Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Weird Behaviour


  • Please log in to reply

#16
silentarts

silentarts

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts
Just checking to see if you got my last two posts...
  • 0

Advertisements


#17
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.




Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#18
silentarts

silentarts

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts
The TDSS Killer found 12 Files but under Skip, all I see is Copy to Quarantine and Delete.

There is an option on top saying Copy All To Quarantine and Restore default actions.

I choose Skip for all and hit continue...

The report is here

17:38:26.0687 3260	TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
17:38:27.0359 3260	============================================================
17:38:27.0359 3260	Current date / time: 2012/05/18 17:38:27.0359
17:38:27.0359 3260	SystemInfo:
17:38:27.0359 3260	
17:38:27.0359 3260	OS Version: 5.1.2600 ServicePack: 3.0
17:38:27.0359 3260	Product type: Workstation
17:38:27.0359 3260	ComputerName: FADIL-LAPTOP
17:38:27.0359 3260	UserName: Fadil Shamir Khan
17:38:27.0359 3260	Windows directory: C:\WINDOWS
17:38:27.0359 3260	System windows directory: C:\WINDOWS
17:38:27.0359 3260	Processor architecture: Intel x86
17:38:27.0359 3260	Number of processors: 1
17:38:27.0359 3260	Page size: 0x1000
17:38:27.0359 3260	Boot type: Normal boot
17:38:27.0359 3260	============================================================
17:38:30.0328 3260	Drive \Device\Harddisk0\DR0 - Size: 0x6FC7C8000 (27.95 Gb), SectorSize: 0x200, Cylinders: 0xE40, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:38:30.0328 3260	============================================================
17:38:30.0328 3260	\Device\Harddisk0\DR0:
17:38:30.0328 3260	MBR partitions:
17:38:30.0328 3260	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x37DFF40
17:38:30.0328 3260	============================================================
17:38:30.0734 3260	C: <-> \Device\Harddisk0\DR0\Partition0
17:38:30.0734 3260	============================================================
17:38:30.0734 3260	Initialize success
17:38:30.0734 3260	============================================================
17:38:32.0359 3508	============================================================
17:38:32.0359 3508	Scan started
17:38:32.0359 3508	Mode: Manual; 
17:38:32.0359 3508	============================================================
17:38:33.0703 3508	Aavmker4        (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
17:38:33.0703 3508	Aavmker4 - ok
17:38:33.0718 3508	Abiosdsk - ok
17:38:33.0718 3508	abp480n5 - ok
17:38:33.0781 3508	ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:38:33.0781 3508	ACPI - ok
17:38:33.0828 3508	ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:38:33.0828 3508	ACPIEC - ok
17:38:33.0921 3508	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:38:33.0937 3508	AdobeFlashPlayerUpdateSvc - ok
17:38:33.0937 3508	adpu160m - ok
17:38:34.0000 3508	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:38:34.0000 3508	aec - ok
17:38:34.0062 3508	AegisP          (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:38:34.0062 3508	AegisP - ok
17:38:34.0109 3508	AFD             (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
17:38:34.0109 3508	AFD - ok
17:38:34.0109 3508	Aha154x - ok
17:38:34.0125 3508	aic78u2 - ok
17:38:34.0125 3508	aic78xx - ok
17:38:34.0171 3508	Alerter         (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:38:34.0171 3508	Alerter - ok
17:38:34.0203 3508	ALG             (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:38:34.0203 3508	ALG - ok
17:38:34.0218 3508	AliIde - ok
17:38:34.0390 3508	Ambfilt         (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
17:38:34.0406 3508	Ambfilt - ok
17:38:34.0484 3508	amsint - ok
17:38:34.0640 3508	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:38:34.0640 3508	Apple Mobile Device - ok
17:38:34.0656 3508	AppMgmt - ok
17:38:34.0703 3508	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:38:34.0703 3508	Arp1394 - ok
17:38:34.0718 3508	asc - ok
17:38:34.0718 3508	asc3350p - ok
17:38:34.0734 3508	asc3550 - ok
17:38:35.0531 3508	aspnet_state    (d33c507942299753868204cc7642fa27) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:38:35.0531 3508	aspnet_state - ok
17:38:35.0593 3508	aswFsBlk        (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
17:38:35.0593 3508	aswFsBlk - ok
17:38:35.0625 3508	aswMon2         (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
17:38:35.0625 3508	aswMon2 - ok
17:38:35.0640 3508	AswRdr          (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\AswRdr.sys
17:38:35.0640 3508	AswRdr - ok
17:38:35.0718 3508	aswSnx          (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
17:38:35.0734 3508	aswSnx - ok
17:38:35.0765 3508	aswSP           (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
17:38:35.0765 3508	aswSP - ok
17:38:35.0796 3508	aswTdi          (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
17:38:35.0796 3508	aswTdi - ok
17:38:35.0843 3508	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:38:35.0843 3508	AsyncMac - ok
17:38:35.0875 3508	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:38:35.0890 3508	atapi - ok
17:38:35.0890 3508	Atdisk - ok
17:38:35.0921 3508	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:38:35.0921 3508	Atmarpc - ok
17:38:35.0968 3508	AudioSrv        (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:38:35.0984 3508	AudioSrv - ok
17:38:36.0031 3508	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:38:36.0031 3508	audstub - ok
17:38:36.0156 3508	avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:38:36.0156 3508	avast! Antivirus - ok
17:38:36.0343 3508	BCM43XX         (0c3fc803184f6f85e665dd012611225b) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
17:38:36.0343 3508	BCM43XX - ok
17:38:36.0406 3508	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:38:36.0406 3508	Beep - ok
17:38:36.0500 3508	BITS            (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:38:36.0515 3508	BITS - ok
17:38:36.0531 3508	BKNDIS5 - ok
17:38:36.0687 3508	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
17:38:36.0687 3508	Bonjour Service - ok
17:38:36.0750 3508	Browser         (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:38:36.0750 3508	Browser - ok
17:38:36.0906 3508	catchme - ok
17:38:36.0937 3508	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:38:36.0937 3508	cbidf2k - ok
17:38:36.0953 3508	cd20xrnt - ok
17:38:37.0015 3508	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:38:37.0015 3508	Cdaudio - ok
17:38:37.0078 3508	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:38:37.0078 3508	Cdfs - ok
17:38:37.0140 3508	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:38:37.0156 3508	Cdrom - ok
17:38:37.0156 3508	Changer - ok
17:38:37.0187 3508	cisvc           (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
17:38:37.0187 3508	cisvc - ok
17:38:37.0250 3508	ClipSrv         (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:38:37.0250 3508	ClipSrv - ok
17:38:37.0421 3508	clr_optimization_v2.0.50727_32 (3c4d595e7f9b747325aef28b4adcaae5) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:38:37.0421 3508	clr_optimization_v2.0.50727_32 - ok
17:38:37.0484 3508	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:38:37.0484 3508	CmBatt - ok
17:38:37.0484 3508	CmdIde - ok
17:38:37.0500 3508	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:38:37.0515 3508	Compbatt - ok
17:38:37.0515 3508	COMSysApp - ok
17:38:37.0546 3508	Cpqarray - ok
17:38:37.0593 3508	CryptSvc        (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:38:37.0609 3508	CryptSvc - ok
17:38:37.0609 3508	dac2w2k - ok
17:38:37.0625 3508	dac960nt - ok
17:38:37.0718 3508	DcomLaunch      (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll
17:38:37.0734 3508	DcomLaunch - ok
17:38:37.0781 3508	Dhcp            (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:38:37.0781 3508	Dhcp - ok
17:38:37.0859 3508	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:38:37.0875 3508	Disk - ok
17:38:37.0875 3508	dmadmin - ok
17:38:37.0968 3508	dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:38:38.0015 3508	dmboot - ok
17:38:38.0031 3508	dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:38:38.0046 3508	dmio - ok
17:38:38.0078 3508	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:38:38.0078 3508	dmload - ok
17:38:38.0125 3508	dmserver        (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:38:38.0125 3508	dmserver - ok
17:38:38.0187 3508	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:38:38.0187 3508	DMusic - ok
17:38:38.0296 3508	Dnscache        (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
17:38:38.0296 3508	Dnscache - ok
17:38:38.0328 3508	Dot3svc         (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:38:38.0343 3508	Dot3svc - ok
17:38:38.0343 3508	dpti2o - ok
17:38:38.0375 3508	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:38:38.0390 3508	drmkaud - ok
17:38:38.0453 3508	EapHost         (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:38:38.0453 3508	EapHost - ok
17:38:38.0500 3508	ERSvc           (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:38:38.0515 3508	ERSvc - ok
17:38:38.0562 3508	Eventlog        (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe
17:38:38.0609 3508	Eventlog - ok
17:38:38.0843 3508	EventSystem     (19a799805b24990867b00c120d300c3a) C:\WINDOWS\system32\es.dll
17:38:38.0859 3508	EventSystem - ok
17:38:38.0921 3508	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:38:38.0921 3508	Fastfat - ok
17:38:38.0953 3508	FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
17:38:38.0968 3508	FastUserSwitchingCompatibility - ok
17:38:39.0031 3508	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:38:39.0031 3508	Fdc - ok
17:38:39.0046 3508	Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:38:39.0046 3508	Fips - ok
17:38:39.0062 3508	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:38:39.0062 3508	Flpydisk - ok
17:38:39.0250 3508	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:38:39.0250 3508	FltMgr - ok
17:38:39.0296 3508	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:38:39.0296 3508	Fs_Rec - ok
17:38:39.0328 3508	Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:38:39.0328 3508	Ftdisk - ok
17:38:39.0390 3508	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:38:39.0390 3508	GEARAspiWDM - ok
17:38:39.0421 3508	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:38:39.0421 3508	Gpc - ok
17:38:39.0593 3508	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:38:39.0593 3508	gupdate - ok
17:38:39.0593 3508	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:38:39.0609 3508	gupdatem - ok
17:38:39.0671 3508	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:38:39.0671 3508	HDAudBus - ok
17:38:39.0703 3508	helpsvc         (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:38:39.0718 3508	helpsvc - ok
17:38:39.0718 3508	HidServ - ok
17:38:39.0781 3508	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:38:39.0781 3508	hidusb - ok
17:38:39.0828 3508	hkmsvc          (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:38:39.0843 3508	hkmsvc - ok
17:38:39.0843 3508	hpn - ok
17:38:39.0890 3508	HSFHWAZL        (88da551b653fce4fc56f9389a5c858b7) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
17:38:39.0890 3508	HSFHWAZL - ok
17:38:39.0984 3508	HSF_DP          (0d90b6c780156723e0991752ad94d278) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
17:38:40.0015 3508	HSF_DP - ok
17:38:40.0062 3508	HTTP            (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
17:38:40.0062 3508	HTTP - ok
17:38:40.0140 3508	HTTPFilter      (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:38:40.0156 3508	HTTPFilter - ok
17:38:40.0171 3508	i2omgmt - ok
17:38:40.0187 3508	i2omp - ok
17:38:40.0218 3508	i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:38:40.0218 3508	i8042prt - ok
17:38:40.0390 3508	ialm            (85d42b7f0dd406adf5e3ec7659a279ec) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
17:38:40.0421 3508	ialm - ok
17:38:40.0468 3508	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:38:40.0468 3508	Imapi - ok
17:38:40.0515 3508	ImapiService    (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
17:38:40.0515 3508	ImapiService - ok
17:38:40.0531 3508	ini910u - ok
17:38:41.0109 3508	IntcAzAudAddService (723907cc600271bb216faaa0b6877678) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:38:41.0265 3508	IntcAzAudAddService - ok
17:38:41.0468 3508	IntelIde        (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:38:41.0468 3508	IntelIde - ok
17:38:41.0531 3508	intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:38:41.0531 3508	intelppm - ok
17:38:41.0562 3508	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:38:41.0562 3508	Ip6Fw - ok
17:38:41.0609 3508	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:38:41.0609 3508	IpFilterDriver - ok
17:38:41.0625 3508	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:38:41.0625 3508	IpInIp - ok
17:38:41.0671 3508	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:38:41.0671 3508	IpNat - ok
17:38:41.0812 3508	iPod Service    (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
17:38:41.0828 3508	iPod Service - ok
17:38:41.0890 3508	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:38:41.0906 3508	IPSec - ok
17:38:41.0937 3508	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:38:41.0953 3508	IRENUM - ok
17:38:42.0000 3508	isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:38:42.0000 3508	isapnp - ok
17:38:42.0109 3508	JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
17:38:42.0125 3508	JavaQuickStarterService - ok
17:38:42.0171 3508	jumi            (ee894427ac0b2b2c2c8b32cb78357dae) C:\WINDOWS\system32\DRIVERS\jumi.sys
17:38:42.0171 3508	jumi - ok
17:38:42.0250 3508	Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:38:42.0250 3508	Kbdclass - ok
17:38:42.0296 3508	kbdhid          (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:38:42.0296 3508	kbdhid - ok
17:38:42.0375 3508	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:38:42.0375 3508	kmixer - ok
17:38:42.0421 3508	KSecDD          (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
17:38:42.0421 3508	KSecDD - ok
17:38:42.0468 3508	LanmanServer    (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll
17:38:42.0484 3508	LanmanServer - ok
17:38:42.0531 3508	lanmanworkstation (1b67b632786fef1c1bbaef46c2f3f2e6) C:\WINDOWS\System32\wkssvc.dll
17:38:42.0562 3508	lanmanworkstation - ok
17:38:42.0562 3508	lbrtfdc - ok
17:38:42.0593 3508	LmHosts         (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:38:42.0609 3508	LmHosts - ok
17:38:42.0750 3508	LMIGuardianSvc  (2375e7e01635fbccde2f796a9e078e07) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
17:38:42.0765 3508	LMIGuardianSvc - ok
17:38:42.0828 3508	LMIInfo         (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
17:38:42.0828 3508	LMIInfo - ok
17:38:42.0859 3508	LMIMaint        (b9c127273eaba403311854a8dcb6d0aa) C:\Program Files\LogMeIn\x86\RaMaint.exe
17:38:42.0875 3508	LMIMaint - ok
17:38:42.0921 3508	lmimirr         (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
17:38:42.0937 3508	lmimirr - ok
17:38:42.0937 3508	LMIRfsClientNP - ok
17:38:43.0000 3508	LMIRfsDriver    (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
17:38:43.0000 3508	LMIRfsDriver - ok
17:38:43.0093 3508	LogMeIn         (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
17:38:43.0093 3508	LogMeIn - ok
17:38:43.0156 3508	MDC8021X        (73c0d9baa649c3df94761474e8c5f8c9) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
17:38:43.0156 3508	MDC8021X - ok
17:38:43.0484 3508	MDM             (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
17:38:43.0484 3508	MDM - ok
17:38:43.0531 3508	mdmxsdk         (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:38:43.0531 3508	mdmxsdk - ok
17:38:43.0562 3508	Messenger       (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
17:38:43.0578 3508	Messenger - ok
17:38:43.0609 3508	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:38:43.0609 3508	mnmdd - ok
17:38:43.0671 3508	mnmsrvc         (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
17:38:43.0671 3508	mnmsrvc - ok
17:38:43.0750 3508	Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:38:43.0765 3508	Modem - ok
17:38:43.0937 3508	Monfilt         (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
17:38:43.0953 3508	Monfilt - ok
17:38:44.0015 3508	Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:38:44.0015 3508	Mouclass - ok
17:38:44.0031 3508	mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:38:44.0031 3508	mouhid - ok
17:38:44.0062 3508	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:38:44.0062 3508	MountMgr - ok
17:38:44.0062 3508	mraid35x - ok
17:38:44.0078 3508	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:38:44.0078 3508	MRxDAV - ok
17:38:44.0125 3508	MRxSmb          (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:38:44.0140 3508	MRxSmb - ok
17:38:44.0187 3508	MSDTC           (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
17:38:44.0203 3508	MSDTC - ok
17:38:44.0203 3508	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:38:44.0234 3508	Msfs - ok
17:38:44.0250 3508	MSIServer - ok
17:38:44.0281 3508	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:38:44.0281 3508	MSKSSRV - ok
17:38:44.0296 3508	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:38:44.0296 3508	MSPCLOCK - ok
17:38:44.0312 3508	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:38:44.0312 3508	MSPQM - ok
17:38:44.0375 3508	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:38:44.0375 3508	mssmbios - ok
17:38:44.0421 3508	MTsensor        (e333010a50bf603acc350f6019e9ce02) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
17:38:44.0421 3508	MTsensor - ok
17:38:44.0484 3508	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
17:38:44.0484 3508	Mup - ok
17:38:44.0531 3508	NAL             (ebbef7d3ddeb24239ab8d067f3a27ccf) C:\WINDOWS\system32\Drivers\iqvw32.sys
17:38:44.0531 3508	NAL - ok
17:38:44.0578 3508	napagent        (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:38:44.0593 3508	napagent - ok
17:38:44.0656 3508	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:38:44.0656 3508	NDIS - ok
17:38:44.0671 3508	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:38:44.0671 3508	NdisTapi - ok
17:38:44.0718 3508	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:38:44.0718 3508	Ndisuio - ok
17:38:44.0750 3508	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:38:44.0750 3508	NdisWan - ok
17:38:44.0781 3508	NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
17:38:44.0781 3508	NDProxy - ok
17:38:44.0796 3508	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:38:44.0796 3508	NetBIOS - ok
17:38:44.0828 3508	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:38:44.0828 3508	NetBT - ok
17:38:44.0875 3508	NetDDE          (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:38:44.0890 3508	NetDDE - ok
17:38:44.0906 3508	NetDDEdsdm      (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:38:44.0921 3508	NetDDEdsdm - ok
17:38:44.0953 3508	Netlogon        (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:38:44.0968 3508	Netlogon - ok
17:38:45.0015 3508	Netman          (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:38:45.0031 3508	Netman - ok
17:38:45.0234 3508	NetSvc          (25d4fd2151185172b6643c94f34f36be) C:\Program Files\Intel\NCS\Sync\NetSvc.exe
17:38:45.0234 3508	NetSvc - ok
17:38:45.0312 3508	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:38:45.0312 3508	NIC1394 - ok
17:38:45.0406 3508	Nla             (b4138e99236f0f57d4cf49bae98a0746) C:\WINDOWS\System32\mswsock.dll
17:38:45.0421 3508	Nla - ok
17:38:45.0453 3508	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:38:45.0453 3508	Npfs - ok
17:38:45.0500 3508	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:38:45.0515 3508	Ntfs - ok
17:38:45.0531 3508	NtLmSsp         (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:38:45.0546 3508	NtLmSsp - ok
17:38:45.0609 3508	NtmsSvc         (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:38:45.0640 3508	NtmsSvc - ok
17:38:45.0703 3508	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:38:45.0703 3508	Null - ok
17:38:45.0765 3508	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:38:45.0781 3508	NwlnkFlt - ok
17:38:45.0781 3508	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:38:45.0796 3508	NwlnkFwd - ok
17:38:46.0187 3508	odserv          (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:38:46.0203 3508	odserv - ok
17:38:46.0265 3508	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:38:46.0281 3508	ohci1394 - ok
17:38:46.0343 3508	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:38:46.0343 3508	ose - ok
17:38:46.0406 3508	Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:38:46.0421 3508	Parport - ok
17:38:46.0437 3508	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:38:46.0437 3508	PartMgr - ok
17:38:46.0484 3508	ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:38:46.0484 3508	ParVdm - ok
17:38:46.0546 3508	PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:38:46.0546 3508	PCI - ok
17:38:46.0562 3508	PCIDump - ok
17:38:46.0578 3508	PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:38:46.0593 3508	PCIIde - ok
17:38:46.0640 3508	Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:38:46.0656 3508	Pcmcia - ok
17:38:46.0671 3508	PDCOMP - ok
17:38:46.0687 3508	PDFRAME - ok
17:38:46.0703 3508	PDRELI - ok
17:38:46.0718 3508	PDRFRAME - ok
17:38:46.0734 3508	perc2 - ok
17:38:46.0750 3508	perc2hib - ok
17:38:46.0812 3508	PlugPlay        (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe
17:38:46.0812 3508	PlugPlay - ok
17:38:46.0828 3508	PolicyAgent     (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:38:46.0828 3508	PolicyAgent - ok
17:38:46.0859 3508	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:38:46.0875 3508	PptpMiniport - ok
17:38:46.0875 3508	ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:38:46.0890 3508	ProtectedStorage - ok
17:38:46.0890 3508	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:38:46.0906 3508	PSched - ok
17:38:46.0937 3508	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:38:46.0937 3508	Ptilink - ok
17:38:46.0937 3508	ql1080 - ok
17:38:46.0953 3508	Ql10wnt - ok
17:38:46.0953 3508	ql12160 - ok
17:38:46.0968 3508	ql1240 - ok
17:38:46.0968 3508	ql1280 - ok
17:38:47.0000 3508	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:38:47.0015 3508	RasAcd - ok
17:38:47.0046 3508	RasAuto         (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:38:47.0046 3508	RasAuto - ok
17:38:47.0093 3508	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:38:47.0093 3508	Rasl2tp - ok
17:38:47.0125 3508	RasMan          (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:38:47.0140 3508	RasMan - ok
17:38:47.0140 3508	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:38:47.0156 3508	RasPppoe - ok
17:38:47.0156 3508	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:38:47.0156 3508	Raspti - ok
17:38:47.0234 3508	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:38:47.0250 3508	Rdbss - ok
17:38:47.0250 3508	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:38:47.0250 3508	RDPCDD - ok
17:38:47.0312 3508	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
17:38:47.0312 3508	RDPWD - ok
17:38:47.0343 3508	RDSessMgr       (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:38:47.0359 3508	RDSessMgr - ok
17:38:47.0437 3508	redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:38:47.0437 3508	redbook - ok
17:38:47.0500 3508	RegSrvc         (2721d89b80f8e154668190bf240e5698) C:\WINDOWS\system32\RegSrvc.exe
17:38:47.0515 3508	RegSrvc - ok
17:38:47.0562 3508	RemoteAccess    (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:38:47.0578 3508	RemoteAccess - ok
17:38:47.0640 3508	rimsptsk        (5338e12cc00f6ce1b11e252fff25ac1e) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
17:38:47.0640 3508	rimsptsk - ok
17:38:47.0656 3508	risdptsk        (c5b1e7188d110aa23961f29abbad8a47) C:\WINDOWS\system32\DRIVERS\risdptsk.sys
17:38:47.0656 3508	risdptsk - ok
17:38:47.0718 3508	RpcLocator      (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
17:38:47.0718 3508	RpcLocator - ok
17:38:47.0796 3508	RpcSs           (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\System32\rpcss.dll
17:38:47.0812 3508	RpcSs - ok
17:38:47.0875 3508	RSVP            (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
17:38:47.0890 3508	RSVP - ok
17:38:47.0984 3508	RT73            (7436bfd3a542cf6ff55097200031b293) C:\WINDOWS\system32\DRIVERS\rt73.sys
17:38:47.0984 3508	RT73 - ok
17:38:48.0015 3508	rtl8139         (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
17:38:48.0031 3508	rtl8139 - ok
17:38:48.0109 3508	S24EventMonitor (b6caa5219b1f98ffa58247f9e207d9b9) C:\WINDOWS\system32\S24EvMon.exe
17:38:48.0140 3508	S24EventMonitor - ok
17:38:48.0171 3508	s24trans        (f8e1a385d08204a461e19cd9bca2b461) C:\WINDOWS\system32\DRIVERS\s24trans.sys
17:38:48.0171 3508	s24trans - ok
17:38:48.0250 3508	SamSs           (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:38:48.0265 3508	SamSs - ok
17:38:48.0296 3508	SCardSvr        (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:38:48.0328 3508	SCardSvr - ok
17:38:48.0406 3508	Schedule        (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:38:48.0421 3508	Schedule - ok
17:38:48.0437 3508	sdbus           (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
17:38:48.0453 3508	sdbus - ok
17:38:48.0468 3508	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:38:48.0468 3508	Secdrv - ok
17:38:48.0500 3508	seclogon        (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:38:48.0531 3508	seclogon - ok
17:38:48.0546 3508	SENS            (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:38:48.0578 3508	SENS - ok
17:38:48.0656 3508	Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
17:38:48.0671 3508	Serial - ok
17:38:48.0703 3508	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:38:48.0703 3508	Sfloppy - ok
17:38:48.0796 3508	SharedAccess    (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:38:48.0812 3508	SharedAccess - ok
17:38:48.0859 3508	ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
17:38:48.0875 3508	ShellHWDetection - ok
17:38:48.0890 3508	Simbad - ok
17:38:48.0890 3508	Sparrow - ok
17:38:48.0968 3508	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:38:48.0968 3508	splitter - ok
17:38:48.0984 3508	Spooler         (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe
17:38:49.0000 3508	Spooler - ok
17:38:49.0125 3508	sptd            (a80cd850d69d996c832bea37e3a6aa1e) C:\WINDOWS\system32\Drivers\sptd.sys
17:38:49.0125 3508	Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e
17:38:49.0125 3508	sptd ( LockedFile.Multi.Generic ) - warning
17:38:49.0125 3508	sptd - detected LockedFile.Multi.Generic (1)
17:38:49.0171 3508	sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:38:49.0171 3508	sr - ok
17:38:49.0218 3508	srservice       (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
17:38:49.0234 3508	srservice - ok
17:38:49.0328 3508	Srv             (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
17:38:49.0343 3508	Srv - ok
17:38:49.0406 3508	SSDPSRV         (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:38:49.0421 3508	SSDPSRV - ok
17:38:49.0562 3508	StarWindServiceAE (b1691af4a072cb674d600db16dd7308e) C:\Program Files\Alcohol 120%\StarWind\StarWindServiceAE.exe
17:38:49.0562 3508	StarWindServiceAE - ok
17:38:49.0656 3508	stisvc          (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:38:49.0703 3508	stisvc - ok
17:38:49.0718 3508	StreamSurge - ok
17:38:49.0781 3508	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:38:49.0781 3508	swenum - ok
17:38:49.0984 3508	SwitchBoard     (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:38:50.0000 3508	SwitchBoard - ok
17:38:50.0078 3508	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:38:50.0078 3508	swmidi - ok
17:38:50.0093 3508	SwPrv - ok
17:38:50.0093 3508	symc810 - ok
17:38:50.0109 3508	symc8xx - ok
17:38:50.0125 3508	sym_hi - ok
17:38:50.0140 3508	sym_u3 - ok
17:38:50.0156 3508	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:38:50.0171 3508	sysaudio - ok
17:38:50.0250 3508	SysmonLog       (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:38:50.0265 3508	SysmonLog - ok
17:38:50.0515 3508	TapiSrv         (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
17:38:50.0562 3508	TapiSrv - ok
17:38:50.0640 3508	Tcpip           (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:38:50.0656 3508	Tcpip - ok
17:38:50.0718 3508	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:38:50.0734 3508	TDPIPE - ok
17:38:50.0750 3508	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:38:50.0765 3508	TDTCP - ok
17:38:50.0828 3508	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:38:50.0828 3508	TermDD - ok
17:38:50.0906 3508	TermService     (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
17:38:50.0937 3508	TermService - ok
17:38:51.0000 3508	Themes          (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
17:38:51.0031 3508	Themes - ok
17:38:51.0062 3508	TosIde - ok
17:38:51.0093 3508	TrkWks          (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:38:51.0125 3508	TrkWks - ok
17:38:51.0171 3508	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:38:51.0187 3508	Udfs - ok
17:38:51.0187 3508	ultra - ok
17:38:51.0281 3508	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:38:51.0296 3508	Update - ok
17:38:51.0406 3508	upnphost        (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:38:51.0437 3508	upnphost - ok
17:38:51.0468 3508	UPS             (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:38:51.0500 3508	UPS - ok
17:38:51.0562 3508	USBAAPL         (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:38:51.0562 3508	USBAAPL - ok
17:38:51.0625 3508	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:38:51.0625 3508	usbehci - ok
17:38:51.0687 3508	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:38:51.0687 3508	usbhub - ok
17:38:51.0750 3508	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:38:51.0765 3508	usbscan - ok
17:38:51.0796 3508	usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:38:51.0812 3508	usbstor - ok
17:38:51.0843 3508	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:38:51.0843 3508	usbuhci - ok
17:38:51.0875 3508	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:38:51.0890 3508	VgaSave - ok
17:38:51.0890 3508	ViaIde - ok
17:38:51.0953 3508	VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:38:51.0953 3508	VolSnap - ok
17:38:52.0031 3508	VSS             (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:38:52.0062 3508	VSS - ok
17:38:52.0140 3508	W32Time         (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
17:38:52.0171 3508	W32Time - ok
17:38:52.0421 3508	w70n51          (959b5f412f0ef080f5358b83b84e7267) C:\WINDOWS\system32\DRIVERS\w70n51.sys
17:38:52.0500 3508	w70n51 - ok
17:38:52.0656 3508	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:38:52.0671 3508	Wanarp - ok
17:38:52.0687 3508	WDICA - ok
17:38:52.0750 3508	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:38:52.0750 3508	wdmaud - ok
17:38:52.0781 3508	WebClient       (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:38:52.0812 3508	WebClient - ok
17:38:52.0890 3508	winachsf        (448f0de9b06386a4dd605d28c0cc5feb) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:38:52.0921 3508	winachsf - ok
17:38:53.0015 3508	winmgmt         (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:38:53.0015 3508	winmgmt - ok
17:38:53.0046 3508	WLTRYSVC - ok
17:38:53.0093 3508	WmdmPmSN        (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
17:38:53.0156 3508	WmdmPmSN - ok
17:38:53.0203 3508	WmiApSrv        (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:38:53.0218 3508	WmiApSrv - ok
17:38:53.0265 3508	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:38:53.0265 3508	WS2IFSL - ok
17:38:53.0328 3508	wscsvc          (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
17:38:53.0359 3508	wscsvc - ok
17:38:53.0656 3508	wuauserv        (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
17:38:53.0671 3508	wuauserv - ok
17:38:53.0734 3508	WZCSVC          (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
17:38:53.0750 3508	WZCSVC - ok
17:38:53.0796 3508	xmlprov         (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:38:53.0812 3508	xmlprov - ok
17:38:53.0859 3508	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:38:54.0500 3508	\Device\Harddisk0\DR0 - ok
17:38:54.0500 3508	Boot (0x1200)   (9c015ce27f39e25ff0cb7af24b54a990) \Device\Harddisk0\DR0\Partition0
17:38:54.0515 3508	\Device\Harddisk0\DR0\Partition0 - ok
17:38:54.0515 3508	============================================================
17:38:54.0515 3508	Scan finished
17:38:54.0515 3508	============================================================
17:38:54.0531 3148	Detected object count: 1
17:38:54.0531 3148	Actual detected object count: 1
17:39:04.0312 3148	sptd ( LockedFile.Multi.Generic ) - skipped by user
17:39:04.0312 3148	sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
17:39:10.0125 2720	Deinitialize success



As for aswMBR, here is the log file, it is attached...

Attached Files


Edited by silentarts, 18 May 2012 - 08:33 PM.

  • 0

#19
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



THEN



Please rerun ComboFix. Make sure you let it update first, and please also let it install the recovery console. Post the resulting log file in your next reply.




THEN




Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :dir
    C:\RECYCLER /s
    
    :folderfind
    *Dc172*
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt



THEN


Run OTL again
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
(Don't worry if only OTL.txt gets created)
  • 0

#20
silentarts

silentarts

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts
Will do this and get back to you ASAP!

Edited by silentarts, 20 May 2012 - 04:20 PM.

  • 0

#21
silentarts

silentarts

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.20.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Fadil Shamir Khan :: FADIL-LAPTOP [administrator]

Protection: Disabled

5/20/2012 6:28:38 PM
mbam-log-2012-05-20 (18-28-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 181120
Time elapsed: 8 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#22
silentarts

silentarts

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts
ComboFix 12-05-20.09 - Fadil Shamir Khan 05/20/2012 21:39:07.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.554 [GMT -4:00]
Running from: c:\documents and settings\Fadil Shamir Khan\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\mazuki.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-21 to 2012-05-21 )))))))))))))))))))))))))))))))
.
.
2012-05-20 22:26 . 2012-05-20 22:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-20 22:26 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-20 08:04 . 2012-05-20 08:04 -------- d-----w- c:\documents and settings\Fadil Shamir Khan\Application Data\Ashampoo
2012-05-20 04:32 . 2012-05-20 08:04 -------- d-----w- c:\documents and settings\Fadil Shamir Khan\Local Settings\Application Data\ashampoo
2012-05-20 04:32 . 2012-05-20 04:32 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2012-05-20 04:30 . 2012-05-20 04:30 -------- d-----w- c:\program files\Ashampoo
2012-05-20 04:23 . 2012-05-20 04:25 -------- d-----w- c:\documents and settings\Fadil Shamir Khan\Local Settings\Application Data\Facebook
2012-05-19 08:37 . 2012-05-19 08:37 -------- d-----w- c:\documents and settings\Fadil Shamir Khan\jagexcache
2012-05-19 08:30 . 2012-05-19 08:30 -------- d-----w- c:\documents and settings\Fadil Shamir Khan\Local Settings\Application Data\{0F9E2902-4A0B-4941-8FE3-6EC24F0054A6}
2012-05-18 06:02 . 2012-05-18 06:02 -------- d-sh--w- c:\documents and settings\Fadil Shamir Khan\PrivacIE
2012-05-18 01:03 . 2008-04-14 04:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-05-18 01:03 . 2008-04-14 04:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-05-18 01:03 . 2012-05-18 01:03 -------- d-----w- c:\program files\Jumi
2012-05-18 00:35 . 2012-05-18 00:35 -------- d-----w- c:\documents and settings\Fadil Shamir Khan\AlwaysOnPC
2012-05-12 15:07 . 2012-05-20 03:49 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2012-05-12 08:25 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-05-11 08:49 . 2012-05-11 08:49 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-05-11 08:48 . 2012-05-11 08:48 -------- d-sh--w- c:\documents and settings\Fadil Shamir Khan\IETldCache
2012-05-11 07:24 . 2012-05-11 07:28 -------- d--h--w- c:\windows\$hf_mig$
2012-05-11 07:21 . 2009-01-07 22:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2012-05-11 07:19 . 2012-05-11 07:23 -------- dc-h--w- c:\windows\ie8
2012-05-11 07:06 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-05-11 07:06 . 2012-03-01 11:01 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-05-11 07:06 . 2012-03-01 11:01 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-05-11 07:06 . 2012-03-01 11:01 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-05-11 07:06 . 2012-03-01 11:01 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-05-11 07:06 . 2012-03-01 11:01 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-05-11 07:06 . 2012-03-01 11:01 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-05-11 07:06 . 2012-03-02 10:01 11082752 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-05-09 12:01 . 2012-05-09 12:01 -------- d-----w- C:\f5d9050v3000
2012-05-09 11:50 . 2012-05-09 11:50 15584 ----a-w- c:\windows\system32\drivers\mdc8021x.sys
2012-05-09 11:50 . 2003-09-25 01:21 479232 ------w- c:\windows\system32\AegisE5.dll
2012-05-09 11:50 . 2003-09-25 01:21 110592 ------w- c:\windows\system32\AegisI5.exe
2012-05-09 11:50 . 2003-10-16 18:03 790528 ------w- c:\windows\system32\BCMWLCPL.CPL
2012-05-09 11:50 . 2003-10-16 02:05 501144 ------w- c:\windows\system32\BCMWLTRY.EXE
2012-05-09 11:50 . 2003-10-07 22:44 45056 ------w- c:\windows\system32\WLTRYSVC.EXE
2012-05-09 11:50 . 2003-10-16 02:04 144776 ------w- c:\windows\system32\BCMWLU00.EXE
2012-05-09 11:50 . 2003-10-15 16:57 57344 ------w- c:\windows\system32\BCMWLD2K.EXE
2012-05-09 11:50 . 2003-09-25 01:21 285056 ------w- c:\windows\system32\drivers\BCMWL5.SYS
2012-05-08 21:25 . 2012-05-08 21:25 -------- d-----w- c:\documents and settings\Fadil Shamir Khan\Application Data\Malwarebytes
2012-05-08 21:24 . 2012-05-08 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-01 22:33 . 2012-05-01 22:33 -------- d-----w- c:\program files\WinSCP
2012-04-29 14:30 . 2012-04-29 14:30 -------- d-----w- c:\documents and settings\Fadil Shamir Khan\Local Settings\Application Data\Cranium_Consulting_and_Cu
2012-04-29 13:55 . 2012-05-20 22:16 -------- d-----w- c:\program files\Common Files\Apple
2012-04-26 22:43 . 2009-08-06 23:24 44768 ----a-w- c:\windows\system32\wups2.dll
2012-04-26 22:43 . 2009-08-06 23:24 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-04-26 22:43 . 2009-08-06 23:24 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-04-26 22:43 . 2009-08-06 23:24 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-04-26 22:43 . 2009-08-06 23:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-04-26 22:41 . 2012-02-01 01:30 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-04-26 22:41 . 2012-02-01 01:30 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-04-26 22:41 . 2012-02-01 01:30 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-04-26 22:41 . 2011-09-16 18:10 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-04-26 22:40 . 2012-02-01 01:30 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-04-26 22:39 . 2012-05-20 03:49 -------- d-----w- c:\program files\LogMeIn
2012-04-26 02:26 . 2006-10-26 23:58 30512 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2012-04-26 02:26 . 2006-10-26 23:58 30512 ----a-w- c:\windows\system32\mdimon.dll
2012-04-26 02:24 . 2012-04-26 02:24 -------- d-----w- c:\program files\Microsoft Works
2012-04-26 02:07 . 2012-04-26 02:22 -------- d-----w- c:\windows\SHELLNEW
2012-04-26 00:11 . 2012-04-26 00:11 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2012-04-25 19:26 . 2011-11-22 20:28 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2012-04-25 19:26 . 2010-11-03 22:14 2180712 ----a-w- c:\windows\MicCal.exe
2012-04-25 19:26 . 2009-11-18 11:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2012-04-25 19:26 . 2011-08-29 20:20 1493608 ----a-w- c:\windows\RtlUpd.exe
2012-04-25 19:26 . 2010-11-03 22:15 359016 ----a-w- c:\windows\vncutil.exe
2012-04-25 19:26 . 2010-11-03 22:15 1833576 ----a-w- c:\windows\SkyTel.exe
2012-04-25 19:26 . 2012-03-19 23:01 65128 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2012-04-25 19:26 . 2009-11-18 11:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2012-04-25 19:26 . 2010-11-03 22:14 129640 ----a-w- c:\windows\RtkAudioService.exe
2012-04-25 19:20 . 2012-05-20 03:43 -------- d-----w- c:\windows\SxsCaPendDel
2012-04-25 16:18 . 2012-04-25 16:18 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 16:18 . 2012-04-25 16:18 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-24 09:33 . 2012-04-24 09:33 -------- d-----w- c:\documents and settings\Fadil Shamir Khan\Local Settings\Application Data\Microsoft Help
2012-04-24 09:32 . 2012-04-26 02:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2012-04-24 09:20 . 2012-04-24 09:21 -------- d-----w- c:\program files\Alcohol 120%
2012-04-24 00:57 . 2012-04-25 20:28 -------- d-----w- c:\documents and settings\Fadil Shamir Khan\Local Settings\Application Data\Unity
2012-04-23 21:16 . 2012-04-26 01:23 -------- d-----w- c:\documents and settings\Fadil Shamir Khan\Local Settings\Application Data\RockMelt
2012-04-22 23:33 . 2012-04-22 23:33 -------- d-----w- c:\documents and settings\Fadil Shamir Khan\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-04-22 11:01 . 2012-04-22 11:01 -------- d--h--w- c:\windows\PIF
2012-04-22 08:51 . 2012-04-22 08:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Anvsoft
2012-04-22 08:51 . 2012-04-22 08:51 -------- d-----w- c:\documents and settings\Fadil Shamir Khan\Application Data\Wedding Album Maker
2012-04-22 08:39 . 2012-04-22 08:39 -------- d-----w- c:\documents and settings\Fadil Shamir Khan\Application Data\Cocoon Software
2012-04-22 08:39 . 2012-04-22 08:39 -------- d-----w- c:\documents and settings\Fadil Shamir Khan\Local Settings\Application Data\WDSetup
2012-04-21 18:05 . 2012-04-21 18:05 -------- d-----w- c:\documents and settings\Fadil Shamir Khan\Local Settings\Application Data\ApplicationHistory
2012-04-21 17:32 . 2012-04-21 18:05 -------- d-----w- c:\program files\Website Ripper Copier
2012-04-21 17:30 . 2012-04-25 20:54 -------- d-----w- c:\windows\system32\URTTemp
2012-04-21 12:46 . 2012-04-21 12:46 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2012-04-21 12:42 . 2012-04-21 12:42 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 04:23 . 2012-03-30 22:30 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 04:23 . 2012-03-30 22:30 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-21 00:39 . 2012-04-21 00:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-21 00:39 . 2012-04-21 00:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-08 02:52 . 2012-04-08 02:52 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-03-30 04:25 . 2012-03-30 04:25 74703 ----a-w- c:\windows\system32\mfc45.dll
2012-03-29 19:21 . 2008-04-14 12:00 507904 ----a-w- c:\windows\system32\winlogon.exe
2012-03-29 17:22 . 2012-03-29 17:22 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2012-03-27 21:03 . 2012-03-30 00:12 6100072 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2012-03-14 17:40 . 2012-03-30 00:12 20065896 ----a-w- c:\windows\RTHDCPL.EXE
2012-03-07 00:15 . 2012-03-29 20:17 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2012-03-29 20:17 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2012-03-29 20:17 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2012-03-29 20:17 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2012-03-29 20:17 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-07 00:01 . 2012-03-29 20:17 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2012-03-29 20:17 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-07 00:01 . 2012-03-29 20:17 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-07 00:01 . 2012-03-29 20:17 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 23:58 . 2012-03-29 20:17 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-01 11:01 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 12:17 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-04-25 16:18 . 2012-03-29 17:26 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-03-29 . 679A7259741F6A09994F02CE261B5F2E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\documents and settings\Fadil Shamir Khan\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-05-20 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-10 110592]
"ZCfgSvc.exe"="c:\windows\system32\ZCfgSvc.exe" [2004-06-17 409664]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-08-14 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-08-14 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-08-14 94208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"RTHDCPL"="RTHDCPL.EXE" [2012-03-14 20065896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-02-01 01:30 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-06-17 16:14 180290 ----a-w- c:\windows\system32\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-15 21:42 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 11:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-09-18 15:34 205976 ----a-w- c:\program files\Alcohol 120%\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART]
2012-05-08 18:08 9533848 ----a-w- c:\program files\Innovative Solutions\DriverMax\drivermax.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 02:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
2004-05-24 19:59 86016 ----a-w- c:\program files\Intel\NCS\PROSet\PRONoMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 17:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/7/2012 10:52 PM 722416]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/29/2012 4:17 PM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/29/2012 4:17 PM 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/29/2012 4:17 PM 20696]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/29/2012 4:18 PM 136176]
R3 jumi;%Jumi%;c:\windows\system32\drivers\jumi.sys [6/3/2010 11:07 AM 13112]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/30/2012 6:30 PM 257696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/25/2012 3:26 PM 1691480]
S3 BKNDIS5;BKNDIS5 NDIS Protocol Driver;\??\c:\progra~1\Belkin\F5D9050\BKNDIS5.SYS --> c:\progra~1\Belkin\F5D9050\BKNDIS5.SYS [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/29/2012 4:18 PM 136176]
S3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\DRIVERS\ss.sys --> c:\windows\system32\DRIVERS\ss.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RASAUTO
*NewlyCreated* - RDSESSMGR
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 04:23]
.
2012-05-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-448539723-1958367476-1417001333-1004Core.job
- c:\documents and settings\Fadil Shamir Khan\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-05-20 14:06]
.
2012-05-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-448539723-1958367476-1417001333-1004UA.job
- c:\documents and settings\Fadil Shamir Khan\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-05-20 14:06]
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-29 20:17]
.
2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-29 20:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Fadil Shamir Khan\Application Data\Mozilla\Firefox\Profiles\l0rwv6fr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en#m_98
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-JumiController - (no file)
HKCU-Run-DriverMax_RESTART - (no file)
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-20 21:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\LgNotify.dll
c:\windows\system32\msacm32.drv
.
Completion time: 2012-05-20 21:47:39
ComboFix-quarantined-files.txt 2012-05-21 01:47
.
Pre-Run: 10,728,140,800 bytes free
Post-Run: 10,719,522,816 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut
.
- - End Of File - - 1CC333737270F184FD1161B0A21026D6
  • 0

#23
silentarts

silentarts

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts
As for removing the Dc172, that message is gone and now it shows, Dc201, so I changed that in your code and did the scan.

Here is the log from that...

SystemLook 30.07.11 by jpshortstuff
Log created at 23:13 on 20/05/2012 by Fadil Shamir Khan
Administrator - Elevation successful

========== dir ==========

C:\RECYCLER - Parameters: "/s"

---Files---
None found.

C:\RECYCLER\S-1-5-21-448539723-1958367476-1417001333-1004	d--hs--	[01:59 17/05/2012]
desktop.ini	---hs-- 65 bytes	[02:03 21/05/2012]	[03:13 21/05/2012]
INFO2	--ah--- 8020 bytes	[01:52 21/05/2012]	[02:09 21/05/2012]

C:\RECYCLER\S-1-5-21-448539723-1958367476-1417001333-1004\Dc201	d------	[01:43 17/05/2012]

========== folderfind ==========

Searching for "*Dc201*"
C:\RECYCLER\S-1-5-21-448539723-1958367476-1417001333-1004\Dc201	d------	[01:43 17/05/2012]

-= EOF =-

Edited by silentarts, 20 May 2012 - 10:03 PM.

  • 0

#24
silentarts

silentarts

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts
OTL logfile created on: 5/20/2012 10:10:54 PM - Run 3
OTL by OldTimer - Version 3.2.43.1 Folder = C:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.17 Mb Total Physical Memory | 475.45 Mb Available Physical Memory | 46.83% Memory free
2.38 Gb Paging File | 1.99 Gb Available in Paging File | 83.35% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.94 Gb Total Space | 10.02 Gb Free Space | 35.88% Space Free | Partition Type: NTFS

Computer Name: FADIL-LAPTOP | User Name: Fadil Shamir Khan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/20 22:06:07 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/06 20:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 20:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol 120%\StarWind\StarWindServiceAE.exe
PRC - [2006/08/10 22:08:04 | 002,379,776 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
PRC - [2006/08/10 16:10:56 | 000,110,592 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe
PRC - [2004/06/17 12:12:40 | 000,409,664 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\ZCfgSvc.exe
PRC - [2004/06/17 12:09:38 | 000,204,800 | ---- | M] (Intel) -- C:\WINDOWS\system32\1XConfig.exe
PRC - [2004/06/17 12:09:10 | 000,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe
PRC - [2004/06/17 12:07:40 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/20 13:15:36 | 001,761,792 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12052001\algo.dll
MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/07/04 17:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2006/08/10 22:08:04 | 002,379,776 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
MOD - [2006/08/10 16:10:56 | 000,110,592 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe
MOD - [2004/06/17 12:17:42 | 000,045,124 | ---- | M] () -- C:\WINDOWS\system32\LsaWrApi.dll
MOD - [2004/06/17 12:08:24 | 000,225,349 | ---- | M] () -- C:\WINDOWS\system32\C1XStngs.dll
MOD - [2004/05/28 10:13:10 | 000,057,344 | ---- | M] () -- C:\WINDOWS\ATK0100\CMSSC.dll
MOD - [2003/09/24 21:21:48 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\ssleay32.dll
MOD - [2003/09/24 21:21:46 | 000,651,264 | ---- | M] () -- C:\WINDOWS\system32\libeay32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/05/05 00:23:15 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/06 20:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol 120%\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2004/06/17 12:09:10 | 000,303,171 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/06/17 12:07:40 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2003/04/29 14:29:54 | 000,139,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ss.sys -- (StreamSurge) StreamSurge Driver (miniport)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\FADILS~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\Belkin\F5D9050\BKNDIS5.SYS -- (BKNDIS5)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a2lbr04w)
DRV - [2012/05/09 07:50:39 | 000,015,584 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2012/04/07 22:52:51 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/27 17:03:36 | 006,100,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2012/03/06 20:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 20:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 20:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/06 20:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 20:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 20:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 19:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/01/31 21:30:36 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/09/16 14:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/06/03 11:07:18 | 000,013,112 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jumi.sys -- (jumi)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/13 18:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2005/11/24 19:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/04/18 22:21:08 | 000,027,136 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2005/02/17 23:07:48 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2005/01/17 22:43:00 | 001,036,928 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/01/17 22:43:00 | 000,702,592 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/01/17 22:43:00 | 000,163,328 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2004/12/06 15:51:10 | 000,051,328 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2004/06/16 08:01:46 | 002,483,712 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel®
DRV - [2004/06/09 10:12:48 | 000,010,970 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2003/09/24 21:21:44 | 000,285,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2002/11/22 20:01:26 | 000,020,096 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-448539723-1958367476-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKU\S-1-5-21-448539723-1958367476-1417001333-1004\..\SearchScopes,DefaultScope = {9E278D58-4BF4-4FFA-A468-4026F696B35C}
IE - HKU\S-1-5-21-448539723-1958367476-1417001333-1004\..\SearchScopes\{9E278D58-4BF4-4FFA-A468-4026F696B35C}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-448539723-1958367476-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.../ig?hl=en#m_98"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/19 23:35:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/03/29 13:30:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Mozilla\Extensions
[2012/05/20 18:15:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Mozilla\Firefox\Profiles\l0rwv6fr.default\extensions
[2012/05/20 17:34:23 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Mozilla\Firefox\Profiles\l0rwv6fr.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/05/17 11:01:45 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Mozilla\Firefox\Profiles\l0rwv6fr.default\extensions\[email protected]
[2012/04/25 12:18:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/20 18:07:35 | 001,549,154 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\FADIL SHAMIR KHAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\L0RWV6FR.DEFAULT\EXTENSIONS\{1519200D-6633-40C9-A9A1-D60D8D1D0479}.XPI
[2012/04/20 20:39:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/04/25 12:18:28 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/30 17:50:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/30 17:50:33 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/05/20 21:45:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe (Intel Corporation)
O4 - HKU\S-1-5-21-448539723-1958367476-1417001333-1004..\Run: [Facebook Update] C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-448539723-1958367476-1417001333-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-448539723-1958367476-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-448539723-1958367476-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-448539723-1958367476-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28308C4A-1B1A-48C4-8E40-9C41E0BEBB03}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{943AC2FD-BCEF-4E88-BF80-E57F8F28A5E5}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\Sebring: DllName - (C:\WINDOWS\system32\LgNotify.dll) - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/29 12:28:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/20 22:05:44 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2012/05/20 21:59:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/05/20 21:36:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/05/20 21:24:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/20 18:26:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/20 18:26:02 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/20 18:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/20 17:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\My Documents\My Drivers
[2012/05/20 17:54:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Recent
[2012/05/20 04:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Ashampoo
[2012/05/20 00:32:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\ashampoo
[2012/05/20 00:32:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2012/05/20 00:32:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Start Menu\Programs\Ashampoo Burning Studio 11
[2012/05/20 00:30:07 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2012/05/20 00:23:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\Facebook
[2012/05/19 23:41:30 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/05/19 13:44:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\IRC New
[2012/05/19 04:37:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\jagexcache
[2012/05/19 04:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\{0F9E2902-4A0B-4941-8FE3-6EC24F0054A6}
[2012/05/18 22:34:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\Repair Tools
[2012/05/18 15:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\Motorola Cliq
[2012/05/18 02:02:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Fadil Shamir Khan\PrivacIE
[2012/05/17 21:03:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Start Menu\Programs\Jumi
[2012/05/17 21:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\My Documents\JumiController
[2012/05/17 21:03:01 | 000,000,000 | ---D | C] -- C:\Program Files\Jumi
[2012/05/17 20:35:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\AlwaysOnPC
[2012/05/16 21:59:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/16 21:44:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/16 21:44:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/16 21:44:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/16 21:44:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/16 21:32:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/05/16 21:31:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Start Menu\Programs\Administrative Tools
[2012/05/13 06:14:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\Everything
[2012/05/12 11:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/05/11 04:48:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Start Menu\Programs\Accessories
[2012/05/11 04:48:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Fadil Shamir Khan\IETldCache
[2012/05/11 03:24:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/05/11 03:24:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2012/05/11 03:23:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2012/05/11 03:19:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/05/09 08:01:51 | 000,000,000 | ---D | C] -- C:\f5d9050v3000
[2012/05/09 07:50:37 | 000,790,528 | ---- | C] (Motorola Inc.) -- C:\WINDOWS\System32\BCMWLCPL.CPL
[2012/05/09 07:50:05 | 000,144,776 | ---- | C] (Motorola Inc.) -- C:\WINDOWS\System32\BCMWLU00.EXE
[2012/05/09 07:50:05 | 000,057,344 | ---- | C] (Motorola Inc.) -- C:\WINDOWS\System32\BCMWLD2K.EXE
[2012/05/08 17:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Malwarebytes
[2012/05/08 17:24:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/05/01 18:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinSCP
[2012/05/01 18:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2012/04/29 10:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\Cranium_Consulting_and_Cu
[2012/04/29 09:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/04/26 18:43:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2012/04/26 18:41:42 | 000,030,592 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2012/04/26 18:41:40 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll.000.bak
[2012/04/26 18:41:40 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2012/04/26 18:41:40 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys
[2012/04/26 18:40:55 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll.000.bak
[2012/04/26 18:40:55 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2012/04/26 18:39:21 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2012/04/25 22:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/04/25 22:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012/04/25 22:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012/04/25 22:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/04/25 22:07:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2012/04/25 22:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/04/25 20:11:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2012/04/25 15:26:30 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2012/04/25 15:26:21 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2012/04/25 15:26:19 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2012/04/25 15:20:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2012/04/25 12:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/04/24 05:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\Microsoft Help
[2012/04/24 05:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2012/04/24 05:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Alcohol 120%
[2012/04/24 05:20:24 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol 120%
[2012/04/23 20:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\Unity
[2012/04/23 17:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\RockMelt
[2012/04/22 19:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/22 07:01:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012/04/22 04:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Anvsoft
[2012/04/22 04:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Wedding Album Maker
[2012/04/22 04:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Cocoon Software
[2012/04/22 04:39:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\WDSetup
[2012/04/21 21:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Google
[2012/04/21 14:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\ApplicationHistory
[2012/04/21 13:32:32 | 000,000,000 | ---D | C] -- C:\Program Files\Website Ripper Copier
[2012/04/21 13:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\Start Menu\Programs\Website Ripper Copier
[2012/04/21 13:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fadil Shamir Khan\My Documents\Website Ripper Copier
[2012/04/21 13:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Website Ripper Copier
[2012/04/21 13:30:39 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2012/04/21 13:30:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2012/04/21 13:30:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2012/04/21 08:42:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun

========== Files - Modified Within 30 Days ==========

[2012/05/20 22:22:25 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/20 22:11:14 | 000,001,046 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-448539723-1958367476-1417001333-1004UA.job
[2012/05/20 22:07:01 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/20 22:06:07 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2012/05/20 21:55:21 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/20 21:54:58 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/20 21:54:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/20 21:45:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/20 21:39:07 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\My Documents\Default.rdp
[2012/05/20 21:37:06 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2012/05/20 18:06:27 | 034,669,595 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\Windows XP Drivers Backup.zip
[2012/05/20 18:02:54 | 000,046,472 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\My Documents\Registry Backup.reg
[2012/05/20 10:11:00 | 000,001,024 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-448539723-1958367476-1417001333-1004Core.job
[2012/05/19 04:51:57 | 000,000,024 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\random.dat
[2012/05/19 04:49:49 | 000,000,073 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\jagex_cl_runescape_LIVE.dat
[2012/05/17 13:17:55 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Adobe PNG Format CS5 Prefs
[2012/05/12 11:07:43 | 000,000,212 | ---- | M] () -- C:\Boot.bak
[2012/05/12 04:22:43 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/09 07:11:19 | 000,392,864 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/09 07:11:19 | 000,058,998 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/08 03:30:47 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\winscp.rnd
[2012/05/06 15:51:35 | 000,081,006 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\My Documents\bg.jpg
[2012/05/02 19:07:58 | 000,001,145 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\CleanTemp.bat
[2012/04/30 12:02:57 | 002,347,656 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/25 20:52:34 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook Express.lnk
[2012/04/22 18:55:47 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2012/04/22 06:40:30 | 000,000,028 | ---- | M] () -- C:\WINDOWS\v2d.INI
[2012/04/21 08:46:48 | 008,892,928 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi

========== Files Created - No Company Name ==========

[2012/05/20 21:39:07 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\My Documents\Default.rdp
[2012/05/20 21:37:05 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2012/05/20 21:37:03 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/05/20 18:01:49 | 000,046,472 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\My Documents\Registry Backup.reg
[2012/05/20 17:57:52 | 034,669,595 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\Desktop\Windows XP Drivers Backup.zip
[2012/05/20 00:23:38 | 000,001,046 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-448539723-1958367476-1417001333-1004UA.job
[2012/05/20 00:23:35 | 000,001,024 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-448539723-1958367476-1417001333-1004Core.job
[2012/05/19 04:37:42 | 000,000,073 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\jagex_cl_runescape_LIVE.dat
[2012/05/19 04:37:42 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\random.dat
[2012/05/16 21:44:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/16 21:44:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/16 21:44:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/16 21:44:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/16 21:44:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/12 04:25:41 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\Start Menu\Programs\Windows Media Player.lnk
[2012/05/11 04:48:26 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\Start Menu\Programs\Internet Explorer.lnk
[2012/05/09 07:50:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2012/05/09 07:50:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2012/05/06 15:51:33 | 000,081,006 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\My Documents\bg.jpg
[2012/05/01 18:33:17 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\winscp.rnd
[2012/04/25 20:52:34 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook Express.lnk
[2012/04/22 18:37:06 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2012/04/22 04:30:20 | 000,000,028 | ---- | C] () -- C:\WINDOWS\v2d.INI
[2012/04/21 08:46:45 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2012/04/21 03:16:20 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/04/20 11:35:19 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Adobe PNG Format CS5 Prefs
[2012/04/08 05:55:45 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Fadil Shamir Khan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/30 01:52:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4670.dll
[2012/03/30 00:25:29 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2012/03/29 17:21:12 | 000,003,472 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/29 17:05:06 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012/03/29 13:30:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2012/03/29 12:31:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/03/29 12:25:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/03/29 12:18:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/03/29 12:16:51 | 002,347,656 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/29 10:46:58 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll

========== LOP Check ==========

[2012/04/22 04:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anvsoft
[2012/05/20 00:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2012/03/29 16:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/03/30 18:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2012/05/19 23:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/05/17 13:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/03/29 13:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/04/08 18:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/05/20 04:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Ashampoo
[2012/04/22 19:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/22 04:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Cocoon Software
[2012/05/19 23:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\FileZilla
[2012/03/30 01:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\iolo
[2012/05/07 06:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\redsn0w
[2012/04/08 09:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/05/20 17:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\uTorrent
[2012/04/22 04:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fadil Shamir Khan\Application Data\Wedding Album Maker
[2012/03/30 00:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2012/05/20 10:11:00 | 000,001,024 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-448539723-1958367476-1417001333-1004Core.job
[2012/05/20 22:11:14 | 000,001,046 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-448539723-1958367476-1417001333-1004UA.job

========== Purity Check ==========



< End of report >
  • 0

#25
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    C:\RECYCLER\S-1-5-21-448539723-1958367476-1417001333-1004\Dc201
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


Are you still experiencing any problems? If so, what problems?
  • 0

Advertisements


#26
silentarts

silentarts

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts
I removed both Dc253 and Dc201 and that seemed to fix that issue.

As for the PC, it is working great!

Thanks a million!

Edited by silentarts, 22 May 2012 - 12:12 AM.

  • 0

#27
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Google Chrome and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these.

The WOT add-on will nicely help to enhance your security, no matter which web browser you use. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool:
  • 0

#28
silentarts

silentarts

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts
Before I proceed with your last post, I must let you know that I rebooted my pc and got an error. Avast found a virus and requested a Boot Time Scan, so I am currently running Avast Boot Time Scan... It is taking some time... I have a screenshot for both issues...
  • 0

#29
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Please let me know the outcome of the Avast boot scan. The detections could just be some harmless remains, or quarantined items.


If you've got screenshots, you can post those too.
  • 0

#30
silentarts

silentarts

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts
This is the log file from that Avast Boot Time Scan

05/22/2012 12:03
Scan of all local drives

File C:\Documents and Settings\Fadil Shamir Khan\My Documents\Downloads\Microsoft Office 2010 Lifetime Activator.zip|>Microsoft Office 2010 Lifetime Activator\w7lxe.exe is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4NJQS8H9\adrd[1].jpg is infected by Win32:Confi [Wrm], Moved to chest
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4NJQS8H9\tbyyqrpx[1].png is infected by Win32:Rootkit-gen [Rtk], Moved to chest
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4NJQS8H9\urae[1].jpg is infected by Win32:Confi [Wrm], Moved to chest
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\98XOYF8H\jxlgfo[1].bmp is infected by Win32:Malware-gen, Moved to chest
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\98XOYF8H\mhrmvsm[1].gif is infected by Win32:Rootkit-gen [Rtk], Moved to chest
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\98XOYF8H\usvb[1].jpg is infected by Win32:Confi [Wrm], Moved to chest
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QR85TELT\nhrvqkwu[1].png is infected by Win32:Rootkit-gen [Rtk], Moved to chest
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QR85TELT\tjsuby[1].jpg is infected by Win32:Confi [Wrm], Moved to chest
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QR85TELT\vuhflkcq[1].jpg is infected by Win32:Confi [Wrm], Moved to chest
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QR85TELT\xxmfilv[1].gif is infected by Win32:Rootkit-gen [Rtk], Moved to chest
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XTYCIERI\hpsrfok[1].jpg is infected by Win32:Confi [Wrm], Moved to chest
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XTYCIERI\qgmsibmn[1].gif is infected by Win32:Confi [Wrm], Moved to chest
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XTYCIERI\qplr[1].bmp is infected by Win32:Rootkit-gen [Rtk], Moved to chest
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XTYCIERI\sijds[1].gif is infected by Win32:Confi [Wrm], Moved to chest
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XTYCIERI\wtohe[1].bmp is infected by Win32:Confi [Wrm], Moved to chest
File C:\WINDOWS\system32\x is infected by Win32:Rootkit-gen [Rtk], Moved to chest
Number of searched folders: 12921
Number of tested files: 377637
Number of infected files: 17


PLEASE NOTE THAT AFTER THIS SCAN WAS DONE, AND ALL FILES MOVED TO CHEST OR DELETED, THE ERRORS MENTIONED BEFORE ARE NOT COMING UP AGAIN, BUT JUST IN CASE... HERE ARE THE SCREENSHOTS....

Posted Image
Posted Image

Edited by silentarts, 22 May 2012 - 07:57 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP