Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan agent/ Gen-Zbot [Solved]


  • This topic is locked This topic is locked

#1
blink10

blink10

    Member

  • Member
  • PipPipPip
  • 225 posts
I have been suffering from this for the last 5 days and I thought I could handle it alone but I could not.
It all started when Superantispyware caught a Trojan agent/ Gen-Zbot in my codecs folder , the file is called avcodec-lav-55.DLL and there are two instances/ versions of it and both are infected.
Once Sueprantispyware gets to rebooting and removing , the pc never boots back. It just gives me a Green screen of death that has a countdown of times it has appeared. I usually solve that problem by going to safemode , using superantispyware , combofix and Kaspersky internet security 2013 but they find nothing. I use the repairs in superantispyware feature to get the clock back to its default settings and a couple more of stuff (I know I went over the board with this and did some repairs that may not have been necessary)
PC boots ok after but it is a bit sluggish and even my mouse freezes a lot till it just dies. I am now using another mouse and I am hoping it wont have the fate of its sister :D

The above scenario has been repeating for the last five days except for the mouse part which only happened an hour ago. I had to remove my codecs mutliple times because it would no longer play any videos and told me there is something wrong with my sound card till I reinstalled.

A point to mention though
I ran RKill.exe and this is what I got in the report

RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]


What changed now is that I installed the codecs in Disk D but it found it and infected it again but also it infected NVCPL.DLL in system 32

No matter what I do , it keeps coming back. I think one of those OTL fixes is needed here and i actually tried to convicne myself it is a false positive last time but it got bolder , left the file it infected which I do not know how it did it and came back when I reinstalled the codecs for the 4th time and infected NVCPL as well

This is my latest Superantispyware Log


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/29/2013 at 02:16 AM

Application Version : 5.6.1020

Core Rules Database Version : 10447
Trace Rules Database Version: 8259

Scan type : Complete Scan
Total Scan Time : 00:34:50

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 523
Memory threats detected : 2
Registry items scanned : 40632
Registry threats detected : 0
File items scanned : 72067
File threats detected : 71

Trojan.Agent/Gen-Zbot
C:\WINDOWS\SYSTEM32\NVCPL.DLL
C:\WINDOWS\SYSTEM32\NVCPL.DLL
D:\PROGRAM FILES\K-LITE CODEC PACK\FILTERS\LAV\AVCODEC-LAV-55.DLL
D:\PROGRAM FILES\K-LITE CODEC PACK\FILTERS\LAV\AVCODEC-LAV-55.DLL

Adware.Tracking Cookie
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www6.addfreestats.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtechus.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtechus.com [ C:\DOCUMENTS AND SETTINGS\ALLAHO AKBAR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]





OTL










OTL logfile created on: 5/29/2013 02:22:35 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Allaho akbar\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 35.11% Memory free
3.84 Gb Paging File | 2.47 Gb Available in Paging File | 64.32% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 65.80 Gb Total Space | 8.33 Gb Free Space | 12.66% Space Free | Partition Type: NTFS
Drive D: | 100.01 Gb Total Space | 6.28 Gb Free Space | 6.28% Space Free | Partition Type: NTFS
Drive E: | 150.01 Gb Total Space | 41.90 Gb Free Space | 27.93% Space Free | Partition Type: NTFS
Drive F: | 149.94 Gb Total Space | 55.36 Gb Free Space | 36.92% Space Free | Partition Type: NTFS

Computer Name: ALLAHO-3FEA220E | User Name: Allaho akbar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/29 02:20:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Allaho akbar\Desktop\OTL.exe
PRC - [2013/05/23 07:44:09 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/05/22 18:57:33 | 003,565,432 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2013/05/15 23:56:54 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2013/04/18 21:01:32 | 000,802,136 | ---- | M] (BitTorrent Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2013/04/15 15:27:46 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/12/12 15:44:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2012/11/18 13:31:37 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/09/23 16:28:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/08/25 22:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2012/07/31 12:39:14 | 000,658,632 | ---- | M] (Zbshareware Lab) -- C:\Program Files\USB Disk Security\USBGuard.exe
PRC - [2012/07/11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/05/31 19:00:26 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2009/10/14 15:42:38 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2009/08/04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/08/04 17:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/03/02 14:06:16 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/23 07:44:07 | 000,393,168 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppgooglenaclpluginchrome.dll
MOD - [2013/05/23 07:44:06 | 013,136,336 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
MOD - [2013/05/23 07:43:59 | 004,051,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013/05/23 07:43:06 | 000,599,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.94\libglesv2.dll
MOD - [2013/05/23 07:43:05 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.94\libegl.dll
MOD - [2013/05/23 07:43:03 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
MOD - [2013/04/29 20:00:00 | 003,916,288 | ---- | M] () -- d:\Program Files\K-Lite Codec Pack\Filters\ffdshow\ffmpeg.dll
MOD - [2013/04/29 20:00:00 | 003,502,080 | ---- | M] () -- d:\Program Files\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax
MOD - [2013/04/29 01:07:06 | 000,184,832 | ---- | M] () -- d:\Program Files\K-Lite Codec Pack\Filters\LAV\libbluray.dll
MOD - [2013/04/29 01:06:50 | 007,790,905 | ---- | M] () -- d:\Program Files\K-Lite Codec Pack\Filters\LAV\avcodec-lav-55.dll
MOD - [2013/04/29 01:06:50 | 001,297,107 | ---- | M] () -- d:\Program Files\K-Lite Codec Pack\Filters\LAV\avformat-lav-55.dll
MOD - [2013/04/29 01:06:50 | 000,395,874 | ---- | M] () -- d:\Program Files\K-Lite Codec Pack\Filters\LAV\swscale-lav-2.dll
MOD - [2013/04/29 01:06:50 | 000,266,962 | ---- | M] () -- d:\Program Files\K-Lite Codec Pack\Filters\LAV\avutil-lav-52.dll
MOD - [2013/04/29 01:06:50 | 000,189,401 | ---- | M] () -- d:\Program Files\K-Lite Codec Pack\Filters\LAV\avfilter-lav-3.dll
MOD - [2013/03/06 17:35:52 | 007,197,648 | ---- | M] () -- d:\Program Files\K-Lite Codec Pack\Icaros\avcodec-ics-54.dll
MOD - [2013/03/06 17:35:52 | 000,963,069 | ---- | M] () -- d:\Program Files\K-Lite Codec Pack\Icaros\avformat-ics-54.dll
MOD - [2013/03/06 17:35:52 | 000,393,273 | ---- | M] () -- d:\Program Files\K-Lite Codec Pack\Icaros\swscale-ics-2.dll
MOD - [2013/03/06 17:35:52 | 000,246,909 | ---- | M] () -- d:\Program Files\K-Lite Codec Pack\Icaros\avutil-ics-52.dll
MOD - [2013/01/02 08:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/05/31 18:58:16 | 000,072,632 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\vulnerability_status_provider.dll
MOD - [2012/05/31 18:57:10 | 001,305,016 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
MOD - [2010/06/13 12:01:28 | 000,410,432 | ---- | M] () -- C:\Program Files\Perfect Uninstaller\Contextmenu.dll
MOD - [2009/07/30 18:15:32 | 000,503,202 | ---- | M] () -- C:\Program Files\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009/03/13 11:30:44 | 000,109,096 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\ycc.dll
MOD - [2009/03/02 14:06:16 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/02/28 14:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/04/15 15:27:46 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/04/05 00:46:12 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/02/28 19:09:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/28 19:47:14 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/23 16:28:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/08/25 22:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/07/11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/05/31 19:00:26 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2009/10/14 15:42:38 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/08/04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/03/02 14:06:16 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\virtualnet.sys -- (vnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vfilter.sys -- (pflt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- G:\PciCon.sys -- (PciCon)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ALLAHO~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aah5t5tg)
DRV - [2013/05/29 01:15:25 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2013/04/05 13:32:40 | 000,114,608 | ---- | M] (Tonec Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2013/03/29 21:42:40 | 005,444,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2012/11/28 09:10:35 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2012/08/25 22:27:54 | 000,157,776 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012/05/29 15:55:40 | 000,581,464 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2012/05/25 19:38:48 | 000,023,896 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2012/05/25 19:30:34 | 000,024,408 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2012/05/24 11:34:46 | 000,140,120 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kneps.sys -- (kneps)
DRV - [2012/05/12 17:13:34 | 000,043,696 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kltdi.sys -- (kltdi)
DRV - [2012/04/13 13:54:06 | 000,135,984 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2012/03/27 18:34:20 | 000,039,728 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/01 04:46:40 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/06/29 13:59:14 | 000,142,592 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {D9D0C96B-E727-41cc-9320-4708150E9806}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{936D9208-EA09-4d41-A0B9-00992EBE65F1}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{D9D0C96B-E727-41cc-9320-4708150E9806}: "URL" = http://search.yahoo....icevm&type=IEBD
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: f:\Program Files\Babylon\Babylon-Pro\Utils\[email protected] [2013/04/23 01:28:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/05/05 21:07:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/05/05 21:07:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/05/05 21:07:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/05/05 21:07:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Allaho akbar\Application Data\IDM\idmmzcc5 [2013/05/22 13:36:10 | 000,000,000 | ---D | M]

[2012/11/17 11:47:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Allaho akbar\Application Data\Mozilla\Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.microsoft...er=6&ar=msnhome
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0\plugin/npABPlugin.dll
CHR - plugin: Internet Download Manager Plugin (Enabled) = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.12.23_0\IDMGCExt.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.0.3370_0\
CHR - Extension: Babylon Translator = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\
CHR - Extension: Safe Money = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.0.3370_0\
CHR - Extension: Virtual Keyboard = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.0.3370_0\
CHR - Extension: IDM Integration = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.12.2_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0\
CHR - Extension: Gmail = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.0.3370_0\

O1 HOSTS File: ([2013/05/17 20:08:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - f:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - e:\Program Files\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Translate this web page with Babylon - F:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - F:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: &Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - f:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - f:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1353063063046 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1353063532625 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36A26C56-4AA9-4FC7-AED2-287C1585DD15}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/11/15 23:34:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/29 02:18:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Allaho akbar\Desktop\OTL.exe
[2013/05/29 01:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2013/05/29 01:25:00 | 003,649,536 | ---- | C] (x264vfw project) -- C:\WINDOWS\System32\x264vfw.dll
[2013/05/29 01:25:00 | 000,039,936 | ---- | C] (Disappearing Inc.) -- C:\WINDOWS\System32\huffyuv.dll
[2013/05/29 01:24:59 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2013/05/29 01:19:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/05/28 16:06:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/05/28 15:34:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/05/27 17:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Shrew Soft VPN
[2013/05/27 17:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Shrew Soft VPN
[2013/05/25 01:14:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Darksiders2
[2013/05/22 14:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2013/05/22 14:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Sun
[2013/05/22 14:31:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2013/05/22 14:14:21 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/05/22 14:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Application Data\Sun
[2013/05/19 03:33:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2013/05/18 16:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\My Documents\StreamTransport
[2013/05/10 15:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2013/05/10 15:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Application Data\Power MP3 Cutter
[2013/05/10 15:18:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Power MP3 Recorder Cutter
[2013/05/10 15:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\Power Mp3 Recorder Cutter
[2013/05/05 20:14:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Internet Security 2013
[2013/05/05 20:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013/05/05 20:12:42 | 000,581,464 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2013/05/05 20:12:42 | 000,067,928 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klflt.sys
[2013/05/03 22:40:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2013/05/03 22:40:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2013/05/03 22:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2013/05/03 16:41:08 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013/05/03 16:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2013/05/03 15:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Desktop\kavremover
[2013/05/03 02:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/05/03 00:49:51 | 000,000,000 | ---D | C] -- C:\ComboFix_10
[2013/05/02 14:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free Medical Dictionary
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/29 02:24:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/29 02:20:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Allaho akbar\Desktop\OTL.exe
[2013/05/29 02:01:14 | 000,001,026 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-299502267-1606980848-839522115-1003UA.job
[2013/05/29 01:43:00 | 000,000,842 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/29 01:15:45 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1606980848-839522115-1003.job
[2013/05/29 01:15:42 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1606980848-839522115-1003.job
[2013/05/29 01:15:17 | 000,000,838 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/29 01:15:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/28 15:20:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/05/27 14:08:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/27 02:18:52 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/05/27 02:06:11 | 005,071,432 | R--- | M] (Swearware) -- C:\Documents and Settings\Allaho akbar\Desktop\ComboFix_6.exe
[2013/05/26 20:01:00 | 000,001,004 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-299502267-1606980848-839522115-1003Core.job
[2013/05/21 00:59:04 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/05/19 03:31:22 | 000,002,072 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2013/05/18 16:45:13 | 001,933,948 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\My Documents\politicsofpronunciation - Politics of pronunciation Webcast.flv
[2013/05/18 13:19:16 | 000,002,305 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Rosetta Stone Version 3.lnk
[2013/05/17 20:08:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/05/17 11:29:02 | 003,123,421 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Beyond Samsung.mp3
[2013/05/15 14:29:55 | 000,361,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/15 12:28:01 | 000,505,972 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/15 12:28:01 | 000,087,870 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/15 12:22:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/05/12 15:31:50 | 000,001,088 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Shortcut to UpdateUtility-Gui.lnk
[2013/05/12 00:10:27 | 000,000,413 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Shortcut to ross.lnk
[2013/05/10 20:44:32 | 000,002,009 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Alpha - Chrome.lnk
[2013/05/10 15:48:36 | 000,002,017 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Slice - Chrome.lnk
[2013/05/10 15:22:18 | 001,205,855 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Helwa ya balady - Dalida.mp3
[2013/05/10 15:18:22 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Power Mp3 Recorder.lnk
[2013/05/10 15:18:21 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Power MP3 Cutter Classic.lnk
[2013/05/10 15:18:21 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Power MP3 Cutter Pro.lnk
[2013/05/10 14:58:09 | 009,694,386 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Helwa Ya Balady - Dalida (Egypt My Beautiful Home Land) - YouTube_2.mp4
[2013/05/05 20:16:48 | 000,001,981 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Safe Money.lnk
[2013/05/05 20:13:50 | 000,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kaspersky Internet Security 2013.lnk
[2013/05/04 23:19:19 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Application Data\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk
[2013/05/04 23:19:19 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Babylon.lnk
[2013/05/03 22:40:00 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
[2013/05/03 17:21:08 | 002,156,079 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\kavremover.zip
[2013/05/03 02:32:16 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/04/29 20:00:00 | 000,112,640 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/29 01:25:00 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/05/29 01:25:00 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/05/29 01:25:00 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2013/05/29 01:24:57 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013/05/27 14:23:18 | 000,025,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2013/05/18 16:44:01 | 001,933,948 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\My Documents\politicsofpronunciation - Politics of pronunciation Webcast.flv
[2013/05/12 15:31:50 | 000,001,088 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Shortcut to UpdateUtility-Gui.lnk
[2013/05/12 00:10:27 | 000,000,413 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Shortcut to ross.lnk
[2013/05/10 15:48:35 | 000,002,017 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Slice - Chrome.lnk
[2013/05/10 15:23:41 | 003,123,421 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Beyond Samsung.mp3
[2013/05/10 15:21:34 | 001,205,855 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Helwa ya balady - Dalida.mp3
[2013/05/10 15:18:22 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Power Mp3 Recorder.lnk
[2013/05/10 15:18:21 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Power MP3 Cutter Classic.lnk
[2013/05/10 15:18:21 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Power MP3 Cutter Pro.lnk
[2013/05/10 14:56:20 | 009,694,386 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Helwa Ya Balady - Dalida (Egypt My Beautiful Home Land) - YouTube_2.mp4
[2013/05/05 20:16:48 | 000,001,981 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Safe Money.lnk
[2013/05/05 20:14:02 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kaspersky Internet Security 2013.lnk
[2013/05/03 22:40:00 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
[2013/05/03 17:20:47 | 002,156,079 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\kavremover.zip
[2013/05/03 02:32:16 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2013/04/26 23:16:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/04/26 23:16:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/04/26 23:16:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/04/26 23:16:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/04/26 23:16:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/04/06 02:33:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/12/03 13:12:52 | 000,000,204 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\SecurityKISSTunnel.config
[2012/11/27 17:33:34 | 000,001,995 | ---- | C] () -- C:\WINDOWS\AccMling.ini
[2012/11/20 17:50:04 | 021,161,332 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\SKIDROW.rar
[2012/11/18 14:28:28 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/11/17 20:52:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/11/17 11:27:11 | 000,002,072 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2012/11/16 18:24:30 | 001,101,436 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/11/16 18:24:30 | 001,101,436 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/11/16 18:24:30 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/11/16 15:32:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/11/16 14:59:34 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/16 11:41:15 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\WebpageIcons.db
[2012/11/16 10:27:35 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2012/11/16 10:22:13 | 000,207,400 | R--- | C] () -- C:\WINDOWS\GSetup.exe
[2012/11/16 10:22:13 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
[2012/11/16 01:23:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/11/16 01:23:00 | 000,361,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/15 23:36:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/11/15 23:32:31 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/02/09 22:40:00 | 002,811,988 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data

========== ZeroAccess Check ==========

[2012/11/16 18:13:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/29 01:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2013/05/21 00:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2013/05/10 15:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2013/03/29 15:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IDM
[2013/05/03 22:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2012/11/19 20:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RELOADED
[2013/05/18 14:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2013/05/27 17:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Shrew Soft VPN
[2013/03/29 19:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Steam
[2012/11/17 11:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab
[2013/03/24 17:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Audacity
[2013/05/10 14:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Babylon
[2013/03/17 14:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\cald3
[2012/12/15 17:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\calibre
[2012/11/16 14:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\DAEMON Tools
[2013/05/29 01:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\DMCache
[2013/03/11 13:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Doublefine
[2013/04/12 20:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\FreeArc
[2013/05/29 01:19:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\IDM
[2013/04/13 02:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\OmegaT
[2013/04/13 01:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\OpenOffice.org
[2013/05/10 15:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Power MP3 Cutter
[2012/11/23 14:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Product_RM
[2012/11/23 14:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Registry Mechanic
[2013/05/29 02:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\uTorrent
[2012/11/16 18:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Windows Desktop Search
[2012/11/16 18:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Windows Search
[2012/11/17 11:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Zbshareware Lab

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

Advertisements


#2
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Hi, blink10! My nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Step 1.

Download AdwCleaner from here to your desktop
Run AdwCleaner for Vista and 7 right click and select Run as administrator

Select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please post it



Step 2.

Please post your RogueKiller scan log.


Step 3.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under the Custom Scan box paste this in
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    services.*
    svchost.exe
    /md5stop
    dir C:\ /S /A:L /C
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt saved in the same location as OTL.
  • Post the log


What I need in your next post:

  • AdwCleaner log
  • RogueKiller log
  • New OTL.txt log
  • Your old Extras.txt log

Also please let me know what issues you continue to have with your computer.
  • 0

#3
blink10

blink10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts
Hallelujah , someone finally answered. Thank you CompCav for coming to the rescue.
The site being out of order for a while freaked me out. :)

OTL new log




OTL logfile created on: 6/1/2013 03:53:18 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Allaho akbar\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 85.55% Memory free
3.85 Gb Paging File | 3.76 Gb Available in Paging File | 97.78% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 65.80 Gb Total Space | 8.86 Gb Free Space | 13.46% Space Free | Partition Type: NTFS
Drive D: | 100.01 Gb Total Space | 6.28 Gb Free Space | 6.28% Space Free | Partition Type: NTFS
Drive E: | 150.01 Gb Total Space | 41.90 Gb Free Space | 27.93% Space Free | Partition Type: NTFS
Drive F: | 149.94 Gb Total Space | 55.36 Gb Free Space | 36.92% Space Free | Partition Type: NTFS
Drive J: | 3.65 Gb Total Space | 3.15 Gb Free Space | 86.29% Space Free | Partition Type: FAT32

Computer Name: ALLAHO-3FEA220E | User Name: Allaho akbar | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/01 03:47:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Allaho akbar\Desktop\OTL.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/04/15 15:27:46 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/04/05 00:46:12 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/02/28 19:09:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/28 19:47:14 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/23 16:28:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/08/25 22:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) [Auto | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/07/11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/05/31 19:00:26 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2009/10/14 15:42:38 | 000,583,640 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/03/02 14:06:16 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\virtualnet.sys -- (vnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vfilter.sys -- (pflt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- G:\PciCon.sys -- (PciCon)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (mbamswissarmy)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ALLAHO~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ayrdvot1)
DRV - [2013/06/01 03:11:31 | 000,035,144 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2013/06/01 03:05:06 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2013/04/05 13:32:40 | 000,114,608 | ---- | M] (Tonec Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2013/03/29 21:42:40 | 005,444,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2012/11/28 09:10:35 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2012/08/25 22:27:54 | 000,157,776 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012/05/29 15:55:40 | 000,581,464 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2012/05/25 19:38:48 | 000,023,896 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2012/05/25 19:30:34 | 000,024,408 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2012/05/24 11:34:46 | 000,140,120 | ---- | M] (Kaspersky Lab) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\kneps.sys -- (kneps)
DRV - [2012/05/12 17:13:34 | 000,043,696 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kltdi.sys -- (kltdi)
DRV - [2012/04/13 13:54:06 | 000,135,984 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2012/03/27 18:34:20 | 000,039,728 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/01 04:46:40 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/06/29 13:59:14 | 000,142,592 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-299502267-1606980848-839522115-1003\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-299502267-1606980848-839522115-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-299502267-1606980848-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-299502267-1606980848-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-299502267-1606980848-839522115-1003\..\SearchScopes\{936D9208-EA09-4d41-A0B9-00992EBE65F1}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-299502267-1606980848-839522115-1003\..\SearchScopes\{D9D0C96B-E727-41cc-9320-4708150E9806}: "URL" = http://search.yahoo....icevm&type=IEBD
IE - HKU\S-1-5-21-299502267-1606980848-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: f:\Program Files\Babylon\Babylon-Pro\Utils\[email protected] [2013/04/23 01:28:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/05/05 21:07:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/05/05 21:07:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/05/05 21:07:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/05/05 21:07:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Allaho akbar\Application Data\IDM\idmmzcc5 [2013/05/22 13:36:10 | 000,000,000 | ---D | M]

[2012/11/17 11:47:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Allaho akbar\Application Data\Mozilla\Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.microsoft...er=6&ar=msnhome
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0\plugin/npABPlugin.dll
CHR - plugin: Internet Download Manager Plugin (Enabled) = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.12.23_0\IDMGCExt.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.0.3370_0\
CHR - Extension: Safe Money = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.0.3370_0\
CHR - Extension: Virtual Keyboard = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.0.3370_0\
CHR - Extension: IDM Integration = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.12.2_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0\
CHR - Extension: Gmail = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.0.3370_0\

O1 HOSTS File: ([2013/05/17 20:08:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - e:\Program Files\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup File not found
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1003..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1003..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1003..\RunOnce: [DeleteOnReboot] C:\WINDOWS\DeleteOnReboot.bat ()
O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1003..\RunOnce: [Report] C:\AdwCleaner[S1].txt ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-1606980848-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-1606980848-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-299502267-1606980848-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-299502267-1606980848-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: &Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1353063063046 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1353063532625 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36A26C56-4AA9-4FC7-AED2-287C1585DD15}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/11/15 23:34:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013/06/01 03:48:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Allaho akbar\Desktop\OTL.exe
[2013/06/01 03:13:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/06/01 03:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/06/01 02:51:34 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Allaho akbar\Desktop\tdsskiller.exe
[2013/06/01 02:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Desktop\RK_Quarantine
[2013/06/01 02:30:28 | 000,000,000 | ---D | C] -- C:\ProcessExplorer
[2013/06/01 02:23:47 | 000,037,888 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\ADSSpy.exe
[2013/05/29 01:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2013/05/29 01:25:00 | 003,649,536 | ---- | C] (x264vfw project) -- C:\WINDOWS\System32\x264vfw.dll
[2013/05/29 01:25:00 | 000,039,936 | ---- | C] (Disappearing Inc.) -- C:\WINDOWS\System32\huffyuv.dll
[2013/05/29 01:24:59 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2013/05/29 01:19:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/05/28 16:41:53 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2013/05/28 16:06:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/05/28 15:34:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/05/27 17:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Shrew Soft VPN
[2013/05/27 17:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Shrew Soft VPN
[2013/05/27 14:23:20 | 000,079,432 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoInstIIXP.dll
[2013/05/27 14:23:20 | 000,011,368 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoLDRXP.dll
[2013/05/25 01:14:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Darksiders2
[2013/05/22 14:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2013/05/22 14:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Sun
[2013/05/22 14:31:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2013/05/22 14:14:42 | 000,866,720 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/05/22 14:14:42 | 000,788,896 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/05/22 14:14:21 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/05/22 14:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Application Data\Sun
[2013/05/19 03:33:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2013/05/18 16:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\My Documents\StreamTransport
[2013/05/10 15:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2013/05/10 15:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Application Data\Power MP3 Cutter
[2013/05/10 15:18:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Power MP3 Recorder Cutter
[2013/05/10 15:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\Power Mp3 Recorder Cutter
[2013/05/05 20:14:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Internet Security 2013
[2013/05/05 20:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013/05/05 20:12:42 | 000,581,464 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2013/05/05 20:12:42 | 000,067,928 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klflt.sys
[2013/05/03 22:40:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2013/05/03 22:40:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2013/05/03 22:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2013/05/03 16:41:08 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013/05/03 16:19:54 | 000,275,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2013/05/03 16:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2013/05/03 15:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Desktop\kavremover
[2013/05/03 13:30:28 | 000,017,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2013/05/03 02:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/05/03 00:49:51 | 000,000,000 | ---D | C] -- C:\ComboFix_10
[2013/05/02 14:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free Medical Dictionary
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/01 03:47:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Allaho akbar\Desktop\OTL.exe
[2013/06/01 03:29:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/01 03:24:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/01 03:11:31 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/06/01 03:05:54 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1606980848-839522115-1003.job
[2013/06/01 03:05:52 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1606980848-839522115-1003.job
[2013/06/01 03:05:06 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2013/06/01 03:04:58 | 000,000,838 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/01 03:02:42 | 000,000,214 | ---- | M] () -- C:\WINDOWS\DeleteOnReboot.bat
[2013/06/01 02:51:10 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Allaho akbar\Desktop\tdsskiller.exe
[2013/06/01 02:43:02 | 000,000,842 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/01 01:32:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/31 17:29:26 | 000,037,888 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\ADSSpy.exe
[2013/05/29 02:01:14 | 000,001,026 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-299502267-1606980848-839522115-1003UA.job
[2013/05/28 15:20:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/05/27 02:18:52 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/05/27 02:06:11 | 005,071,432 | R--- | M] (Swearware) -- C:\Documents and Settings\Allaho akbar\Desktop\ComboFix_6.exe
[2013/05/26 20:01:00 | 000,001,004 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-299502267-1606980848-839522115-1003Core.job
[2013/05/22 14:14:24 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/05/22 14:14:24 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/05/21 00:59:04 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/05/19 03:31:22 | 000,002,072 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2013/05/18 16:45:13 | 001,933,948 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\My Documents\politicsofpronunciation - Politics of pronunciation Webcast.flv
[2013/05/18 13:19:16 | 000,002,305 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Rosetta Stone Version 3.lnk
[2013/05/17 20:08:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/05/17 11:29:02 | 003,123,421 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Beyond Samsung.mp3
[2013/05/15 14:29:55 | 000,361,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/15 12:28:01 | 000,505,972 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/15 12:28:01 | 000,087,870 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/15 12:22:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/05/12 15:31:50 | 000,001,088 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Shortcut to UpdateUtility-Gui.lnk
[2013/05/12 00:10:27 | 000,000,413 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Shortcut to ross.lnk
[2013/05/10 20:44:32 | 000,002,009 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Alpha - Chrome.lnk
[2013/05/10 15:48:36 | 000,002,017 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Slice - Chrome.lnk
[2013/05/10 15:22:18 | 001,205,855 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Helwa ya balady - Dalida.mp3
[2013/05/10 15:18:22 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Power Mp3 Recorder.lnk
[2013/05/10 15:18:21 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Power MP3 Cutter Classic.lnk
[2013/05/10 15:18:21 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Power MP3 Cutter Pro.lnk
[2013/05/10 14:58:09 | 009,694,386 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Helwa Ya Balady - Dalida (Egypt My Beautiful Home Land) - YouTube_2.mp4
[2013/05/07 06:27:31 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/05/05 20:16:48 | 000,001,981 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Safe Money.lnk
[2013/05/05 20:13:50 | 000,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kaspersky Internet Security 2013.lnk
[2013/05/04 23:19:19 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Application Data\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk
[2013/05/03 22:40:00 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
[2013/05/03 17:21:08 | 002,156,079 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\kavremover.zip
[2013/05/03 02:32:16 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/01 03:11:31 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/06/01 03:02:32 | 000,000,214 | ---- | C] () -- C:\WINDOWS\DeleteOnReboot.bat
[2013/05/29 01:25:00 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/05/29 01:25:00 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/05/29 01:25:00 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2013/05/29 01:24:57 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013/05/27 14:23:18 | 000,025,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2013/05/18 16:44:01 | 001,933,948 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\My Documents\politicsofpronunciation - Politics of pronunciation Webcast.flv
[2013/05/12 15:31:50 | 000,001,088 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Shortcut to UpdateUtility-Gui.lnk
[2013/05/12 00:10:27 | 000,000,413 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Shortcut to ross.lnk
[2013/05/10 15:48:35 | 000,002,017 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Slice - Chrome.lnk
[2013/05/10 15:23:41 | 003,123,421 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Beyond Samsung.mp3
[2013/05/10 15:21:34 | 001,205,855 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Helwa ya balady - Dalida.mp3
[2013/05/10 15:18:22 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Power Mp3 Recorder.lnk
[2013/05/10 15:18:21 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Power MP3 Cutter Classic.lnk
[2013/05/10 15:18:21 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Power MP3 Cutter Pro.lnk
[2013/05/10 14:56:20 | 009,694,386 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Helwa Ya Balady - Dalida (Egypt My Beautiful Home Land) - YouTube_2.mp4
[2013/05/05 20:16:48 | 000,001,981 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Safe Money.lnk
[2013/05/05 20:14:02 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kaspersky Internet Security 2013.lnk
[2013/05/03 22:40:00 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
[2013/05/03 17:20:47 | 002,156,079 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\kavremover.zip
[2013/05/03 02:32:16 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2013/04/26 23:16:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/04/26 23:16:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/04/26 23:16:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/04/26 23:16:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/04/26 23:16:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/04/06 02:33:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/12/03 13:12:52 | 000,000,204 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\SecurityKISSTunnel.config
[2012/11/27 17:33:34 | 000,001,995 | ---- | C] () -- C:\WINDOWS\AccMling.ini
[2012/11/20 17:50:04 | 021,161,332 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\SKIDROW.rar
[2012/11/18 14:28:28 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/11/17 20:52:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/11/17 11:27:11 | 000,002,072 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2012/11/16 18:24:30 | 001,101,436 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/11/16 18:24:30 | 001,101,436 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/11/16 18:24:30 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/11/16 15:32:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/11/16 14:59:34 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/16 11:41:15 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\WebpageIcons.db
[2012/11/16 10:27:35 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2012/11/16 10:22:13 | 000,207,400 | R--- | C] () -- C:\WINDOWS\GSetup.exe
[2012/11/16 10:22:13 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
[2012/11/16 01:23:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/11/16 01:23:00 | 000,361,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/15 23:36:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/11/15 23:32:31 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/02/09 22:40:00 | 002,811,988 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data

========== ZeroAccess Check ==========

[2012/11/16 18:13:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/17 17:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2012/11/17 17:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Zbshareware Lab
[2013/05/10 15:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2013/03/29 15:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IDM
[2013/05/03 22:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2012/11/19 20:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RELOADED
[2013/05/18 14:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2013/05/27 17:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Shrew Soft VPN
[2013/03/29 19:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Steam
[2012/11/17 11:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab
[2013/03/24 17:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Audacity
[2013/03/17 14:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\cald3
[2012/12/15 17:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\calibre
[2012/11/16 14:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\DAEMON Tools
[2013/05/29 03:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\DMCache
[2013/03/11 13:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Doublefine
[2013/04/12 20:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\FreeArc
[2013/05/29 01:19:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\IDM
[2013/04/13 02:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\OmegaT
[2013/04/13 01:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\OpenOffice.org
[2013/05/10 15:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Power MP3 Cutter
[2012/11/23 14:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Product_RM
[2012/11/23 14:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Registry Mechanic
[2013/06/01 03:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\uTorrent
[2012/11/16 18:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Windows Desktop Search
[2012/11/16 18:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Windows Search
[2012/11/17 11:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Zbshareware Lab

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/14 05:42:14 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 05:42:12 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 15:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 05:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 05:41:52 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 19:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\Services.exe -- (Eventlog)
SRV - [2008/04/14 05:41:54 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/28 01:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 05:42:10 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 05:42:24 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 05:41:54 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 05:42:18 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 05:42:18 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 05:42:02 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 18:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\Services.exe -- (PlugPlay)
SRV - [2010/08/17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 05:42:04 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 05:42:04 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 14:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 05:42:06 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 05:42:12 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 07:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/28 01:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 05:42:06 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 05:41:58 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 05:42:08 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/28 01:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 05:42:40 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 05:41:52 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 05:41:56 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 05:42:10 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 05:42:30 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 05:42:10 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 14:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/14 05:41:54 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 05:42:12 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 08:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >
[2013/05/31 17:29:26 | 000,037,888 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\ADSSpy.exe

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006/02/28 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SERVICES >
[2006/02/28 14:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CFG >
[2012/12/18 21:08:30 | 000,559,043 | ---- | M] () MD5=BA25E8F1460C7453B7488FE4B42F6919 -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009/02/06 13:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\erdnt\cache\services.exe
[2009/02/06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\Services.exe
[2006/02/28 14:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SERVICES.EXE.VIR >
[2009/02/06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\Qoobox\Quarantine\C\WINDOWS\system32\Services.exe.vir

< MD5 for: SERVICES.LNK >
[2012/11/15 23:34:53 | 000,001,602 | ---- | M] () MD5=6B30FB4930D644D42DD124855D97924E -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2006/02/28 14:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.RDB >
[2012/08/13 10:51:02 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb
[2012/08/13 10:51:02 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- C:\Program Files\OpenOffice.org 3\program\services.rdb
[2012/08/10 15:12:16 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/02/28 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/02/28 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/02/28 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is F868-6FBE
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
05/15/2013 12:27 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
05/15/2013 12:27 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
05/15/2013 12:23 PM <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
3 Dir(s) 9,509,511,168 bytes free

< End of report >





OTL old extras log






OTL Extras logfile created on: 5/28/2013 4:46:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Allaho akbar\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 57.85% Memory free
3.84 Gb Paging File | 2.97 Gb Available in Paging File | 77.20% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 65.80 Gb Total Space | 0.80 Gb Free Space | 1.22% Space Free | Partition Type: NTFS
Drive D: | 100.01 Gb Total Space | 6.34 Gb Free Space | 6.34% Space Free | Partition Type: NTFS
Drive E: | 150.01 Gb Total Space | 41.90 Gb Free Space | 27.93% Space Free | Partition Type: NTFS
Drive F: | 149.94 Gb Total Space | 64.70 Gb Free Space | 43.15% Space Free | Partition Type: NTFS

Computer Name: ALLAHO-3FEA220E | User Name: Allaho akbar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Multidmedia Limited )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)
"F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Multidmedia Limited )
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"F:\Program Files\Counter-Strike 1.6\hl.exe" = F:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0610.1
"{0830C2E8-01B9-4CD1-B218-12B0107D5BED}" = calibre
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1C00A3F1-6DA0-49F8-94E4-01AB6FC01033}" = Nero 7 Essentials
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{8DA9D7E6-8F69-4171-9007-81B0A84C83F6}" = CDisplay
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4A8FCAB-9D30-4509-A3F1-D0B7E1BE9F00}" = Devil May Cry 3 Special Edition
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Audacity_is1" = Audacity 2.0.3
"Babylon" = Babylon
"Blueline_is1" = Blueline 1.1.1
"Counter-Strike 1.6" = Counter-Strike 1.6
"EasyLingoV1" = EasyLingo v2.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fass" = Pawsoft Fass
"FormatFactory" = FormatFactory 3.0.1
"FreeArc" = FreeArc 0.666
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Internet Download Manager" = Internet Download Manager
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.9.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NSIS_cald3" = Cambridge Advanced Learner's Dictionary - 3rd Edition
"OmegaT 2.6.3_is1" = OmegaT version 2.6.3
"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.9
"Power MP3 Recorder Cutter_is1" = Power MP3 Recorder Cutter v6.2
"QUICKfind" = QUICKfind server v1.1
"RealPlayer 15.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 9.0
"Sandboxie" = Sandboxie 3.74 (32-bit)
"SecurityKISS Tunnel_is1" = SecurityKISS Tunnel v0.3.0
"Shrew Soft VPN Client" = Shrew Soft VPN Client
"SpywareBlaster_is1" = SpywareBlaster 5.0
"uniquemagicmp3taggerappid_is1" = Magic MP3 Tagger 2.2.6
"USB Disk Security_is1" = USB Disk Security
"uTorrent" = µTorrent
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/27/2013 4:34:42 PM | Computer Name = ALLAHO-3FEA220E | Source = NativeWrapper | ID = 5000
Description =

Error - 5/27/2013 8:01:25 PM | Computer Name = ALLAHO-3FEA220E | Source = Google Update | ID = 20
Description =

Error - 5/27/2013 8:38:45 PM | Computer Name = ALLAHO-3FEA220E | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 5/27/2013 8:38:46 PM | Computer Name = ALLAHO-3FEA220E | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{6C298884-91FD-408C-9D90-5A59D2C29FD1}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log.

Error - 5/27/2013 8:38:46 PM | Computer Name = ALLAHO-3FEA220E | Source = NativeWrapper | ID = 5000
Description =

Error - 5/28/2013 2:01:13 AM | Computer Name = ALLAHO-3FEA220E | Source = Google Update | ID = 20
Description =

Error - 5/28/2013 2:07:56 AM | Computer Name = ALLAHO-3FEA220E | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 5/28/2013 2:07:57 AM | Computer Name = ALLAHO-3FEA220E | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{6C298884-91FD-408C-9D90-5A59D2C29FD1}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log.

Error - 5/28/2013 2:07:57 AM | Computer Name = ALLAHO-3FEA220E | Source = NativeWrapper | ID = 5000
Description =

Error - 5/28/2013 8:01:21 AM | Computer Name = ALLAHO-3FEA220E | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 5/28/2013 1:43:00 AM | Computer Name = ALLAHO-3FEA220E | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 5/28/2013 2:07:58 AM | Computer Name = ALLAHO-3FEA220E | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597).

Error - 5/28/2013 7:03:59 AM | Computer Name = ALLAHO-3FEA220E | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 6CF049D17FAE has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 5/28/2013 7:43:00 AM | Computer Name = ALLAHO-3FEA220E | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 5/28/2013 9:16:14 AM | Computer Name = ALLAHO-3FEA220E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/28/2013 9:17:11 AM | Computer Name = ALLAHO-3FEA220E | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm KLIF kneps SASDIFSV SASKUTIL

Error - 5/28/2013 9:17:48 AM | Computer Name = ALLAHO-3FEA220E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/28/2013 9:40:31 AM | Computer Name = ALLAHO-3FEA220E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/28/2013 9:59:42 AM | Computer Name = ALLAHO-3FEA220E | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service YahooAUService
with arguments "" in order to run the server: {3D369E3A-9EDF-46C4-B4BC-47BF3304BF7C}

Error - 5/28/2013 9:59:42 AM | Computer Name = ALLAHO-3FEA220E | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service YahooAUService
with arguments "" in order to run the server: {3D369E3A-9EDF-46C4-B4BC-47BF3304BF7C}


< End of report >





Rogue killer first log since I deleted what I found , it produced 2 logs





# AdwCleaner v2.301 - Logfile created 06/01/2013 at 03:01:07
# Updated 16/05/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Allaho akbar - ALLAHO-3FEA220E
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Allaho akbar\My Documents\Downloads\Programs\AdwCleaner.exe
# Option [Search]


***** [Services] *****

Found : BCUService

***** [Files / Folders] *****

File Found : C:\Documents and Settings\All Users\Desktop\Babylon.lnk
Folder Found : C:\Documents and Settings\All Users\Application Data\Ask
Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\Babylon
Folder Found : C:\Documents and Settings\Allaho akbar\Application Data\Babylon
Folder Found : C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Babylon
Folder Found : C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Folder Found : C:\Program Files\DeviceVM

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Babylon
Key Found : HKCU\Software\DeviceVM
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Found : HKCU\Software\PIP
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Key Found : HKLM\SOFTWARE\Classes\BabyDict
Key Found : HKLM\SOFTWARE\Classes\BabyGloss
Key Found : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Key Found : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Key Found : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Key Found : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Key Found : HKLM\SOFTWARE\Classes\BabyOptFile
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Key Found : HKLM\Software\DeviceVM
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Babylon Client
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Babylon
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
Key Found : HKLM\Software\PIP
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.94

File : C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6047 octets] - [01/06/2013 03:01:07]

########## EOF - C:\AdwCleaner[R1].txt - [6107 octets] ##########






# AdwCleaner v2.301 - Logfile created 06/01/2013 at 03:01:58
# Updated 16/05/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Allaho akbar - ALLAHO-3FEA220E
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Allaho akbar\My Documents\Downloads\Programs\AdwCleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : BCUService

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
File Deleted : C:\Documents and Settings\All Users\Desktop\Babylon.lnk
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Babylon
Folder Deleted : C:\Documents and Settings\Allaho akbar\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Babylon
Folder Deleted : C:\Program Files\DeviceVM

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Babylon
Key Deleted : HKCU\Software\DeviceVM
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\PIP
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BabyDict
Key Deleted : HKLM\SOFTWARE\Classes\BabyGloss
Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Key Deleted : HKLM\SOFTWARE\Classes\BabyOptFile
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Babylon Client
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Babylon
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
Key Deleted : HKLM\Software\PIP
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.94

File : C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6176 octets] - [01/06/2013 03:01:07]
AdwCleaner[S1].txt - [6252 octets] - [01/06/2013 03:01:58]

########## EOF - C:\AdwCleaner[S1].txt - [6312 octets] ##########



I promise I wont run anything without being told to do so first however I ran some programs like TDSS , Adw and Rouge killer in normal mode

When I deleted the files in rogue killer I could not see desktop icons upon rebooting to normal mode.

TDSS log in normal mode







02:51:38.0609 0396 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
02:51:38.0828 0396 ============================================================
02:51:38.0828 0396 Current date / time: 2013/06/01 02:51:38.0828
02:51:38.0828 0396 SystemInfo:
02:51:38.0828 0396
02:51:38.0828 0396 OS Version: 5.1.2600 ServicePack: 3.0
02:51:38.0828 0396 Product type: Workstation
02:51:38.0828 0396 ComputerName: ALLAHO-3FEA220E
02:51:38.0828 0396 UserName: Allaho akbar
02:51:38.0828 0396 Windows directory: C:\WINDOWS
02:51:38.0828 0396 System windows directory: C:\WINDOWS
02:51:38.0828 0396 Processor architecture: Intel x86
02:51:38.0828 0396 Number of processors: 2
02:51:38.0828 0396 Page size: 0x1000
02:51:38.0828 0396 Boot type: Normal boot
02:51:38.0828 0396 ============================================================
02:51:39.0718 0396 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
02:51:39.0718 0396 Drive \Device\Harddisk1\DR5 - Size: 0xEA108000 (3.66 Gb), SectorSize: 0x200, Cylinders: 0x1DD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:51:39.0718 0396 ============================================================
02:51:39.0718 0396 \Device\Harddisk0\DR0:
02:51:39.0718 0396 MBR partitions:
02:51:39.0718 0396 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x839AFCF
02:51:39.0734 0396 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x839B04D, BlocksNum 0xC803400
02:51:39.0750 0396 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x14B9E48C, BlocksNum 0x12C02EBF
02:51:39.0765 0396 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x277A138A, BlocksNum 0x12BE38B7
02:51:39.0765 0396 \Device\Harddisk1\DR5:
02:51:39.0765 0396 MBR partitions:
02:51:39.0765 0396 \Device\Harddisk1\DR5\Partition1: MBR, Type 0xB, StartLBA 0x1F80, BlocksNum 0x74E8C0
02:51:39.0765 0396 ============================================================
02:51:39.0843 0396 D: <-> \Device\Harddisk0\DR0\Partition2
02:51:39.0937 0396 E: <-> \Device\Harddisk0\DR0\Partition3
02:51:40.0031 0396 F: <-> \Device\Harddisk0\DR0\Partition4
02:51:40.0062 0396 C: <-> \Device\Harddisk0\DR0\Partition1
02:51:40.0062 0396 ============================================================
02:51:40.0062 0396 Initialize success
02:51:40.0062 0396 ============================================================
02:53:34.0750 3436 ============================================================
02:53:34.0750 3436 Scan started
02:53:34.0750 3436 Mode: Manual; SigCheck; TDLFS;
02:53:34.0750 3436 ============================================================
02:53:35.0968 3436 ================ Scan system memory ========================
02:53:35.0968 3436 System memory - ok
02:53:35.0968 3436 ================ Scan services =============================
02:53:36.0046 3436 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
02:53:36.0546 3436 !SASCORE ( UnsignedFile.Multi.Generic ) - warning
02:53:36.0546 3436 !SASCORE - detected UnsignedFile.Multi.Generic (1)
02:53:36.0625 3436 Abiosdsk - ok
02:53:36.0625 3436 abp480n5 - ok
02:53:36.0656 3436 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:53:37.0015 3436 ACPI - ok
02:53:37.0062 3436 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
02:53:37.0156 3436 ACPIEC - ok
02:53:37.0218 3436 [ 76D5A3D2A50402A0B9B6ED13C4371E79 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
02:53:37.0218 3436 AdobeFlashPlayerUpdateSvc - ok
02:53:37.0234 3436 adpu160m - ok
02:53:37.0234 3436 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
02:53:37.0328 3436 aec - ok
02:53:37.0343 3436 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
02:53:37.0375 3436 AFD - ok
02:53:37.0375 3436 Aha154x - ok
02:53:37.0375 3436 aic78u2 - ok
02:53:37.0375 3436 aic78xx - ok
02:53:37.0406 3436 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
02:53:37.0484 3436 Alerter - ok
02:53:37.0500 3436 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
02:53:37.0546 3436 ALG - ok
02:53:37.0546 3436 AliIde - ok
02:53:37.0671 3436 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
02:53:37.0765 3436 Ambfilt - ok
02:53:37.0765 3436 amsint - ok
02:53:37.0781 3436 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
02:53:37.0828 3436 AppMgmt - ok
02:53:37.0828 3436 asc - ok
02:53:37.0843 3436 asc3350p - ok
02:53:37.0843 3436 asc3550 - ok
02:53:37.0921 3436 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
02:53:37.0937 3436 aspnet_state - ok
02:53:37.0953 3436 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:53:38.0031 3436 AsyncMac - ok
02:53:38.0046 3436 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
02:53:38.0140 3436 atapi - ok
02:53:38.0140 3436 Atdisk - ok
02:53:38.0156 3436 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:53:38.0234 3436 Atmarpc - ok
02:53:38.0265 3436 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
02:53:38.0328 3436 AudioSrv - ok
02:53:38.0359 3436 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
02:53:38.0437 3436 audstub - ok
02:53:38.0484 3436 [ 6FDDD18A650764A59302A018765E5521 ] AVP C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
02:53:38.0500 3436 AVP - ok
02:53:38.0546 3436 [ F29D375926E36E3A56AF4805C7749302 ] BCUService C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
02:53:38.0562 3436 BCUService - ok
02:53:38.0578 3436 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
02:53:38.0656 3436 Beep - ok
02:53:38.0687 3436 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
02:53:38.0781 3436 BITS - ok
02:53:38.0812 3436 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
02:53:38.0843 3436 Browser - ok
02:53:38.0937 3436 catchme - ok
02:53:38.0968 3436 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
02:53:39.0046 3436 cbidf2k - ok
02:53:39.0062 3436 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
02:53:39.0125 3436 CCDECODE - ok
02:53:39.0140 3436 cd20xrnt - ok
02:53:39.0156 3436 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
02:53:39.0218 3436 Cdaudio - ok
02:53:39.0234 3436 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
02:53:39.0312 3436 Cdfs - ok
02:53:39.0312 3436 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:53:39.0406 3436 Cdrom - ok
02:53:39.0406 3436 Changer - ok
02:53:39.0421 3436 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
02:53:39.0500 3436 CiSvc - ok
02:53:39.0515 3436 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
02:53:39.0593 3436 ClipSrv - ok
02:53:39.0625 3436 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:53:39.0625 3436 clr_optimization_v2.0.50727_32 - ok
02:53:39.0671 3436 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:53:39.0687 3436 clr_optimization_v4.0.30319_32 - ok
02:53:39.0687 3436 CmdIde - ok
02:53:39.0703 3436 COMSysApp - ok
02:53:39.0703 3436 Cpqarray - ok
02:53:39.0718 3436 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
02:53:39.0796 3436 CryptSvc - ok
02:53:39.0796 3436 dac2w2k - ok
02:53:39.0812 3436 dac960nt - ok
02:53:39.0843 3436 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
02:53:39.0859 3436 DcomLaunch - ok
02:53:39.0890 3436 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
02:53:39.0968 3436 Dhcp - ok
02:53:39.0984 3436 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
02:53:40.0062 3436 Disk - ok
02:53:40.0078 3436 dmadmin - ok
02:53:40.0140 3436 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
02:53:40.0218 3436 dmboot - ok
02:53:40.0234 3436 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
02:53:40.0312 3436 dmio - ok
02:53:40.0312 3436 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
02:53:40.0390 3436 dmload - ok
02:53:40.0406 3436 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
02:53:40.0500 3436 dmserver - ok
02:53:40.0515 3436 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
02:53:40.0578 3436 DMusic - ok
02:53:40.0609 3436 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
02:53:40.0625 3436 Dnscache - ok
02:53:40.0656 3436 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
02:53:40.0734 3436 Dot3svc - ok
02:53:40.0734 3436 dpti2o - ok
02:53:40.0734 3436 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
02:53:40.0828 3436 drmkaud - ok
02:53:40.0859 3436 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
02:53:40.0937 3436 EapHost - ok
02:53:40.0953 3436 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
02:53:41.0031 3436 ERSvc - ok
02:53:41.0062 3436 [ 2C31DCAA88D269E13A935910DBB4CC61 ] ES lite Service C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
02:53:41.0078 3436 ES lite Service - ok
02:53:41.0093 3436 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
02:53:41.0109 3436 Eventlog - ok
02:53:41.0140 3436 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
02:53:41.0171 3436 EventSystem - ok
02:53:41.0187 3436 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
02:53:41.0265 3436 Fastfat - ok
02:53:41.0281 3436 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
02:53:41.0328 3436 FastUserSwitchingCompatibility - ok
02:53:41.0328 3436 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
02:53:41.0406 3436 Fdc - ok
02:53:41.0406 3436 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
02:53:41.0484 3436 Fips - ok
02:53:41.0531 3436 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
02:53:41.0546 3436 FLEXnet Licensing Service - ok
02:53:41.0562 3436 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
02:53:41.0625 3436 Flpydisk - ok
02:53:41.0656 3436 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
02:53:41.0718 3436 FltMgr - ok
02:53:41.0765 3436 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
02:53:41.0781 3436 FontCache3.0.0.0 - ok
02:53:41.0781 3436 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:53:41.0859 3436 Fs_Rec - ok
02:53:41.0859 3436 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:53:41.0937 3436 Ftdisk - ok
02:53:41.0968 3436 [ D556CB79967E92B5CC69686D16C1D846 ] gdrv C:\WINDOWS\gdrv.sys
02:53:41.0968 3436 gdrv - ok
02:53:42.0000 3436 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:53:42.0093 3436 Gpc - ok
02:53:42.0140 3436 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
02:53:42.0140 3436 gupdate - ok
02:53:42.0156 3436 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
02:53:42.0156 3436 gupdatem - ok
02:53:42.0171 3436 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
02:53:42.0234 3436 HDAudBus - ok
02:53:42.0296 3436 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
02:53:42.0375 3436 helpsvc - ok
02:53:42.0375 3436 HidServ - ok
02:53:42.0390 3436 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:53:42.0468 3436 HidUsb - ok
02:53:42.0484 3436 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
02:53:42.0562 3436 hkmsvc - ok
02:53:42.0578 3436 hpn - ok
02:53:42.0609 3436 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
02:53:42.0640 3436 HTTP - ok
02:53:42.0671 3436 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
02:53:42.0750 3436 HTTPFilter - ok
02:53:42.0750 3436 i2omgmt - ok
02:53:42.0750 3436 i2omp - ok
02:53:42.0750 3436 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:53:42.0828 3436 i8042prt - ok
02:53:42.0843 3436 [ 271B6EBCDC29723EE4CDF151C2037EDF ] IDMTDI C:\WINDOWS\system32\DRIVERS\idmtdi.sys
02:53:42.0843 3436 IDMTDI - ok
02:53:42.0906 3436 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:53:42.0937 3436 idsvc - ok
02:53:42.0937 3436 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
02:53:43.0015 3436 Imapi - ok
02:53:43.0031 3436 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
02:53:43.0125 3436 ImapiService - ok
02:53:43.0125 3436 ini910u - ok
02:53:43.0218 3436 [ A7564CC4E170F1E5B84BAE6BB8C5F16E ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
02:53:43.0343 3436 IntcAzAudAddService - ok
02:53:43.0343 3436 IntelIde - ok
02:53:43.0359 3436 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
02:53:43.0437 3436 intelppm - ok
02:53:43.0453 3436 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
02:53:43.0546 3436 Ip6Fw - ok
02:53:43.0546 3436 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:53:43.0625 3436 IpFilterDriver - ok
02:53:43.0625 3436 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:53:43.0718 3436 IpInIp - ok
02:53:43.0718 3436 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:53:43.0796 3436 IpNat - ok
02:53:43.0796 3436 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:53:43.0875 3436 IPSec - ok
02:53:43.0890 3436 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
02:53:43.0953 3436 IRENUM - ok
02:53:43.0953 3436 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:53:44.0031 3436 isapnp - ok
02:53:44.0046 3436 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:53:44.0109 3436 Kbdclass - ok
02:53:44.0140 3436 [ 0C78F66259B312DA2A2B565659FD5EBF ] KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys
02:53:44.0156 3436 KL1 - ok
02:53:44.0187 3436 [ B8FD2E8D24EBC01D7CEB888CA1F0CA58 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
02:53:44.0203 3436 KLIF - ok
02:53:44.0234 3436 [ 09BCB45E7AF12B82BB5B68BB599A6022 ] klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys
02:53:44.0234 3436 klim5 - ok
02:53:44.0250 3436 [ 862A0C212CFF3F2B0E8FB11C80037C0D ] klkbdflt C:\WINDOWS\system32\DRIVERS\klkbdflt.sys
02:53:44.0250 3436 klkbdflt - ok
02:53:44.0265 3436 [ 2C88A8FEF90F6133842E267B40693D6F ] klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys
02:53:44.0265 3436 klmouflt - ok
02:53:44.0281 3436 [ 378FD5C977D56D08AF4316F815B35FD6 ] kltdi C:\WINDOWS\system32\DRIVERS\kltdi.sys
02:53:44.0281 3436 kltdi - ok
02:53:44.0296 3436 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
02:53:44.0375 3436 kmixer - ok
02:53:44.0375 3436 [ 1C488D4B7808D20C382A0D54F72DF01C ] kneps C:\WINDOWS\system32\DRIVERS\kneps.sys
02:53:44.0390 3436 kneps - ok
02:53:44.0406 3436 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
02:53:44.0437 3436 KSecDD - ok
02:53:44.0468 3436 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
02:53:44.0484 3436 lanmanserver - ok
02:53:44.0515 3436 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
02:53:44.0562 3436 lanmanworkstation - ok
02:53:44.0562 3436 lbrtfdc - ok
02:53:44.0609 3436 [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
02:53:44.0625 3436 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
02:53:44.0625 3436 LightScribeService - detected UnsignedFile.Multi.Generic (1)
02:53:44.0656 3436 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
02:53:44.0718 3436 LmHosts - ok
02:53:44.0750 3436 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
02:53:44.0828 3436 Messenger - ok
02:53:44.0890 3436 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
02:53:44.0890 3436 Microsoft Office Groove Audit Service - ok
02:53:44.0906 3436 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
02:53:44.0984 3436 mnmdd - ok
02:53:45.0000 3436 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
02:53:45.0093 3436 mnmsrvc - ok
02:53:45.0109 3436 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
02:53:45.0187 3436 Modem - ok
02:53:45.0281 3436 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
02:53:45.0312 3436 Monfilt - ok
02:53:45.0328 3436 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:53:45.0406 3436 Mouclass - ok
02:53:45.0406 3436 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:53:45.0484 3436 mouhid - ok
02:53:45.0500 3436 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
02:53:45.0578 3436 MountMgr - ok
02:53:45.0578 3436 mraid35x - ok
02:53:45.0578 3436 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:53:45.0656 3436 MRxDAV - ok
02:53:45.0687 3436 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:53:45.0734 3436 MRxSmb - ok
02:53:45.0734 3436 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
02:53:45.0812 3436 MSDTC - ok
02:53:45.0828 3436 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
02:53:45.0890 3436 Msfs - ok
02:53:45.0890 3436 MSIServer - ok
02:53:45.0906 3436 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:53:45.0984 3436 MSKSSRV - ok
02:53:46.0000 3436 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:53:46.0062 3436 MSPCLOCK - ok
02:53:46.0078 3436 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
02:53:46.0140 3436 MSPQM - ok
02:53:46.0156 3436 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:53:46.0218 3436 mssmbios - ok
02:53:46.0250 3436 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
02:53:46.0328 3436 MSTEE - ok
02:53:46.0343 3436 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
02:53:46.0375 3436 Mup - ok
02:53:46.0375 3436 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
02:53:46.0437 3436 NABTSFEC - ok
02:53:46.0468 3436 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
02:53:46.0546 3436 napagent - ok
02:53:46.0625 3436 [ 0D01287D85B3715FA8270E8EC919B7F7 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
02:53:46.0640 3436 NBService ( UnsignedFile.Multi.Generic ) - warning
02:53:46.0640 3436 NBService - detected UnsignedFile.Multi.Generic (1)
02:53:46.0656 3436 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
02:53:46.0718 3436 NDIS - ok
02:53:46.0750 3436 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
02:53:46.0828 3436 NdisIP - ok
02:53:46.0843 3436 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:53:46.0875 3436 NdisTapi - ok
02:53:46.0890 3436 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:53:46.0968 3436 Ndisuio - ok
02:53:46.0968 3436 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:53:47.0031 3436 NdisWan - ok
02:53:47.0062 3436 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
02:53:47.0078 3436 NDProxy - ok
02:53:47.0093 3436 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
02:53:47.0171 3436 NetBIOS - ok
02:53:47.0187 3436 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
02:53:47.0250 3436 NetBT - ok
02:53:47.0281 3436 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
02:53:47.0359 3436 NetDDE - ok
02:53:47.0359 3436 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
02:53:47.0421 3436 NetDDEdsdm - ok
02:53:47.0453 3436 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
02:53:47.0531 3436 Netlogon - ok
02:53:47.0531 3436 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
02:53:47.0625 3436 Netman - ok
02:53:47.0640 3436 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:53:47.0640 3436 NetTcpPortSharing - ok
02:53:47.0656 3436 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
02:53:47.0671 3436 Nla - ok
02:53:47.0718 3436 [ C4EBBBD7165BE535F0BFD06B80601D91 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
02:53:47.0750 3436 NMIndexingService ( UnsignedFile.Multi.Generic ) - warning
02:53:47.0750 3436 NMIndexingService - detected UnsignedFile.Multi.Generic (1)
02:53:47.0765 3436 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
02:53:47.0828 3436 Npfs - ok
02:53:47.0828 3436 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
02:53:47.0906 3436 Ntfs - ok
02:53:47.0906 3436 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
02:53:47.0984 3436 NtLmSsp - ok
02:53:48.0000 3436 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
02:53:48.0078 3436 NtmsSvc - ok
02:53:48.0109 3436 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
02:53:48.0187 3436 Null - ok
02:53:48.0359 3436 [ 68B8C35782FFD20973524F748234B5A9 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
02:53:48.0593 3436 nv - ok
02:53:48.0625 3436 [ FFD30DAAF62D605069F6EB42D2E807C3 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
02:53:48.0640 3436 NVSvc - ok
02:53:48.0703 3436 [ 210EE09CB9C2655E55BD48D851369DC1 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
02:53:48.0734 3436 nvUpdatusService - ok
02:53:48.0750 3436 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:53:48.0828 3436 NwlnkFlt - ok
02:53:48.0828 3436 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:53:48.0890 3436 NwlnkFwd - ok
02:53:48.0968 3436 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:53:48.0984 3436 odserv - ok
02:53:49.0015 3436 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:53:49.0031 3436 ose - ok
02:53:49.0062 3436 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
02:53:49.0140 3436 Parport - ok
02:53:49.0140 3436 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
02:53:49.0218 3436 PartMgr - ok
02:53:49.0250 3436 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
02:53:49.0328 3436 ParVdm - ok
02:53:49.0343 3436 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
02:53:49.0406 3436 PCI - ok
02:53:49.0421 3436 PciCon - ok
02:53:49.0421 3436 PCIDump - ok
02:53:49.0437 3436 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
02:53:49.0515 3436 PCIIde - ok
02:53:49.0531 3436 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
02:53:49.0593 3436 Pcmcia - ok
02:53:49.0625 3436 [ 3E9CD8646EBF1C15438F9135796C02B7 ] PCToolsSSDMonitorSvc C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
02:53:49.0656 3436 PCToolsSSDMonitorSvc - ok
02:53:49.0656 3436 PDCOMP - ok
02:53:49.0656 3436 PDFRAME - ok
02:53:49.0656 3436 PDRELI - ok
02:53:49.0656 3436 PDRFRAME - ok
02:53:49.0671 3436 perc2 - ok
02:53:49.0671 3436 perc2hib - ok
02:53:49.0687 3436 pflt - ok
02:53:49.0687 3436 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
02:53:49.0703 3436 PlugPlay - ok
02:53:49.0718 3436 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
02:53:49.0781 3436 PolicyAgent - ok
02:53:49.0796 3436 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:53:49.0875 3436 PptpMiniport - ok
02:53:49.0875 3436 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
02:53:49.0937 3436 ProtectedStorage - ok
02:53:49.0953 3436 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
02:53:50.0031 3436 PSched - ok
02:53:50.0031 3436 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:53:50.0109 3436 Ptilink - ok
02:53:50.0109 3436 ql1080 - ok
02:53:50.0109 3436 Ql10wnt - ok
02:53:50.0125 3436 ql12160 - ok
02:53:50.0125 3436 ql1240 - ok
02:53:50.0125 3436 ql1280 - ok
02:53:50.0140 3436 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:53:50.0203 3436 RasAcd - ok
02:53:50.0234 3436 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
02:53:50.0312 3436 RasAuto - ok
02:53:50.0328 3436 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:53:50.0390 3436 Rasl2tp - ok
02:53:50.0421 3436 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
02:53:50.0484 3436 RasMan - ok
02:53:50.0500 3436 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:53:50.0578 3436 RasPppoe - ok
02:53:50.0578 3436 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
02:53:50.0640 3436 Raspti - ok
02:53:50.0656 3436 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:53:50.0718 3436 Rdbss - ok
02:53:50.0734 3436 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:53:50.0812 3436 RDPCDD - ok
02:53:50.0828 3436 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
02:53:50.0890 3436 rdpdr - ok
02:53:50.0921 3436 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
02:53:50.0953 3436 RDPWD - ok
02:53:50.0968 3436 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
02:53:51.0046 3436 RDSessMgr - ok
02:53:51.0046 3436 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
02:53:51.0109 3436 redbook - ok
02:53:51.0140 3436 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
02:53:51.0203 3436 RemoteAccess - ok
02:53:51.0234 3436 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
02:53:51.0296 3436 RemoteRegistry - ok
02:53:51.0312 3436 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
02:53:51.0375 3436 RpcLocator - ok
02:53:51.0390 3436 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
02:53:51.0421 3436 RpcSs - ok
02:53:51.0437 3436 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
02:53:51.0515 3436 RSVP - ok
02:53:51.0531 3436 [ 79B4FE884C18DD82D5449F6B6026D092 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
02:53:51.0578 3436 RTLE8023xp - ok
02:53:51.0578 3436 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
02:53:51.0656 3436 SamSs - ok
02:53:51.0656 3436 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
02:53:51.0671 3436 SASDIFSV - ok
02:53:51.0687 3436 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
02:53:51.0703 3436 SASKUTIL - ok
02:53:51.0734 3436 [ 224049C51E2C2D07B02B1BED262976A1 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
02:53:51.0750 3436 SbieDrv - ok
02:53:51.0765 3436 [ 3129023CEF1A2225665D44F9545DAED4 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
02:53:51.0781 3436 SbieSvc - ok
02:53:51.0812 3436 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
02:53:51.0875 3436 SCardSvr - ok
02:53:51.0890 3436 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
02:53:51.0984 3436 Schedule - ok
02:53:51.0984 3436 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:53:52.0031 3436 Secdrv - ok
02:53:52.0031 3436 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
02:53:52.0109 3436 seclogon - ok
02:53:52.0140 3436 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
02:53:52.0218 3436 SENS - ok
02:53:52.0218 3436 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
02:53:52.0281 3436 serenum - ok
02:53:52.0296 3436 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
02:53:52.0359 3436 Serial - ok
02:53:52.0390 3436 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
02:53:52.0453 3436 Sfloppy - ok
02:53:52.0500 3436 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
02:53:52.0562 3436 SharedAccess - ok
02:53:52.0578 3436 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
02:53:52.0593 3436 ShellHWDetection - ok
02:53:52.0593 3436 Simbad - ok
02:53:52.0703 3436 [ 0C1B2E3A897397738D9F81CD3D152AF0 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
02:53:52.0812 3436 Skype C2C Service - ok
02:53:52.0859 3436 [ 3467821FD04A66C9786DF0C8C0219A73 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
02:53:52.0875 3436 SkypeUpdate - ok
02:53:52.0890 3436 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
02:53:52.0953 3436 SLIP - ok
02:53:52.0968 3436 Sparrow - ok
02:53:52.0984 3436 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
02:53:53.0062 3436 splitter - ok
02:53:53.0093 3436 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
02:53:53.0109 3436 Spooler - ok
02:53:53.0140 3436 [ 71E276F6D189413266EA22171806597B ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
02:53:53.0140 3436 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71E276F6D189413266EA22171806597B
02:53:53.0140 3436 sptd ( LockedFile.Multi.Generic ) - warning
02:53:53.0140 3436 sptd - detected LockedFile.Multi.Generic (1)
02:53:53.0156 3436 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
02:53:53.0203 3436 sr - ok
02:53:53.0234 3436 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
02:53:53.0265 3436 srservice - ok
02:53:53.0281 3436 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
02:53:53.0312 3436 Srv - ok
02:53:53.0328 3436 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
02:53:53.0390 3436 SSDPSRV - ok
02:53:53.0406 3436 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
02:53:53.0500 3436 stisvc - ok
02:53:53.0515 3436 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
02:53:53.0578 3436 streamip - ok
02:53:53.0593 3436 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
02:53:53.0671 3436 swenum - ok
02:53:53.0687 3436 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
02:53:53.0750 3436 swmidi - ok
02:53:53.0765 3436 SwPrv - ok
02:53:53.0765 3436 symc810 - ok
02:53:53.0765 3436 symc8xx - ok
02:53:53.0781 3436 sym_hi - ok
02:53:53.0781 3436 sym_u3 - ok
02:53:53.0796 3436 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
02:53:53.0875 3436 sysaudio - ok
02:53:53.0875 3436 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
02:53:53.0937 3436 SysmonLog - ok
02:53:53.0984 3436 [ 98A1E6BC9F766B0B0A5BF00AF847EF20 ] tap0901 C:\WINDOWS\system32\DRIVERS\tap0901.sys
02:53:53.0984 3436 tap0901 ( UnsignedFile.Multi.Generic ) - warning
02:53:53.0984 3436 tap0901 - detected UnsignedFile.Multi.Generic (1)
02:53:54.0000 3436 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
02:53:54.0062 3436 TapiSrv - ok
02:53:54.0078 3436 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:53:54.0109 3436 Tcpip - ok
02:53:54.0125 3436 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
02:53:54.0203 3436 TDPIPE - ok
02:53:54.0218 3436 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
02:53:54.0281 3436 TDTCP - ok
02:53:54.0281 3436 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
02:53:54.0359 3436 TermDD - ok
02:53:54.0375 3436 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
02:53:54.0453 3436 TermService - ok
02:53:54.0468 3436 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
02:53:54.0484 3436 Themes - ok
02:53:54.0515 3436 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
02:53:54.0546 3436 TlntSvr - ok
02:53:54.0546 3436 TosIde - ok
02:53:54.0562 3436 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
02:53:54.0625 3436 TrkWks - ok
02:53:54.0640 3436 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
02:53:54.0703 3436 Udfs - ok
02:53:54.0718 3436 ultra - ok
02:53:54.0750 3436 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
02:53:54.0812 3436 Update - ok
02:53:54.0828 3436 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
02:53:54.0859 3436 upnphost - ok
02:53:54.0875 3436 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
02:53:54.0937 3436 UPS - ok
02:53:54.0968 3436 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:53:55.0046 3436 usbccgp - ok
02:53:55.0062 3436 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:53:55.0125 3436 usbehci - ok
02:53:55.0156 3436 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:53:55.0234 3436 usbhub - ok
02:53:55.0265 3436 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:53:55.0328 3436 USBSTOR - ok
02:53:55.0343 3436 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
02:53:55.0406 3436 usbuhci - ok
02:53:55.0406 3436 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
02:53:55.0484 3436 usbvideo - ok
02:53:55.0500 3436 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
02:53:55.0578 3436 VgaSave - ok
02:53:55.0578 3436 ViaIde - ok
02:53:55.0578 3436 vnet - ok
02:53:55.0593 3436 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
02:53:55.0671 3436 VolSnap - ok
02:53:55.0687 3436 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
02:53:55.0718 3436 VSS - ok
02:53:55.0734 3436 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
02:53:55.0796 3436 W32Time - ok
02:53:55.0812 3436 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:53:55.0890 3436 Wanarp - ok
02:53:55.0906 3436 WDICA - ok
02:53:55.0906 3436 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
02:53:55.0984 3436 wdmaud - ok
02:53:56.0015 3436 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
02:53:56.0078 3436 WebClient - ok
02:53:56.0140 3436 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
02:53:56.0203 3436 winmgmt - ok
02:53:56.0234 3436 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
02:53:56.0281 3436 WinRM - ok
02:53:56.0296 3436 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
02:53:56.0343 3436 WmdmPmSN - ok
02:53:56.0359 3436 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
02:53:56.0390 3436 Wmi - ok
02:53:56.0421 3436 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
02:53:56.0500 3436 WmiApSrv - ok
02:53:56.0546 3436 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
02:53:56.0593 3436 WMPNetworkSvc - ok
02:53:56.0593 3436 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
02:53:56.0609 3436 WpdUsb - ok
02:53:56.0671 3436 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
02:53:56.0687 3436 WPFFontCache_v0400 - ok
02:53:56.0718 3436 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
02:53:56.0812 3436 WS2IFSL - ok
02:53:56.0828 3436 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
02:53:56.0906 3436 wscsvc - ok
02:53:56.0906 3436 WSearch - ok
02:53:56.0921 3436 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
02:53:56.0984 3436 WSTCODEC - ok
02:53:57.0000 3436 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
02:53:57.0062 3436 wuauserv - ok
02:53:57.0093 3436 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:53:57.0140 3436 WudfPf - ok
02:53:57.0140 3436 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
02:53:57.0156 3436 WudfRd - ok
02:53:57.0156 3436 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
02:53:57.0187 3436 WudfSvc - ok
02:53:57.0234 3436 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
02:53:57.0312 3436 WZCSVC - ok
02:53:57.0343 3436 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
02:53:57.0406 3436 xmlprov - ok
02:53:57.0453 3436 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
02:53:57.0468 3436 YahooAUService - ok
02:53:57.0468 3436 ================ Scan global ===============================
02:53:57.0500 3436 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
02:53:57.0531 3436 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
02:53:57.0546 3436 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
02:53:57.0546 3436 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
02:53:57.0546 3436 [Global] - ok
02:53:57.0546 3436 ================ Scan MBR ==================================
02:53:57.0562 3436 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
02:53:57.0828 3436 \Device\Harddisk0\DR0 - ok
02:53:57.0828 3436 [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk1\DR5
02:53:57.0953 3436 \Device\Harddisk1\DR5 - ok
02:53:57.0953 3436 ================ Scan VBR ==================================
02:53:57.0953 3436 [ 67C7282CF6517A5455C7A98143CF4379 ] \Device\Harddisk0\DR0\Partition1
02:53:57.0953 3436 \Device\Harddisk0\DR0\Partition1 - ok
02:53:57.0968 3436 [ C5F81E6065A3025467BC58240BF81871 ] \Device\Harddisk0\DR0\Partition2
02:53:57.0968 3436 \Device\Harddisk0\DR0\Partition2 - ok
02:53:57.0968 3436 [ BD08FDAFFFD074A8277B991966FFB91F ] \Device\Harddisk0\DR0\Partition3
02:53:57.0968 3436 \Device\Harddisk0\DR0\Partition3 - ok
02:53:57.0984 3436 [ B706D5009DE54601736CB863A96E295A ] \Device\Harddisk0\DR0\Partition4
02:53:57.0984 3436 \Device\Harddisk0\DR0\Partition4 - ok
02:53:58.0000 3436 [ 1660D0E1463C57731D8671751CB38D06 ] \Device\Harddisk1\DR5\Partition1
02:53:58.0000 3436 \Device\Harddisk1\DR5\Partition1 - ok
02:53:58.0000 3436 ============================================================
02:53:58.0000 3436 Scan finished
02:53:58.0000 3436 ============================================================
02:53:58.0109 1616 Detected object count: 6
02:53:58.0109 1616 Actual detected object count: 6
02:56:39.0718 1616 !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
02:56:39.0718 1616 !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:56:39.0718 1616 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
02:56:39.0718 1616 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:56:39.0718 1616 NBService ( UnsignedFile.Multi.Generic ) - skipped by user
02:56:39.0718 1616 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:56:39.0718 1616 NMIndexingService ( UnsignedFile.Multi.Generic ) - skipped by user
02:56:39.0718 1616 NMIndexingService ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:56:39.0718 1616 sptd ( LockedFile.Multi.Generic ) - skipped by user
02:56:39.0718 1616 sptd ( LockedFile.Multi.Generic ) - User select action: Skip




Rouge killer logs



RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Allaho akbar [Admin rights]
Mode : Scan -- Date : 06/01/2013 02:32:54
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
_INLINE_ : NtRequestPort -> HOOKED (Unknown @ 0xB8774CA0)
_INLINE_ : NtTraceEvent -> HOOKED (Unknown @ 0xB8774C00)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKS-00V1A0 +++++
--- User ---
[MBR] d34c580656262264258722c15e87e137
[BSP] 1709651ce1ef41903140425779a7e030 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 67381 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 137998350 | Size: 409555 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Kingston DT 101 G2 USB Device +++++
--- User ---
[MBR] cf786e02642c6f15da9b9bc8e3b78aab
[BSP] f2e920cbb348efa659923a6ba441194e : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8064 | Size: 3741 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_06012013_02d0232.txt >>
RKreport[1]_S_06012013_02d0232.txt




RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Allaho akbar [Admin rights]
Mode : Remove -- Date : 06/01/2013 02:46:16
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
_INLINE_ : NtRequestPort -> HOOKED (Unknown @ 0xB8774CA0)
_INLINE_ : NtTraceEvent -> HOOKED (Unknown @ 0xB8774C00)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKS-00V1A0 +++++
--- User ---
[MBR] d34c580656262264258722c15e87e137
[BSP] 1709651ce1ef41903140425779a7e030 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 67381 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 137998350 | Size: 409555 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Kingston DT 101 G2 USB Device +++++
--- User ---
[MBR] cf786e02642c6f15da9b9bc8e3b78aab
[BSP] f2e920cbb348efa659923a6ba441194e : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8064 | Size: 3741 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_06012013_02d0246.txt >>
RKreport[1]_S_06012013_02d0232.txt ; RKreport[2]_D_06012013_02d0246.txt
  • 0

#4
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

P2P Warning!:

IMPORTANT I have noticed that there are signs of uTorrent 1.0 P2P (Peer to Peer) File Sharing Program on your computer.

As long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
infoworld


It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, as a student in GeekU, you are expected to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.


Step 2.

You have Registry Mechanic installed. A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable.
We strongly advise that people stay away from any of the registry cleaners out there.
Go HERE to get more information about why registry cleaners aren't needed.

Technet blog also discusses this issue as well as Ed Bott.

As a student here you should not have this on your system. Please uninstall it.


Step 3.

You have too many antimalware products on your machine so we need to remove SAS and keep mbam.

Uninstall SAS and then download and run this tool:

SAS removal tool.

Reboot the computer after you run this tool.


Step 4.

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image




  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ayrdvot1)
    O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1003..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent Inc.)
    O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1003..\RunOnce: [DeleteOnReboot] C:\WINDOWS\DeleteOnReboot.bat ()
    [2013/05/03 02:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2013/05/31 17:29:26 | 000,037,888 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\ADSSpy.exe
    
    
    :files
    ipconfig /flushdns /c
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    
    :Commands
    [purity]
    [resethosts]
    [emptyjava]
    [emptyflash]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 5.

  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
  • Note: If RogueKiller will not run please try it several times, if it still does not run rename it winlogon.com and try it several times.
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.

  • Next click on ShortcutsFix

    Posted Image
  • The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop for the shortcur fix.


Step 6.

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.



What I need in your next post

  • Confirmation of all uninstalls listed above.
  • OTL fix log
  • checkup.txt


Also give me an update on what the issues are that remain with your computer.
  • 0

#5
blink10

blink10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts
  • All programs have been removed though I was surprised about the Registry Cleaner part.
  • I have favored SAS over Malware Bytes in the last five years so can I use SAS instead ?? I have removed SAS upon your request and the malware bytes I had was a beta version of the Anti rootkit. I downloaded the malware version but did not install it when you suggested having it.
My view on how things are going:
  • There is a problem that started about 4 months ago , that a certain windows update wont install on my pc. I tried to solve it on my own but I could not.
  • I managed to open the pc on normal mode in the morning but it took a long time for the icons to come on screen. Later when rebooting The icons never appeared. I made sure explorer.exe was running ok but still the problem persisted so I switched to safe mode.
  • I get a missing NVCPL.dll error when I open on normal mode especially when the icons work.

THIS is the check up log






Results of screen317's Security Check version 0.99.64

Windows XP Service Pack 3 x86
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Please wait while WMIC is being installed.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
K
a
s
p
e
r
s
k
y
ECHO is off.
I
n
t
e
r
n
e
t
ECHO is off.
S
e
c
u
r
i
t
y
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
Adobe Reader XI
Google Chrome 27.0.1453.93
Google Chrome 27.0.1453.94
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 17% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````





Rouge Killer log No 3 , I have posted 1 & 2 before.




Results of screen317's Security Check version 0.99.64

Windows XP Service Pack 3 x86
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Please wait while WMIC is being installed.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
K
a
s
p
e
r
s
k
y
ECHO is off.
I
n
t
e
r
n
e
t
ECHO is off.
S
e
c
u
r
i
t
y
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
Adobe Reader XI
Google Chrome 27.0.1453.93
Google Chrome 27.0.1453.94
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 17% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````




RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User : Allaho akbar [Admin rights]
Mode : Shortcuts HJfix -- Date : 06/01/2013 16:30:05
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 35 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 5 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 107 / Fail 0
My documents: Success 14 / Fail 14
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 940 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[F:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[G:] \Device\CdRom1 -- 0x5 --> Skipped
[H:] \Device\CdRom2 -- 0x5 --> Skipped
[I:] \Device\CdRom0 -- 0x5 --> Skipped
[J:] \Device\Harddisk1\DP(1)0-0+6 -- 0x2 --> Restored

Finished : << RKreport[4]_SC_06012013_02d1630.txt >>
RKreport[1]_S_06012013_02d0232.txt ; RKreport[2]_D_06012013_02d0246.txt ; RKreport[3]_S_06012013_02d1627.txt ; RKreport[4]_SC_06012013_02d1630.txt


OTL






========== OTL ==========
Error: No service named ayrdvot1 was found to stop!
Service\Driver key ayrdvot1 not found.
Registry value HKEY_USERS\S-1-5-21-299502267-1606980848-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\SUPERAntiSpyware not found.
File C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE not found.
Registry value HKEY_USERS\S-1-5-21-299502267-1606980848-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent not found.
File C:\Program Files\uTorrent\uTorrent.exe not found.
Registry value HKEY_USERS\S-1-5-21-299502267-1606980848-839522115-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\DeleteOnReboot not found.
File C:\WINDOWS\DeleteOnReboot.bat not found.
C:\Program Files\Microsoft Security Client\en-us folder moved successfully.
C:\Program Files\Microsoft Security Client\Backup\x86 folder moved successfully.
C:\Program Files\Microsoft Security Client\Backup\en-us folder moved successfully.
C:\Program Files\Microsoft Security Client\Backup folder moved successfully.
C:\Program Files\Microsoft Security Client folder moved successfully.
C:\ADSSpy.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Allaho akbar\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Allaho akbar\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Allaho akbar\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Allaho akbar\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Allaho akbar\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Allaho akbar\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Allaho akbar\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Allaho akbar\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Allaho akbar\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Allaho akbar\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: Administrator

User: All Users

User: Allaho akbar

User: Default User

User: LocalService

User: NetworkService

User: TEMP

User: TEMP.ALLAHO-3FEA220E

User: TEMP.ALLAHO-3FEA220E.000

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Allaho akbar
->Flash cache emptied: 1714 bytes

User: Default User

User: LocalService

User: NetworkService

User: TEMP

User: TEMP.ALLAHO-3FEA220E

User: TEMP.ALLAHO-3FEA220E.000

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

Unable to start System Restore Service. Error code 10

OTL by OldTimer - Version 3.2.69.0 log created on 06012013_161947



  • 0

#6
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts

  • All programs have been removed though I was surprised about the Registry Cleaner part.
  • I have favored SAS over Malware Bytes in the last five years so can I use SAS instead ?? I have removed SAS upon your request and the malware bytes I had was a beta version of the Anti rootkit. I downloaded the malware version but did not install it when you suggested having it.

Make sure the anti rootkit is gone and only the normal mbam is installed. When we are done you can uninstall the mbam and reinstall the SAS if you like. :)


My view on how things are going:

  • There is a problem that started about 4 months ago , that a certain windows update wont install on my pc. I tried to solve it on my own but I could not.
  • I managed to open the pc on normal mode in the morning but it took a long time for the icons to come on screen. Later when rebooting The icons never appeared. I made sure explorer.exe was running ok but still the problem persisted so I switched to safe mode.
  • I get a missing NVCPL.dll error when I open on normal mode especially when the icons work.


I see the update and it is related to .Net so we will have you address that later with the techs in the XP forum.
The normal mode issue and the missing file are related. Please follow these directions to correct this issue and a few others:


Step 1.

Your system drive needs to be defragged and we need to run a checkdisk on it.

But first you need to free up space. We need a minimum of 15% free on the system disk and 25% is highly recommended.

Drive C: | 65.80 Gb Total Space | 8.33 Gb Free Space | 12.66% Space Free | Partition Type: NTFS


Please remove enough to get well over 15% and 25% if possible.


Step 2.

Run check disk.

Dakeyras has a nice little tutorial on it here

Once it finishes and reboots into windows go on to the next step.


Step 3.

  • Double click My Computer.
  • Right-click the local disk volume that you want to defragment (typically C:\), and then click Properties.
  • On the Tools tab, click Defragment Now.
  • Click Defragment.



Step 4.

Download your driver for your nVidia card here.
Then install the new driver and reboot.


After completing this come back and tell me what issues remain
  • 0

#7
blink10

blink10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts
I think everything seems ok now , thank you for your swift help CompCav :D
what should I do about that update?
  • 0

#8
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Well just a couple more posts before the update issue.


Step 1.

Download farbar service scanner to your desktop and then run it.

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply


Step 2.

Open MalwareBytes'
  • Click the Update tab and then click Check for Updates
  • If an update is found, it will download and install the latest version.
  • Once the program has updated, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




What I need in your next post:

  • Post FSS.txt
  • Post mbam log
  • And give me an update on any changes.

  • 0

#9
blink10

blink10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.01.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Allaho akbar :: ALLAHO-3FEA220E [administrator]

6/2/2013 5:32:56 AM
mbam-log-2013-06-02 (05-32-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 278226
Time elapsed: 4 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
















Farbar Service Scanner Version: 31-05-2013 01
Ran by Allaho akbar (administrator) on 02-06-2013 at 05:27:23
Running from "C:\Documents and Settings\Allaho akbar\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) kltdi(9) NetBT(6) pflt(10) PSched(7) Tcpip(4)
0x0A0000000800000005000000010000000200000003000000040000000900000006000000070000000A000000


**** End of log ****








last time I rebooted , I could not connect to the internet and something was clearly wrong DNS or something similar. I ran RKILL and it told me the hosts file has an extra entry. I removed the extra bit and things went ok later here is the log





Rkill 2.4.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html

Program started at: 06/02/2013 04:19:11 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

˙ž1 2 7 . 0 . 0 . 1 l o c a l h o s t

: : 1 l o c a l h o s t



Program finished at: 06/02/2013 04:19:35 AM
Execution time: 0 hours(s), 0 minute(s), and 23 seconds(s)



What does this part mean??

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]


  • 0

#10
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
You have the RPC service corrupted.

We need to fix it.

Attached File  RpcSs.reg   3.82KB   30 downloads
Attached File  LEGACY_RPCSS.reg   1.03KB   29 downloads

We need to replace the service key and legacy key.

Please download the following .reg files and save them on your desktop.


  • Right click on each file and select merge.
  • Accept the warings.
  • Afterboth files merge please reboot the computer.

Then run RKill again to confirm it is fixed.

Post the RKill file in your next post.


Regards,

CompCav
  • 0

Advertisements


#11
blink10

blink10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts
The legacy file said some files are being used by the system and not all of them can be changed.

I merged that file in normal and safe mode

Rkill log





Rkill 2.4.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html

Program started at: 06/02/2013 01:27:09 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Manual

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic

* Automatic Updates (wuauserv) is not Running.
Startup Type set to: Automatic

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

˙ž1 2 7 . 0 . 0 . 1 l o c a l h o s t





Program finished at: 06/02/2013 01:27:29 PM
Execution time: 0 hours(s), 0 minute(s), and 20 seconds(s)
  • 0

#12
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
OK as you can see in the RKill file it was fixed. But there are some other services that need to be checked and I want to review the Hosts set up as well.


Step 1.

Now please run OTL again.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Under Extra Registry select Use SafeList
  • Select Lop Check and Purity Check
  • Under the Custom Scan box paste this in
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    sr.*
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    services.*
    svchost.exe
    /md5stop
    dir C:\ /S /A:L /C
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 2.

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


What I need in your next reply:

The new OTL.txt
The new Extras.txt
The eset log.txt


Also give me an update on what issues remain with your computer.
  • 0

#13
blink10

blink10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts
OTL LOG





OTL logfile created on: 6/2/2013 05:48:12 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Allaho akbar\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 70.29% Memory free
3.84 Gb Paging File | 3.29 Gb Available in Paging File | 85.67% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 65.80 Gb Total Space | 17.36 Gb Free Space | 26.38% Space Free | Partition Type: NTFS
Drive D: | 100.01 Gb Total Space | 6.22 Gb Free Space | 6.22% Space Free | Partition Type: NTFS
Drive E: | 150.01 Gb Total Space | 41.90 Gb Free Space | 27.93% Space Free | Partition Type: NTFS
Drive F: | 149.94 Gb Total Space | 41.92 Gb Free Space | 27.96% Space Free | Partition Type: NTFS

Computer Name: ALLAHO-3FEA220E | User Name: Allaho akbar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/01 03:47:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Allaho akbar\Desktop\OTL.exe
PRC - [2013/05/22 18:57:33 | 003,565,432 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2013/05/16 16:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/05/16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/04/15 15:27:46 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/12/12 15:44:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2012/11/18 13:31:37 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/08/25 22:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2012/07/31 12:39:14 | 000,658,632 | ---- | M] (Zbshareware Lab) -- C:\Program Files\USB Disk Security\USBGuard.exe
PRC - [2012/05/31 19:00:26 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2012/05/31 19:00:26 | 000,019,064 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\wmi32.exe
PRC - [2009/03/02 14:06:16 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/31 18:58:16 | 000,072,632 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\vulnerability_status_provider.dll
MOD - [2012/05/31 18:57:10 | 001,305,016 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
MOD - [2009/03/13 11:30:44 | 000,109,096 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\ycc.dll
MOD - [2009/03/02 14:06:16 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
MOD - [2008/07/26 06:48:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/05/16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/04/15 15:27:46 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/04/05 00:46:12 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/02/28 19:09:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/28 19:47:14 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/25 22:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/05/31 19:00:26 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2009/03/02 14:06:16 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\virtualnet.sys -- (vnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vfilter.sys -- (pflt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- G:\PciCon.sys -- (PciCon)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ALLAHO~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (anrjl8gx)
DRV - [2013/06/02 13:38:51 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2013/04/05 13:32:40 | 000,114,608 | ---- | M] (Tonec Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2013/03/29 21:42:40 | 005,444,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2012/11/28 09:10:35 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2012/08/25 22:27:54 | 000,157,776 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012/05/29 15:55:40 | 000,581,464 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2012/05/25 19:38:48 | 000,023,896 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2012/05/25 19:30:34 | 000,024,408 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2012/05/24 11:34:46 | 000,140,120 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kneps.sys -- (kneps)
DRV - [2012/05/12 17:13:34 | 000,043,696 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kltdi.sys -- (kltdi)
DRV - [2012/04/13 13:54:06 | 000,135,984 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2012/03/27 18:34:20 | 000,039,728 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2011/07/01 04:46:40 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/06/29 13:59:14 | 000,142,592 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-299502267-1606980848-839522115-1003\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-299502267-1606980848-839522115-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-299502267-1606980848-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-299502267-1606980848-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-299502267-1606980848-839522115-1003\..\SearchScopes\{936D9208-EA09-4d41-A0B9-00992EBE65F1}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-299502267-1606980848-839522115-1003\..\SearchScopes\{D9D0C96B-E727-41cc-9320-4708150E9806}: "URL" = http://search.yahoo....icevm&type=IEBD
IE - HKU\S-1-5-21-299502267-1606980848-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: f:\Program Files\Babylon\Babylon-Pro\Utils\[email protected] [2013/04/23 01:28:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/05/05 21:07:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/05/05 21:07:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/05/05 21:07:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/05/05 21:07:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Allaho akbar\Application Data\IDM\idmmzcc5 [2013/05/22 13:36:10 | 000,000,000 | ---D | M]

[2012/11/17 11:47:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Allaho akbar\Application Data\Mozilla\Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.microsoft...er=6&ar=msnhome
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0\plugin/npABPlugin.dll
CHR - plugin: Internet Download Manager Plugin (Enabled) = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.12.23_0\IDMGCExt.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.0.3370_0\
CHR - Extension: Safe Money = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.0.3370_0\
CHR - Extension: Virtual Keyboard = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.0.3370_0\
CHR - Extension: IDM Integration = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.12.2_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0\
CHR - Extension: Gmail = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.0.3370_0\

O1 HOSTS File: ([2013/06/02 04:25:30 | 000,000,060 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - e:\Program Files\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1003..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1007..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1007..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1007..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1007..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H File not found
O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1007..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1007..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found
O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1007..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - HKLM..\RunOnce: [NvRegisterMCTray] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKLM..\RunOnce: [NvRegisterMCTrayNview] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-21-299502267-1606980848-839522115-1007..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (Nero AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-1606980848-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-1606980848-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-299502267-1606980848-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-299502267-1606980848-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-299502267-1606980848-839522115-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-1606980848-839522115-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: &Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1353063063046 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1353063532625 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36A26C56-4AA9-4FC7-AED2-287C1585DD15}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/11/15 23:34:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/06/02 17:41:49 | 015,512,424 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2013/06/02 17:41:49 | 000,143,720 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2013/06/02 17:41:49 | 000,108,392 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2013/06/02 17:41:49 | 000,054,272 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2013/06/02 17:40:59 | 000,888,168 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco32.dll
[2013/06/02 17:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\NVIDIA
[2013/06/02 17:24:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013/06/02 05:27:06 | 000,355,651 | ---- | C] (Farbar) -- C:\Documents and Settings\Allaho akbar\Desktop\FSS.exe
[2013/06/01 23:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2013/06/01 23:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2013/06/01 23:27:00 | 005,947,392 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvopencl.dll
[2013/06/01 23:26:59 | 019,103,744 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2013/06/01 23:26:59 | 017,551,360 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2013/06/01 23:26:59 | 007,446,528 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2013/06/01 23:26:59 | 002,578,792 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2013/06/01 23:26:59 | 002,376,704 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2013/06/01 23:26:59 | 001,866,088 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2013/06/01 23:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Call of Juarez - Bound in Blood
[2013/06/01 23:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Application Data\Call of Juarez - Bound in Blood
[2013/06/01 17:14:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Application Data\Malwarebytes
[2013/06/01 17:14:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/01 17:14:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/06/01 17:14:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/06/01 16:19:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/01 15:51:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\My Documents\Call of Juarez - Bound in Blood
[2013/06/01 03:48:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Allaho akbar\Desktop\OTL.exe
[2013/06/01 03:13:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/06/01 03:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/06/01 02:51:34 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Allaho akbar\Desktop\tdsskiller.exe
[2013/06/01 02:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Desktop\RK_Quarantine
[2013/06/01 02:30:28 | 000,000,000 | ---D | C] -- C:\ProcessExplorer
[2013/05/29 01:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2013/05/29 01:25:00 | 003,649,536 | ---- | C] (x264vfw project) -- C:\WINDOWS\System32\x264vfw.dll
[2013/05/29 01:25:00 | 000,039,936 | ---- | C] (Disappearing Inc.) -- C:\WINDOWS\System32\huffyuv.dll
[2013/05/29 01:24:59 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2013/05/29 01:19:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/05/28 16:41:53 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2013/05/28 16:06:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/05/28 15:34:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/05/27 17:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Shrew Soft VPN
[2013/05/27 17:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Shrew Soft VPN
[2013/05/27 14:23:20 | 000,079,432 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoInstIIXP.dll
[2013/05/27 14:23:20 | 000,011,368 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoLDRXP.dll
[2013/05/25 01:14:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Darksiders2
[2013/05/22 14:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2013/05/22 14:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Sun
[2013/05/22 14:31:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2013/05/22 14:14:42 | 000,866,720 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/05/22 14:14:42 | 000,788,896 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/05/22 14:14:21 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/05/22 14:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Application Data\Sun
[2013/05/19 03:33:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2013/05/18 16:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\My Documents\StreamTransport
[2013/05/10 15:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2013/05/10 15:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allaho akbar\Application Data\Power MP3 Cutter
[2013/05/10 15:18:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Power MP3 Recorder Cutter
[2013/05/10 15:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\Power Mp3 Recorder Cutter
[2013/05/05 20:14:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Internet Security 2013
[2013/05/05 20:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013/05/05 20:12:42 | 000,581,464 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2013/05/05 20:12:42 | 000,067,928 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klflt.sys
[2013/05/03 22:40:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2013/05/03 22:40:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2013/05/03 22:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/02 17:46:12 | 000,000,122 | ---- | M] () -- C:\WINDOWS\System32\nvAppTimestamps
[2013/06/02 17:43:00 | 000,000,842 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/02 17:41:27 | 001,101,436 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/06/02 17:41:27 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/06/02 17:41:24 | 001,101,436 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/06/02 17:41:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2013/06/02 17:24:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/02 17:01:21 | 000,001,026 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-299502267-1606980848-839522115-1003UA.job
[2013/06/02 15:43:00 | 000,000,838 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/02 13:39:09 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1606980848-839522115-1003.job
[2013/06/02 13:39:09 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1606980848-839522115-1003.job
[2013/06/02 13:38:51 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2013/06/02 13:38:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/02 13:17:31 | 000,003,908 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\RpcSs.reg
[2013/06/02 13:17:31 | 000,001,054 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\LEGACY_RPCSS.reg
[2013/06/02 04:25:30 | 000,000,060 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/06/02 02:23:49 | 000,527,082 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/06/02 02:23:49 | 000,096,430 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/06/02 02:12:30 | 000,355,651 | ---- | M] (Farbar) -- C:\Documents and Settings\Allaho akbar\Desktop\FSS.exe
[2013/06/01 23:41:06 | 000,000,834 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Play Call of Juarez - Bound in Blood.lnk
[2013/06/01 23:21:16 | 000,000,834 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Call of Juarez - Bound in Blood.lnk
[2013/06/01 20:01:00 | 000,001,004 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-299502267-1606980848-839522115-1003Core.job
[2013/06/01 17:14:38 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/01 15:50:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/06/01 03:47:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Allaho akbar\Desktop\OTL.exe
[2013/06/01 02:51:10 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Allaho akbar\Desktop\tdsskiller.exe
[2013/06/01 01:32:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/31 17:30:22 | 000,816,128 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\RogueKiller.exe
[2013/05/27 02:18:52 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/05/27 02:06:11 | 005,071,432 | R--- | M] (Swearware) -- C:\Documents and Settings\Allaho akbar\Desktop\ComboFix_6.exe
[2013/05/22 14:14:24 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/05/22 14:14:24 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/05/21 00:59:04 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/05/19 03:31:22 | 000,002,072 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2013/05/18 16:45:13 | 001,933,948 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\My Documents\politicsofpronunciation - Politics of pronunciation Webcast.flv
[2013/05/18 13:19:16 | 000,002,305 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Rosetta Stone Version 3.lnk
[2013/05/17 11:29:02 | 003,123,421 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Beyond Samsung.mp3
[2013/05/15 14:29:55 | 000,361,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/15 12:22:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/05/12 15:31:50 | 000,001,088 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Shortcut to UpdateUtility-Gui.lnk
[2013/05/12 00:10:27 | 000,000,413 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Shortcut to ross.lnk
[2013/05/10 20:44:32 | 000,002,009 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Alpha - Chrome.lnk
[2013/05/10 15:48:36 | 000,002,017 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Slice - Chrome.lnk
[2013/05/10 15:22:18 | 001,205,855 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Helwa ya balady - Dalida.mp3
[2013/05/10 15:18:22 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Power Mp3 Recorder.lnk
[2013/05/10 15:18:21 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Power MP3 Cutter Classic.lnk
[2013/05/10 15:18:21 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Power MP3 Cutter Pro.lnk
[2013/05/10 14:58:09 | 009,694,386 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Helwa Ya Balady - Dalida (Egypt My Beautiful Home Land) - YouTube_2.mp4
[2013/05/07 06:27:31 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/05/05 20:16:48 | 000,001,981 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Desktop\Safe Money.lnk
[2013/05/05 20:13:50 | 000,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kaspersky Internet Security 2013.lnk
[2013/05/04 23:19:19 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\Allaho akbar\Application Data\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk
[2013/05/03 22:40:00 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/02 17:46:12 | 000,000,122 | ---- | C] () -- C:\WINDOWS\System32\nvAppTimestamps
[2013/06/02 13:17:57 | 000,003,908 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\RpcSs.reg
[2013/06/02 13:17:57 | 000,001,054 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\LEGACY_RPCSS.reg
[2013/06/01 23:41:06 | 000,000,834 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Play Call of Juarez - Bound in Blood.lnk
[2013/06/01 23:33:26 | 001,101,436 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/06/01 23:33:26 | 001,101,436 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/06/01 23:33:26 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/06/01 23:33:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2013/06/01 23:27:00 | 000,012,210 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2013/06/01 23:26:59 | 002,811,988 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2013/06/01 23:21:16 | 000,000,834 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Call of Juarez - Bound in Blood.lnk
[2013/06/01 17:14:38 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/01 16:25:43 | 000,816,128 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\RogueKiller.exe
[2013/05/29 01:25:00 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/05/29 01:25:00 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/05/29 01:25:00 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2013/05/29 01:24:57 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013/05/27 14:23:18 | 000,025,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2013/05/18 16:44:01 | 001,933,948 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\My Documents\politicsofpronunciation - Politics of pronunciation Webcast.flv
[2013/05/12 15:31:50 | 000,001,088 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Shortcut to UpdateUtility-Gui.lnk
[2013/05/12 00:10:27 | 000,000,413 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Shortcut to ross.lnk
[2013/05/10 15:48:35 | 000,002,017 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Slice - Chrome.lnk
[2013/05/10 15:23:41 | 003,123,421 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Beyond Samsung.mp3
[2013/05/10 15:21:34 | 001,205,855 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Helwa ya balady - Dalida.mp3
[2013/05/10 15:18:22 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Power Mp3 Recorder.lnk
[2013/05/10 15:18:21 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Power MP3 Cutter Classic.lnk
[2013/05/10 15:18:21 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Power MP3 Cutter Pro.lnk
[2013/05/10 14:56:20 | 009,694,386 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Helwa Ya Balady - Dalida (Egypt My Beautiful Home Land) - YouTube_2.mp4
[2013/05/05 20:16:48 | 000,001,981 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Desktop\Safe Money.lnk
[2013/05/05 20:14:02 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kaspersky Internet Security 2013.lnk
[2013/05/03 22:40:00 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
[2013/04/26 23:16:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/04/26 23:16:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/04/26 23:16:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/04/26 23:16:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/04/26 23:16:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/04/06 02:33:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/12/03 13:12:52 | 000,000,204 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\SecurityKISSTunnel.config
[2012/11/27 17:33:34 | 000,001,995 | ---- | C] () -- C:\WINDOWS\AccMling.ini
[2012/11/20 17:50:04 | 021,161,332 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\SKIDROW.rar
[2012/11/18 14:28:28 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/11/17 20:52:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/11/17 11:27:11 | 000,002,072 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2012/11/16 15:32:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/11/16 14:59:34 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/16 11:41:15 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\WebpageIcons.db
[2012/11/16 10:27:35 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2012/11/16 10:22:13 | 000,207,400 | R--- | C] () -- C:\WINDOWS\GSetup.exe
[2012/11/16 10:22:13 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
[2012/11/16 01:23:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/11/16 01:23:00 | 000,361,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/15 23:36:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/11/15 23:32:31 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2012/11/16 18:13:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/17 17:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2012/11/17 17:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Zbshareware Lab
[2013/05/10 15:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2013/03/29 15:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IDM
[2013/05/03 22:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2012/11/19 20:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RELOADED
[2013/05/18 14:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2013/05/27 17:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Shrew Soft VPN
[2013/03/29 19:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Steam
[2012/11/17 11:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab
[2013/03/24 17:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Audacity
[2013/03/17 14:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\cald3
[2012/12/15 17:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\calibre
[2013/06/01 23:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Call of Juarez - Bound in Blood
[2012/11/16 14:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\DAEMON Tools
[2013/06/02 17:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\DMCache
[2013/03/11 13:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Doublefine
[2013/04/12 20:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\FreeArc
[2013/05/29 01:19:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\IDM
[2013/04/13 02:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\OmegaT
[2013/04/13 01:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\OpenOffice.org
[2013/05/10 15:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Power MP3 Cutter
[2012/11/23 14:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Product_RM
[2012/11/23 14:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Registry Mechanic
[2013/06/01 15:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\uTorrent
[2012/11/16 18:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Windows Desktop Search
[2012/11/16 18:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Windows Search
[2012/11/17 11:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allaho akbar\Application Data\Zbshareware Lab

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/14 05:42:14 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 05:42:12 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 15:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 05:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 05:41:52 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 19:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\Services.exe -- (Eventlog)
SRV - [2008/04/14 05:41:54 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/28 01:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 05:42:10 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 05:42:24 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 05:41:54 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 05:42:18 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 05:42:18 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 05:42:02 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 18:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\Services.exe -- (PlugPlay)
SRV - [2010/08/17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 05:42:04 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 05:42:04 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 14:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 05:42:06 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 05:42:12 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 07:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/28 01:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 05:42:06 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 05:41:58 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 05:42:08 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/28 01:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 05:42:40 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 05:41:52 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 05:41:56 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 05:42:10 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 05:42:30 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 05:42:10 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 14:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/14 05:41:54 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 05:42:12 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 08:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006/02/28 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SERVICES >
[2006/02/28 14:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CFG >
[2012/12/18 21:08:30 | 000,559,043 | ---- | M] () MD5=BA25E8F1460C7453B7488FE4B42F6919 -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009/02/06 13:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\erdnt\cache\services.exe
[2009/02/06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\Services.exe
[2006/02/28 14:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SERVICES.EXE.VIR >
[2009/02/06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\Qoobox\Quarantine\C\WINDOWS\system32\Services.exe.vir

< MD5 for: SERVICES.LNK >
[2012/11/15 23:34:53 | 000,001,602 | ---- | M] () MD5=6B30FB4930D644D42DD124855D97924E -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2006/02/28 14:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.RDB >
[2012/08/13 10:51:02 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb
[2012/08/13 10:51:02 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- C:\Program Files\OpenOffice.org 3\program\services.rdb
[2012/08/10 15:12:16 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb

< MD5 for: SR.AVZ >
[2013/05/05 21:02:25 | 000,008,208 | ---- | M] () MD5=DB21AA141326433A90A32DDDB8274776 -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP13\Bases\sr.avz
[2013/05/05 21:02:25 | 000,008,208 | ---- | M] () MD5=DB21AA141326433A90A32DDDB8274776 -- C:\Documents and Settings\Allaho akbar\Local Settings\temp\sr.avz
[2013/05/05 23:44:00 | 000,008,208 | ---- | M] () MD5=DB21AA141326433A90A32DDDB8274776 -- C:\Documents and Settings\Allaho akbar\My Documents\Downloads\Compressed\updater2.0.1.2015.1_win_en\Updates\bases\ssa\sr.avz

< MD5 for: SR.DLL >
[2013/05/17 23:35:28 | 000,009,168 | ---- | M] () MD5=8225B8878230E3460B3D05F00752E40A -- C:\Program Files\Google\Chrome\Application\27.0.1453.93\Locales\sr.dll
[2013/05/23 07:43:46 | 000,009,168 | ---- | M] () MD5=A3F742DFA1D5296D764CAF4B66BBD386 -- C:\Program Files\Google\Chrome\Application\27.0.1453.94\Locales\sr.dll

< MD5 for: SR.INF >
[2006/02/28 14:00:00 | 000,005,038 | ---- | M] () MD5=C51F64A45FE82FE926113698908F7C15 -- C:\WINDOWS\inf\sr.inf

< MD5 for: SR.MOF >
[2006/02/28 14:00:00 | 000,003,799 | ---- | M] () MD5=010ED42FE2EE754B65FA8FC1DE7B67E1 -- C:\WINDOWS\system32\wbem\sr.mof

< MD5 for: SR.PAK >
[2013/05/17 22:11:31 | 000,376,453 | ---- | M] () MD5=10D8117E3EF89429298B05E0FA3F3E76 -- C:\Program Files\Google\Chrome\Application\27.0.1453.93\Locales\sr.pak
[2013/05/23 04:10:58 | 000,376,453 | ---- | M] () MD5=10D8117E3EF89429298B05E0FA3F3E76 -- C:\Program Files\Google\Chrome\Application\27.0.1453.94\Locales\sr.pak

< MD5 for: SR.PNF >
[2012/12/11 18:26:46 | 000,012,064 | ---- | M] () MD5=7043A589DB1F9EF68FF89E1CD23FE398 -- C:\WINDOWS\inf\sr.PNF

< MD5 for: SR.SYS >
[2008/04/14 00:06:54 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS\ServicePackFiles\i386\sr.sys
[2008/04/14 00:06:54 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS\system32\drivers\sr.sys
[2006/02/28 14:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=E41B6D037D6CD08461470AF04500DC24 -- C:\WINDOWS\$NtServicePackUninstall$\sr.sys

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/02/28 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/02/28 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/02/28 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is F868-6FBE
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
05/15/2013 12:27 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
05/15/2013 12:27 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
06/02/2013 02:22 AM <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler
06/02/2013 02:23 AM <JUNCTION> v4.0_4.0.0.0__31bf3856ad364e35
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
4 Dir(s) 18,598,170,624 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >




Extras log









OTL Extras logfile created on: 6/2/2013 05:48:12 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Allaho akbar\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 70.29% Memory free
3.84 Gb Paging File | 3.29 Gb Available in Paging File | 85.67% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 65.80 Gb Total Space | 17.36 Gb Free Space | 26.38% Space Free | Partition Type: NTFS
Drive D: | 100.01 Gb Total Space | 6.22 Gb Free Space | 6.22% Space Free | Partition Type: NTFS
Drive E: | 150.01 Gb Total Space | 41.90 Gb Free Space | 27.93% Space Free | Partition Type: NTFS
Drive F: | 149.94 Gb Total Space | 41.92 Gb Free Space | 27.96% Space Free | Partition Type: NTFS

Computer Name: ALLAHO-3FEA220E | User Name: Allaho akbar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-299502267-1606980848-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Multidmedia Limited )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\Allaho akbar\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)
"F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = F:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Multidmedia Limited )
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"F:\Program Files\Counter-Strike 1.6\hl.exe" = F:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0610.1
"{0830C2E8-01B9-4CD1-B218-12B0107D5BED}" = calibre
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1C00A3F1-6DA0-49F8-94E4-01AB6FC01033}" = Nero 7 Essentials
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DA9D7E6-8F69-4171-9007-81B0A84C83F6}" = CDisplay
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4A8FCAB-9D30-4509-A3F1-D0B7E1BE9F00}" = Devil May Cry 3 Special Edition
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Audacity_is1" = Audacity 2.0.3
"Blueline_is1" = Blueline 1.1.1
"Call of Juarez - Bound in Blood_is1" = Call of Juarez - Bound in Blood
"Counter-Strike 1.6" = Counter-Strike 1.6
"EasyLingoV1" = EasyLingo v2.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fass" = Pawsoft Fass
"FormatFactory" = FormatFactory 3.0.1
"FreeArc" = FreeArc 0.666
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Internet Download Manager" = Internet Download Manager
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.9.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NSIS_cald3" = Cambridge Advanced Learner's Dictionary - 3rd Edition
"OmegaT 2.6.3_is1" = OmegaT version 2.6.3
"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.9
"Power MP3 Recorder Cutter_is1" = Power MP3 Recorder Cutter v6.2
"QUICKfind" = QUICKfind server v1.1
"RealPlayer 15.0" = RealPlayer
"Sandboxie" = Sandboxie 3.74 (32-bit)
"SecurityKISS Tunnel_is1" = SecurityKISS Tunnel v0.3.0
"SpywareBlaster_is1" = SpywareBlaster 5.0
"uniquemagicmp3taggerappid_is1" = Magic MP3 Tagger 2.2.6
"USB Disk Security_is1" = USB Disk Security
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-299502267-1606980848-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/1/2013 08:01:13 PM | Computer Name = ALLAHO-3FEA220E | Source = Google Update | ID = 20
Description =

Error - 6/1/2013 08:22:00 PM | Computer Name = ALLAHO-3FEA220E | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 6/1/2013 08:22:01 PM | Computer Name = ALLAHO-3FEA220E | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{6C298884-91FD-408C-9D90-5A59D2C29FD1}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log.

Error - 6/1/2013 08:22:01 PM | Computer Name = ALLAHO-3FEA220E | Source = NativeWrapper | ID = 5000
Description =

Error - 6/1/2013 11:01:15 PM | Computer Name = ALLAHO-3FEA220E | Source = Google Update | ID = 20
Description =

Error - 6/2/2013 01:14:30 AM | Computer Name = ALLAHO-3FEA220E | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 6/2/2013 01:14:31 AM | Computer Name = ALLAHO-3FEA220E | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{6C298884-91FD-408C-9D90-5A59D2C29FD1}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log.

Error - 6/2/2013 01:14:31 AM | Computer Name = ALLAHO-3FEA220E | Source = NativeWrapper | ID = 5000
Description =

Error - 6/2/2013 08:01:16 AM | Computer Name = ALLAHO-3FEA220E | Source = Google Update | ID = 20
Description =

Error - 6/2/2013 11:01:21 AM | Computer Name = ALLAHO-3FEA220E | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 6/1/2013 10:14:46 PM | Computer Name = ALLAHO-3FEA220E | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 6CF049D17FAE has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/1/2013 10:18:23 PM | Computer Name = ALLAHO-3FEA220E | Source = Service Control Manager | ID = 7031
Description = The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 120000 milliseconds: Restart the service.

Error - 6/1/2013 10:43:00 PM | Computer Name = ALLAHO-3FEA220E | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 6/2/2013 01:14:32 AM | Computer Name = ALLAHO-3FEA220E | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597).

Error - 6/2/2013 07:00:17 AM | Computer Name = ALLAHO-3FEA220E | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 6CF049D17FAE has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/2/2013 07:20:56 AM | Computer Name = ALLAHO-3FEA220E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/2/2013 07:21:55 AM | Computer Name = ALLAHO-3FEA220E | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm KLIF kneps

Error - 6/2/2013 07:26:29 AM | Computer Name = ALLAHO-3FEA220E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/2/2013 07:32:49 AM | Computer Name = ALLAHO-3FEA220E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/2/2013 07:43:00 AM | Computer Name = ALLAHO-3FEA220E | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}


< End of report >









About the online scanner there is a number of of reasons that would interfere with that step:
  • There is an electricity problem on a national scale going on here and repeated long lasting power outages have become a daily routine , not to mention the effects of the sweltering heat wave that would aggravate the situation.
  • I have tried that method years ago and I know it takes a lot of time: It took about 6 hours back then and I had an 80 Gigabytes HDD , imagine how long it would take it to finish this current size now.

I am sorry to bother you with all of this but I am asking for an alternative if there is any ,for online scanners
  • 0

#14
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
What issues remain with your computer?
  • 0

#15
blink10

blink10

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts
I took my time to see if there is anything worth a second look.
Kaspersky found an exe in system volume information / system restore and removed it

I realized that MBAM and SAS are not similar in what they catch : SAS catches Adware in cookies and rarely trojans while MBAM is a lot better at identifying trojans,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP