys 500 700 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 11.82 Gb Free Space | 60.53% Space Free | Partition Type: NTFS
Drive D: | 9.76 Gb Total Space | 3.28 Gb Free Space | 33.59% Space Free | Partition Type: FAT32
Drive E: | 7.94 Gb Total Space | 1.52 Gb Free Space | 19.15% Space Free | Partition Type: FAT32

Computer Name: HOME-1157E821BE | User Name: ALI BUTT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = SafariHTML] -- Reg Error: Key error. File not found
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "e:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "e:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"21563:TCP" = 21563:TCP:*:Enabled:BitComet 21563 TCP
"21563:UDP" = 21563:UDP:*:Enabled:BitComet 21563 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\software\TeamViewer.exe" = E:\software\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"E:\Program Files\BitTorrent\BitTorrent.exe" = E:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{2767DEDE-EA9D-4FCE-A06A-40F4DD293330}" = hppusgP1000
"{2857dbef-0b50-361c-8690-7d505747009f}" = Webshots Desktop
"{31187E06-E131-4709-9285-7D105D77AA89}" = Components Setup
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39D7BD4A-5BE7-11D4-9D68-0020781864F1}" = CueClub
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{44A69352-33DD-405E-ADB8-2D768643BBAE}_is1" = AnyBizSoft PDF to Word (Build 3.0.0)
"{4877CCD5-6B0B-4B3A-8EF1-911D946B8B94}" = SRS Audio Sandbox
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{8398852A-7B61-4808-8F58-D0A40D1B2CB6}" = AVG 2012
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9819EF4D-7A28-54B5-8A25-CE97793845A4}" = Webshots Daily Features
"{A5742726-2180-4253-83A7-53558486A7A2}" = IM Magician
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{BA524348-59A6-437A-A4FB-25080BDEFCD6}" = VP-EYE
"{BDDEE95D-0671-4A38-AAF3-2A7D5801B323}" = Components Setup
"{E171F5DA-6F17-472D-A223-92468142C5E8}" = AVG 2012
"{E89760FE-AA0B-407D-BB94-E23CE78385F3}" = CueClub Patch
"{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVG" = AVG 2012
"BitTorrent" = BitTorrent
"Burger Shop 2 1.00" = Burger Shop 2 1.00
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
"Folder Guard" = Folder Guard
"Foxit Reader" = Foxit Reader
"Jumpa_is1" = Jumpa 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"USB Disk Security_is1" = USB Disk Security
"VLC media player" = VLC media player 1.1.11
"WebshotsDailyFeatures.D47BD63EE77CC0AC7AE23BFA386A3F1EDA7C080D.1" = Webshots Daily Features
"Wedding Dash 4 Ever 1.00" = Wedding Dash 4 Ever 1.00
"WIC" = Windows Imaging Component
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 3.6 [32-Bit]
"WinRAR archiver" = WinRAR 4.10 beta 2 (32-bit)
"XIII - Lost Identity1.0" = XIII - Lost Identity
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/25/2011 3:06:45 PM | Computer Name = HOME-1157E821BE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/25/2011 3:06:45 PM | Computer Name = HOME-1157E821BE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/25/2011 3:23:11 PM | Computer Name = HOME-1157E821BE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/25/2011 3:23:11 PM | Computer Name = HOME-1157E821BE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/25/2011 3:23:11 PM | Computer Name = HOME-1157E821BE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/25/2011 3:23:11 PM | Computer Name = HOME-1157E821BE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/25/2011 3:24:49 PM | Computer Name = HOME-1157E821BE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x42315bbb.

Error - 12/25/2011 3:26:04 PM | Computer Name = HOME-1157E821BE | Source = Application Error | ID = 1001
Description = Fault bucket 646499498.

Error - 12/25/2011 3:26:26 PM | Computer Name = HOME-1157E821BE | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 12/25/2011 3:26:31 PM | Computer Name = HOME-1157E821BE | Source = Application Error | ID = 1001
Description = Fault bucket 00733296.

[ Application Events ]
Error - 12/25/2011 3:06:45 PM | Computer Name = HOME-1157E821BE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/25/2011 3:06:45 PM | Computer Name = HOME-1157E821BE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/25/2011 3:23:11 PM | Computer Name = HOME-1157E821BE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/25/2011 3:23:11 PM | Computer Name = HOME-1157E821BE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/25/2011 3:23:11 PM | Computer Name = HOME-1157E821BE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/25/2011 3:23:11 PM | Computer Name = HOME-1157E821BE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/25/2011 3:24:49 PM | Computer Name = HOME-1157E821BE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x42315bbb.

Error - 12/25/2011 3:26:04 PM | Computer Name = HOME-1157E821BE | Source = Application Error | ID = 1001
Description = Fault bucket 646499498.

Error - 12/25/2011 3:26:26 PM | Computer Name = HOME-1157E821BE | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 12/25/2011 3:26:31 PM | Computer Name = HOME-1157E821BE | Source = Application Error | ID = 1001
Description = Fault bucket 00733296.

[ System Events ]
Error - 12/25/2011 1:18:32 PM | Computer Name = HOME-1157E821BE | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 12/25/2011 1:18:32 PM | Computer Name = HOME-1157E821BE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for D:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe.
Reference
error message: The operation completed successfully. .

Error - 12/25/2011 3:23:47 PM | Computer Name = HOME-1157E821BE | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 12/25/2011 3:23:47 PM | Computer Name = HOME-1157E821BE | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 12/25/2011 3:23:48 PM | Computer Name = HOME-1157E821BE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for D:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe.
Reference
error message: The operation completed successfully. .

Error - 12/25/2011 3:24:29 PM | Computer Name = HOME-1157E821BE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the AG Core Services service
to connect.

Error - 12/25/2011 3:24:29 PM | Computer Name = HOME-1157E821BE | Source = Service Control Manager | ID = 7000
Description = The AG Core Services service failed to start due to the following
error: %%1053

Error - 12/25/2011 3:24:29 PM | Computer Name = HOME-1157E821BE | Source = Service Control Manager | ID = 7000
Description = The MySQL service failed to start due to the following error: %%3

Error - 12/25/2011 3:24:29 PM | Computer Name = HOME-1157E821BE | Source = Service Control Manager | ID = 7000
Description = The Airytec Switch Off - Task Scheduler service failed to start due
to the following error: %%2

Error - 12/25/2011 3:24:29 PM | Computer Name = HOME-1157E821BE | Source = Service Control Manager | ID = 7000
Description = The Airytec Switch Off - Web Interface service failed to start due
to the following error: %%2


< End of report >
  • 0

#12
RKinner
Posted 25 December 2011 - 02:17 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Try the OTL scan again. You missed this step:

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes
  • 0

#13
Ali Butt
Posted 25 December 2011 - 03:08 PM

Ali Butt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
these are the first otl scans without the custom scan/fixes.
will be posting the scan result of custom scan/fixes in a while.
i am really thankful to you for your help.

the second combo fix is halted/stuck for the second time.
how much time should be taken by second combo fix scan?

Edited by Ali Butt, 25 December 2011 - 03:12 PM.

  • 0

#14
RKinner
Posted 25 December 2011 - 03:32 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
It can sometimes take hours for combofix to finish. It may do better in Safe Mode with Networking

(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.)
  • 0

#15
Ali Butt
Posted 25 December 2011 - 03:38 PM

Ali Butt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
ok, will do that too.
here are the otl scan result with custom scan/fix.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP