Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

No Control panel / Task manager disabled / Desktop proprties disabled

Started by techslam , May 18 2012 12:32 AM

  • This topic is locked This topic is locked

#1
techslam
Posted 18 May 2012 - 12:32 AM

techslam

    New Member

  • Member
  • Pip
  • 1 posts
Hi,

It seems my Windows XP machine has been infected.
Problems:-
1) No control panel Start Menu options
2) Alt+Cntrl+Del will not open task manager, instead will give error 'task manager has been disabled by the administrator'
3)right click on desktop and then clicking on properties will give error "The operation has been disabled due to restrictions on this computer.Contact System administrator"
4) double clicking on time will give same error "The operation has been disabled due to restrictions on this computer.Contact System administrator"

Please Advice. OTL.txt has been attached.

Attached Files

  • Attached File  OTL.Txt   107.24KB   53 downloads

  • 0

Advertisements

#2
CompCav
Posted 20 May 2012 - 07:19 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
OTL logfile created on: 5/18/2012 11:51:21 AM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Mohammed Arshad\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.48 Mb Total Physical Memory | 81.00 Mb Available Physical Memory | 16.09% Memory free
1.20 Gb Paging File | 0.59 Gb Available in Paging File | 49.52% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.65 Gb Total Space | 10.71 Gb Free Space | 73.09% Space Free | Partition Type: NTFS
Drive D: | 29.29 Gb Total Space | 25.34 Gb Free Space | 86.50% Space Free | Partition Type: NTFS
Drive E: | 30.56 Gb Total Space | 11.19 Gb Free Space | 36.62% Space Free | Partition Type: NTFS
Drive G: | 36.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HAYATH-24026049 | User Name: Mohammed Arshad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/18 11:50:55 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mohammed Arshad\My Documents\Downloads\OTL.exe
PRC - [2012/05/13 23:03:35 | 000,110,592 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\Tata Photon+.exe
PRC - [2012/04/21 06:48:58 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/09 17:43:18 | 001,220,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/09/08 06:46:00 | 002,401,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/09/01 06:16:22 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/19 06:24:14 | 002,399,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/12 06:10:32 | 000,973,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2010/11/16 19:07:38 | 000,264,704 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DataCardService\HWDeviceService.exe
PRC - [2005/04/15 08:31:46 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/15 09:29:12 | 008,797,856 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012/05/13 23:03:35 | 000,110,592 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\Tata Photon+.exe
MOD - [2012/05/13 23:03:29 | 000,528,384 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\atcomm.dll
MOD - [2012/05/13 23:03:29 | 000,159,744 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\DeviceMgrUIPlugin.dll
MOD - [2012/05/13 23:03:29 | 000,155,648 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\SMSPlugin.dll
MOD - [2012/05/13 23:03:29 | 000,151,552 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\DetectDev.dll
MOD - [2012/05/13 23:03:29 | 000,135,168 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\LocaleMgrPlugin.dll
MOD - [2012/05/13 23:03:29 | 000,102,400 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\DeviceMgrPlugin.dll
MOD - [2012/05/13 23:03:29 | 000,098,304 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\NetInfoPlugin.dll
MOD - [2012/05/13 23:03:29 | 000,090,112 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\FileManager.dll
MOD - [2012/05/13 23:03:29 | 000,086,016 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\DialUpPlugin.dll
MOD - [2012/05/13 23:03:29 | 000,081,920 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\CallPlugin.dll
MOD - [2012/05/13 23:03:29 | 000,061,440 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\XCodec.dll
MOD - [2012/05/13 23:03:29 | 000,061,440 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\DeviceOperate.dll
MOD - [2012/05/13 23:03:29 | 000,057,344 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\ConfigFilePlugin.dll
MOD - [2012/05/13 23:03:29 | 000,032,768 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\NotifyServicePlugin.dll
MOD - [2012/05/13 23:03:29 | 000,014,848 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\isaputrace.dll
MOD - [2012/04/21 06:49:01 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/11/16 19:07:38 | 000,264,704 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DataCardService\HWDeviceService.exe
MOD - [2004/08/04 00:56:46 | 001,287,680 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2004/08/04 00:56:46 | 000,385,024 | ---- | M] () -- C:\WINDOWS\system32\qdvd.dll
MOD - [2004/08/04 00:56:44 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/05/15 09:29:12 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/21 06:49:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/09/01 06:16:22 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/19 06:24:14 | 002,399,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/11/16 19:07:38 | 000,264,704 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\DataCardService\HWDeviceService.exe -- (HWDeviceService.exe)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/05/13 23:03:29 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012/05/13 23:03:29 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012/05/13 23:03:29 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:30 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/07/11 01:13:42 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/05/23 01:03:20 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2011/05/23 01:03:20 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2005/04/19 08:10:52 | 002,317,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/04 04:01:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/12/31 09:28:46 | 000,069,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/13 23:48:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/13 23:55:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/05/13 23:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mohammed Arshad\Application Data\Mozilla\Extensions
[2012/05/15 09:00:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mohammed Arshad\Application Data\Mozilla\Firefox\Profiles\jqg9lolt.default\extensions
[2012/05/13 23:55:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/21 06:49:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/21 06:48:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/21 06:48:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2001/08/23 17:30:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\(Empty).LNK = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2935036B-910A-4E97-A061-EBB53099BD36}: NameServer = 121.242.190.210 4.2.2.3
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\WINDOWS\system32\KHATRA.exe) - File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - wlnotify.dll (Microsoft Corporation)
O24 - Desktop WallPaper: D:\images\wallpapers\Picture XP\firefox.bmp
O24 - Desktop BackupWallPaper: D:\images\wallpapers\Picture XP\firefox.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - msnsspc.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/05/13 22:46:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/11/19 18:37:38 | 000,142,336 | R--- | M] () - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/11/25 00:41:52 | 000,000,047 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2009/07/03 14:13:04 | 000,000,094 | R--- | M] () - G:\autorun.sh -- [ CDFS ]
O33 - MountPoints2\{417e1a84-a00f-11e1-aaac-00148598862a}\Shell - "" = AutoRun
O33 - MountPoints2\{417e1a84-a00f-11e1-aaac-00148598862a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{417e1a84-a00f-11e1-aaac-00148598862a}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2010/11/19 18:37:38 | 000,142,336 | R--- | M] ()
O33 - MountPoints2\{417e1a86-a00f-11e1-aaac-00148598862a}\Shell - "" = AutoRun
O33 - MountPoints2\{417e1a86-a00f-11e1-aaac-00148598862a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{417e1a86-a00f-11e1-aaac-00148598862a}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2010/11/19 18:37:38 | 000,142,336 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/18 11:47:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mohammed Arshad\Start Menu\Programs\Administrative Tools
[2012/05/18 11:47:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012/05/18 11:28:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/05/17 17:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mohammed Arshad\Application Data\vlc
[2012/05/17 17:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/05/17 17:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/05/15 09:52:02 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2012/05/15 09:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mohammed Arshad\Application Data\Macromedia
[2012/05/15 09:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mohammed Arshad\Application Data\Adobe
[2012/05/14 10:11:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mohammed Arshad\My Documents\Downloads
[2012/05/14 03:57:14 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2012/05/14 03:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2012/05/14 03:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2012/05/14 03:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2012/05/14 03:57:09 | 000,000,000 | R--D | C] -- C:\Program Files
[2012/05/14 03:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2012/05/14 03:56:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2012/05/14 03:56:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2012/05/14 03:56:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2012/05/14 03:56:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2012/05/14 03:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2012/05/14 03:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2012/05/14 03:56:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2012/05/14 03:56:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2012/05/14 03:56:17 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2012/05/14 03:56:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2012/05/14 03:55:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2012/05/14 03:55:52 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/05/14 03:50:14 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2012/05/14 03:50:14 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2012/05/14 03:50:14 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2012/05/14 03:50:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2012/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2012/05/14 00:01:32 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/05/13 23:55:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mohammed Arshad\Local Settings\Application Data\Mozilla
[2012/05/13 23:55:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mohammed Arshad\Application Data\Mozilla
[2012/05/13 23:55:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/05/13 23:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/13 23:55:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/05/13 23:49:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mohammed Arshad\Application Data\AVG2012
[2012/05/13 23:48:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2012/05/13 23:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/05/13 23:47:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2012/05/13 23:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/05/13 23:38:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/05/13 23:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/05/13 23:24:47 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Mohammed Arshad\UserData
[2012/05/13 23:23:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/13 23:04:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tata Photon+
[2012/05/13 23:03:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DataCardService
[2012/05/13 23:03:38 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
[2012/05/13 23:03:38 | 000,235,392 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2012/05/13 23:03:38 | 000,193,792 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2012/05/13 23:03:38 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys
[2012/05/13 23:03:38 | 000,090,112 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys
[2012/05/13 23:03:38 | 000,073,216 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys
[2012/05/13 23:03:38 | 000,064,384 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys
[2012/05/13 23:03:38 | 000,026,624 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys
[2012/05/13 23:03:38 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2012/05/13 23:03:38 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwupgrade.sys
[2012/05/13 23:03:38 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys
[2012/05/13 23:03:18 | 000,000,000 | ---D | C] -- C:\Program Files\Tata Photon+
[2012/05/13 22:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\REALTEK Gigabit and Fast Ethernet NIC Driver
[2012/05/13 22:58:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS
[2012/05/13 22:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek Sound Manager
[2012/05/13 22:57:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Realtek Sound Manager
[2012/05/13 22:57:45 | 000,000,000 | ---D | C] -- C:\Program Files\AvRack
[2012/05/13 22:55:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012/05/13 22:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012/05/13 22:54:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2012/05/13 22:54:25 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/05/13 22:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/05/13 22:52:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\K.Backup
[2012/05/13 22:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mohammed Arshad\Application Data\Identities
[2012/05/13 22:51:51 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2012/05/13 22:51:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mohammed Arshad\My Documents\My Pictures
[2012/05/13 22:51:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mohammed Arshad\My Documents\My Music
[2012/05/13 22:51:45 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Mohammed Arshad\Application Data\Microsoft
[2012/05/13 22:51:45 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Mohammed Arshad\Cookies
[2012/05/13 22:51:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mohammed Arshad\SendTo
[2012/05/13 22:51:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mohammed Arshad\Recent
[2012/05/13 22:51:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mohammed Arshad\Application Data
[2012/05/13 22:51:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mohammed Arshad\My Documents
[2012/05/13 22:51:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mohammed Arshad\Favorites
[2012/05/13 22:51:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mohammed Arshad\PrintHood
[2012/05/13 22:51:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mohammed Arshad\NetHood
[2012/05/13 22:51:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mohammed Arshad\Local Settings
[2012/05/13 22:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mohammed Arshad\Local Settings\Application Data\Microsoft
[2012/05/13 22:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mohammed Arshad\Desktop
[2012/05/13 22:51:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mohammed Arshad\Start Menu\Programs\Startup
[2012/05/13 22:51:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mohammed Arshad\Start Menu
[2012/05/13 22:51:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mohammed Arshad\Start Menu\Programs\Accessories
[2012/05/13 22:51:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mohammed Arshad\Templates
[2012/05/13 22:50:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2012/05/13 22:50:51 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2012/05/13 22:50:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/05/13 22:50:50 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2012/05/13 22:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2012/05/13 22:50:20 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2012/05/13 22:50:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2012/05/13 22:48:48 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2012/05/13 22:48:48 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2012/05/13 22:48:48 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2012/05/13 22:47:25 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2012/05/13 22:46:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2012/05/13 22:46:50 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2012/05/13 22:46:50 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2012/05/13 22:45:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2012/05/13 22:45:18 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2012/05/13 22:45:18 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2012/05/13 22:45:07 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2012/05/13 22:44:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2012/05/13 22:44:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2012/05/13 22:43:59 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2012/05/13 22:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012/05/13 22:43:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2012/05/13 22:43:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2012/05/13 22:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2012/05/13 22:43:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2012/05/13 22:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2012/05/13 22:43:21 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2012/05/13 22:43:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2012/05/13 22:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2012/05/13 22:43:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2012/05/13 22:42:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2012/05/13 22:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2012/05/13 22:42:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2012/05/13 22:42:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2012/05/13 22:42:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2012/05/13 22:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2012/05/13 22:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2012/05/13 22:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2012/05/13 22:42:14 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2012/05/13 22:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2012/05/13 22:41:25 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2012/05/13 22:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2012/05/13 22:41:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2012/05/13 22:41:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2012/05/13 22:41:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/05/13 22:40:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/18 11:35:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/18 10:33:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/17 17:58:59 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\Mohammed Arshad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/17 17:58:10 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/05/16 19:37:18 | 098,321,667 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/05/15 22:34:54 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Mohammed Arshad\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/05/15 20:47:38 | 000,066,602 | ---- | M] () -- C:\Documents and Settings\Mohammed Arshad\Desktop\aslam.jpg
[2012/05/15 09:00:01 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/05/14 12:05:37 | 000,625,339 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2012/05/14 12:02:34 | 001,472,930 | ---- | M] () -- C:\Documents and Settings\Mohammed Arshad\Desktop\scan.jpg
[2012/05/13 23:55:29 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Mohammed Arshad\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/13 23:55:29 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/05/13 23:48:46 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/05/13 23:06:58 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/13 23:06:58 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/13 23:05:40 | 000,001,259 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\(Empty).LNK
[2012/05/13 23:04:24 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\Mohammed Arshad\Application Data\Microsoft\Internet Explorer\Quick Launch\Tata Photon+.lnk
[2012/05/13 23:04:24 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tata Photon+.lnk
[2012/05/13 23:03:56 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2012/05/13 23:03:55 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2012/05/13 23:03:29 | 000,861,696 | ---- | M] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
[2012/05/13 23:03:29 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2012/05/13 23:03:29 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2012/05/13 23:03:29 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys
[2012/05/13 23:03:29 | 000,090,112 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys
[2012/05/13 23:03:29 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys
[2012/05/13 23:03:29 | 000,064,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys
[2012/05/13 23:03:29 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys
[2012/05/13 23:03:29 | 000,025,856 | ---- | M] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2012/05/13 23:03:29 | 000,019,200 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwupgrade.sys
[2012/05/13 23:03:29 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys
[2012/05/13 22:57:47 | 000,001,519 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AvRack.lnk
[2012/05/13 22:52:01 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Mohammed Arshad\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/13 22:52:00 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Mohammed Arshad\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/05/13 22:51:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/13 22:50:23 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2012/05/13 22:50:12 | 000,090,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/13 22:49:38 | 000,004,382 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/13 22:49:33 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/05/13 22:46:32 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/05/13 22:46:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/05/13 22:46:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/05/13 22:46:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/05/13 22:46:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/05/13 22:46:28 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/05/13 22:46:27 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/05/13 22:46:27 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/05/13 22:46:16 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2012/05/13 22:42:49 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/05/13 22:40:14 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/17 17:58:10 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/05/16 19:37:18 | 098,321,667 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/05/15 22:34:54 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Mohammed Arshad\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/05/15 20:47:37 | 000,066,602 | ---- | C] () -- C:\Documents and Settings\Mohammed Arshad\Desktop\aslam.jpg
[2012/05/15 09:29:15 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/14 12:05:37 | 000,625,339 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2012/05/14 12:02:31 | 001,472,930 | ---- | C] () -- C:\Documents and Settings\Mohammed Arshad\Desktop\scan.jpg
[2012/05/14 03:57:18 | 000,004,382 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/05/14 03:57:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/05/14 03:57:11 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2012/05/14 03:57:11 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2012/05/14 03:57:11 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2012/05/14 03:57:10 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2012/05/14 03:56:48 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2012/05/14 03:56:36 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2012/05/14 03:56:36 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2012/05/14 03:56:36 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2012/05/14 03:56:36 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2012/05/14 03:56:36 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2012/05/14 03:56:36 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2012/05/14 03:56:36 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2012/05/14 03:56:36 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2012/05/14 03:56:36 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2012/05/14 03:56:36 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2012/05/14 03:56:36 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2012/05/14 03:56:36 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2012/05/14 03:56:36 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2012/05/14 03:56:36 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2012/05/14 03:56:35 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2012/05/14 03:56:35 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2012/05/14 03:56:35 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2012/05/14 03:56:34 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2012/05/14 03:56:34 | 000,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2012/05/14 03:55:52 | 000,090,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/14 03:55:02 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2012/05/14 03:54:59 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/05/13 23:55:29 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Mohammed Arshad\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/13 23:55:29 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/13 23:55:29 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/05/13 23:48:46 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/05/13 23:04:24 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\Mohammed Arshad\Application Data\Microsoft\Internet Explorer\Quick Launch\Tata Photon+.lnk
[2012/05/13 23:04:24 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tata Photon+.lnk
[2012/05/13 23:03:56 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2012/05/13 23:03:55 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2012/05/13 22:57:47 | 000,001,519 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AvRack.lnk
[2012/05/13 22:57:45 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2012/05/13 22:57:40 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2012/05/13 22:57:40 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/05/13 22:57:37 | 000,141,016 | ---- | C] () -- C:\WINDOWS\System32\ALSNDMGR.WAV
[2012/05/13 22:56:56 | 000,068,110 | R--- | C] () -- C:\WINDOWS\System32\igfxhhun.lhp
[2012/05/13 22:56:56 | 000,064,509 | R--- | C] () -- C:\WINDOWS\System32\igfxhtrk.lhp
[2012/05/13 22:56:56 | 000,063,265 | R--- | C] () -- C:\WINDOWS\System32\igfxhsve.lhp
[2012/05/13 22:56:56 | 000,062,804 | R--- | C] () -- C:\WINDOWS\System32\igfxhtha.lhp
[2012/05/13 22:56:56 | 000,061,826 | R--- | C] () -- C:\WINDOWS\System32\igfxhell.lhp
[2012/05/13 22:56:56 | 000,061,410 | R--- | C] () -- C:\WINDOWS\System32\igfxhrus.lhp
[2012/05/13 22:56:56 | 000,060,612 | R--- | C] () -- C:\WINDOWS\System32\igfxhcsy.lhp
[2012/05/13 22:56:55 | 000,066,112 | R--- | C] () -- C:\WINDOWS\System32\igfxhkor.lhp
[2012/05/13 22:56:55 | 000,063,210 | R--- | C] () -- C:\WINDOWS\System32\igfxhplk.lhp
[2012/05/13 22:56:55 | 000,062,769 | R--- | C] () -- C:\WINDOWS\System32\igfxhfrc.lhp
[2012/05/13 22:56:55 | 000,062,629 | R--- | C] () -- C:\WINDOWS\System32\igfxhjpn.lhp
[2012/05/13 22:56:55 | 000,062,453 | R--- | C] () -- C:\WINDOWS\System32\igfxhptg.lhp
[2012/05/13 22:56:55 | 000,062,451 | R--- | C] () -- C:\WINDOWS\System32\igfxhfra.lhp
[2012/05/13 22:56:55 | 000,061,845 | R--- | C] () -- C:\WINDOWS\System32\igfxhptb.lhp
[2012/05/13 22:56:55 | 000,060,178 | R--- | C] () -- C:\WINDOWS\System32\igfxhnor.lhp
[2012/05/13 22:56:55 | 000,060,138 | R--- | C] () -- C:\WINDOWS\System32\igfxhnld.lhp
[2012/05/13 22:56:55 | 000,059,747 | R--- | C] () -- C:\WINDOWS\System32\igfxhita.lhp
[2012/05/13 22:56:55 | 000,059,471 | R--- | C] () -- C:\WINDOWS\System32\igfxhheb.lhp
[2012/05/13 22:56:54 | 000,062,767 | R--- | C] () -- C:\WINDOWS\System32\igfxhfin.lhp
[2012/05/13 22:56:54 | 000,062,336 | R--- | C] () -- C:\WINDOWS\System32\igfxhdeu.lhp
[2012/05/13 22:56:54 | 000,060,769 | R--- | C] () -- C:\WINDOWS\System32\igfxhesp.lhp
[2012/05/13 22:56:54 | 000,060,247 | R--- | C] () -- C:\WINDOWS\System32\igfxhdan.lhp
[2012/05/13 22:56:54 | 000,059,390 | R--- | C] () -- C:\WINDOWS\System32\igfxhcht.lhp
[2012/05/13 22:56:54 | 000,059,200 | R--- | C] () -- C:\WINDOWS\System32\igfxharb.lhp
[2012/05/13 22:56:54 | 000,059,200 | R--- | C] () -- C:\WINDOWS\System32\igfxhara.lhp
[2012/05/13 22:56:54 | 000,058,563 | R--- | C] () -- C:\WINDOWS\System32\igfxhchs.lhp
[2012/05/13 22:56:54 | 000,058,384 | R--- | C] () -- C:\WINDOWS\System32\igfxheng.lhp
[2012/05/13 22:56:52 | 000,057,806 | R--- | C] () -- C:\WINDOWS\System32\igfxhenu.lhp
[2012/05/13 22:52:44 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Mohammed Arshad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/13 22:52:30 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2012/05/13 22:52:28 | 000,001,259 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\(Empty).LNK
[2012/05/13 22:52:00 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Mohammed Arshad\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/05/13 22:51:53 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Mohammed Arshad\Start Menu\Programs\Outlook Express.lnk
[2012/05/13 22:51:51 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Mohammed Arshad\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/13 22:51:51 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Mohammed Arshad\Start Menu\Programs\Internet Explorer.lnk
[2012/05/13 22:51:45 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Mohammed Arshad\Start Menu\Programs\Remote Assistance.lnk
[2012/05/13 22:51:45 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Mohammed Arshad\Start Menu\Programs\Windows Media Player.lnk
[2012/05/13 22:50:23 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2012/05/13 22:49:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/05/13 22:48:40 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2012/05/13 22:48:15 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2012/05/13 22:48:06 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2012/05/13 22:48:05 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2012/05/13 22:48:02 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2012/05/13 22:47:52 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2012/05/13 22:47:46 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2012/05/13 22:47:41 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2012/05/13 22:47:28 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2012/05/13 22:46:32 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/05/13 22:46:32 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/05/13 22:46:32 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/05/13 22:46:32 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2012/05/13 22:46:32 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2012/05/13 22:46:27 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/05/13 22:46:27 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/05/13 22:46:26 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2012/05/13 22:45:06 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/05/13 22:44:53 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2012/05/13 22:44:14 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2012/05/13 22:44:14 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2012/05/13 22:44:06 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2012/05/13 22:43:50 | 000,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2012/05/13 22:43:34 | 000,376,320 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2012/05/13 22:42:50 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/05/13 22:42:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/05/13 22:42:25 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2012/05/13 22:41:54 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2012/05/13 22:41:54 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2012/05/13 22:41:54 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2012/05/13 22:41:54 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2012/05/13 22:41:54 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2012/05/13 22:41:54 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2012/05/13 22:41:54 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2012/05/13 22:41:54 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2012/05/13 22:41:53 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2012/05/13 22:41:53 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2012/05/13 22:41:53 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2012/05/13 22:41:49 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2012/05/13 22:41:49 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2012/05/13 22:41:47 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2012/05/13 22:41:38 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc

========== LOP Check ==========

[2012/05/14 00:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/05/13 23:38:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/05/13 23:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataCardService
[2012/05/16 19:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/05/13 23:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mohammed Arshad\Application Data\AVG2012
[2012/05/15 09:00:01 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job

========== Purity Check ==========



< End of report >
  • 0

#3
CompCav
Posted 20 May 2012 - 07:42 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Hi, techslam! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Step 1.

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
  • Note: If RogueKiller will not run please try it several times, if it still does not run rename it winlogon.com and try it several times.
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on ShortcutsFix

    Posted Image
  • The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.


Step 2.

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image




  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :processes
killallprocesses

:OTL
O33 - MountPoints2\{417e1a84-a00f-11e1-aaac-00148598862a}\Shell - "" = AutoRun
O33 - MountPoints2\{417e1a84-a00f-11e1-aaac-00148598862a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{417e1a84-a00f-11e1-aaac-00148598862a}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2010/11/19 18:37:38 | 000,142,336 | R--- | M] ()
O33 - MountPoints2\{417e1a86-a00f-11e1-aaac-00148598862a}\Shell - "" = AutoRun
O33 - MountPoints2\{417e1a86-a00f-11e1-aaac-00148598862a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{417e1a86-a00f-11e1-aaac-00148598862a}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2010/11/19 18:37:38 | 000,142,336 | R--- | M] ()






:files
ipconfig /flushdns /c
C:\WINDOWS\Tasks\At*.job
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C




:reg


:Commands
[purity]
[resethosts]
[emptyjava]
[emptyflash]
[createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 3.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename it iexplore.exe and try it again.


Step 4.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under Extra Registry select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    C:\Program Files\Common Files\ComObjects\*.* /s
    C:\windows\*. /RP /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 5.

Please post:

All RkReport.xt logs
OTL fix log
aswMBR log
OTL.txt
Extras.txt

Give me an update on your computer's issues.
  • 0

#4
CompCav
Posted 24 May 2012 - 07:52 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP