Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32:Rootkit-gen [Rtk] Removal [Solved]

Started by silentarts , Aug 14 2012 03:41 AM

  • This topic is locked This topic is locked

#1
silentarts
Posted 14 August 2012 - 03:41 AM

silentarts

    Member

  • Member
  • PipPipPip
  • 171 posts
Hello...
Avast has picked up Win32:Rootkit-gen [Rtk] and cannot remove it. Also while downloading the necessary tools suggested to help remove infections such as Malwarebytes, it will not download. Thank you...

Also, a folder was detected in my Windows Folder called X...

I am unable to download HiJackThis as well, but I was able to run an OTL Scan with the parameters mentioned below

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
You may need two posts to fit them both in.



HERE IS A RESULT OF THAT SCAN...

OTL.TXT



OTL logfile created on: 8/14/2012 5:32:47 AM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Documents and Settings\Mamoo\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.17 Mb Total Physical Memory | 401.87 Mb Available Physical Memory | 39.59% Memory free
2.39 Gb Paging File | 1.80 Gb Available in Paging File | 75.36% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.94 Gb Total Space | 24.11 Gb Free Space | 86.29% Space Free | Partition Type: NTFS
Drive E: | 7.46 Gb Total Space | 1.64 Gb Free Space | 21.99% Space Free | Partition Type: NTFS

Computer Name: SPARKTECH | User Name: Mamoo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Mamoo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Mamoo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\WINDOWS\ATK0100\ATKOSD.exe ()
PRC - C:\WINDOWS\ATK0100\HControl.exe ()
PRC - C:\Program Files\Belkin\F5D9050\Belkinwcui.exe (Belkin)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\12081301\algo.dll ()
MOD - C:\Documents and Settings\Mamoo\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.77\ppgooglenaclpluginchrome.dll ()
MOD - C:\Documents and Settings\Mamoo\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.77\PepperFlash\pepflashplayer.dll ()
MOD - C:\Documents and Settings\Mamoo\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.77\pdf.dll ()
MOD - C:\Documents and Settings\Mamoo\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.77\avutil-51.dll ()
MOD - C:\Documents and Settings\Mamoo\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.77\avformat-54.dll ()
MOD - C:\Documents and Settings\Mamoo\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.77\avcodec-54.dll ()
MOD - C:\Program Files\Unlocker\UnlockerCOM.dll ()
MOD - C:\WINDOWS\ATK0100\ATKOSD.exe ()
MOD - C:\WINDOWS\ATK0100\HControl.exe ()
MOD - C:\Program Files\Belkin\F5D9050\blkwcapi.dll ()
MOD - C:\Program Files\Belkin\F5D9050\BelkinwcuiDLL.dll ()
MOD - C:\Program Files\Belkin\F5D9050\BelkinHWStatus.dll ()
MOD - C:\Program Files\Belkin\F5D9050\Security.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\ATK0100\CMSSC.dll ()
MOD - C:\WINDOWS\system32\antiwpa.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (MDC8021X) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (UnlockerDriver5) -- C:\Program Files\Unlocker\UnlockerDriver5.sys ()
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (StreamSurge) -- C:\WINDOWS\system32\drivers\ss.sys (WikiTek Inc.)
DRV - (risdptsk) -- C:\WINDOWS\system32\drivers\risdptsk.sys (REDC)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (BKNDIS5) -- C:\Program Files\Belkin\F5D9050\BKNDIS5.sys (Gemtek Technology Co.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys ()
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\HdAudio.sys (Windows ® Server 2003 DDK provider)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Mamoo\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Mamoo\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - homepage: http://www.google.tt/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.tt/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Mamoo\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Mamoo\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.77\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Mamoo\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Mamoo\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.77\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Mamoo\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: WGT Golf Challenge = C:\Documents and Settings\Mamoo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg\32.1.0_0\
CHR - Extension: Until AM = C:\Documents and Settings\Mamoo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk\0.203_0\
CHR - Extension: Google Maps = C:\Documents and Settings\Mamoo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.4_0\
CHR - Extension: Google Mail Checker = C:\Documents and Settings\Mamoo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\
CHR - Extension: Gmail = C:\Documents and Settings\Mamoo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2002/12/31 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe (Belkin)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HDAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UIUCU] C:\DOCUME~1\Mamoo\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP File not found
O4 - HKLM..\Run: [UIUCU2] C:\DOCUME~1\Mamoo\LOCALS~1\Temp\UIUCU2.EXE -CLEAN_UP2 File not found
O4 - HKCU..\Run: [DriverMax] File not found
O4 - HKCU..\Run: [DriverMax_RESTART] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ConfirmFileDelete = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57BEA84D-BC71-42F1-AC6B-D97025A820A9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCE3DB3E-208A-4744-ABD9-4369CE65A3AB}: NameServer = 196.3.132.153,196.3.132.154
O20 - AppInit_DLLs: (WIKI.DLL) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Antiwpa: DllName - (antiwpa.dll) - C:\WINDOWS\System32\antiwpa.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/08/09 16:27:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2012/08/14 05:30:06 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mamoo\Desktop\OTL.exe
[2012/08/14 05:25:06 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/08/13 18:17:15 | 000,000,000 | ---D | C] -- C:\Torrents
[2012/08/12 20:01:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mamoo\Recent
[2012/08/11 21:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mamoo\Application Data\FileZilla
[2012/08/11 21:20:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mamoo\Start Menu\Programs\FileZilla FTP Client
[2012/08/11 21:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2012/08/11 14:05:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2012/08/11 13:52:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/08/11 13:46:34 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2012/08/11 13:41:18 | 000,051,328 | ---- | C] (REDC) -- C:\WINDOWS\System32\drivers\rimsptsk.sys
[2012/08/11 13:41:18 | 000,027,136 | ---- | C] (REDC) -- C:\WINDOWS\System32\drivers\risdptsk.sys
[2012/08/11 13:37:49 | 002,805,248 | R--- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2012/08/11 13:37:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2012/08/11 13:37:40 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/08/11 11:47:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ATK0100
[2012/08/10 00:07:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2012/08/09 22:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012/08/09 22:42:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2012/08/09 22:42:13 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/08/09 21:16:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mamoo\My Documents\Downloads
[2012/08/09 17:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mamoo\Start Menu\Programs\Google Chrome
[2012/08/09 17:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mamoo\Application Data\Macromedia
[2012/08/09 17:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mamoo\Application Data\Adobe
[2012/08/09 17:25:59 | 001,245,184 | ---- | C] (Motorola Inc.) -- C:\WINDOWS\System32\BCMWLCPL.CPL
[2012/08/09 17:25:43 | 000,163,848 | ---- | C] (Motorola Inc.) -- C:\WINDOWS\System32\BCMWLU00.EXE
[2012/08/09 17:25:43 | 000,069,640 | ---- | C] (Motorola Inc.) -- C:\WINDOWS\System32\BCMWLD2K.EXE
[2012/08/09 17:22:29 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2012/08/09 17:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/08/09 17:22:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/08/09 17:22:20 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/08/09 17:22:19 | 000,353,688 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/08/09 17:22:14 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/08/09 17:22:14 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/08/09 17:22:13 | 000,721,000 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/08/09 17:22:12 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/08/09 17:22:12 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/08/09 17:22:11 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/08/09 17:22:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mamoo\Desktop\Apps
[2012/08/09 17:21:50 | 000,245,248 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt73.sys
[2012/08/09 17:21:50 | 000,036,864 | ---- | C] (WikiTek Inc.) -- C:\WINDOWS\System32\ss.dll
[2012/08/09 17:21:50 | 000,019,968 | ---- | C] (WikiTek Inc.) -- C:\WINDOWS\System32\drivers\ss.sys
[2012/08/09 17:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Belkin Wireless Network Utility
[2012/08/09 17:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2012/08/09 17:21:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/08/09 17:21:31 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/08/09 17:21:30 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/08/09 17:21:05 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/09 17:21:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/08/09 17:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\ExplorerXP
[2012/08/09 17:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mamoo\Start Menu\Programs\ExplorerXP
[2012/08/09 17:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/08/09 17:18:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/08/09 17:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2012/08/09 17:17:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/08/09 17:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012/08/09 17:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2012/08/09 17:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mamoo\Start Menu\Programs\Unlocker
[2012/08/09 17:17:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mamoo\Local Settings\Application Data\Innovative Solutions
[2012/08/09 17:17:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DriverMax
[2012/08/09 17:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2012/08/09 17:16:47 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/08/09 17:16:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mamoo\Application Data\uTorrent
[2012/08/09 17:16:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mamoo\Local Settings\Application Data\Google
[2012/08/09 17:08:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mamoo\My Documents\My Pictures
[2012/08/09 17:08:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mamoo\My Documents\My Music
[2012/08/09 17:08:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mamoo\Application Data\Identities
[2012/08/09 17:08:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mamoo\Local Settings\Application Data\Microsoft
[2012/08/09 17:08:07 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Mamoo\Application Data\Microsoft
[2012/08/09 17:08:07 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Mamoo\Cookies
[2012/08/09 17:08:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mamoo\SendTo
[2012/08/09 17:08:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mamoo\Application Data
[2012/08/09 17:08:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mamoo\Start Menu\Programs\Startup
[2012/08/09 17:08:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mamoo\Start Menu
[2012/08/09 17:08:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mamoo\My Documents
[2012/08/09 17:08:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mamoo\Favorites
[2012/08/09 17:08:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mamoo\Start Menu\Programs\Accessories
[2012/08/09 17:08:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mamoo\Templates
[2012/08/09 17:08:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mamoo\PrintHood
[2012/08/09 17:08:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mamoo\NetHood
[2012/08/09 17:08:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mamoo\Local Settings
[2012/08/09 17:08:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mamoo\Desktop
[2012/08/09 17:07:19 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2012/08/09 17:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2012/08/09 16:29:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2012/08/09 16:28:58 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2012/08/09 16:27:06 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2012/08/09 16:27:05 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2012/08/09 16:26:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2012/08/09 16:26:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2012/08/09 16:26:49 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2012/08/09 16:26:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2012/08/09 16:26:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012/08/09 16:26:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2012/08/09 16:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2012/08/09 16:26:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2012/08/09 16:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2012/08/09 16:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2012/08/09 16:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2012/08/09 16:25:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2012/08/09 16:25:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2012/08/09 16:24:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2012/08/09 16:24:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2012/08/09 16:23:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2012/08/09 11:57:41 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2012/08/09 11:57:40 | 000,000,000 | R--D | C] -- C:\Program Files
[2012/08/09 11:57:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2012/08/09 11:57:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2012/08/09 11:57:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2012/08/09 11:57:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2012/08/09 11:57:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2012/08/09 11:57:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2012/08/09 11:57:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2012/08/09 11:57:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2012/08/09 11:57:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2012/08/09 11:57:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2012/08/09 11:57:01 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2012/08/09 11:57:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2012/08/09 11:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2012/08/09 11:53:24 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2012/08/09 11:53:24 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2012/08/09 11:53:24 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2012/08/09 11:53:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2012/08/09 11:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/14 05:30:42 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mamoo\Desktop\OTL.exe
[2012/08/14 05:11:44 | 000,030,444 | ---- | M] () -- C:\Documents and Settings\Mamoo\Desktop\cover.jpg
[2012/08/13 19:41:58 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Mamoo\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/11 13:56:05 | 084,906,626 | ---- | M] () -- C:\Documents and Settings\Mamoo\Desktop\Asus Z61Ae Windows XP Drivers.zip
[2012/08/11 13:53:00 | 000,309,662 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/08/11 13:53:00 | 000,039,124 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/08/11 13:48:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/11 13:39:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/09 22:51:19 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\Mamoo\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook Express.lnk
[2012/08/09 22:46:04 | 000,083,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/09 17:22:12 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/08/09 17:20:29 | 000,005,802 | ---- | M] () -- C:\Documents and Settings\Mamoo\My Documents\Registry Backup.reg
[2012/08/09 17:08:16 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Mamoo\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/08/09 16:29:03 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2012/08/09 16:28:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/08/09 16:27:57 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/08/09 16:27:57 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/08/09 16:27:57 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/08/09 16:27:57 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/08/09 16:27:48 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2012/08/09 16:26:00 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/08/09 16:23:15 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/14 05:11:49 | 000,030,444 | ---- | C] () -- C:\Documents and Settings\Mamoo\Desktop\cover.jpg
[2012/08/11 13:56:05 | 084,906,626 | ---- | C] () -- C:\Documents and Settings\Mamoo\Desktop\Asus Z61Ae Windows XP Drivers.zip
[2012/08/11 13:46:34 | 000,129,045 | R--- | C] () -- C:\WINDOWS\System32\drivers\HSFProf.cty
[2012/08/11 13:37:46 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2012/08/11 13:37:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/08/09 22:51:19 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\Mamoo\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook Express.lnk
[2012/08/09 17:40:51 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Mamoo\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/09 17:35:08 | 000,001,036 | ---- | C] () -- C:\Documents and Settings\Mamoo\Desktop\CleanTemp.bat
[2012/08/09 17:30:35 | 000,068,112 | R--- | C] () -- C:\WINDOWS\System32\igfxhhun.lhp
[2012/08/09 17:30:35 | 000,066,013 | R--- | C] () -- C:\WINDOWS\System32\igfxhkor.lhp
[2012/08/09 17:30:35 | 000,064,513 | R--- | C] () -- C:\WINDOWS\System32\igfxhtrk.lhp
[2012/08/09 17:30:35 | 000,063,269 | R--- | C] () -- C:\WINDOWS\System32\igfxhsve.lhp
[2012/08/09 17:30:35 | 000,063,208 | R--- | C] () -- C:\WINDOWS\System32\igfxhplk.lhp
[2012/08/09 17:30:35 | 000,062,836 | R--- | C] () -- C:\WINDOWS\System32\igfxhtha.lhp
[2012/08/09 17:30:35 | 000,062,770 | R--- | C] () -- C:\WINDOWS\System32\igfxhfin.lhp
[2012/08/09 17:30:35 | 000,062,740 | R--- | C] () -- C:\WINDOWS\System32\igfxhfrc.lhp
[2012/08/09 17:30:35 | 000,062,578 | R--- | C] () -- C:\WINDOWS\System32\igfxhjpn.lhp
[2012/08/09 17:30:35 | 000,062,465 | R--- | C] () -- C:\WINDOWS\System32\igfxhptg.lhp
[2012/08/09 17:30:35 | 000,062,454 | R--- | C] () -- C:\WINDOWS\System32\igfxhfra.lhp
[2012/08/09 17:30:35 | 000,062,339 | R--- | C] () -- C:\WINDOWS\System32\igfxhdeu.lhp
[2012/08/09 17:30:35 | 000,061,839 | R--- | C] () -- C:\WINDOWS\System32\igfxhptb.lhp
[2012/08/09 17:30:35 | 000,061,831 | R--- | C] () -- C:\WINDOWS\System32\igfxhell.lhp
[2012/08/09 17:30:35 | 000,061,414 | R--- | C] () -- C:\WINDOWS\System32\igfxhrus.lhp
[2012/08/09 17:30:35 | 000,060,786 | R--- | C] () -- C:\WINDOWS\System32\igfxhesp.lhp
[2012/08/09 17:30:35 | 000,060,659 | R--- | C] () -- C:\WINDOWS\System32\igfxhcsy.lhp
[2012/08/09 17:30:35 | 000,060,244 | R--- | C] () -- C:\WINDOWS\System32\igfxhdan.lhp
[2012/08/09 17:30:35 | 000,060,141 | R--- | C] () -- C:\WINDOWS\System32\igfxhnld.lhp
[2012/08/09 17:30:35 | 000,060,085 | R--- | C] () -- C:\WINDOWS\System32\igfxhnor.lhp
[2012/08/09 17:30:35 | 000,059,687 | R--- | C] () -- C:\WINDOWS\System32\igfxhita.lhp
[2012/08/09 17:30:35 | 000,059,471 | R--- | C] () -- C:\WINDOWS\System32\igfxhheb.lhp
[2012/08/09 17:30:35 | 000,059,354 | R--- | C] () -- C:\WINDOWS\System32\igfxhcht.lhp
[2012/08/09 17:30:35 | 000,059,200 | R--- | C] () -- C:\WINDOWS\System32\igfxharb.lhp
[2012/08/09 17:30:35 | 000,059,200 | R--- | C] () -- C:\WINDOWS\System32\igfxhara.lhp
[2012/08/09 17:30:35 | 000,058,623 | R--- | C] () -- C:\WINDOWS\System32\igfxheng.lhp
[2012/08/09 17:30:35 | 000,058,430 | R--- | C] () -- C:\WINDOWS\System32\igfxhchs.lhp
[2012/08/09 17:30:35 | 000,057,801 | R--- | C] () -- C:\WINDOWS\System32\igfxhenu.lhp
[2012/08/09 17:27:58 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\antiwpa.dll
[2012/08/09 17:26:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2012/08/09 17:26:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2012/08/09 17:21:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\F5D9050.dll
[2012/08/09 17:20:28 | 000,005,802 | ---- | C] () -- C:\Documents and Settings\Mamoo\My Documents\Registry Backup.reg
[2012/08/09 17:08:16 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Mamoo\Start Menu\Programs\Internet Explorer.lnk
[2012/08/09 17:08:16 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Mamoo\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/08/09 17:08:15 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Mamoo\Start Menu\Programs\Outlook Express.lnk
[2012/08/09 17:08:07 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Mamoo\Start Menu\Programs\Remote Assistance.lnk
[2012/08/09 16:29:03 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2012/08/09 16:28:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/08/09 16:27:57 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/08/09 16:27:57 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/08/09 16:27:57 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2012/08/09 16:27:57 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2012/08/09 16:26:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/08/09 16:24:55 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2012/08/09 16:24:55 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2012/08/09 16:24:54 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2012/08/09 16:24:48 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2012/08/09 11:57:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/08/09 11:57:19 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2012/08/09 11:57:19 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2012/08/09 11:57:19 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2012/08/09 11:57:19 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2012/08/09 11:57:19 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2012/08/09 11:57:19 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2012/08/09 11:57:19 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2012/08/09 11:57:18 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2012/08/09 11:57:18 | 000,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2012/08/09 11:56:25 | 000,083,928 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/09 11:55:59 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2012/08/09 11:55:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/08/09 16:27:57 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/08/09 16:23:15 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/08/09 16:27:57 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/08/09 16:27:57 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/08/09 16:27:57 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 01:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 01:59:34 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2012/08/11 13:48:09 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2012/08/09 16:27:36 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2012/07/03 12:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2012/08/09 11:55:57 | 000,081,920 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2012/08/09 11:55:57 | 000,618,496 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2012/08/09 11:55:57 | 000,729,088 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2012/08/09 16:28:04 | 000,000,231 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/08/09 17:08:16 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Mamoo\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2012/08/09 17:08:16 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Mamoo\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/08/14 05:30:42 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mamoo\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >




EXTRAS.TXT


OTL Extras logfile created on: 8/14/2012 5:32:47 AM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Documents and Settings\Mamoo\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.17 Mb Total Physical Memory | 401.87 Mb Available Physical Memory | 39.59% Memory free
2.39 Gb Paging File | 1.80 Gb Available in Paging File | 75.36% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.94 Gb Total Space | 24.11 Gb Free Space | 86.29% Space Free | Partition Type: NTFS
Drive E: | 7.46 Gb Total Space | 1.64 Gb Free Space | 21.99% Space Free | Partition Type: NTFS

Computer Name: SPARKTECH | User Name: Mamoo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.7A4YTOGLANQO3VS7EGKKNO2TNY] -- C:\Documents and Settings\Mamoo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{9922FE96-6803-498D-A6AD-4EB5A3B956A5}" = Belkin Wireless G Plus MIMO USB Network Adapter
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10431966" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"DMX5_is1" = DriverMax 6
"ExplorerXP" = ExplorerXP (remove only)
"HControl" = ATK0100 ACPI UTILITY
"Motorola Wireless Network Adapter" = Motorola Wireless Network Adapter
"Unlocker" = Unlocker 1.9.1
"uTorrent" = µTorrent

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.5.3
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ System Events ]
Error - 8/10/2012 12:05:45 AM | Computer Name = SPARKTECH | Source = PSched | ID = 14103
Description = QoS [Adapter {BA9BBFC4-E203-4E63-B6FF-9E38090ECB17}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 8/10/2012 12:06:45 AM | Computer Name = SPARKTECH | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetbiosSmb because
another computer on the network has the same name. The server could not start.

Error - 8/11/2012 12:07:03 AM | Computer Name = SPARKTECH | Source = PSched | ID = 14103
Description = QoS [Adapter {FCE3DB3E-208A-4744-ABD9-4369CE65A3AB}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 8/11/2012 12:13:03 AM | Computer Name = SPARKTECH | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MAINPC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FCE3DB3E-208A-4744-AB.
The
master browser is stopping or an election is being forced.

Error - 8/11/2012 10:55:18 AM | Computer Name = SPARKTECH | Source = PSched | ID = 14103
Description = QoS [Adapter {FCE3DB3E-208A-4744-ABD9-4369CE65A3AB}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 8/11/2012 1:34:16 PM | Computer Name = SPARKTECH | Source = PSched | ID = 14103
Description = QoS [Adapter {FCE3DB3E-208A-4744-ABD9-4369CE65A3AB}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 8/12/2012 7:59:08 PM | Computer Name = SPARKTECH | Source = PSched | ID = 14103
Description = QoS [Adapter {57BEA84D-BC71-42F1-AC6B-D97025A820A9}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 8/13/2012 2:36:11 PM | Computer Name = SPARKTECH | Source = PSched | ID = 14103
Description = QoS [Adapter {57BEA84D-BC71-42F1-AC6B-D97025A820A9}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 8/13/2012 4:09:31 PM | Computer Name = SPARKTECH | Source = PSched | ID = 14103
Description = QoS [Adapter {57BEA84D-BC71-42F1-AC6B-D97025A820A9}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.


< End of report >


Thanks a whole lot!
  • 0

Advertisements

#2
silentarts
Posted 14 August 2012 - 03:45 AM

silentarts

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts
Here is also a DDS.scr Scan Report

DDS.TXT


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180
Run by Mamoo at 5:41:52 on 2012-08-14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.426 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Documents and Settings\Mamoo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Mamoo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mamoo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mamoo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mamoo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mamoo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mamoo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mamoo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mamoo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: SfcDisable=-99 (0xffffff9d)
uRun: [DriverMax]
uRun: [DriverMax_RESTART]
uRun: [Google Update] "c:\documents and settings\mamoo\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [F5D9050] c:\program files\belkin\f5d9050\Belkinwcui.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [UIUCU2] c:\docume~1\mamoo\locals~1\temp\UIUCU2.EXE -CLEAN_UP2
mRun: [HControl] c:\windows\atk0100\HControl.exe
mRun: [UIUCU] c:\docume~1\mamoo\locals~1\temp\UIUCU.EXE -CLEAN_UP
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
uPolicies-explorer: NoSMHelp = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoInternetIcon = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
uPolicies-explorer: NoWindowsUpdate = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: DisableStatusMessages = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: NoInternetIcon = 1 (0x1)
dPolicies-explorer: NoInstrumentation = 1 (0x1)
dPolicies-explorer: NoWindowsUpdate = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{57BEA84D-BC71-42F1-AC6B-D97025A820A9} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FCE3DB3E-208A-4744-ABD9-4369CE65A3AB} : NameServer = 196.3.132.153,196.3.132.154
Notify: Antiwpa - antiwpa.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: WIKI.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-8-9 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-8-9 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-8-9 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-8-9 44808]
R3 BKNDIS5;BKNDIS5 NDIS Protocol Driver;c:\progra~1\belkin\f5d9050\BKNDIS5.SYS [2012-8-9 15872]
R3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\drivers\ss.sys [2012-8-9 19968]
.
=============== Created Last 30 ================
.
2012-08-13 22:17:15 -------- d-----w- C:\Torrents
2012-08-11 17:52:07 65536 ----a-r- c:\windows\ALCMTR.EXE
2012-08-11 17:47:13 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
2012-08-11 17:47:11 82944 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2012-08-11 17:47:09 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2012-08-11 17:47:07 54272 ----a-w- c:\windows\system32\drivers\swmidi.sys
2012-08-11 17:47:05 142464 ----a-w- c:\windows\system32\drivers\aec.sys
2012-08-11 17:47:03 171776 ----a-w- c:\windows\system32\drivers\kmixer.sys
2012-08-11 17:47:01 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2012-08-11 17:46:59 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2012-08-11 17:46:56 7552 ----a-w- c:\windows\system32\drivers\MSKSSRV.sys
2012-08-11 17:46:54 4992 ----a-w- c:\windows\system32\drivers\MSPQM.sys
2012-08-11 17:46:51 5376 ----a-w- c:\windows\system32\drivers\MSPCLOCK.sys
2012-08-11 17:46:34 86016 ----a-r- c:\windows\system32\mdmxsdk.dll
2012-08-11 17:46:34 39018 ----a-r- c:\windows\system32\hsfci011.dll
2012-08-11 17:46:34 163328 ----a-r- c:\windows\system32\drivers\HSFHWAZL.sys
2012-08-11 17:46:34 13059 ----a-r- c:\windows\system32\drivers\mdmxsdk.sys
2012-08-11 17:46:34 1036928 ----a-r- c:\windows\system32\drivers\HSF_DP.sys
2012-08-11 17:46:34 -------- d-----w- c:\program files\CONEXANT
2012-08-11 17:46:33 702592 ----a-r- c:\windows\system32\drivers\HSF_CNXT.sys
2012-08-11 17:44:51 4096 ----a-w- c:\windows\system32\ksuser.dll
2012-08-11 17:44:51 130048 ----a-w- c:\windows\system32\ksproxy.ax
2012-08-11 17:44:50 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
2012-08-11 17:41:18 90112 ----a-w- c:\windows\system32\snymsico.dll
2012-08-11 17:41:18 51328 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2012-08-11 17:41:18 27136 ----a-w- c:\windows\system32\drivers\risdptsk.sys
2012-08-11 17:40:32 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2012-08-11 17:40:32 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2012-08-11 17:40:32 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2012-08-11 17:40:32 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2012-08-11 17:40:32 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2012-08-11 17:40:31 692224 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2012-08-11 17:40:31 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2012-08-11 17:40:30 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2012-08-11 17:36:06 22752 ----a-w- c:\windows\system32\spupdsvc.exe
2012-08-11 15:47:31 -------- d-----w- c:\windows\ATK0100
2012-08-10 04:07:12 -------- d-----w- c:\windows\system32\LogFiles
2012-08-10 02:42:18 -------- d-----w- c:\windows\system32\ReinstallBackups
2012-08-09 21:37:15 163840 ----a-r- c:\windows\system32\igfxres.dll
2012-08-09 21:27:58 60416 ----a-w- c:\windows\system32\antiwpa.dll
2012-08-09 21:26:01 15781 ----a-w- c:\windows\system32\drivers\mdc8021x.sys
2012-08-09 21:26:00 913408 ------w- c:\windows\system32\AegisE5.dll
2012-08-09 21:26:00 81920 ------w- c:\windows\system32\wltrynt.dll
2012-08-09 21:26:00 69632 ------w- c:\windows\system32\BCMLogon.dll
2012-08-09 21:26:00 57344 ------w- c:\windows\system32\WLTRYSVC.EXE
2012-08-09 21:26:00 110592 ------w- c:\windows\system32\AegisI5.exe
2012-08-09 21:25:59 671847 ------w- c:\windows\system32\BCMWLTRY.EXE
2012-08-09 21:25:59 1245184 ------w- c:\windows\system32\BCMWLCPL.CPL
2012-08-09 21:25:43 69640 ------w- c:\windows\system32\BCMWLD2K.EXE
2012-08-09 21:25:43 359552 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2012-08-09 21:25:43 163848 ------w- c:\windows\system32\BCMWLU00.EXE
2012-08-09 21:22:29 -------- d-s---w- c:\windows\system32\Microsoft
2012-08-09 21:22:13 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-09 21:22:07 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2012-08-09 21:19:22 -------- d-----w- c:\program files\ExplorerXP
2012-08-09 21:18:19 -------- d-----w- c:\program files\CCleaner
2012-08-09 21:17:28 -------- d-----w- c:\program files\Unlocker
2012-08-09 21:17:13 -------- d-----w- c:\documents and settings\mamoo\local settings\application data\Innovative Solutions
2012-08-09 21:17:10 -------- d-----w- c:\program files\Innovative Solutions
2012-08-09 21:16:47 -------- d-----w- c:\program files\uTorrent
2012-08-09 21:16:24 -------- d-----w- c:\documents and settings\mamoo\application data\uTorrent
2012-08-09 21:16:09 -------- d-----w- c:\documents and settings\mamoo\local settings\application data\Google
2012-08-09 20:27:06 -------- d-----r- c:\windows\Offline Web Pages
2012-08-09 20:27:05 -------- d-s---w- c:\windows\Downloaded Program Files
2012-08-09 20:25:34 -------- d-----w- c:\windows\Registration
2012-08-09 20:25:10 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-08-09 20:25:10 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2012-08-09 20:25:07 -------- d-----w- c:\windows\system32\wbem\Performance
2012-08-09 16:00:55 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2012-08-09 16:00:06 57472 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-08-09 15:59:36 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2012-08-09 15:59:16 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2012-08-09 15:58:48 74240 ----a-w- c:\windows\system32\usbui.dll
2012-08-09 15:58:44 9344 ----a-w- c:\windows\system32\drivers\compbatt.sys
2012-08-09 15:58:43 14080 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2012-08-09 15:58:43 14080 ----a-w- c:\windows\system32\drivers\battc.sys
2012-08-09 15:56:26 -------- d-----w- C:\Documents and Settings
.
==================== Find3M ====================
.
2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr
.
============= FINISH: 5:42:18.53 ===============




ATTACH.TXT


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/9/2012 4:28:12 PM
System Uptime: 8/12/2012 4:02:48 AM (49 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Z61Ae
Processor: Intel® Pentium® M processor 1.60GHz | CPU 1 | 1596/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 28 GiB total, 24.103 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_10451043&REV_10\4&3AE5ECD5&0&00F0
Manufacturer: Realtek
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_10451043&REV_10\4&3AE5ECD5&0&00F0
Service: rtl8139
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\338208CE01800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\338208CE01800
Service: NIC1394
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
ATK0100 ACPI UTILITY
avast! Free Antivirus
Belkin Wireless G Plus MIMO USB Network Adapter
CCleaner
DriverMax 6
ExplorerXP (remove only)
FileZilla Client 3.5.3
Google Chrome
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB888111
Intel® Graphics Media Accelerator Driver for Mobile
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Motorola Wireless Network Adapter
Realtek High Definition Audio Driver
Unlocker 1.9.1
WinZip 15.0
.
==== Event Viewer Messages From Past Week ========
.
8/12/2012 7:59:08 PM, error: PSched [14103] - QoS [Adapter {57BEA84D-BC71-42F1-AC6B-D97025A820A9}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
8/11/2012 12:13:03 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer MAINPC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FCE3DB3E-208A-4744-AB. The master browser is stopping or an election is being forced.
8/11/2012 10:55:18 AM, error: PSched [14103] - QoS [Adapter {FCE3DB3E-208A-4744-ABD9-4369CE65A3AB}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
8/10/2012 12:06:45 AM, error: Server [2505] - The server could not bind to the transport \Device\NetbiosSmb because another computer on the network has the same name. The server could not start.
8/10/2012 12:05:45 AM, error: PSched [14103] - QoS [Adapter {BA9BBFC4-E203-4E63-B6FF-9E38090ECB17}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
.
==== End Of File ===========================


  • 0

#3
silentarts
Posted 16 August 2012 - 06:42 PM

silentarts

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts
Can somebody please respond to my posts....I need help with this! Thanks
  • 0

#4
Render
Posted 17 August 2012 - 04:37 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
    Note: If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that. Please attach it here.

How to add an attachment to a new topic or reply
  • 0

#5
silentarts
Posted 19 August 2012 - 10:18 PM

silentarts

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts
Thanks for your response...

Here is my aswMBR Log File as well as the .dat file Attached...


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-20 00:22:08
-----------------------------
00:22:08.468 OS Version: Windows 5.1.2600 Service Pack 2
00:22:08.468 Number of processors: 1 586 0xD06
00:22:08.468 ComputerName: SPARKTECHTT UserName: Mamoo
00:22:09.952 Initialize success
00:22:10.671 AVAST engine defs: 12081901
00:22:37.827 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
00:22:37.843 Disk 0 Vendor: Size: 0MB BusType: 0
00:22:37.843 Disk 0 MBR read successfully
00:22:37.843 Disk 0 MBR scan
00:22:37.843 Disk 0 Windows XP default MBR code
00:22:37.843 Disk 0 MBR hidden
00:22:37.843 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 28607 MB offset 63
00:22:37.906 Disk 0 scanning C:\WINDOWS\system32\drivers
00:22:47.249 Service scanning
00:23:02.296 Modules scanning
00:23:32.359 Disk 0 trace - called modules:
00:23:32.374 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
00:23:32.374 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86345ab8]
00:23:32.718 3 CLASSPNP.SYS[f763805b] -> nt!IofCallDriver -> \Device\00000086[0x863749e8]
00:23:32.718 5 ACPI.sys[f758e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86347940]
00:23:33.140 AVAST engine scan C:\WINDOWS
00:23:35.937 AVAST engine scan C:\WINDOWS\system32
00:24:39.656 AVAST engine scan C:\WINDOWS\system32\drivers
00:24:49.656 AVAST engine scan C:\Documents and Settings\Mamoo
00:25:34.781 AVAST engine scan C:\Documents and Settings\All Users
00:25:40.515 Scan finished successfully
00:25:48.327 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mamoo\Desktop\MBR.dat"
00:25:48.327 The log file has been saved successfully to "C:\Documents and Settings\Mamoo\Desktop\aswMBR.txt"





THANKS FOR YOUR HELP!

Attached Files

  • Attached File  MBR.dat   512bytes   186 downloads

Edited by silentarts, 20 August 2012 - 03:26 AM.

  • 0

#6
Render
Posted 20 August 2012 - 05:55 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

You are running an illegal version of Windows XP

Antiwpa.dll circumvents Windows Activation or Validation which implies that your copy of Windows is illegal. I know that some users actually do not know their Windows copy is illegal - it is a used computer or bought from unscrupulous vendors, etc. Beside the legal and moral position, cleaning your computer could be a waste of time as further infection is highly likely, since you cannot receive and install all the Windows updates to patch the security holes, etc.

Antiwpa.dll is a prohibited software crack which is used to avoid the Windows' copy protection. Now we at GeeksToGo are facing a dilemma. We really want to help you get rid of the infection you have on your computer, because that infection was caused by cybercriminals. But by helping you, we are helping someone who himself is breaking the law (knowingly or not knowingly).

Of course this is not the first time we face this dilemma and GeeksToGo has adapted the following simple policy: if you have problems with an illegal piece of software, we will not be able to help you until you have purchased a legal version of it.
Please do not take this decision personally. I will be happy to help you with any malware problems after you install a legal copy of the Windows Operating System.

There are three ways to validate your license of Windows XP:
  • Use the Start Menu and navigate to the Activate Windows link. Through this, it will allow you to enter your product key, and to properly register Windows, so it will be licensed/genuine.
  • Contact Microsoft for a replacement product key. You can do this by having your proof of purchase ready, and be prepared to fax the information. You can find out more information about contacting them by this link. See the section Replacement product key.
  • Buy a new, retail version of Windows. You can either find them in home electronics in department stores.

If you require any assistance in this process, please let us know.
  • 0

#7
Render
Posted 25 August 2012 - 03:38 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP