Weird Behaviour - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

Weird Behaviour

#1 silentarts

  • Group: Member
  • Posts: 168
  • Joined: 15-May 05

Posted 09 May 2012 - 11:45 PM

I noticed recently that my laptop started behaving weird with lots of file errors in a folder inside my Documents and Settings Folder called NetworkUsers.

I have managed to kill those processes and delete the folder now, but I would just like to know if I am clean.

Please let me know...

My OTL Results are below just in case as well as my RootReapel Report.

Thanks in advanced...


OTL logfile created on: 5/9/2012 10:29:50 PM - Run 1
OTL by OldTimer - Version 3.2.42.3     Folder = C:\Documents and Settings\Fadil Shamir Khan\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1015.17 Mb Total Physical Memory | 304.60 Mb Available Physical Memory | 30.00% Memory free
2.39 Gb Paging File | 1.77 Gb Available in Paging File | 74.04% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.94 Gb Total Space | 3.73 Gb Free Space | 13.35% Space Free | Partition Type: NTFS
 
Computer Name: FADIL-LAPTOP | User Name: Fadil Shamir Khan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012/05/09 22:27:18 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fadil Shamir Khan\My Documents\Downloads\OTL.exe
PRC - [2012/04/25 12:18:26 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/06 20:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 20:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol 120%\StarWind\StarWindServiceAE.exe
PRC - [2006/08/10 22:08:04 | 002,379,776 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
PRC - [2006/08/10 16:10:56 | 000,110,592 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe
PRC - [2004/06/17 12:12:40 | 000,409,664 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\ZCfgSvc.exe
PRC - [2004/06/17 12:09:38 | 000,204,800 | ---- | M] (Intel) -- C:\WINDOWS\system32\1XConfig.exe
PRC - [2004/06/17 12:09:10 | 000,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe
PRC - [2004/06/17 12:07:40 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012/05/09 15:16:26 | 001,756,160 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12050901\algo.dll
MOD - [2012/05/05 00:02:15 | 008,797,856 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012/04/25 12:18:16 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/07/04 17:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2008/04/14 08:00:00 | 001,288,192 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/14 08:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 08:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006/08/10 22:08:04 | 002,379,776 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
MOD - [2006/08/10 16:10:56 | 000,110,592 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe
MOD - [2004/06/17 12:17:42 | 000,045,124 | ---- | M] () -- C:\WINDOWS\system32\LsaWrApi.dll
MOD - [2004/06/17 12:08:24 | 000,225,349 | ---- | M] () -- C:\WINDOWS\system32\C1XStngs.dll
MOD - [2004/05/28 10:13:10 | 000,057,344 | ---- | M] () -- C:\WINDOWS\ATK0100\CMSSC.dll
MOD - [2003/09/24 21:21:48 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\ssleay32.dll
MOD - [2003/09/24 21:21:46 | 000,651,264 | ---- | M] () -- C:\WINDOWS\system32\libeay32.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/05/05 00:23:15 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/06 20:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol 120%\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2004/06/17 12:09:10 | 000,303,171 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/06/17 12:07:40 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2003/04/29 14:29:54 | 000,139,264 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ss.sys -- (StreamSurge) StreamSurge Driver (miniport)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\Belkin\F5D9050\BKNDIS5.SYS -- (BKNDIS5)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (alo6x4s9)
DRV - [2012/05/09 07:50:39 | 000,015,584 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2012/04/07 22:52:51 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2012/03/27 17:03:36 | 006,100,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2012/03/06 20:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 20:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 20:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/06 20:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 20:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 20:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 19:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/01/31 21:30:36 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/09/16 14:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/07/04 15:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/13 18:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2005/11/24 19:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/04/18 22:21:08 | 000,027,136 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2005/02/17 23:07:48 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2005/01/17 22:43:00 | 001,036,928 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/01/17 22:43:00 | 000,702,592 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/01/17 22:43:00 | 000,163,328 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2004/12/06 15:51:10 | 000,051,328 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2004/06/16 08:01:46 | 002,483,712 | ---- | M] (IntelŪ Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel(R)
DRV - [2004/06/09 10:12:48 | 000,010,970 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2003/09/24 21:21:44 | 000,285,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2002/11/22 20:01:26 | 000,020,096 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig#m_98"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/03 00:58:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/03/29 13:30:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Mozilla\Extensions
[2012/05/03 02:19:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Mozilla\Firefox\Profiles\l0rwv6fr.default\extensions
[2012/05/03 02:18:36 | 000,000,000 | ---D | M] (FB Photo Zoom) -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Mozilla\Firefox\Profiles\l0rwv6fr.default\extensions\fbpz@regisgaughan.com
[2012/04/25 12:18:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/20 20:39:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/04/25 12:18:28 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/30 17:50:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/30 17:50:33 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2012/05/03 04:42:02 | 000,002,186 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-5.adobe.com
O1 - Hosts: 127.0.0.1 hh-software.com
O1 - Hosts: 127.0.0.1 www.hh-software.com
O1 - Hosts: 25 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe (Intel Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol 120%\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [DriverMax_RESTART] C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F4FD520-AB94-4BE4-8EE3-965204C1D57E}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\Sebring: DllName - (C:\WINDOWS\system32\LgNotify.dll) - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/29 12:28:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012/05/09 22:21:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\RootRepeal
[2012/05/09 08:01:51 | 000,000,000 | ---D | C] -- C:\f5d9050v3000
[2012/05/09 07:50:37 | 000,790,528 | ---- | C] (Motorola Inc.) -- C:\WINDOWS\System32\BCMWLCPL.CPL
[2012/05/09 07:50:05 | 000,144,776 | ---- | C] (Motorola Inc.) -- C:\WINDOWS\System32\BCMWLU00.EXE
[2012/05/09 07:50:05 | 000,057,344 | ---- | C] (Motorola Inc.) -- C:\WINDOWS\System32\BCMWLD2K.EXE
[2012/05/09 07:21:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\Latest
[2012/05/08 18:24:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/08 18:03:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Recent
[2012/05/08 17:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Malwarebytes
[2012/05/08 17:24:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/05/06 15:25:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/05/06 15:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/05/06 15:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/05/03 17:18:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\Maher Zain - Forgive Me 2012
[2012/05/03 00:58:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/05/03 00:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/05/02 14:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\Web & Graphic Desgin
[2012/05/02 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\Notes
[2012/05/01 18:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinSCP
[2012/05/01 18:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2012/04/29 10:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\Cranium_Consulting_and_Cu
[2012/04/29 09:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/04/29 09:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/04/29 09:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/04/28 09:54:03 | 000,000,000 | ---D | C] -- C:\Program Files\Cyder
[2012/04/26 18:43:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2012/04/26 18:41:42 | 000,030,592 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2012/04/26 18:41:40 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2012/04/26 18:41:40 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys
[2012/04/26 18:40:55 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2012/04/26 18:39:21 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2012/04/25 22:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/04/25 22:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012/04/25 22:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012/04/25 22:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/04/25 22:07:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2012/04/25 22:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/04/25 22:03:10 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/04/25 20:11:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2012/04/25 15:26:30 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2012/04/25 15:26:21 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2012/04/25 15:26:19 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2012/04/25 15:20:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2012/04/25 15:20:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\iPhone Hacking
[2012/04/25 12:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/04/24 05:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\Microsoft Help
[2012/04/24 05:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2012/04/24 05:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Alcohol 120%
[2012/04/24 05:20:24 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol 120%
[2012/04/23 20:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\Unity
[2012/04/23 17:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\RockMelt
[2012/04/22 19:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/22 07:01:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012/04/22 04:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/04/22 04:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Anvsoft
[2012/04/22 04:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Wedding Album Maker
[2012/04/22 04:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Start Menu\Programs\Wedding Album Maker Gold
[2012/04/22 04:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\Wedding Album Maker Gold
[2012/04/22 04:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Cocoon Software
[2012/04/22 04:39:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\WDSetup
[2012/04/21 21:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Google
[2012/04/21 14:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\WinHTTrack Website Copier
[2012/04/21 14:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\ApplicationHistory
[2012/04/21 13:32:32 | 000,000,000 | ---D | C] -- C:\Program Files\Website Ripper Copier
[2012/04/21 13:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Start Menu\Programs\Website Ripper Copier
[2012/04/21 13:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\My Documents\Website Ripper Copier
[2012/04/21 13:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Website Ripper Copier
[2012/04/21 13:30:39 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2012/04/21 13:30:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2012/04/21 13:30:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2012/04/21 08:48:18 | 000,000,000 | ---D | C] -- C:\Program Files\Network Magic
[2012/04/21 08:42:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012/04/21 04:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2012/04/20 20:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\.shsh
[2012/04/20 20:40:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/04/20 20:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/20 20:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/04/20 19:56:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Sun
[2012/04/20 19:29:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\libimobiledevice
[2012/04/19 05:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\redsn0w
[2012/04/17 18:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\Identities
[2012/04/17 18:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe
[2012/04/13 03:36:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\FileZilla
[2012/04/13 03:35:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Start Menu\Programs\FileZilla FTP Client
[2012/04/13 03:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012/05/09 22:22:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/09 22:07:03 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/09 21:28:47 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/09 21:28:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/09 09:04:47 | 000,035,894 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\irclogo.jpg
[2012/05/09 09:04:39 | 000,220,875 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\Logo.psd
[2012/05/09 07:49:03 | 000,036,570 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\sick.jpg
[2012/05/09 07:11:19 | 000,392,864 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/09 07:11:19 | 000,058,998 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/08 18:15:16 | 000,011,052 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\My Documents\Registry Backup.reg
[2012/05/08 16:38:55 | 000,606,099 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\UntoldAdSenseFacts.pdf
[2012/05/08 16:00:04 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/08 03:30:47 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\winscp.rnd
[2012/05/06 15:51:35 | 000,081,006 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\My Documents\bg.jpg
[2012/05/04 06:32:53 | 000,023,470 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\sparktechtt.png
[2012/05/04 06:32:53 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Adobe PNG Format CS5 Prefs
[2012/05/04 06:31:12 | 000,401,016 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\sparktechtt.psd
[2012/05/04 05:45:08 | 000,016,604 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\fixed_logo.png
[2012/05/04 05:44:59 | 000,134,370 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\hotshots logo.psd
[2012/05/03 04:42:02 | 000,002,186 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/02 19:07:58 | 000,001,145 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\CleanTemp.bat
[2012/04/30 12:02:57 | 002,347,656 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/25 20:52:34 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook Express.lnk
[2012/04/25 16:44:16 | 000,000,060 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\.NET Framework Checker.bat
[2012/04/25 16:39:43 | 000,000,212 | RHS- | M] () -- C:\boot.ini
[2012/04/23 19:37:19 | 000,020,428 | ---- | M] () -- C:\WINDOWS\System32\35.exe
[2012/04/23 09:07:51 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/22 18:55:47 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2012/04/22 06:40:30 | 000,000,028 | ---- | M] () -- C:\WINDOWS\v2d.INI
[2012/04/21 08:46:48 | 008,892,928 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012/05/09 09:04:47 | 000,035,894 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\irclogo.jpg
[2012/05/09 09:04:38 | 000,220,875 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\Logo.psd
[2012/05/09 07:50:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2012/05/09 07:50:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2012/05/09 07:49:02 | 000,036,570 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\sick.jpg
[2012/05/08 16:38:54 | 000,606,099 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\UntoldAdSenseFacts.pdf
[2012/05/06 15:51:33 | 000,081,006 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\My Documents\bg.jpg
[2012/05/04 06:31:22 | 000,023,470 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\sparktechtt.png
[2012/05/04 06:31:11 | 000,401,016 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\sparktechtt.psd
[2012/05/04 05:45:07 | 000,016,604 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\fixed_logo.png
[2012/05/04 04:51:08 | 000,134,370 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\hotshots logo.psd
[2012/05/01 18:33:17 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\winscp.rnd
[2012/04/25 20:52:34 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook Express.lnk
[2012/04/25 16:44:16 | 000,000,060 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\.NET Framework Checker.bat
[2012/04/23 19:37:19 | 000,020,428 | ---- | C] () -- C:\WINDOWS\System32\35.exe
[2012/04/22 18:37:06 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2012/04/22 04:30:20 | 000,000,028 | ---- | C] () -- C:\WINDOWS\v2d.INI
[2012/04/21 08:46:45 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2012/04/21 03:16:20 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/04/20 11:35:19 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Adobe PNG Format CS5 Prefs
[2012/04/08 05:55:45 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/07 22:54:08 | 000,162,634 | ---- | C] () -- C:\WINDOWS\FotoFusion Uninstaller.exe
[2012/03/30 01:52:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4670.dll
[2012/03/30 00:25:29 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2012/03/29 17:21:12 | 000,003,472 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/29 17:05:06 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012/03/29 13:30:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2012/03/29 12:31:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/03/29 12:25:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/03/29 12:18:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/03/29 12:16:51 | 002,347,656 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/29 10:46:58 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2012/04/22 04:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anvsoft
[2012/03/29 16:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/03/30 18:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2012/04/21 19:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/04/22 04:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/03/29 13:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/04/08 18:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/04/22 19:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/22 04:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Cocoon Software
[2012/05/09 22:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\FileZilla
[2012/03/30 01:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\iolo
[2012/05/07 06:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\redsn0w
[2012/04/08 09:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/05/08 18:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\uTorrent
[2012/04/22 04:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Wedding Album Maker
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C3B8FB5

< End of report >




ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2012/05/09 22:23
Program Version:		Version 1.3.5.0
Windows Version:		Windows XP SP3
==================================================

SSDT
-------------------
#: 009	Function Name: NtAddBootEntry
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9cefdf8

#: 017	Function Name: NtAllocateVirtualMemory
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9d7ca5a

#: 019	Function Name: NtAssignProcessToJobObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9cf085e

#: 025	Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9d1cd5d

#: 035	Function Name: NtCreateEvent
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9cf52e4

#: 036	Function Name: NtCreateEventPair
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9cf5330

#: 038	Function Name: NtCreateIoCompletion
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9cf5422

#: 041	Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9d1c711

#: 043	Function Name: NtCreateMutant
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9cf5252

#: 050	Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9cf5374

#: 051	Function Name: NtCreateSemaphore
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9cf529a

#: 054	Function Name: NtCreateTimer
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9cf53dc

#: 061	Function Name: NtDeleteBootEntry
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9cefe44

#: 063	Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9d1d423

#: 065	Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9d1d6d9

#: 068	Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9cf29a8

#: 071	Function Name: NtEnumerateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9d1d28e

#: 073	Function Name: NtEnumerateValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9d1d0f9

#: 083	Function Name: NtFreeVirtualMemory
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9d7cb34

#: 097	Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9cefad6

#: 109	Function Name: NtModifyBootEntry
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9cefe90

#: 111	Function Name: NtNotifyChangeKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9cf2d1c

#: 112	Function Name: NtNotifyChangeMultipleKeys
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9cf0b02

#: 114	Function Name: NtOpenEvent
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9cf530e

#: 115	Function Name: NtOpenEventPair
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9cf5352

#: 117	Function Name: NtOpenIoCompletion
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9cf5446

#: 119	Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9d1ca6d

#: 120	Function Name: NtOpenMutant
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9cf5278

#: 122	Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9cf2518

#: 125	Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9cf53ae

#: 126	Function Name: NtOpenSemaphore
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9cf52c2

#: 128	Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9cf274c

#: 131	Function Name: NtOpenTimer
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9cf5400

#: 137	Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9d7cca0

#: 160	Function Name: NtQueryKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9d1cf74

#: 163	Function Name: NtQueryObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9cf09ce

#: 177	Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9d1cdc6

#: 192	Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9d86b68

#: 204	Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9d1bd84

#: 211	Function Name: NtSetBootEntryOrder
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9cefedc

#: 212	Function Name: NtSetBootOptions
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9ceff28

#: 240	Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9cefb46

#: 241	Function Name: NtSetSystemPowerState
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9cefcea

#: 247	Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9d1d52a

#: 249	Function Name: NtShutdownSystem
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9cefc92

#: 255	Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9cefd5a

#: 257	Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9d7cd60

#: 268	Function Name: NtVdmControl
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa9ceff74

#: 277	Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9d7cbe0

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System	Address: 0x863d91f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x863d91f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System	Address: 0x863d91f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System	Address: 0x863d91f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x863d91f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x863d91f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x863d91f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x863d91f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x863d91f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x863d91f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x863d91f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x863d91f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x863d91f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x863d91f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x863d91f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x863d91f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System	Address: 0x863d91f8	Size: 121

Object: Hidden Code [Driver: alo6x4s9???????????????, IRP_MJ_CREATE]
Process: System	Address: 0x861ce500	Size: 121

Object: Hidden Code [Driver: alo6x4s9???????????????, IRP_MJ_CLOSE]
Process: System	Address: 0x861ce500	Size: 121

Object: Hidden Code [Driver: alo6x4s9???????????????, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x861ce500	Size: 121

Object: Hidden Code [Driver: alo6x4s9???????????????, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x861ce500	Size: 121

Object: Hidden Code [Driver: alo6x4s9???????????????, IRP_MJ_POWER]
Process: System	Address: 0x861ce500	Size: 121

Object: Hidden Code [Driver: alo6x4s9???????????????, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x861ce500	Size: 121

Object: Hidden Code [Driver: alo6x4s9???????????????, IRP_MJ_PNP]
Process: System	Address: 0x861ce500	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System	Address: 0x861cd1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System	Address: 0x861cd1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System	Address: 0x861cd1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System	Address: 0x861cd1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x861cd1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x861cd1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x861cd1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x861cd1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System	Address: 0x861cd1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x861cd1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System	Address: 0x861cd1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System	Address: 0x86324500	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System	Address: 0x86324500	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x86324500	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x86324500	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System	Address: 0x86324500	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x86324500	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System	Address: 0x86324500	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System	Address: 0x8636d1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System	Address: 0x8636d1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System	Address: 0x8636d1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8636d1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8636d1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8636d1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8636d1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System	Address: 0x8636d1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System	Address: 0x8636d1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8636d1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System	Address: 0x8636d1f8	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System	Address: 0x860a51f8	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System	Address: 0x860a51f8	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x860a51f8	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x860a51f8	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System	Address: 0x860a51f8	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System	Address: 0x860a51f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System	Address: 0x861de1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System	Address: 0x861de1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x861de1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x861de1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System	Address: 0x861de1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x861de1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System	Address: 0x861de1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System	Address: 0x8605b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System	Address: 0x8605b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System	Address: 0x8605b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System	Address: 0x8605b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System	Address: 0x8605b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x8605b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x8605b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System	Address: 0x8605b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System	Address: 0x8605b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8605b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x8605b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x8605b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x8605b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x8605b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8605b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8605b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8605b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x8605b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System	Address: 0x8605b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System	Address: 0x8605b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x8605b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x8605b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System	Address: 0x8605b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8605b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System	Address: 0x8605b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x8605b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x8605b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System	Address: 0x8605b1f8	Size: 121

Object: Hidden Code [Driver: Cdfs????FsWrap, IRP_MJ_CREATE]
Process: System	Address: 0x85b6d500	Size: 121

Object: Hidden Code [Driver: Cdfs????FsWrap, IRP_MJ_CLOSE]
Process: System	Address: 0x85b6d500	Size: 121

Object: Hidden Code [Driver: Cdfs????FsWrap, IRP_MJ_READ]
Process: System	Address: 0x85b6d500	Size: 121

Object: Hidden Code [Driver: Cdfs????FsWrap, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x85b6d500	Size: 121

Object: Hidden Code [Driver: Cdfs????FsWrap, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x85b6d500	Size: 121

Object: Hidden Code [Driver: Cdfs????FsWrap, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x85b6d500	Size: 121

Object: Hidden Code [Driver: Cdfs????FsWrap, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x85b6d500	Size: 121

Object: Hidden Code [Driver: Cdfs????FsWrap, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x85b6d500	Size: 121

Object: Hidden Code [Driver: Cdfs????FsWrap, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x85b6d500	Size: 121

Object: Hidden Code [Driver: Cdfs????FsWrap, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x85b6d500	Size: 121

Object: Hidden Code [Driver: Cdfs????FsWrap, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x85b6d500	Size: 121

Object: Hidden Code [Driver: Cdfs????FsWrap, IRP_MJ_CLEANUP]
Process: System	Address: 0x85b6d500	Size: 121

Object: Hidden Code [Driver: Cdfs????FsWrap, IRP_MJ_PNP]
Process: System	Address: 0x85b6d500	Size: 121

==EOF==

#2 silentarts

  • Group: Member
  • Posts: 168
  • Joined: 15-May 05

Posted 11 May 2012 - 12:11 AM

Can somebody please take a look at this!

Thanks a lot!

#3 silentarts

  • Group: Member
  • Posts: 168
  • Joined: 15-May 05

Posted 11 May 2012 - 11:58 AM

Somebody...

Please I am begging here!

#4 Gammo

  • Group: Malware Removal
  • Posts: 2,299
  • Joined: 21-December 08

Posted 14 May 2012 - 10:55 AM

Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.


In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

#5 silentarts

  • Group: Member
  • Posts: 168
  • Joined: 15-May 05

Posted 15 May 2012 - 09:28 AM

I have already posted my OTL Log File... Take a look at my first post. Thanks...

#6 Gammo

  • Group: Malware Removal
  • Posts: 2,299
  • Joined: 21-December 08

Posted 15 May 2012 - 10:13 AM

I know, but I'd like a fresh log file to work with.

So please run a new Quick Scan with OTL and posting the resulting log file. :thumbsup:

#7 silentarts

  • Group: Member
  • Posts: 168
  • Joined: 15-May 05

Posted 16 May 2012 - 02:57 AM

That scan was done after I did the clean, so it is fresh. Nothing has changed since... Please use it. Thanks...

#8 Gammo

  • Group: Malware Removal
  • Posts: 2,299
  • Joined: 21-December 08

Posted 16 May 2012 - 06:57 AM

Maybe nothing special has happened in your eyes, but the malware could have made some changes to your PC or created some new files, so please run a new quick scan. :)

#9 silentarts

  • Group: Member
  • Posts: 168
  • Joined: 15-May 05

Posted 16 May 2012 - 08:14 AM

I just got OTL.txt and no Extras.txt, but here it is anyways...

OTL logfile created on: 5/16/2012 10:05:59 AM - Run 2
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Fadil Shamir Khan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.17 Mb Total Physical Memory | 381.16 Mb Available Physical Memory | 37.55% Memory free
2.39 Gb Paging File | 1.86 Gb Available in Paging File | 77.98% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.94 Gb Total Space | 8.23 Gb Free Space | 29.46% Space Free | Partition Type: NTFS

Computer Name: FADIL-LAPTOP | User Name: Fadil Shamir Khan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/16 10:04:53 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\OTL.exe
PRC - [2012/04/25 12:18:26 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/20 20:39:27 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2012/03/06 20:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 20:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/01/31 21:30:02 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol 120%\StarWind\StarWindServiceAE.exe
PRC - [2004/06/17 12:12:40 | 000,409,664 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\ZCfgSvc.exe
PRC - [2004/06/17 12:09:10 | 000,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe
PRC - [2004/06/17 12:07:40 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/16 04:35:30 | 001,759,232 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12051600\algo.dll
MOD - [2012/05/05 00:02:15 | 008,797,856 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012/04/25 12:18:16 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/04/20 20:39:30 | 000,008,192 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2native.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/07/04 17:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2004/06/17 12:17:42 | 000,045,124 | ---- | M] () -- C:\WINDOWS\system32\LsaWrApi.dll
MOD - [2004/06/17 12:08:24 | 000,225,349 | ---- | M] () -- C:\WINDOWS\system32\C1XStngs.dll
MOD - [2003/09/24 21:21:48 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\ssleay32.dll
MOD - [2003/09/24 21:21:46 | 000,651,264 | ---- | M] () -- C:\WINDOWS\system32\libeay32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/05/05 00:23:15 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/06 20:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/31 21:30:08 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/01/31 21:30:02 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/09/16 14:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol 120%\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2004/06/17 12:09:10 | 000,303,171 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/06/17 12:07:40 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2003/04/29 14:29:54 | 000,139,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ss.sys -- (StreamSurge) StreamSurge Driver (miniport)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\Belkin\F5D9050\BKNDIS5.SYS -- (BKNDIS5)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a2ji7z1l)
DRV - [2012/05/09 07:50:39 | 000,015,584 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2012/04/07 22:52:51 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2012/03/27 17:03:36 | 006,100,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2012/03/06 20:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 20:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 20:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/06 20:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 20:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 20:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 19:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/01/31 21:30:36 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/09/16 14:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/09/16 14:10:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/07/04 15:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/13 18:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2005/11/24 19:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/04/18 22:21:08 | 000,027,136 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2005/02/17 23:07:48 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2005/01/17 22:43:00 | 001,036,928 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/01/17 22:43:00 | 000,702,592 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/01/17 22:43:00 | 000,163,328 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2004/12/06 15:51:10 | 000,051,328 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2004/06/16 08:01:46 | 002,483,712 | ---- | M] (IntelŪ Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel®
DRV - [2004/06/09 10:12:48 | 000,010,970 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2003/09/24 21:21:44 | 000,285,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2002/11/22 20:01:26 | 000,020,096 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-448539723-1958367476-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKU\S-1-5-21-448539723-1958367476-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-448539723-1958367476-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig#m_98"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/03 00:58:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/03/29 13:30:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Mozilla\Extensions
[2012/05/16 07:55:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Mozilla\Firefox\Profiles\l0rwv6fr.default\extensions
[2012/05/03 02:18:36 | 000,000,000 | ---D | M] (FB Photo Zoom) -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Mozilla\Firefox\Profiles\l0rwv6fr.default\extensions\fbpz@regisgaughan.com
[2012/05/16 07:55:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Mozilla\Firefox\Profiles\l0rwv6fr.default\extensions\staged
[2012/04/25 12:18:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/20 20:39:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/04/25 12:18:28 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/30 17:50:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/30 17:50:33 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/05/03 04:42:02 | 000,002,186 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-5.adobe.com
O1 - Hosts: 127.0.0.1 hh-software.com
O1 - Hosts: 127.0.0.1 www.hh-software.com
O1 - Hosts: 25 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe (Intel Corporation)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-448539723-1958367476-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28308C4A-1B1A-48C4-8E40-9C41E0BEBB03}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\Sebring: DllName - (C:\WINDOWS\system32\LgNotify.dll) - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/29 12:28:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/16 10:04:40 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\OTL.exe
[2012/05/16 07:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/05/13 06:29:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Recent
[2012/05/13 06:14:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\Everything
[2012/05/12 11:08:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\LogMeIn
[2012/05/12 11:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/05/11 04:48:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Start Menu\Programs\Accessories
[2012/05/11 04:48:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Fadil Shamir Khan\IETldCache
[2012/05/11 03:24:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/05/11 03:24:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2012/05/11 03:23:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2012/05/11 03:19:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/05/09 08:01:51 | 000,000,000 | ---D | C] -- C:\f5d9050v3000
[2012/05/09 07:50:37 | 000,790,528 | ---- | C] (Motorola Inc.) -- C:\WINDOWS\System32\BCMWLCPL.CPL
[2012/05/09 07:50:05 | 000,144,776 | ---- | C] (Motorola Inc.) -- C:\WINDOWS\System32\BCMWLU00.EXE
[2012/05/09 07:50:05 | 000,057,344 | ---- | C] (Motorola Inc.) -- C:\WINDOWS\System32\BCMWLD2K.EXE
[2012/05/08 17:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Malwarebytes
[2012/05/08 17:24:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/05/06 15:25:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/05/06 15:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/05/06 15:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/05/03 00:58:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/05/03 00:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/05/01 18:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinSCP
[2012/05/01 18:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2012/04/29 10:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\Cranium_Consulting_and_Cu
[2012/04/29 09:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/04/29 09:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/04/29 09:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/04/28 09:54:03 | 000,000,000 | ---D | C] -- C:\Program Files\Cyder
[2012/04/26 18:43:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2012/04/26 18:41:42 | 000,030,592 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2012/04/26 18:41:40 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll.000.bak
[2012/04/26 18:41:40 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2012/04/26 18:41:40 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys
[2012/04/26 18:40:55 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll.000.bak
[2012/04/26 18:40:55 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2012/04/26 18:39:21 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2012/04/25 22:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/04/25 22:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012/04/25 22:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012/04/25 22:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/04/25 22:07:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2012/04/25 22:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/04/25 22:03:10 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/04/25 20:11:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2012/04/25 15:26:30 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2012/04/25 15:26:21 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2012/04/25 15:26:19 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2012/04/25 15:20:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2012/04/25 12:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/04/24 05:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\Microsoft Help
[2012/04/24 05:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2012/04/24 05:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Alcohol 120%
[2012/04/24 05:20:24 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol 120%
[2012/04/23 20:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\Unity
[2012/04/23 17:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\RockMelt
[2012/04/22 19:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/22 07:01:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012/04/22 04:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/04/22 04:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Anvsoft
[2012/04/22 04:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Wedding Album Maker
[2012/04/22 04:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Start Menu\Programs\Wedding Album Maker Gold
[2012/04/22 04:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\Wedding Album Maker Gold
[2012/04/22 04:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Cocoon Software
[2012/04/22 04:39:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\WDSetup
[2012/04/21 21:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Google
[2012/04/21 14:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\WinHTTrack Website Copier
[2012/04/21 14:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\ApplicationHistory
[2012/04/21 13:32:32 | 000,000,000 | ---D | C] -- C:\Program Files\Website Ripper Copier
[2012/04/21 13:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Start Menu\Programs\Website Ripper Copier
[2012/04/21 13:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\My Documents\Website Ripper Copier
[2012/04/21 13:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Website Ripper Copier
[2012/04/21 13:30:39 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2012/04/21 13:30:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2012/04/21 13:30:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2012/04/21 08:48:18 | 000,000,000 | ---D | C] -- C:\Program Files\Network Magic
[2012/04/21 08:42:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012/04/21 04:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2012/04/20 20:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\.shsh
[2012/04/20 20:40:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/04/20 20:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/20 20:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/04/20 19:56:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Sun
[2012/04/20 19:29:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\libimobiledevice
[2012/04/19 05:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\redsn0w
[2012/04/17 18:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\Identities
[2012/04/17 18:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/16 10:07:03 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/16 10:04:53 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\OTL.exe
[2012/05/16 09:22:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/16 07:45:51 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/16 07:45:25 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/16 07:45:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/13 06:34:45 | 000,006,486 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\My Documents\Registry Backup.reg
[2012/05/12 11:07:43 | 000,000,212 | RHS- | M] () -- C:\boot.ini
[2012/05/12 04:22:43 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/10 09:04:31 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Adobe PNG Format CS5 Prefs
[2012/05/09 07:11:19 | 000,392,864 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/09 07:11:19 | 000,058,998 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/08 03:30:47 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\winscp.rnd
[2012/05/06 15:51:35 | 000,081,006 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\My Documents\bg.jpg
[2012/05/03 04:42:02 | 000,002,186 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/02 19:07:58 | 000,001,145 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\CleanTemp.bat
[2012/04/30 12:02:57 | 002,347,656 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/25 20:52:34 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook Express.lnk
[2012/04/23 19:37:19 | 000,020,428 | ---- | M] () -- C:\WINDOWS\System32\35.exe
[2012/04/22 18:55:47 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2012/04/22 06:40:30 | 000,000,028 | ---- | M] () -- C:\WINDOWS\v2d.INI
[2012/04/21 08:46:48 | 008,892,928 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/12 11:07:20 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn.lnk
[2012/05/12 04:25:41 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\Start Menu\Programs\Windows Media Player.lnk
[2012/05/11 04:48:26 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\Start Menu\Programs\Internet Explorer.lnk
[2012/05/09 07:50:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2012/05/09 07:50:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2012/05/06 15:51:33 | 000,081,006 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\My Documents\bg.jpg
[2012/05/01 18:33:17 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\winscp.rnd
[2012/04/25 20:52:34 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook Express.lnk
[2012/04/23 19:37:19 | 000,020,428 | ---- | C] () -- C:\WINDOWS\System32\35.exe
[2012/04/22 18:37:06 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2012/04/22 04:30:20 | 000,000,028 | ---- | C] () -- C:\WINDOWS\v2d.INI
[2012/04/21 08:46:45 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2012/04/21 03:16:20 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/04/20 11:35:19 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Adobe PNG Format CS5 Prefs
[2012/04/08 05:55:45 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/07 22:54:08 | 000,162,634 | ---- | C] () -- C:\WINDOWS\FotoFusion Uninstaller.exe
[2012/03/30 01:52:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4670.dll
[2012/03/30 00:25:29 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2012/03/29 17:21:12 | 000,003,472 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/29 17:05:06 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012/03/29 13:30:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2012/03/29 12:31:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/03/29 12:25:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/03/29 12:18:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/03/29 12:16:51 | 002,347,656 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/29 10:46:58 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll

========== LOP Check ==========

[2012/04/22 04:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anvsoft
[2012/03/29 16:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/03/30 18:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2012/05/16 07:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/04/21 19:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/04/22 04:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/03/29 13:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/04/08 18:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/04/22 19:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/22 04:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Cocoon Software
[2012/05/10 08:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\FileZilla
[2012/03/30 01:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\iolo
[2012/05/07 06:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\redsn0w
[2012/04/08 09:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/05/13 06:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\uTorrent
[2012/04/22 04:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Wedding Album Maker
[2012/03/30 00:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C3B8FB5

< End of report >

#10 Gammo

  • Group: Malware Removal
  • Posts: 2,299
  • Joined: 21-December 08

Posted 16 May 2012 - 08:53 AM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a2ji7z1l)
[2012/04/23 19:37:19 | 000,020,428 | ---- | M] () -- C:\WINDOWS\System32\35.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done





Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image

  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.


Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#11 silentarts

  • Group: Member
  • Posts: 168
  • Joined: 15-May 05

Posted 16 May 2012 - 07:57 PM

MY COMBOFIX LOG FILE IS ATTACHED...


The OTL Log file said this:

All processes killed
========== OTL ==========
Error: No service named a2ji7z1l was found to stop!
Service\Driver key a2ji7z1l not found.
C:\WINDOWS\system32\35.exe moved successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Fadil Shamir Khan\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Fadil Shamir Khan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Fadil Shamir Khan
->Temp folder emptied: 65871 bytes
->Temporary Internet Files folder emptied: 376966 bytes
->Java cache emptied: 171041 bytes
->FireFox cache emptied: 93834258 bytes
->Flash cache emptied: 8743330 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1200376 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 51761716 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 149.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Fadil Shamir Khan
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Unable to start System Restore Service. Error code 1056

OTL by OldTimer - Version 3.2.43.0 log created on 05162012_213423

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




ComboFix 12-05-08.02 - Fadil Shamir Khan 05/16/2012 21:48:58.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.465 [GMT -4:00]
Running from: c:\documents and settings\Fadil Shamir Khan\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Start Menu\Programs\Internet Explorer.lnk
c:\documents and settings\Fadil Shamir Khan\WINDOWS
c:\windows\system32\winlogon.bak
.
.
((((((((((((((((((((((((( Files Created from 2012-04-17 to 2012-05-17 )))))))))))))))))))))))))))))))
.
.
2012-05-17 01:34 . 2012-05-17 01:34 -------- d-----w- C:\_OTL
2012-05-12 15:08 . 2012-05-12 15:08 -------- d-----w- c:\documents and settings\Fadil Shamir Khan\Local Settings\Application Data\LogMeIn
2012-05-12 15:07 . 2012-05-16 11:46 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2012-05-12 08:25 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-05-11 08:49 . 2012-05-11 08:49 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-05-11 08:48 . 2012-05-11 08:48 -------- d-sh--w- c:\documents and settings\Fadil Shamir Khan\IETldCache
2012-05-11 07:24 . 2012-05-11 07:28 -------- d--h--w- c:\windows\$hf_mig$
2012-05-11 07:21 . 2009-01-07 22:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2012-05-11 07:19 . 2012-05-11 07:23 -------- dc-h--w- c:\windows\ie8
2012-05-11 07:06 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-05-11 07:06 . 2012-03-01 11:01 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-05-11 07:06 . 2012-03-01 11:01 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-05-11 07:06 . 2012-03-01 11:01 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-05-11 07:06 . 2012-03-01 11:01 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-05-11 07:06 . 2012-03-01 11:01 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-05-11 07:06 . 2012-03-01 11:01 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-05-11 07:06 . 2012-03-02 10:01 11082752 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-05-09 12:01 . 2012-05-09 12:01 -------- d-----w- C:\f5d9050v3000
2012-05-09 11:50 . 2012-05-09 11:50 15584 ----a-w- c:\windows\system32\drivers\mdc8021x.sys
2012-05-09 11:50 . 2003-09-25 01:21 479232 ------w- c:\windows\system32\AegisE5.dll
2012-05-09 11:50 . 2003-09-25 01:21 110592 ------w- c:\windows\system32\AegisI5.exe
2012-05-09 11:50 . 2003-10-16 18:03 790528 ------w- c:\windows\system32\BCMWLCPL.CPL
2012-05-09 11:50 . 2003-10-16 02:05 501144 ------w- c:\windows\system32\BCMWLTRY.EXE
2012-05-09 11:50 . 2003-10-07 22:44 45056 ------w- c:\windows\system32\WLTRYSVC.EXE
2012-05-09 11:50 . 2003-10-16 02:04 144776 ------w- c:\windows\system32\BCMWLU00.EXE
2012-05-09 11:50 . 2003-10-15 16:57 57344 ------w- c:\windows\system32\BCMWLD2K.EXE
2012-05-09 11:50 . 2003-09-25 01:21 285056 ------w- c:\windows\system32\drivers\BCMWL5.SYS
2012-05-08 21:25 . 2012-05-08 21:25 -------- d-----w- c:\documents and settings\Fadil Shamir Khan\Application Data\Malwarebytes
2012-05-08 21:24 . 2012-05-08 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-06 19:25 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-05-06 19:25 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-05-06 19:22 . 2012-05-06 19:22 -------- d-----w- c:\program files\iPod
2012-05-06 19:21 . 2012-05-06 19:25 -------- d-----w- c:\program files\iTunes
2012-05-03 04:58 . 2012-05-03 04:58 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-03 04:58 . 2012-05-03 04:58 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-03 04:58 . 2012-05-03 04:58 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-03 04:58 . 2012-05-03 04:58 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-03 04:58 . 2012-05-03 04:58 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-03 04:58 . 2012-05-03 04:58 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-03 04:58 . 2012-05-03 04:58 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-05-03 04:56 . 2012-05-03 04:58 -------- d-----w- c:\program files\QuickTime
2012-05-01 22:33 . 2012-05-01 22:33 -------- d-----w- c:\program files\WinSCP
2012-04-29 14:30 . 2012-04-29 14:30 -------- d-----w- c:\documents and settings\Fadil Shamir Khan\Local Settings\Application Data\Cranium_Consulting_and_Cu
2012-04-29 13:57 . 2012-04-29 13:57 -------- d-----w- c:\program files\Apple Software Update
2012-04-29 13:56 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-04-29 13:56 . 2012-02-15 15:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-04-29 13:56 . 2012-04-29 13:56 -------- d-----w- c:\program files\Bonjour
2012-04-29 13:55 . 2012-05-06 19:22 -------- d-----w- c:\program files\Common Files\Apple
2012-04-28 13:54 . 2012-05-07 14:27 -------- d-----w- c:\program files\Cyder
2012-04-26 22:43 . 2009-08-06 23:24 44768 ----a-w- c:\windows\system32\wups2.dll
2012-04-26 22:43 . 2009-08-06 23:24 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-04-26 22:43 . 2009-08-06 23:24 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-04-26 22:43 . 2009-08-06 23:24 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-04-26 22:43 . 2009-08-06 23:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-04-26 22:41 . 2012-02-01 01:30 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-04-26 22:41 . 2012-02-01 01:30 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-04-26 22:41 . 2012-02-01 01:30 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-04-26 22:41 . 2011-09-16 18:10 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-04-26 22:40 . 2012-02-01 01:30 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-04-26 22:39 . 2012-05-12 15:07 -------- d-----w- c:\program files\LogMeIn
2012-04-26 02:26 . 2006-10-26 23:58 30512 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2012-04-26 02:26 . 2006-10-26 23:58 30512 ----a-w- c:\windows\system32\mdimon.dll
2012-04-26 02:24 . 2012-04-26 02:24 -------- d-----w- c:\program files\Microsoft Works
2012-04-26 02:07 . 2012-04-26 02:22 -------- d-----w- c:\windows\SHELLNEW
2012-04-26 02:03 . 2012-04-26 02:03 -------- d-----r- C:\MSOCache
2012-04-26 00:11 . 2012-04-26 00:11 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2012-04-25 19:26 . 2011-11-22 20:28 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2012-04-25 19:26 . 2010-11-03 22:14 2180712 ----a-w- c:\windows\MicCal.exe
2012-04-25 19:26 . 2009-11-18 11:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2012-04-25 19:26 . 2011-08-29 20:20 1493608 ----a-w- c:\windows\RtlUpd.exe
2012-04-25 19:26 . 2010-11-03 22:15 359016 ----a-w- c:\windows\vncutil.exe
2012-04-25 19:26 . 2010-11-03 22:15 1833576 ----a-w- c:\windows\SkyTel.exe
2012-04-25 19:26 . 2012-03-19 23:01 65128 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2012-04-25 19:26 . 2009-11-18 11:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2012-04-25 19:26 . 2010-11-03 22:14 129640 ----a-w- c:\windows\RtkAudioService.exe
2012-04-25 19:20 . 2012-04-28 12:22 -------- d-----w- c:\windows\SxsCaPendDel
2012-04-25 16:18 . 2012-04-25 16:18 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 16:18 . 2012-04-25 16:18 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-24 09:33 . 2012-04-24 09:33 -------- d-----w- c:\documents and settings\Fadil Shamir Khan\Local Settings\Application Data\Microsoft Help
2012-04-24 09:32 . 2012-04-26 02:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2012-04-24 09:20 . 2012-04-24 09:21 -------- d-----w- c:\program files\Alcohol 120%
2012-04-24 00:57 . 2012-04-25 20:28 -------- d-----w- c:\documents and settings\Fadil Shamir Khan\Local Settings\Application Data\Unity
2012-04-23 21:16 . 2012-04-26 01:23 -------- d-----w- c:\documents and settings\Fadil Shamir Khan\Local Settings\Application Data\RockMelt
2012-04-22 23:33 . 2012-04-22 23:33 -------- d-----w- c:\documents and settings\Fadil Shamir Khan\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-04-22 11:01 . 2012-04-22 11:01 -------- d--h--w- c:\windows\PIF
2012-04-22 08:51 . 2012-04-22 08:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Anvsoft
2012-04-22 08:51 . 2012-04-22 08:51 -------- d-----w- c:\documents and settings\Fadil Shamir Khan\Application Data\Wedding Album Maker
2012-04-22 08:48 . 2012-04-23 21:59 -------- d-----w- c:\program files\Wedding Album Maker Gold
2012-04-22 08:39 . 2012-04-22 08:39 -------- d-----w- c:\documents and settings\Fadil Shamir Khan\Application Data\Cocoon Software
2012-04-22 08:39 . 2012-04-22 08:39 -------- d-----w- c:\documents and settings\Fadil Shamir Khan\Local Settings\Application Data\WDSetup
2012-04-21 18:06 . 2012-04-21 18:07 -------- d-----w- c:\program files\WinHTTrack Website Copier
2012-04-21 18:05 . 2012-04-21 18:05 -------- d-----w- c:\documents and settings\Fadil Shamir Khan\Local Settings\Application Data\ApplicationHistory
2012-04-21 17:32 . 2012-04-21 18:05 -------- d-----w- c:\program files\Website Ripper Copier
2012-04-21 17:30 . 2012-04-25 20:54 -------- d-----w- c:\windows\system32\URTTemp
2012-04-21 12:48 . 2012-04-30 08:59 -------- d-----w- c:\program files\Network Magic
2012-04-21 12:46 . 2012-04-21 12:46 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2012-04-21 12:42 . 2012-04-21 12:42 -------- d-----w- c:\windows\Sun
2012-04-21 00:40 . 2012-05-03 00:22 -------- d-----w- c:\documents and settings\Fadil Shamir Khan\.shsh
2012-04-21 00:40 . 2012-04-21 00:40 -------- d-----w- c:\program files\Common Files\Java
2012-04-21 00:39 . 2012-04-21 00:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-21 00:39 . 2012-04-21 00:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-21 00:39 . 2012-04-21 00:39 -------- d-----w- c:\program files\Java
2012-04-20 23:29 . 2012-04-20 23:29 -------- d-----w- c:\documents and settings\Fadil Shamir Khan\Local Settings\Application Data\libimobiledevice
2012-04-19 09:01 . 2012-05-07 10:20 -------- d-----w- c:\documents and settings\Fadil Shamir Khan\Application Data\redsn0w
2012-04-18 20:44 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-04-18 20:44 . 2008-04-14 09:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2012-04-18 20:44 . 2008-04-14 04:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-04-18 20:44 . 2008-04-14 04:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-04-17 22:29 . 2012-04-17 22:29 -------- d-----w- c:\documents and settings\Fadil Shamir Khan\Local Settings\Application Data\Identities
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 04:23 . 2012-03-30 22:30 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 04:23 . 2012-03-30 22:30 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-08 02:54 . 2012-04-08 02:54 162634 ----a-w- c:\windows\FotoFusion Uninstaller.exe
2012-04-08 02:52 . 2012-04-08 02:52 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-03-30 04:25 . 2012-03-30 04:25 74703 ----a-w- c:\windows\system32\mfc45.dll
2012-03-29 19:21 . 2008-04-14 12:00 507904 ----a-w- c:\windows\system32\winlogon.exe
2012-03-29 17:22 . 2012-03-29 17:22 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2012-03-27 21:03 . 2012-03-30 00:12 6100072 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2012-03-14 17:40 . 2012-03-30 00:12 20065896 ----a-w- c:\windows\RTHDCPL.EXE
2012-03-07 00:15 . 2012-03-29 20:17 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2012-03-29 20:17 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2012-03-29 20:17 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2012-03-29 20:17 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2012-03-29 20:17 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-07 00:01 . 2012-03-29 20:17 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2012-03-29 20:17 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-07 00:01 . 2012-03-29 20:17 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-07 00:01 . 2012-03-29 20:17 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 23:58 . 2012-03-29 20:17 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-01 11:01 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 12:17 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-04-25 16:18 . 2012-03-29 17:26 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-03-29 . 679A7259741F6A09994F02CE261B5F2E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-10 110592]
"ZCfgSvc.exe"="c:\windows\system32\ZCfgSvc.exe" [2004-06-17 409664]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-08-14 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-08-14 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-08-14 94208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"RTHDCPL"="RTHDCPL.EXE" [2012-03-14 20065896]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-02-01 01:30 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-06-17 16:14 180290 ----a-w- c:\windows\system32\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-15 21:42 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 11:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-09-18 15:34 205976 ----a-w- c:\program files\Alcohol 120%\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART]
2012-03-26 13:40 9532824 ----a-w- c:\program files\Innovative Solutions\DriverMax\drivermax.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 23:05 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 02:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
2004-05-24 19:59 86016 ----a-w- c:\program files\Intel\NCS\PROSet\PRONoMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 17:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/7/2012 10:52 PM 722416]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/29/2012 4:17 PM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/29/2012 4:17 PM 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/29/2012 4:17 PM 20696]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [1/31/2012 9:30 PM 374152]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/29/2012 4:18 PM 136176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/16/2011 2:10 PM 12856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/30/2012 6:30 PM 257696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/25/2012 3:26 PM 1691480]
S3 BKNDIS5;BKNDIS5 NDIS Protocol Driver;\??\c:\progra~1\Belkin\F5D9050\BKNDIS5.SYS --> c:\progra~1\Belkin\F5D9050\BKNDIS5.SYS [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/29/2012 4:18 PM 136176]
S3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\DRIVERS\ss.sys --> c:\windows\system32\DRIVERS\ss.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 04:23]
.
2012-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-29 20:17]
.
2012-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-29 20:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Fadil Shamir Khan\Application Data\Mozilla\Firefox\Profiles\l0rwv6fr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig#m_98
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-F5D9050 - c:\program files\Belkin\F5D9050\Belkinwcui.exe
MSConfigStartUp-nmctxth - c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
AddRemove-CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10431966 - c:\program files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10431966\HXFSETUP.EXE -U -IHDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_10431966
AddRemove-Generic ChkMail - c:\program files\Generic\Generic ChkMail\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-16 21:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\LgNotify.dll
.
Completion time: 2012-05-16 21:53:40
ComboFix-quarantined-files.txt 2012-05-17 01:53
.
Pre-Run: 8,824,500,224 bytes free
Post-Run: 8,779,366,400 bytes free
.
- - End Of File - - BBA1623A939C37C4FE4969054A4FDA4B

Attached File(s)


#12 silentarts

  • Group: Member
  • Posts: 168
  • Joined: 15-May 05

Posted 16 May 2012 - 07:59 PM

Oh. I forgot...I notice my PC is running quite sluggish... Normally, it boots fine and runs fast enough, but I notice now simple tasks are taking it a while to do...

As simple as opening firefox...

#13 Gammo

  • Group: Malware Removal
  • Posts: 2,299
  • Joined: 21-December 08

Posted 17 May 2012 - 04:54 AM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
*winlogon*


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

#14 silentarts

  • Group: Member
  • Posts: 168
  • Joined: 15-May 05

Posted 17 May 2012 - 08:59 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 10:53 on 17/05/2012 by Fadil Shamir Khan
Administrator - Elevation successful

========== filefind ==========

Searching for "*winlogon*"
C:\WINDOWS\system32\winlogon.exe --a---- 507904 bytes [12:00 14/04/2008] [19:21 29/03/2012] 679A7259741F6A09994F02CE261B5F2E

-= EOF =-

#15 silentarts

  • Group: Member
  • Posts: 168
  • Joined: 15-May 05

Posted 17 May 2012 - 09:03 AM

If I try to empty my recycle bin, i get an error message that is the following:

Posted Image

This happened when I ran the first OTL Fix that you posted...

Share this topic:


  • 3 Pages +
  • 1
  • 2
  • 3